All modules work on a selected profile URL (we'll call him Bob), using a valid authenticated account (we'll call him Mallory).
AddVictimFriends: Request to add some or all friends of Bob to increase the chance of Bob accepting any future requests, after he finds that you have common friends.
ProfileCloner: A list of all Bob's friends is displayed, you choose one of them (we'll call him Andy). FBPwn will change Mallory's display picture, and basic info to match Andy's. This will generate more chance that Bob accepts requests from Mallory as he thinks he is accepting from Andy. Eventually Bob will realize this is not Andy's account, but probably it would be too late as all his info are already saved for offline checking by Mallory.
CheckFriendRequest: Check if mallory is already friend of Bob, then just end execution. If not, the module tries to add bob as as a friend and poll waiting for him to accept. The module will not stop executing until the friend request is accepted.
DumpFriends: Accessable friends of Bob is saved for offline viewing. The output of the module depends on other modues, if mallory is not a friend of Bob yet, the data might not be accessable and nothing will be dumped.
DumpImages: Accessable images (tagged and albums) are saved for offline viewing. Same limitations of dump friends applies.
DumpInfo: Accessable basic info are saved for offline viewing. Same limitations of dump friends applies.
So you can see, you can do almost everything that you could do manually with Facebook. People might use it for malicious purposes too like cloning a Facebook profile. In addition to reading the Facebook official security guide, you need to avoid friend requests from un-known people.