Community Repo & Multi-Step Commands – Version 2.2

PenTest.WS v2.2 includes a new collaboration tool called Community Repo where you’ll find command templates for everything from PowerShell and Bash commands to BloodHound custom queries. Also, your General Command Library gets a new super power with the Multi-Step Commands feature.

Community Repo: Commands

Search by keyword, operating system, category, or service and you’re one click away from importing community repo commands into your General Command Library (GCL) or your Service Command Library (SCL). Be sure to up vote the commands you find helpful, clever, or inspiring.

Clicking either the “Import to GCL” or “Import to SCL” buttons brings up a window where you can make any necessary changes to the command’s metadata before its pulled into your account. For GCL, this lets you update the category and sub category to match your own category names.

Show Off Your Awesome Commands

Contribute to the Community Repo from either your GCL or SCL using the highlighted icons below:

Submit individual commands one at a time, or as a group of commands all in one batch. Once submitted, you can no longer make modifications to the command in the repo. However, you can still make changes to your own GCL or SCL version of the commands.

Need to remove a command from the repo? Find your command in the repo and click the Delete button (only available on commands you’ve submitted).

Sharing a direct link to a repo command is easy with the Share button. This generates a link you can send to your teammates:

The Community Repo requires a Hobby Tier or Pro Tier membership.

Multi-Step Commands

Your General Command Library (GCL) just got a lot more useful with Multi-Step Commands. A single GCL entry can now contain several steps to complete a task. Each step includes its own copy-paste shortcut as well as notes about that specific step.

Another useful trick is to group information and commands related to each other into a single GCL entry. For example, Step #1 of the following multi-step command contains C source code for a shellcode testing program. Step #2 builds the executable and Step #3 executes the test program.

More good news, the Community Repo supports importing and exporting of Multi-Step Commands!

Multi-Step Commands are now available to all tier members.

More Version 2.2 Upgrades

  • Matrix – Copy Targets
    Quickly generate a “WebServers.txt” targets file using the Matrix. Filter down your list of hosts, for example those with port 80/443 open, and click the “Copy Targets” button in the toolbar. Paste this content into a file to be used with tools such as Nmap or GoWitness.
  • API Upgrades:
    • Findings Library now included
    • Boards now included
    • Field lengths are now validated
  • Adjustable Sidebar
    The sidebar’s width is now adjustable

Thanks for reading!
PenTest.WS Development Team

Large Engagements & General Notes Library – Version 2.1

PenTest.WS v2.1 brings the much anticipated Large Engagements capability to Pro Tier, supporting Engagements with thousands, or tens of thousands of Hosts in a single Engagement. Additionally, Hobby Tier receives the new General Notes Library!

Large Engagements – Pro Tier

With Pro Tier’s new Large Engagement support, a single Engagement can easily handle thousands, or tens of thousands of Hosts. Need to import an Nmap scan of a /20 network? An entire Class B network? No problem.

Several systems have been updated in Pro Tier to work with such large network ranges:

  • Import XML – the import routine now shows it’s progress log in real time, giving you live feedback of the Hosts & Ports the system is either creating or updating as it works its way through your XML file.
  • Infinite Scrolling – the application now implements infinite scrolling, only loading enough Hosts to fill the page. As you scroll through various lists, more Hosts are loaded in the background until all Hosts are displayed. The affected systems are:
    • Application’s Main Sidebar
    • Boards
    • Matrix
    • Subnets
  • Updated Matrix – filtering by operating system, flags, ports or keywords now effects all Host list queries for a faster and more intuitive user experience. Looking for systems with port 80 or 443 running Linux? Set your Matrix and the Sidebar, Boards & Subnets screens will also be filtered.
  • Boards – combined with the Matrix, you can create boards such as “Web Servers” and easily move all of your port 80/443 Hosts. Want to break up 4,094 Hosts into ten Boards? Use the “Auto Distribute” feature, now compatible with Infinite Scrolling.
  • Subnets – using the web servers example we’ve been discussing, jump over to the Subnets screen and copy the “IPs – One Per Line” field into a file for EyeWitness and speed up your recon.

