pwndeck · pen.protolabs.studio

A self-driving pentest rig on a Steam Deck

protoPen runs the engagement itself — recon, WiFi, RF, RFID, OSINT — autonomously, on hardware you carry, against models you host. Headless-first, scope-aware, fully auditable.

Get started Source

deck@steamdeck — pwndeck

                      ____            _
  _ ____      ___ __ |  _ \  ___  ___| | __
 | '_ \ \ /\ / / '_ \| | | |/ _ \/ __| |/ /
 | |_) \ V  V /| | | | |_| |  __/ (__|   <
 | .__/ \_/\_/ |_| |_|____/ \___|\___|_|\_\
 |_|

$ systemctl --user start protopen

[pwndeck] online · :7870 · engagement ready

$ goal "recon the lab subnet, report criticals"

$ protopen --whoami

runtime LangGraph agent · A2A 1.0 · LiteLLM gateway (your models)

host SteamOS · rootful --privileged container · survives OS updates

radios WiFi monitor + inject · HackRF/PortaPack SDR · Flipper / Marauder

arsenal BlackArch · aircrack-ng · bettercap · nmap · hashcat · OSINT

§01

It drives the engagement — not you

Goal mode, wait / yield / resume, background sub-agents, and a monitor-goal cadence let it run unattended. A watchdog recovers it when a step stalls or the process dies. Set the objective and walk away.

$ goal "recon lab subnet · report criticals"

[plan] scan → capture → crack → triage → report

[bg] sub-agent #2 cracking · watchdog armed

§02

Hardware-in-the-loop

Real radios, passed straight through a privileged container — monitor-mode WiFi with injection, software-defined radio capture/replay, and serial to the Flipper. One rig you carry, not a rack you ship.

$ protopen devices

wlan1 Alfa mt7921u monitor + inject

hackrf PortaPack/Mayhem SDR cap · replay

ttyACM1 Flipper+Marauder sub-GHz · RFID

§03

The whole arsenal, one pacman away

The BlackArch repo ships configured, so any of ~2800 tools is one install away — and the agent already wraps the ones it reaches for: WiFi, recon, cracking, web, OSINT, telecom. Add your own skills, playbooks, and workflows on top.

$ which aircrack-ng bettercap nmap hashcat

→ all on PATH · BlackArch repo configured

$ which maigret holehe sipvicious_svmap

→ OSINT + telecom wired in

§04

Scoped, local, auditable

Runs on your hardware against models you host. Engagement scoping and kill-chain phase-gating keep it inside the rules of engagement; goal verifiers are read-only and never execute shell. Every tool call lands in an immutable audit log.

engagement active · scope 10.13.37.0/24

phase-gate recon✓ access· exfil✗

verifiers read-only · audit append-only

§05

An operator console, or an API

Headless-first — but a full terminal-green console rides along: chat, an embedded PTY terminal, findings / targets / intel, and a semantic knowledge store. Drive it yourself, or chain it to other agents over A2A 1.0.

$ systemctl --user start protopen

[pwndeck] online · :7870 · /app · /a2a

$ curl :7870/.well-known/agent-card

→ "protoPen"

Bring it up

$ git clone https://github.com/protoLabsAI/protoPen && cd protoPen

$ bash deck/install.sh # SteamOS: pulls the image, wires systemd + Game Mode kiosk

Not on a Deck? python -m server runs the agent + console anywhere. Then wire the hardware via the Steam Deck setup, or start with the getting-started tutorial.