High-risk tools in Pwno
20 of the 36 tools in Pwno are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
executeExecuteexecute
-
execute_python_codeExecuteExecute Python code dynamically in the shared environment. Args: code: Python source code to run. cwd: Working directory (default /workspace). I...
-
execute_python_scriptExecuteExecute an existing Python script within the shared environment. Args: script_path: Path to the script. Use a container-visible path under /...
-
finishExecuteRun until the current function returns (MI -exec-finish).
-
pwncli_stopExecuteStop a pwncli driver session and clear its session pipe.
-
runExecuteRun the loaded program under GDB control. Args: args: Argument string passed to the inferior. start: If True, stop at the program entry (equival...
-
run_commandExecuteExecute a system command and wait for completion. Note: Use this for build and helper commands. Do not use this to run the target binary under a...
-
spawn_processExecuteSpawn a long-running background process and return its PID and log paths. Note: Use this for helper services. Do not use this to run the target ...
-
step_controlExecuteExecute a stepping command (c, n, s, ni, si). Args: command: One of {c, n, s, ni, si} or their long forms. Returns: Dict with MI respon...
-
untilExecuteRun until a specified location or next source line (MI -exec-until).
-
gdb_interruptExecuteInterrupt the inferior and drain async notifications. Args: timeout: Maximum time to wait (seconds) for stop notifications.
-
jumpExecuteResume execution at a specified location (MI -exec-jump). Args: locspec: Location such as a symbol name, file:line, or address (*0x... ).
-
pwncliExecutepwncli
-
return_from_functionExecuteForce the current function to return immediately (MI -exec-return).
-
sendinputExecutesendinput
-
attachExecuteAttach to an existing process by PID using GDB/MI. Args: pid: Target process ID to attach to. Returns: (result, context) where result i...
-
create_debug_sessionExecuteCreate or return a debug session by id.
-
install_python_packagesExecuteInstall additional Python packages using the shared package manager (uv). Args: packages: Space-separated package list. upgrade: If True, perfor...
-
set_breakpointExecuteSet a breakpoint using MI (-break-insert). Args: location: Breakpoint location (symbol/address/file:line). condition: Optional breakpoint condit...
-
set_fileExecuteLoad an executable file into GDB/pwndbg for debugging. Args: binary_path: Absolute path to the ELF to debug. Use the container-visible path ...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.