Hybrid pentest orchestration. Self-hosted. AI-assisted.

The operating system for penetration testing teams.

Plan with structured methodologies, run tools from one workspace, capture evidence as you go, and ship audit-ready reports. Open core, with commercial editions for teams and enterprises.

Start freeBook a demo
For security teams and MSSPs
  • Self-hosted by default
  • Air-gap friendly
  • Local-first AI
pentestflow / engagement / acme-corp-q3
running

Recon

Discovery

nmapsubfindershodan

Exploit

Validation

nucleiburpmetasploit

Post-Ex

Pivot, escalate

bloodhoundlinpeas

Report

Audit-ready

pdfcsvjson
live execution: nuclei -t cves/ -u app.acme.ioevidence captured
[INF] Loading templates from cves/ (1,284)
[MED] CVE-2024-XXXX detected at /api/v1/admin
[INFO] AI suggestion: chain with /api/v1/users for auth bypass
[OK] step 12/24 complete, 3 findings linked to evidence

Used by security professionals around the world

MSSPs and consultants
Internal red teams
Bug bounty hunters
Training organizations
Enterprise security
Open source on GitHubAGPL-3.0 community core

The problem

Pentesting is broken.

Most teams stitch together notes apps, terminals, screenshot folders, and Word templates. The work is real. The system is not.

Manual workflows

Notes scattered across Notion, terminals, and chat threads.

Inconsistent methodology

Every tester works differently. Coverage drifts client to client.

Lost evidence

Screenshots, commands, and outputs forgotten in random folders.

Painful reporting

Reports rebuilt by hand at 2 AM, every single engagement.

The solution

One system. Full control.

PentestFlow gives security teams a single place to plan, run, and document offensive work, mapped to the lifecycle they actually follow.

Structured execution

Step-by-step methodologies turn ad-hoc work into a repeatable, reviewable process. Every engagement looks the same on the inside.

Command and evidence capture

Stream commands and outputs from one workspace. Screenshots and findings auto-link to the methodology step that produced them.

Automated reporting

Reports are generated from real execution data, not memory. Export JSON, CSV, or templated PDF, with consistent severity and remediation.

How it works

Four stages, one continuous flow.

From scope to deliverable, every step links back to evidence.

Step 01

Define target

Add scope, assets, and engagement type. Pick or import a methodology that matches the work.

Scope, variables, methodology import

Step 02

Execute workflow

Follow structured methodology steps and run commands directly from the UI with live streamed output.

Live terminal, AI suggestions, retry

Step 03

Capture evidence

Screenshots, command outputs, and notes are auto-linked to the step that produced them, ready for review.

Auto-evidence, finding linking, audit trail

Step 04

Generate report

Export a clean, structured report instantly. JSON or CSV everywhere, templated PDF on Pro and Enterprise.

JSON, CSV, templated PDF, AI summary

Inside the product

A workspace built for the way pentests actually run.

pentestflow / methodology / vulnerable target walkthrough
PentestFlow methodology view with working directory, external services scan controls, and an ordered list of methodology steps

Plan with structured methodologies.

Set scope, choose a working directory, link external scans, and run a methodology with command and manual steps. Variables like {{target}} keep playbooks reusable across every engagement.

pentestflow / live execution
PentestFlow live methodology execution showing passed, failed, and manual review steps with curl, whatweb, nikto, gobuster, and sqlmap commands

Execute and capture as you go.

Run real tools from the workspace. Each step records its status, duration, output, and evidence count, so a teammate or an auditor can replay the engagement step by step.

pentestflow / AI assistance and terminal
PentestFlow AI command suggestions panel above a live terminal that just ran nmap and nuclei against pentest-ground.com

AI suggestions, grounded in your run.

Get goal-based command generation and explanations from local Ollama or cloud models. The terminal streams output from any tool you trigger, with rate limits and execution policies in place.

Before vs after

From fragmented work to unified execution.

BeforeWithout PentestFlow
  • Notes scattered in Notion and Google Docs
  • Commands lost in terminal history
  • Screenshots in random local folders
  • Reports rebuilt manually in Word
  • Methodology in someone's head
AfterWith PentestFlow
  • Everything in one workspace
  • Fully traceable execution per step
  • Evidence auto-captured and linked
  • Audit-ready reports in one click
  • Methodology shared and versioned

Features

Three systems, one workspace.

Mapped to the lifecycle every pentest follows: execution, evidence, and reporting.

01

Execution system

Turn ad-hoc work into a repeatable, observable process. From scope to step status, in one place.

Methodology builder

Drag-and-drop steps with command and manual stages. Variable substitution for {{target}}, {{targetIP}}, and {{project}}.