Note: the Large Engagement mod is only available in Pro Tier’s stand-alone application and is not available through our online platform at

General Notes Library

All the functionality of Scratchpad, but for general notes not specifically related to a Host:

  • Code editing with syntax highlighting for over 150 programming languages.
  • Hierarchical file structure with drag-and-drop.
  • Download files through the browser or using wget/curl/downloadstring.
  • Instantly switch between code & rich text editing.
  • Import CherryTree XML files!

Your new General Notes Library is a great place to store your favorite pieces of C# code, common or rarely used procedural steps, or your exciting new research ideas and references. General Notes are linked to your account and not associated with an Engagement.

General Notes Library is available on Hobby Tier and Pro Tier, with limited access from Free Tier.

For a full feature comparison between PenTest.WS Tiers, visit

Also New In Version 2.1

  • New Credential Fields
    Credential records now have “domain” and “notes” fields
  • Ignore-Cert
    Pro Tier has a new command line option “–ignore-cert” which allows the stand-alone application to function behind an HTTPS inspection proxy
  • Misc Bug Fixes
    You can submit bug reports to [email protected]

Thanks for reading!
PenTest.WS Development Team

Version 2.0 Release – Findings & Reporting

Welcome to PenTest.WS Version 2.0! Our biggest update yet with the all new Findings System, DOCX Based Reporting Templates, Boards & The Matrix, Full Featured API and Shared Engagements in Pro Tier. Lots to cover, lets dig into it.

Findings System & Findings Library

During a security assessment we often discover vulnerabilities in web applications, network infrastructure, and active directory environments, generally called Findings. These issues need to be documented and later reported back to the client for remediation. The new Findings System in PenTest.WS aims to make this process of collection & documentation as easy as possible.

PTWS now contains a user-defined Findings Library where users can build documentation templates for vulnerabilities such as SQL Injection and add generic text for background information, descriptions, impact, recommendations, as well as a default risk level and reference links. During a live security assessment, these findings templates can quickly be added to the engagement in real-time as you discover them. Further refinements can then be captured with unique details about each specific finding.

Don’t need to capture Validation Steps or track a Remediation Log? Simply visit the Findings Admin utility and hide these fields. Want to rename the References field to External Links? No problem. Add/remove environments and categories. You can even change the color of your Risk Levels!

  • Free Tier: no access to Findings System.
  • Hobby Tier: limited to 5 Findings per Engagement. Findings Library is attached to a single user.
  • Pro Tier: unlimited. Findings Library is global in Pro Tier.

DOCX Based Reporting Templates

Now that you have collected an impressive set of findings for your client, you need to build a client deliverable document with these details. PenTest.WS’s new Reporting Module processes user-uploaded DOCX files with embedded {tags} to generate fully customized reporting documents with a single click.

Download a sample report template:

View the list of available data fields:

As shown in the screenshot above, the Reporting Module’s capabilities includes For loops, If statements, and HTML content from your Findings entries including embedded images like screenshots for evidence. Using the new Client Manager you can add tags such as {} and {client.shortName}, its just one less thing you need to fill out in the final report. Once the Reporting Module is finished processing, your browser downloads the new DOCX file where you can further customize the report as needed.

  • Free Tier: no access to Reporting Module
  • Hobby Tier: limited to 2 reporting templates. Reporting Templates are attached to a single user.
  • Pro Tier: unlimited. Reporting Templates are global in Pro Tier.

Shared Engagements – Pro Tier

Left Side: user Alice – Right Side: user Bob

One of our most advanced features to-date, today we’re launching Shared Engagements for Pro Tier.

Note: Shared Engagements is available in Pro Tier running in Intranet Mode for multi-user accounts

As the owner of an Engagement (the user who created the Engagement), you can grant Read Only or Full Access to your PTWS teammates on an individual basis. These Shared Engagements appear on the remote user’s Dashboard under a new Team Missions section.

Alternatively, you can choose to make an Engagement Public, granting full access to all teammates. Engagements default to Restricted Access with all teammates in the No Access bucket. An Engagement’s Access Control is available in the Console tab.

