d0gesec/pownie

21 stars · Last commit 2026-03-20

The agent harness for offsec. It's a plugin for Claude Code packed with skills, hooks, memory system that works best for using Claude Code to achieve autonomous pentest/ctf

PluginWorkflow & Automation TDD & Testing Debugging Documentation Design & UI DevOps & Infra Productivity AI & Prompting Data & ML Security

README preview

# 🦄 Pownie

[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
[![Release](https://img.shields.io/github/v/release/d0gesec/pownie)](https://github.com/d0gesec/pownie/releases)

I vibe-hacked my way to **Top #87 Global** on Hack The Box. Hall of Fame. Built entirely on Claude Code.

<img src="https://d0gesec.dev/ranking.png" alt="htb-hall-of-fame" width="300">

Pownie is the harness that got me there, a Claude Code plugin that wires up persistent intel, lifecycle hooks, and multi-agent coordination for offensive security.

The model already knows how to hack. It doesn't need playbooks, it needs hands and legs that lets its knowledge compound over long engagements. That's what this is.

**What it does:**
- **Hooks** fire on every tool call — auto-extract credentials, log attempts, surface prior intel before the model repeats itself
- **Neo4j intel graph** stores everything the model discovers, outside the context window, where compaction can't reach it
- **Attack class tracking** kills entire categories of attack when evidence shows they're impossible on the target
- **Multi-agent orchestration** spawns parallel teammates after recon or shell access
- **Context survival** — PreCompact hook snapshots state to Neo4j before compaction wipes the window

View full repository on GitHub →