Stats
Actions
Tags
From pownie
Generates CTF/offsec challenge writeups with success paths, flags, and structured failure analysis including root causes and lessons. Outputs to writeup/ and updates MEMORY.md.
How this skill is triggered — by the user, by Claude, or both
Slash command
/pownie:offsec-debriefThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Generate a structured writeup documenting the full challenge including both the successful attack path and every failure with structured analysis. Update MEMORY.md with generalized lessons.
Generate a structured writeup documenting the full challenge including both the successful attack path and every failure with structured analysis. Update MEMORY.md with generalized lessons.
Before writing anything, reconstruct the attack history from conversation context, workspace files, and any saved notes.
# [Platform] - [Box Name] Writeup
**Difficulty:** [Easy/Medium/Hard]
**OS:** [Linux/Windows/Other]
**Category:** [Web/PWN/Wireless/Network/etc.]
**Target IP:** [IP Address]
| Flag | Value |
|------|-------|
| User | `[hash]` |
| Root | `[hash]` |
Visual representation of the successful path:
1. Initial Access Method → Result
2. Exploitation Step → Outcome
3. Privilege Escalation → Final Goal
This section is where learning happens. Every failed strategy must be documented with enough structure to extract patterns from.
Review all failed approaches from conversation context and workspace notes. For each failure, document:
## Failure Track
### F1: [Short description of what was attempted]
- **Strategy:** What technique/tool/CVE was tried
- **Target component:** What service/port/endpoint was targeted
- **Trigger signal:** What observation led you to try this (version number, error message, open port, etc.)
- **Result:** What actually happened (error messages, no output, wrong response, etc.)
- **Root cause:** Why it failed (wrong CVE for this config, network isolation, wrong layer, etc.)
- **Time spent:** How long before pivoting
- **Stop signal missed?** Was there an early indicator this wouldn't work that was ignored?
- **Rabbit hole type:** [Wrong CVE | Wrong exploitation method | Wrong layer | String filter | Session limitation | Other]
- **Rule for next time:** One-sentence decision rule to avoid this in the future
### F2: [Next failure...]
Rabbit hole types:
Why this structure matters:
For each phase of the successful attack:
# Include comments explaining purpose
command --flags argument
Clearly formatted command output
Numbered list of lessons learned:
## Key Takeaways
1. **Vulnerability Type** — Brief explanation of the security issue
2. **Attack Technique** — How it was exploited
3. **Detection/Prevention** — How to defend against it
## Tools Used
- `tool-name` — Purpose/usage
- `another-tool` — Purpose/usage
Save to writeup/[BoxName].md.
Before finalizing, ensure the writeup includes:
After the writeup is saved, extract generalized lessons and update MEMORY.md.
From failures:
From successes:
When this skill is invoked:
1. Pull attack history
└─ Review conversation history and workspace files
2. Write the report
├─ Header, overview, flags, attack chain
├─ FAILURE TRACK (every failed strategy with full analysis)
├─ Success path (phase-by-phase)
└─ Save to writeup/[BoxName].md
3. Update MEMORY.md
├─ Extract generalized lessons from failures and successes
├─ Add new decision rules and patterns
└─ Keep under 200 lines
A complete writeup should:
npx claudepluginhub d0gesec/pownie --plugin pownieGenerates a structured markdown writeup for any completed security workflow (CTF, bug bounty, CVE, DFIR, pentest, etc.) following project conventions.
Generates client-facing red-team reports in a canonized Subject/Observations/Description/Impact/Recommendation/PoC structure for external enterprise engagements with DOCX/PDF output.