All Shared Engagement details are synchronized in real-time between users. Shown in the example above, fields are temporarily locked while being edited and updated as that data is saved to the server. Pop-up notifications are displayed about important events, such as adding/delete hosts, ports, credentials or findings.

Boards (see below) is a shared environment when working with teammates, allowing you to group hosts into logical buckets. The Matrix (also described below) is a personal filter system in Shared Engagements, so you can focus on your interesting targets without affecting the filters of others.

Working on a specific Subnet (Pro Tier only)? Click the filter column in the Subnets tab, or use The Matrix subnet filter. Subnet filtering is also a personal filter system in Shared Engagements.

Pro Tier v2.0 Bottom Line: Using all the new PTWS v2.0 features:

  • Teammates can work through an engagement together, adding notes & status to hosts & ports along the way
  • Everyone stays informed and duplicate work is minimized
  • When a vulnerability is found, use the Findings Library to instantly bring in all the generic text
  • Immediately add screenshots to the Finding’s Evidence
  • Use the Reporting Module to generate your client deliverable with one click
  • Project Done!


Most of us are familiar with Boards style organization. These boards are user-defined for each Engagement and can contain any number of hosts. Sort each Board and the Hosts using this intuitive drag-and-drop interface. Group your hosts however is most effective for your environment:

  • Status (in-progress, vulnerable, cleared)
  • Environments (web, int/ext, s.e., wifi)
  • AD Domains (us, europe, asia)
  • Phases (group1, group2, group3)

Once you have defined your Boards, use the Board Filter in the sidebar to limit your view to a selected Board. During a Shared Engagement (Pro Tier) this is a great way to designate different targets to different pen testers. Playing HackTheBox? Setup your Boards for Active Testing, Pwned, Archived, the possibilities are endless.

  • Boards is available on all tiers

The Matrix

The Matrix gives you a 10,000 foot view of your entire Engagement, broken down by Host & Port. An extensive filtering system is available to narrow your view by OS, Host Type, Host Flags (including the new Color flag), Port Number/State/Status, all integrated with the Boards system.

As you refine your filters in The Matrix, your sidebar will synchronize so you can delve into the selected hosts and quickly jump between your active targets. During a Shared Engagement in Pro Tier, The Matrix is a personal view, allowing different teammates to focus on their own objectives.

  • The Matrix is available on all tiers

Full Featured API

Swagger Documentation:

The new PTWS API provides access to your Engagements, Hosts, Ports, Scratchpad, Note Pages, Credentials, Clients & Findings through a RESTful architecture, including GET, PUT, POST, & DELETE capabilities for each object. You can now build automation scripts and integrate external tools into your PenTest.WS environment.

Scanning hosts and importing results now becomes a one-click operation!

Consider the following Nmap Scan Template:

nmap -sC -sV -oA tcp -vv %tip% && curl -X POST "" -H "X-API-KEY: %apikey%" -F "[email protected]"

The first half of this command runs a typical nmap scan on a target IP address, IP range or CIDR block, then outputs the results to a file called “tcp.xml”. The second half of this command uses curl to immediately post these results to your engagement in PenTest.WS.

Embedded in this command are several interesting variables:

%tip%Target IP Address, Range or CIDR Block
%eid%Current Engagement ID
%apikey% Your API Key – when you click on a command with this variable, the application will prompt for your password before swapping the variable for your API Key. You can view your API key at

The full list of variables are available in the Edit Templates screens:

  • PenTest.WS API is available on all tiers

A Few More Things…

  • Engagement wide Credentials Tab – attach a credential to an Engagement, not just a Host/Port
  • Host Colors – a visual way to mark interesting Hosts
  • Old Reporting Tab is now Write-Up – this data is now search from Keyword Search
  • Service Command Library: Service aliases such as “http, https” in the Service Name field
  • Pro Tier: LDAP & SMTP Integration

We’ll cover some of these additional features in another post.

Thanks for reading!
PenTest.WS Development Team

Data Status Indicators – Version 1.9.0 Released

Data Status Indicators for added reliability & Two-Factor Authentication Backup Codes for enhanced security!

