Version 2.0 Release – Findings & Reporting

Welcome to PenTest.WS Version 2.0! Our biggest update yet with the all new Findings System, DOCX Based Reporting Templates, Boards & The Matrix, Full Featured API and Shared Engagements in Pro Tier. Lots to cover, lets dig into it.

Findings System & Findings Library

During a security assessment we often discover vulnerabilities in web applications, network infrastructure, and active directory environments, generally called Findings. These issues need to be documented and later reported back to the client for remediation. The new Findings System in PenTest.WS aims to make this process of collection & documentation as easy as possible.

PTWS now contains a user-defined Findings Library where users can build documentation templates for vulnerabilities such as SQL Injection and add generic text for background information, descriptions, impact, recommendations, as well as a default risk level and reference links. During a live security assessment, these findings templates can quickly be added to the engagement in real-time as you discover them. Further refinements can then be captured with unique details about each specific finding.

Don’t need to capture Validation Steps or track a Remediation Log? Simply visit the Findings Admin utility and hide these fields. Want to rename the References field to External Links? No problem. Add/remove environments and categories. You can even change the color of your Risk Levels!

  • Free Tier: no access to Findings System.
  • Hobby Tier: limited to 5 Findings per Engagement. Findings Library is attached to a single user.
  • Pro Tier: unlimited. Findings Library is global in Pro Tier.

DOCX Based Reporting Templates

Now that you have collected an impressive set of findings for your client, you need to build a client deliverable document with these details. PenTest.WS’s new Reporting Module processes user-uploaded DOCX files with embedded {tags} to generate fully customized reporting documents with a single click.

Download a sample report template:

View the list of available data fields:

As shown in the screenshot above, the Reporting Module’s capabilities includes For loops, If statements, and HTML content from your Findings entries including embedded images like screenshots for evidence. Using the new Client Manager you can add tags such as {} and {client.shortName}, its just one less thing you need to fill out in the final report. Once the Reporting Module is finished processing, your browser downloads the new DOCX file where you can further customize the report as needed.

  • Free Tier: no access to Reporting Module
  • Hobby Tier: limited to 2 reporting templates. Reporting Templates are attached to a single user.
  • Pro Tier: unlimited. Reporting Templates are global in Pro Tier.

Shared Engagements – Pro Tier

Left Side: user Alice – Right Side: user Bob

One of our most advanced features to-date, today we’re launching Shared Engagements for Pro Tier.

Note: Shared Engagements is available in Pro Tier running in Intranet Mode for multi-user accounts

As the owner of an Engagement (the user who created the Engagement), you can grant Read Only or Full Access to your PTWS teammates on an individual basis. These Shared Engagements appear on the remote user’s Dashboard under a new Team Missions section.

Alternatively, you can choose to make an Engagement Public, granting full access to all teammates. Engagements default to Restricted Access with all teammates in the No Access bucket. An Engagement’s Access Control is available in the Console tab.

All Shared Engagement details are synchronized in real-time between users. Shown in the example above, fields are temporarily locked while being edited and updated as that data is saved to the server. Pop-up notifications are displayed about important events, such as adding/delete hosts, ports, credentials or findings.

Boards (see below) is a shared environment when working with teammates, allowing you to group hosts into logical buckets. The Matrix (also described below) is a personal filter system in Shared Engagements, so you can focus on your interesting targets without affecting the filters of others.

Working on a specific Subnet (Pro Tier only)? Click the filter column in the Subnets tab, or use The Matrix subnet filter. Subnet filtering is also a personal filter system in Shared Engagements.

Pro Tier v2.0 Bottom Line: Using all the new PTWS v2.0 features:

  • Teammates can work through an engagement together, adding notes & status to hosts & ports along the way
  • Everyone stays informed and duplicate work is minimized
  • When a vulnerability is found, use the Findings Library to instantly bring in all the generic text
  • Immediately add screenshots to the Finding’s Evidence
  • Use the Reporting Module to generate your client deliverable with one click
  • Project Done!


Most of us are familiar with Boards style organization. These boards are user-defined for each Engagement and can contain any number of hosts. Sort each Board and the Hosts using this intuitive drag-and-drop interface. Group your hosts however is most effective for your environment:

  • Status (in-progress, vulnerable, cleared)
  • Environments (web, int/ext, s.e., wifi)
  • AD Domains (us, europe, asia)
  • Phases (group1, group2, group3)

Once you have defined your Boards, use the Board Filter in the sidebar to limit your view to a selected Board. During a Shared Engagement (Pro Tier) this is a great way to designate different targets to different pen testers. Playing HackTheBox? Setup your Boards for Active Testing, Pwned, Archived, the possibilities are endless.

  • Boards is available on all tiers

The Matrix

The Matrix gives you a 10,000 foot view of your entire Engagement, broken down by Host & Port. An extensive filtering system is available to narrow your view by OS, Host Type, Host Flags (including the new Color flag), Port Number/State/Status, all integrated with the Boards system.

As you refine your filters in The Matrix, your sidebar will synchronize so you can delve into the selected hosts and quickly jump between your active targets. During a Shared Engagement in Pro Tier, The Matrix is a personal view, allowing different teammates to focus on their own objectives.

  • The Matrix is available on all tiers

Full Featured API

Swagger Documentation:

The new PTWS API provides access to your Engagements, Hosts, Ports, Scratchpad, Note Pages, Credentials, Clients & Findings through a RESTful architecture, including GET, PUT, POST, & DELETE capabilities for each object. You can now build automation scripts and integrate external tools into your PenTest.WS environment.

Scanning hosts and importing results now becomes a one-click operation!

Consider the following Nmap Scan Template:

nmap -sC -sV -oA tcp -vv %tip% && curl -X POST "" -H "X-API-KEY: %apikey%" -F "[email protected]"

The first half of this command runs a typical nmap scan on a target IP address, IP range or CIDR block, then outputs the results to a file called “tcp.xml”. The second half of this command uses curl to immediately post these results to your engagement in PenTest.WS.

Embedded in this command are several interesting variables:

%tip%Target IP Address, Range or CIDR Block
%eid%Current Engagement ID
%apikey% Your API Key – when you click on a command with this variable, the application will prompt for your password before swapping the variable for your API Key. You can view your API key at

The full list of variables are available in the Edit Templates screens:

  • PenTest.WS API is available on all tiers

A Few More Things…

  • Engagement wide Credentials Tab – attach a credential to an Engagement, not just a Host/Port
  • Host Colors – a visual way to mark interesting Hosts
  • Old Reporting Tab is now Write-Up – this data is now search from Keyword Search
  • Service Command Library: Service aliases such as “http, https” in the Service Name field
  • Pro Tier: LDAP & SMTP Integration

We’ll cover some of these additional features in another post.

Thanks for reading!
PenTest.WS Development Team