Tweet Follow on Twitter GitHub Followers

Legal Disclaimer

Usage of frwk_51pwn for attacking targets without prior mutual consent is illegal.
frwk_51pwn is for security testing purposes only


未经事先双方同意,使用 frwk_51pwn 攻击目标是非法的。
frwk_51pwn 仅用于安全测试目的


frwk_51pwn is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the 51pwn Team.
It comes with a powerful proof-of-concept engine, many powerful features for the ultimate penetration testers and security researchers.


  • PoC scripts can running with attack,verify, shell mode in different way
  • Plugin ecosystem
  • Dynamic loading PoC script from any where (local file, redis, database, Seebug …)
  • Load multi-target from any where (CIDR, local file, redis, database, Zoomeye, Shodan …)
  • Results can be easily exported
  • Dynamic patch and hook requests
  • Both command line tool and python package import to use
  • IPV6 support
  • Global HTTP/HTTPS/SOCKS proxy support
  • Simple spider API for PoC script to use
  • Integrate with Seebug (for load PoC from Seebug website)
  • Integrate with ZoomEye (for load target from ZoomEye Dork)
  • Integrate with Shodan (for load target from Shodan Dork)
  • Integrate with Ceye (for verify blind DNS and HTTP request)
  • Integrate with Fofa (for load target from Fofa Dork)
  • Friendly debug PoC scripts with IDEs
  • More …


frwk_51pwn console mode


frwk_51pwn shell mode


frwk_51pwn load PoC from Seebug


frwk_51pwn load multi-target from ZoomEye


frwk_51pwn load multi-target from Shodan



  • Python 3.6+
  • Works on Linux, Windows, Mac OSX, BSD


The quick way:

$ pip3 install frwk_51pwn

Or click here to download the latest source zip package and extract

$ wget
$ unzip
$ cd frwk_51pwn-master
$ pip3 install -r requirements.txt

The latest version of this software is available at:


Documentation is available in the docs directory.


cli mode

	# basic usage, use -v to set the log level
	frwk_51pwn -u -r -v 2

	# run poc with shell mode
	frwk_51pwn -u -r -v 2 --shell

	# search for the target of redis service from ZoomEye and perform batch detection of vulnerabilities. The thread is set to 20
	frwk_51pwn -r --dork service:redis --threads 20

	# load all poc in the poc directory and save the result as html
	frwk_51pwn -u --plugins poc_from_pocs,html_report

	# load the target from the file, and use the poc under the poc directory to scan
	frwk_51pwn -f batch.txt --plugins poc_from_pocs,html_report

	# load CIDR target
	frwk_51pwn -u -r --plugins target_from_cidr

	# the custom parameters `command` is implemented in ecshop poc, which can be set from command line options
	frwk_51pwn -u -r --attack --command "whoami"

console mode


$ python3

How compatible pocsuite3

in your python3 code

import frwk_51pwn as pocsuite3

How to Contribute

  1. Check for open issues or open a fresh issue to start a discussion around a feature idea or a bug.
  2. Fork the repository on GitHub to start making your changes to the dev branch (or branch off of it).
  3. Write a test which shows that the bug was fixed or that the feature works as expected.
  4. Send a pull request and bug the maintainer until it gets merged and published. Make sure to add yourself to THANKS.



View Github