Data Status Indicators

Data Status Indicators

The PenTest.WS platform automatically saves your data so you can focus on investigating your targets. Until now, this process remained completely in the background leaving you with little indication that your data is safe, stored securely in the cloud.

Version 1.9.0 introduces transparency into the save process with Data Status Indicators. As seen in the image above, each auto-save field now has an independent status indicator along its left edge:

  1. While actively editing an auto-save field, this indicator will turn grey
  2. During the auto-save process, it will turn red
  3. Once the save process is complete, the indicator will disappear

In addition to the individual field indicators, there is a new general data transfer indicator in the top right corner:

Data Transfer Indicator

Whenever PenTest.WS is sending or receiving data, this new data transfer indicator, with its animated three red squares, will provide further insight into the status of your valuable information.

2FA Backup Codes

Two-Factor Authentication Backup Codes

Accidents happen. Phones are lost, upgraded or simply fail. Backup codes are essential to recovering your account when two-factor authentication (2FA) is enabled.

If you already have 2FA enabled, the system will generate your new backup codes when you visit the link above. Otherwise, you will be prompted to enable two-factor authentication, a process which greatly enhances the security of your PTWS account.

Using a Backup Code

You can only use each backup code once. Be sure to keep these backup codes somewhere safe but accessible.

When all ten codes have been used, you’ll need to generate a new set by revisiting the link above. This link is available from your Account Settings page in the 2FA section. You can generate new codes at any time, which will invalidate all existing backup codes.

Go get your 2FA Backup Codes now!

The PenTest.WS 2021 Road Map

Version 2.0 is a big milestone for any application and one we are incredibly excited about. Today we are announcing two of the most anticipated features coming to PTWS in 2021.

New Report Writing Engine

With all professional penetration tests, the client deliverable is naturally a report describing the engagement’s findings and remediation recommendations. This can be a tedious and time consuming effort, one that is often repetitive and prone to mistakes.

PTWS v2 allows the tester to collect relevant information during a live penetration test and easily generate an engagement report at its conclusion. Report templates start as a Word Document and are fully customizable with loops and conditional statements. Finally, a new data merged Word Document is generated, allowing you to further refine the report as needed.

Application Programming Interface (API)

Scripting is a big part of efficient hacking, so we’re giving PTWS its very own API. Using a simple but effective REST interface which speaks JSON, you’ll be able to build custom tooling around common tasks:

  • Import Nmap and Masscan XML files
  • Query Engagement, Host and Port records
  • Add Hosts and Ports to an Engagement
  • Upload and Download Scratchpad Documents

We’re looking forward to seeing what our hacker community can do with a PenTest.WS API to improve their workflow.

Thanks for reading!
PenTest.WS Development Team

Multi-File Import – Version 1.8.3 Released

Multiple files, masscan, bookmarks, print… lets dig into what’s new in version 1.8.3

Multi-File Import

Multi-File Import

Importing several XML files just got a lot easier! You can now load multiple XML files at once, either through the file browser or simply drag-and-drop. Data from each host always gets placed where it belongs. The filename, file type and contents are displayed for each file. Delete as needed, or click the “Import XML” button to run your import. v1.8.2 brought us the Import Log which has been updated to support multiple files.

Masscan Support

Import now supports Masscan XML files. The Import routine also supports a mixture of Nmap files and Masscan files in the same batch. Have a large IP space to scan? Run a fast Masscan first and follow up discovered hosts with a detailed Nmap scan.

Bookmark Library

Bookmark Library

Store your security related bookmarks all in one place with the new Bookmark Library. Add notes and assign keywords for easy retrieval later using filters, sort and search. You can also store local PenTest.WS links. Bookmark where you left an engagement Friday night and easily pick back up Monday morning.

Print Engagements, Hosts & Ports

v1.8.3 adds a Print functionality to the online Free and Hobby Tiers. Its an easy way to view all you data on a single page. Look for the printer icon in the upper right corner of the Console, Host and Port pages.

Misc Improvements & Bug Fixes

Double Paste Bug – A long time coming, but the double paste bug in the Notes fields has been fixed!