Integrated terminal

Run any tool from the workspace with live streamed output, retry, kill, and step controls.

AI assistance

Local-first via Ollama. Cloud AI on Pro. Get command suggestions, explanations, and goal-based generation.

02

Evidence system

Capture proof as you work. Every output, screenshot, and finding ties back to the step that produced it.

Auto evidence capture

Screenshots and command output are stored automatically against the methodology step.

Linked findings

Findings reference their evidence, making review and audit straightforward.

Searchable history

Filter command history across projects. Export the audit trail as CSV or JSON.

03

Reporting system

Reports are generated from real execution data, not memory. Consistent severity, structure, and remediation.

Pre-built templates

Templated reports with severity, remediation guidance, and an executive summary.

One-click export

JSON and CSV everywhere. Templated PDF on Pro. Server-side WeasyPrint PDF on Enterprise.

Plugin extensibility

Extend reports and workflows with Python plugins. Register custom commands, routes, or methodologies.

Why PentestFlow

A workflow engine, not just a scanner or reporter.

PentestFlow replaces the patchwork of scanners, notes, terminals, and reporting tools with one workflow engine. Standardize execution, capture evidence, and keep every engagement repeatable.

OWASP web / APIPTES workflow mappingNIST-aligned evidence flow
Capability
Automated scannersBurp, Nessus, Acunetix
PentestFlowThe hybrid workspace
Reporting toolsDradis, Serpico, PTA
Command execution
Custom methodologies
Integrated evidence
AI assistance
Local-first / self-host
Report generation
“Move from ad-hoc testing to a repeatable workflow that the whole team can follow, review, and scale across clients.”

Editions and pricing

Start free. Scale when you need to.

One codebase, three editions. Pick what fits your team today, upgrade when governance and scale demand it.

Community

Free and open source

Free

AGPL-3.0 license

Core orchestration for individual pentesters and small teams. Self-hosted, local-first, and free forever.

  • Up to 3 projects
  • Up to 5 methodologies
  • Local AI via Ollama
  • Plugin system
  • JSON / CSV export
Download free
Most popular

Professional

For working pentesters

$79

per user / month

Unlocks unlimited scope, cloud AI, external intel, PDF reporting, and community publishing for solo professionals and boutique consultancies.

  • Unlimited projects and methodologies
  • Cloud AI (Gemini, OpenAI, DeepSeek)
  • Shodan and VirusTotal intel
  • PDF reports with templates
  • Community publishing
  • Email support
Start trial

Enterprise

For security teams and MSSPs

Contact sales

Tailored to your team

Adds team management, RBAC, audit logging, SSO, scheduled scans, server-side PDF, and compliance mapping for governance-heavy organizations.

  • Teams, roles, and RBAC
  • Audit log with CSV export
  • SSO and SAML
  • Scheduled and recurring scans
  • Server-side PDF (WeasyPrint)
  • Compliance mapping (OWASP, NIST, PCI-DSS, ISO 27001)
  • Priority support and SLAs
Talk to sales

Integrations and supported tools

Works with the stack you already use.

From local AI to cloud intelligence, recon to reporting, PentestFlow integrates with the tools security teams already depend on.

Ollama

Local AI

Gemini

Cloud AI

OpenAI

Cloud AI

DeepSeek

Cloud AI

Shodan

Recon intel

VirusTotal

Threat intel

Nmap

Network scan

Nuclei

Vuln scan

Burp / ZAP

Web proxy

Supabase

Auth and share

Docker

Deployment

PostgreSQL

Database

Ollama

Local AI

Gemini

Cloud AI

OpenAI

Cloud AI

DeepSeek

Cloud AI

Shodan

Recon intel

VirusTotal

Threat intel

Nmap

Network scan

Nuclei

Vuln scan

Burp / ZAP

Web proxy

Supabase

Auth and share

Docker

Deployment

PostgreSQL

Database

Who it is for

Built for security teams that need control.

Pentesters

Run structured pentests today.

Get a methodology library, integrated terminal, and automatic evidence capture. Free and open source forever.

Start free

Security leaders and MSSPs

Standardize delivery across your team.

RBAC, audit logging, SSO, and compliance mapping for governance-heavy organizations and multi-client work.

See enterprise

AppSec teams

Repeatable testing in your SDLC.

Reusable playbooks, scheduled scans, and report exports that plug into your engineering workflow.

Talk to us

FAQ

Frequently asked questions

PentestFlow is a hybrid pentest orchestration platform where you plan, execute, and document security assessments. It combines structured methodologies, integrated terminal execution, AI guidance, and audit-ready reporting in one self-hosted workspace.

Ready to standardize your pentests?

Start free with the Community edition. No account required. Self-host and own your data.

Start freeTalk to sales