The idea for PenTest.WS grew from a lack of specifically designed organizational tools for penetration testers. After studying the written and video sections of the Offensive Security Certified Professional exam, the decision was made to begin work on a purpose built web application to help manage the large number of hosts & services encountered during a penetration test.
It was important to the vision of PenTest.WS to be more than just a glorified spreadsheet. PenTest.WS will offer shortcuts and automation that only a true web application can provide. Beyond note taking, this system includes copy-and-paste integration with customizable command libraries, global service notes, and a user defined shell command library.
Nmap scans provide a wealth of information. PenTest.WS will automatically import the XML data produced by Nmap and create hosts & services ready to be further explored by the pentester. These Nmap uploads will also be stored within the web app in their full detailed version so that no details are ever lost.
Global Service Notes (GSN) is a unique feature to PenTest.WS that allows the pentester to keep service specific notes about SSH, HTTP, SMB or any other protocol encountered. These notes will be available anytime that service is found during an engagement. GSNs can include general notes about the service or service specific commands that include the target’s IP address and port number.
PenTest.WS can also help the pentester organize captured credentials. These username/password combinations can be entered manually or imported from a .passwd file for a more automated approach. Passwords can then be copied back out of the web application with the click of a mouse. This feature increases the speed and accuracy of typing complicated passwords during an engagement.
Development is just beginning and we’re looking forward to seeing PenTest.WS take shape.