Venom Builder – Additional Parameters – The Venom Builder tool now has a free-type field called Additional Parameters.

Hash Type for Credentials – Credentials now include a Hash Type field, used later to identify what hashcat mode you might need.

Maximize Notes Fields – got lots of notes? Now there is a Maximize button on all Notes fields.

What’s Next?

We have version 2.0 in our sights, which brings an incredible number of new features and capabilities. But more on that as we get closer.

The next major release of PenTest.WS, version 1.9.0, has a completely rewritten save mechanism. Beyond bringing more reliability to the platform, the aim is to provide more transparency into the state of your data. As fields are updated and auto-save timers are set, clear indications of this process will be visible in the user interface.

Many of the improvements in v1.8.3 came directly from user requests. Head over to the Support Forums and submit a Feature Request with your ideas!

Thanks for reading!
PenTest.WS Development Team

IP » Target – v1.8.2 Release

Version 1.8.2 includes several new features and improvements, with maybe the most important being the long awaited IP»Target mod announced last November. Lets step through the major changes in this release…

IP » Target

It is now possible to enter a fully qualified domain name (FQDN) as the Host’s primary identifier. In this example, we’ve shown the possibility for “” and “” as separate hosts. Of course you can still use an IP address to identify a host.

The Import routines have been updated to capture domain names when they have been used to scan a target. For example:

nmap -sC -sV -oA tcp -vv

will now create/update records for the “” host. The Service Command Library automatically uses the Host’s domain name when used as the host identifier:

We’re hoping this change will greatly benefit our pentest community, as well as be a big boost for our bug bounty hunters! Each sub-domain in the program’s scope could have its own Host record, with separate port lists, notes and findings.

Capturing Port State

The Import routines have also been updated to capture Port State. This information is included in Nmap’s XML output, and the possible values are Open, Closed, Filtered, Unfiltered, Open|Filtered, or Closed|Filtered.

Port State is displayed in two places. First, on the left side of the screen in the Host List Panel shown in the screenshot at the top of this article. Second, on the Port page, shown in the screenshot above.

As this is a new feature, previously captured ports will need to have their value set manually, or you can re-import the associated Nmap XML file.

Lastly, it should be noted Port State is separate from Port Status, which is a self assigned note to track which ports have been reviewed or may be vulnerable.

Engagement Archives

Got old engagements cluttering up your Mission Control? Click the new Archive button in the top right corner of each Engagement card and it will drop down into the Archived Engagements section. Don’t worry if this section is not visible, it will appear once you archive your first engagement. Click any of the archived engagements to reinstate it to active mode.

And So Much More…

CVE Database –
The Common Vulnerabilities and Exposures (CVE) database is now searchable directly in PTWS ( This functions similar to the Exploit-DB feature with full keyword search capabilities.

Engagement Wide Credentials –
On the Engagement Console tab, there is a new Engagement Credentials section which shows credentials from all Hosts within that Engagement.

Export as CSV –
Now you can export Engagements and Hosts as CSV files, in addition to JSON files. Use the Export button in the top right of their respective pages.

Hobby Tier, Yearly Payment Option –
You can now pay a full year of Hobby Tier access through the Membership page. Simply change your plan to yearly, and on your next renewal date you will be changed a single yearly price (currently $39.80)

Be sure to head over to the Feature Request page on the PTWS Support site to submit your ideas for the next version.

Thanks for reading!
PenTest.WS Development Team

General Command Library – Version 1.8.0 Release

Today we are announcing the release of PenTest.WS Version 1.8.0 and with it comes the General Command Library!

General Command Library

The General Command Library (GCL) is a place to store all your frequently used, and not so frequently used, general system commands. Much like how the Service Command Library works for services, the GCL works for:

  • System enumeration
  • Privilege escalation
  • Shell escapes
  • File transfer shortcuts
  • Powershell download cradles
  • Pivot tunnels
  • … and anything else!!

Each command can be organized by Operating System, Category, and Sub-Category values. These filters are user-created and self-populated as more and more commands are entered into your GCL system. Additionally, you can quickly search for keywords such as “wmic” or “iex” if you’re looking for a specific functionality.

