stateful system for autonomous pwn and binary research, designed for LLM agents.
pwno-mcp runs GDB + pwndbg in an isolated environment and exposes stateful debugging, exploit I/O, and helper tooling over MCP for agentic coding clients.
- Stateful debugger sessions via GDB + pwndbg
- Deterministic execution control via GDB/MI
- Fast context snapshots for registers, stack, disassembly, source, and backtrace
- Interactive exploit-driver workflows with
pwncli - Multi-session support for parallel workflows
- Workspace automation helpers for commands, processes, Python, repos, and RetDec
- HTTP and stdio transport support
The full documentation is available at docs.pwno.io.
Create a local workspace directory, put your target binary there, then run the container.
mkdir -p ./workspace
cp ./path/to/your/binary ./workspace/chal
chmod +x ./workspace/chaldocker run --rm -p 5500:5500 \
--cap-add=SYS_PTRACE \
--cap-add=SYS_ADMIN \
--security-opt seccomp=unconfined \
--security-opt apparmor=unconfined \
-v "$PWD/workspace:/workspace" \
ghcr.io/pwno-io/pwno-mcp:latestDefault MCP endpoint:
http://127.0.0.1:5500/mcp
For stdio mode, client configs, health checks, and attach-helper details, use the docs site: docs.pwno.io/quickstart.
For local development, architecture, and contributing guidance, see docs.pwno.io/development.
- non-profit: yes
- commercial:
oss@pwno.io
- WebSocket endpoint for streaming I/O
- Advanced memory analysis tools
- Heap exploitation helpers
- ROP chain generation
- Symbolic execution integration
This project is licensed under CC BY-NC-ND 4.0.
See LICENSE for details.
Issues and pull requests are welcome.