Engagements

Your security assessment starts by creating an Engagement in PenTest.WS

Hosts

IP address, fully qualified domain name, or computer name, Hosts are your Engagement's targets

Services

TCP/UDP ports are the services found during your penetration test, imported from Nmap/Masscan XML or added manually

Scan Templates

Customizable Nmap commands including your target's IP address or CIDR range, port numbers and all the command line switches you need

Import Nmap XML

Capture hundreds of hosts & thousands of services from one simple & quick Nmap or Masscan XML file import

API

Access to your Engagements, Hosts, Ports and other PTWS objects through a RESTful architecture to automate your penetration testing tasks

Note Pages

Create Engagement, Host, or Port note pages for Discovered URLs, Possible Vulnerabilities, Command Output or anything else you need

Service Command Library

Create a global list of your favorite attack commands for each service and never again stumble with dozens of command line switches

Global Service Notes

GSN are tied to a service such as HTTP/SSH/SMB. When you encounter that service again, your notes are automatically available

Default Service Checklist

Your routine ToDo list for services

• HTTP? Check robots.txt
• FTP? Check anonymous access
• SMB? Check null access
• ... as many as you need

Scratchpad Editor

Code editing with syntax highlighting for over 150 programming languages, including a hierarchical file structure

Write-Ups

The perfect place to capture screen shots, code snippets and exploit steps during your engagement

Boards

Most of us are familiar with Boards style organization. These boards are user-defined for each Engagement and can contain any number of hosts.

The Matrix

Your 10,000 foot view of your Engagement, by Host & Port. Filter by OS, Type, Flags, Port Number/State/Status and more.

Subnetting

Breakdown a large engagement, maintain scope, and focus on individual segments of a target network

Findings Library

A company-wide list of templates for vulnerabilities such as SQL Injection including generic text for background, description, impact, recommendations, as well as a default risk level and reference links.

Engagement Findings

During a security assessment, templates from your Findings Library can quickly be added to the Engagement in real-time as you discover them. Further refinements can then be captured with unique details about each specific finding.

Clients Manager

A list of your company's clients and their details for use in reporting templates, such as {client.name} and {client.shortName}

Reporting Templates

Your DOCX files, as templates! Variables, For loops, If statements, and HTML content from your Findings with embedded images such as screenshots

Generate Deliverables

Processes your DOCX Reporting Templates with embedded {tags} to generate fully customized reporting documents with a single click

User Maintenance

Add, Edit & Delete users with PenTest.WS Pro Tier

Shared Engagements

Teams of penetration testers can now collaborate with PenTest.WS Pro. All Shared Engagement details are synchronized in real-time between users, even across the globe. Fields are temporarily locked while being edited and updated as data is saved to the server. Pop-up notifications are displayed about important events, such as adding/delete hosts, ports, credentials or findings.

Access Control

The Engagement owner can grant Read Only or Full Access to teammates on an individual basis

SMTP

Forgot your password? Want to send a new user welcome message with a temporary password? PTWS can integrate with outgoing SMTP services

LDAP

Connect PenTest.WS Pro to your Active Directory environment over LDAP for federated authentication

Two-Factor

Use Google Authenticator to further secure your PenTest.WS account with Two-Factor Authentication (2FA)

Echo Up

Sometimes a reverse shell is so limited, to create a remote file the only option is to use echo and output redireciton

CyberChef

Called "The Cyber Swiss Army Knife" this popular tool is included directly within PenTest.WS

MSF Venom Builder

Select from a list of payloads/encoders/platforms/formats. Filter the list of payloads using word fragments in any order

Shells Library

Need a reverse shell? Manage your list of shell commands with copy-and-paste integration

Commands Library

A place to store all your frequently used, and not so frequently used, general system commands

Notes Library

Code editing with syntax highlighting for over 150 programming languages, including a hierarchical file structure

Bookmarks Library

Add notes & assign keywords to Bookmarks for easy retrieval using filters, sort and search

CVE DB

The Common Vulnerabilities and Exposure (CVE) Database is included in PenTest.WS

Exploit-DB

Easily search the Exploit-DB from within the PenTest.WS platform

Nmap Scripts

Looking for a list of Nmap scripts to investigate a SIP port? Nmap script database in built-in

Metasploit Modules

Metasploit Modules are incredibly powerful and finding the right one can be tricky. Use PTWS's Metasploit search tool using simple keywords, and click a link to launch the module in your terminal.

Keyword Search

Use PenTest.WS's Keyword Search tool to instantly dig through past Engagements and find those notes you have but can't remember where you left them