PWNBoard is a real-time web dashboard for tracking and visualizing beacons from offensive security tools and Command & Control (C2) frameworks during red team engagements and competitions.
PWNBoard provides a centralized dashboard for tracking compromised hosts, active beacons, and harvested credentials across multiple teams during red team operations. This fork enhances the original ztgrace/pwnboard and nullmonk/pwnboard projects with a lot of really cool features
- Track active Red Team beacons and captured credentials in a visual dashboard
- Optional tool authentication through access tokens
- Easily manage multiple red teamers with RBAC features
- Beautiful Grafana dashboard for visualizing data
- Quick containerized deploy using Docker
- Ensure the Docker Engine is installed on your machine
- Python 3.x
- This setup is optimized for UNIX devices. The Docker Compose will work on Windows, but you will have to find a way to generate your own certificates for HTTPS
PWNBoard requires a topology configuration to define teams and hosts. Generate your board configuration using the included Topology Generator:
- Create a board file using
gen_config.py:python3 scripts/gen_config.py
Follow the steps in the script to define your hosts. This will generate a board.json in the project root, necessary for PWNBoard to deploy correctly.
- Configure environment:
Start by changing the values in the .env file. You must edit these for a secure configuration, especially if you are exposing PWNBoard to the internet.
SECRET_KEY=change-me-please # Flask secret used for signing session cookies
PWNBOARD_PASSWORD=password # Default password for PWNBoard/GrafanaEdit optional paramters in the docker-compose.yml file. Here are some variables that you can change to best suit your needs. At minimum, PWNBOARD_URL should be changed for certificate generation purposes.
- PWNBOARD_URL=https://pwnboard.win # Change this line to your full PWNBoard URL (https://domain[:port], ex. https://pwnboard.win, https://10.1.1.10:443). This is used in certificate generation
- CACHE_TIME=-1 # Change this to a positive value to cache the board JSON for a certain amount of time. Might help with performance
- REFRESH_SECONDS=10 # Change this to the amount of time (in seconds) after which you want your page to refresh with new data. Setting this to 0 or -1 will disable refreshing
- HOST_TIMEOUT=5 # Change this to the amount of time (in minutes) after which callbacks should time out if an update is not received
- CREDS_TIMEOUT=30 # Change this to the amount of time (in minutes) after which credentials should time out if an update is not received
- DEFAULT_USER=admin # This will be your default user
- LOGIN_PAGE_MESSAGE=Contact an admin to get an account! # Change this if you want your welcome message on the home page to be different
- USE_ACCESS_TOKENS=true # Set this to false to disable the use of access tokens for authenticating POST requests- Set up HTTPS certificates:
If using a domain that you own (ex. pwnboard.win, pwnboard.red.team, etc.), run these commands to generate letsencrypt certificates for your domain.
cd scripts
sudo ./setup_certs_letsencrypt.shIf using only internally resolvable DNS or just your IP address to access PWNboard, run these commands to generate self signed certificates. Keep in mind that you might have to jump through some extra hoops to POST data "insecurely".
cd scripts
sudo ./setup_certs_self_signed.sh-
Start PWNBoard with Docker Compose:
docker compose up -d
-
Access the PWNBoard dashboard:
- Navigate to
PWNBOARD_URLin your browser - Login with default credentials set up in environment variables!
- Navigate to
-
Access Grafana:
- Navigate to
PWNBOARD_URL:8443in your browser - Login with admin:PWNBOARD_PASSWORD
- Navigate to
For detailed setup instructions and troubleshooting, see doc/setup.md.
For a complete list of configuration options, see doc/config.md.
See the usage guide for detailed instructions on how to send data to PWNBoard!
- Setup Guide — Detailed deployment instructions and troubleshooting
- Configuration Reference — Complete environment variable reference
- Development Guide — Architecture, file structure, and contribution guidelines
The sim_callbacks and sim_creds testing tools can be used to test your PWNBoard deployment!
-
Log into PWNBoard
-
If
USE_ACCESS_TOKENS=true, create an access token at/manage_appswith the application nameglobaland copy it. If you don't want to input it into the script, you can configure an environment variableACCESS_TOKENon your local machine. -
Run the Python script
python3 scripts/sim_callbacks.py [/path/to/board/file]or
python3 scripts/sim_creds.py [/path/to/board/file]-
If board file was not specified, follow the script instructions to set up IP addresses to POST to
-
Include your
globalAccess Token when prompted (if using access tokens) -
Include the full POST endpoint URL of your PWNBoard (ex. https://www.pwnboard.win/pwn, https://10.1.1.11:8443/pwn, https://www.redteam.win/creds)
For troubleshooting tips, check the bottom of the setup guide.
To view the PWNBoard feature wishlist, please navigate to the Issues tab on GitHub and look for issues that start with FEATURE REQUEST!
Contributions are welcome! Please:
- Fork the repository
- Create a feature branch
- Make your changes with clear commit messages
- Test thoroughly
- Submit a Pull Request
See doc/development.md for detailed contribution guidelines.
This project builds upon the work of:
- ztgrace/pwnboard — Original PWNboard
- nullmonk/pwnboard — Improvements for RIT Red Team
- RITRedteam/Topology-Generator — Topology generation tool
This project inherits the licensing from its upstream repositories. See original projects for specific license terms.
Questions or Issues? Open an issue on GitHub.