Filters are sticky, so you can navigate away from the GCL screen and when you return later, you’re dropped right back into the list of commands you were previously viewing.

Availability: the General Command Library has been pushed to all platforms and is ready for immediate use.
– Free Tier: currently limited to five commands
– Hobby & Pro Tier: unlimited command capacity
– Pro Tier: run your Software Update from the Admin Panel

Service Command Library – Free Tier Availability Update

The Service Command Library (SCL) is now accessible on the Free Tier. The SCL is one of the most popular features of the PenTest.WS platform and its usefulness has proven to be an incredible time saver.

SCL on the Free Tier includes up to two commands per service.

New Template List Format

All template list pages have been updated to a more compact table format. This allows more commands per screen real estate.

New Template List Format

Misc Improvements & Bug Fixes

SCL Notes: requested on the Support Forums, SCL records now include a Notes field. These notes will appear on the Port page alongside the service command entry.

Note Pages Clobber Bug: in certain circumstances, it was possible for Note Pages to overwrite the wrong Note Page. However, the content could be recovered through the History functionality. This bug has been fixed.

Note Page Rename Bug: tab renaming functionality has been restored. Double click on a Note Page tab to rename each tab.

Coming soon… IP » Target

An exciting change is coming to the PTWS system. Currently, Hosts are tracked by IP Address. After the IP->Target mod included in the next release, it will be possible to enter a fully qualified domain name (FQDN) as the Host’s primary identifier.

All tools will be updated to support a Target in addition to an IP Address. Import an Nmap XML scan based on a FQDN? No problem. Need to launch a dirsearch command against a FQDN? Sure!

This change will be a big boost for all the Bug Bounty Hunters in our community. Each sub-domain in the program’s scope could have its own Host record, with separate port lists, notes and findings.

We’re always looking for ways to improve the PenTest.WS platform. Head on over to the Support Forums and submit a Feature Request.

Thanks for reading!
PenTest.WS Development Team

Pro Tier Release

Two years after initial development began on PenTest.WS, today we are officially releasing Pro Tier!

PenTest.WS Pro is an offline stand-alone version of the online web application designed to run directly inside your Kali Linux virtual machine. The Pro Tier was developed for professional penetration testers who must comply with strict non-disclosure agreements or those who operate within a restricted network environment.

Get Pro Tier at

All the benefits of the Hobby Tier, plus:

  • Pro Tier Software Updates
  • Offline Stand-Alone Application
  • Two Modes of Operation:
    • Solo Mode
    • Intranet Mode
  • Host Subnetting System
  • Host Filtering System
  • User Maintenance Control Panel

Pro Tier’s subnetting system allows a penetration tester to breakdown a large engagement, maintain scope, and focus on individual segments of a target network.

These subnets can be used in scan templates:

Intranet Mode:

PenTest.WS Pro installed on your intranet server allows your entire team of penetration testers to track hosts, services and record their findings as they work on client engagements.

Solo Mode:

For individual penetration testers, or field work operatives, PenTest.WS Pro runs directly inside your Kali Virtual Machine.


Who owns the application’s data?

You! The PenTest.WS Pro Tier Application maintains a PostgreSQL database stored on the same physical machine or virtual environment as the binary Application. The data contained in this database is the property of the licensee.

[ Read More ]

How do renewals work?

PenTest.WS Pro Tier licenses are purchased on a per-user-per-year basis. The date of first purchase becomes your license anniversary date and the license will be renewed on this date each year.

[ Read More ]

Can I purchase additional licenses?

Additional user licenses may be purchased throughout the year, with each user license sold at a prorated price based on the number of days remaining on your current license.

[ Read More ]

More FAQs can be found at

Pro Tier Status Update

At the end of June, we were fortunate enough to engage with some amazing penetration testers who have been reviewing the Pro Tier binary, ecosystem and auto-update mechanisms. Reports have been positive surrounding both the product itself and the security of the environment.

The release window has been a moving target, and a big appreciation must be given to the entire PTWS community for your patience. We’re working towards a release on August 3rd, 2019.

Pricing Announcement

Today we are announcing Pro Tier pricing!

