DEV Community

Cover image for I Got Tired of Forgetting. So I Built PwnLog.
Nimesh Thakur
Nimesh Thakur

Posted on

I Got Tired of Forgetting. So I Built PwnLog.

#python #opensource #security #cybersecurity

Every bug hunter knows the feeling.

You're deep in a session. You find something weird — an IDOR, a sketchy endpoint, a parameter that behaves differently than it should. You think "I'll note this later."

You never do.

Three days later you're staring at a blank report. No notes. No screenshots. No proof. Just a vague memory of something that felt important.

I got tired of that loop. So I built PwnLog.

What It Does

One hotkey. One popup. Done.

ALT + SHIFT + Z
Enter fullscreen mode Exit fullscreen mode

pwnlog pop

A small window appears. You type what you found. You hit Enter. You're back to hacking in under five seconds.

That's it. That's the whole thing.

PwnLog handles everything else — timestamp, active window title, screenshot, category tag, markdown journal entry. All automatic. All organized.

What Gets Captured

Every time you log something, PwnLog records:

timestamp       → 2026-05-22 14:32
category        → IDOR
note            → your words exactly
window title    → Firefox — Tesla Admin Panel
screenshot      → optional, annotated via flameshot
Enter fullscreen mode Exit fullscreen mode

No forms. No friction. No context switching.

Where It Goes

Every entry lands in two files that build themselves as you hack.

journal.md — open it after a session and your report is half written.

## 2026-05-22 14:32 — IDOR

> Firefox — Tesla Admin Panel

changed user id from 99 to 12, got full victim profile back.

![screenshot](screenshots/2026-05-22_1432_idor.png)
Enter fullscreen mode Exit fullscreen mode

journal.md

timeline.json — structured data you can grep, parse, or build on.

{
  "timestamp"    : "2026-05-22T14:32:01",
  "category"     : "IDOR",
  "note"         : "changed user id from 99 to 12, got full victim profile back.",
  "window_title" : "Firefox — Tesla Admin Panel",
  "screenshot"   : "screenshots/2026-05-22_1432_idor.png"
}
Enter fullscreen mode Exit fullscreen mode

timestamp

Categories

Cycle through them with Tab inside the popup.

Recon  →  Auth  →  IDOR  →  XSS  →  SQLi
SSRF   →  LFI   →  Logic →  Dead End  →  Note
Enter fullscreen mode Exit fullscreen mode

Install and Run 

git clone https://github.com/toklas495/pwnlog
cd pwnlog
pip install -r requirements.txt
python main.py
Enter fullscreen mode Exit fullscreen mode

Linux — also install:

sudo apt install flameshot xdotool
Enter fullscreen mode Exit fullscreen mode

Mac — also install:

brew install flameshot
Enter fullscreen mode Exit fullscreen mode

Then just run it in the background and forget about it. It listens for the hotkey. You do the hacking.

dashboard

Your Data, Your Machine

Everything lives in ~/.pwnlog/. Nothing is transmitted. Ever.

~/.pwnlog/
└── projects/
    └── your-target/
        ├── journal.md
        ├── timeline.json
        └── screenshots/
Enter fullscreen mode Exit fullscreen mode

Why I Built This

I wasn't looking for a full documentation suite. I wasn't looking for another Notion template or Burp extension.

I just needed something that would get out of my way and capture what I found — exactly when I found it — without breaking my flow.

PwnLog does that one thing well.

The best documentation tool is the one you actually use.

Built with Python, CustomTkinter, pynput, and Flameshot.

MIT License — use it, fork it, make it yours.

Top comments (0)