A target is the data structure stored in the ZODB. It contains all enumerated facts, installed implants, unique ID, last remote address identified and other information needed across pwncat sessions to identify or interact with a target. No information in this object is specific to a connection protocol or session.


Bases: enum.Enum

Indicates the current known state of NAT on the target host

Valid values are as follows:


Bases: enum.Enum

Describes the operating system on the target host. This is normally set by the platform type when connecting, however may be interrogated from the target host directly. For example, in the case of similar OS’s like Linux, Mac, and BSD, the platform may double check the OS prior to establishing a session.

If the OS doesn’t match your platform specifically, session establishment may fail, but any details collected so far will be stored (such as addresses and target OS information).

Valid values are as follows:

MAC = <OS.MAC: 3>
BSD = <OS.BSD: 4>

Bases: persistent.Persistent

Describes collected data on a target host. This replaces the database in previous versions of pwncat. It collects enumeration facts, system info, persistence state, and any other contextual information stored across instances of pwncat. Properties added to this class are automatically stored in the ZODB database as described by your configuration.

A target is initialized with no information, and has no requirement for what data is available. Depending on the state of the active connection (if any) and the type of system, some information may not be available. During construction of a new session, some information is automatically queried such as the public address (routable IP address from attacking perspective) and port number, internal address (IP address from perspective of target) and port, NAT state, hostname, and a platform specific unique identifier.

enumerate_state: OOBTree

The state of all enumeration modules which drives the module schedule

facts: persistent.list.PersistentList

List of enumerated facts about the target host


Return a generator yielding facts which match the given properties. This is a relatively restrictive search and the properties must match exactly. For a more general search of facts, you can use a Python generator expression over the facts list instead.

guid: Optional[str]

Globally unique identifier normally determined by a platform specific algorithm.

hostname: Optional[str]

Hostname from the targets perspective

implants: persistent.list.PersistentList

List of installed implants on this target host

internal_address: Optional[Tuple[str, int]]

Internal address as viewed by the target

name: Optional[str]

An optional friendly name that can be used to refer to this target

property nat

Determine if NAT is applied for this host. This simply tests whether the target views it’s IP in the same way we do. This simply compares the public and internal addresses to infer the state of NAT on the target network.

os: OS

Target host operating system

platform: str

Name of the platform used to interact with this target

public_address: Optional[Tuple[str, int]]

Public address as routable by the attacker

tampers: persistent.list.PersistentList

List of files/properties of the target that have been modified and/or created.

users: persistent.list.PersistentList

List of users known on the target system (may not be all-encompasing depending on access)

utilities: OOBTree()

Mapping of utility names to paths. This is mainly used on Unix platforms to identify binaries available in the path.