PenTest.WS Pro Tier is priced at $249.00 per user, per year

All the benefits of the Hobby Tier, plus:

  • Pro Tier Software Updates
  • Offline Stand-Alone Application
  • Two Modes of Operation:
    • Solo Mode
    • Intranet Mode
  • Host Subnetting System
  • Host Filtering System
  • User Maintenance Control Panel

As new Pro Tier features are released, free software updates will be available through an in-app update system so you can easily stay up-to-date.

Pro Tier FAQs are now available in the new support system.

New Support System Launched

To better support the PenTest.WS community at all levels, we have launched a new support website:

  • Submit A Ticket
  • Feature Requests
  • General Discussions
  • FAQs
  • Announcements

Support accounts are separate from PTWS accounts, but they’re free! Head on over and submit a Feature Request or be the first to start a thread in the General Discussions section.

Email support is also available at [email protected]

r/PenTestWS Now Open

Today the PenTestWS subreddit went public.

Bare bones for the moment. Just another way to keep in touch.

Final Thoughts…

We’re nearly there. Thanks again for the continued patience and encouraging emails received throughout this year long process.

Point Release – v1.5.3

PenTest.WS Pro is just around the corner! Today we’re pushing a small point release to the online version, including both the Free Tier and the Hobby Tier.

Echo Up Goes Base64

Echo Up now uses base64 encoding

One of the first dedicated tools built into PTWS was Echo Up. This tool is used to easily create files through a terminal interface and relies on the echo command. Previously, Echo Up would double encode single quotes and double quotes, and echo the contents line by line into an output file.

Thanks to @4lph4b and the script, Echo Up is getting new capabilities. More resilient to non-alphanumeric characters, Echo Up now encodes your file into Base64 and uses a series of targeted shell commands to create the file on a remote server.

There are three options: bash, cmd, and Powershell. Each one works slightly differently, but the end result is the same: an exact copy of your file, on the remote server, using nothing but shell commands. You simply copy and paste these commands into your terminal session, no additional ports or protocols needed.

Note: supports binary files, while the PTWS version currently supports text only.

Venom Builder NOP Sled

Venom Builder NOPs Option

A late addition to this point release, the Venom Builder tool now includes a NOP Sled option.

-n, --nopsled <length> Prepend a nopsled of [length] size

There are a number of options missing from Venom Builder that are available directly through the msfvenom command line. The NOPs option is a great addition and has been requested a few times, and today its here! Keep that feedback coming!

Last, But Not Least – Export Creds

Export credentials tool

Have you captured usernames, passwords, hashes? Need a quick way to password spray a new service login you just discovered? Want to kick-off a hashcat or john-the-ripper session?

Use the Export Creds button to generate a list of every known username, password, hash in your credentials list and a few different mixtures of each.

Each of the sections in the Export Creds tool is useful in different situations. Sometimes its as simple as reporting your findings – “UN:PW”. Other times it can be a little more complicated.

Here’s a short rundown of each section:

  • Usernames: Every known username in your credentials list
  • Passwords: Every known password in your credentials list
  • UN-PW: A simple combination of username:password
  • UN:PW All-U: All permutations of every known username:password, looped around the username
  • UN:PW All-P: All permutations of every known username:password, looped around the password. This mode is best for password spraying to reduce the chance of account lockout with large lists.
  • Uncracked Hashes: Every known hash in your credentials list that does not also have a password. This is ideal for starting a hashcat or john-the-ripper session.
  • UN:Hash All: Every credential record that contains a hash

Note: Export Creds is currently a Host level export and is available on the Host or Port page. Engagement wide credential management is coming in a future release.

PenTest.WS Pro – Status Update

We’re still on track for an end of June release of PenTest.WS Pro. The features are complete and currently being tested. Pricing is nearly settled. Store infrastructure is under heavy development but moving quickly.

We’ll be releasing more information on this blog and Twitter in the weeks ahead. Any unforeseen delays will be announced as soon as possible. Its been a lot of work to get this far, and we’re incredibly excited about the new product.

Thanks for reading, enjoy the new online features, and as always, keep the feedback coming!!