Pentest Companion Workspace

Skill by ara.so — Security Skills collection.

Pentest Companion is a self-hosted workspace for managing penetration testing engagements. It consolidates target tracking, tool execution, finding management, CVSS scoring, evidence collection, client portals, and report generation into a single interface. All data stays on your infrastructure—no cloud dependencies.

What It Does

• Engagement Management: Track targets, open ports, credentials, attack paths, PTES checklist phases, and time spent
• Finding Management: CVSS v3.1 scoring, CVE lookup, evidence uploads, 2400+ templates, bulk operations
• Tools Hub: 90+ integrated tools (nmap, gobuster, nikto, sqlmap, netexec, impacket suite, etc.) with live output streaming and auto-import
• Web Scanner: Passive security scanner for TLS, headers, cookies, CORS, exposed files, tech fingerprinting
• Reporting: DOCX/PDF generation with branded cover pages, executive summaries, and technical findings
• Workflow Playbooks: Sequential multi-tool scan pipelines (External Recon, Web App, AD/SMB Enum, etc.)
• Terminal Logging: Pipe command output from your terminal into engagement sessions with ANSI replay
• Scheduled Scans: Recurring tool runs against targets with auto-import
• Webhooks: Slack/Discord/Teams notifications on finding creation
• REST API: Read-only endpoints for engagements and findings