PentestPath desktop workflow

Map the attack path. Run the terminals. Ship the report.

PentestPath gives pentest engagements a single local-first desktop workflow. Graph the path, execute in context, capture evidence, and move into reporting without scattering context across tools.

Local-first Optional vault Ollama local AI Team Mode beta
Graph-first workspace
Downloads
Current public release: v2.2.0

Pick your platform and start with the latest release.

Windows ships as an `.exe` installer. Linux users can choose AppImage or `.deb` depending on how they prefer to run the desktop app.

Windows
Desktop installer
x64

Direct access to the latest `.exe` when available, with release assets as fallback.

If SmartScreen appears, click More info then Run anyway.

Linux
AppImage or `.deb`
Portable / package

Use AppImage for a portable path, or `.deb` if package-managed installation fits better in your environment.

AppImage may need libfuse2 on some modern distros.

Built for

Different users, same need: keep the engagement coherent.

The point is not to imitate a giant platform. It is to give a pentest engagement a single operational surface where the graph, commands, notes, and output still belong to the same mission.

Audience

Pentesters

Keep the engagement graph, terminal context, and reporting flow in one local-first workspace.

Audience

Consultants

Move faster between recon notes, execution, and deliverables without scattering context across tools.

Audience

Students

Practice methodology with a structure that makes attack paths, commands, and findings easier to review.

Audience

Small Teams

Use Team Mode beta when you need shared visibility without turning the product into a heavy enterprise stack.

Workflow

A clearer path from scope to deliverable.

This is the backbone of the site: not a list of abstract features, but the sequence a real engagement actually follows.

01

Define scope

Open a session, set the target, and keep the engagement boundary explicit from the start.

02

Map the graph

Import scan data, create nodes, and keep the attack path readable as the engagement grows.

03

Run the work

Execute from the terminal workspace and send Arsenal commands into shell context for review.

04

Ship the report

Capture evidence, append findings from the workspace, and export HTML or Pro PDF for handoff.

Workspace

Attack graph that stays usable during the engagement

PentestPath is built around a graph-first view of the mission. Search, filters, minimap, auto-layout, and node actions keep the structure readable instead of collapsing into a whiteboard mess.

  • Recon, exploit, privesc, lateral movement, and loot stay in one model
  • Session compare and package export support handoff and review
  • Research links stay attached to the same session context
Execution

Terminal work with session context still attached

The terminal workspace is there to support the engagement flow, not replace your shell. Open concurrent terminals, keep layouts across sessions, and work without losing sight of what the node or target actually means.

  • Rust-backed PTY layer for the desktop build
  • Multiple integrated terminals in Free and Pro
  • Arsenal commands can be sent to the terminal before you run them
Delivery

Reporting that starts from findings, not from a blank document

The reporting flow is tied to the workspace so you can capture evidence, append findings, review the draft, and export deliverables without rebuilding everything in a separate document tool.

  • Markdown report editor with live preview
  • Screenshot evidence paste, annotation, and redaction
  • HTML export on Free and Pro, Typst PDF templates in Pro
More

Smart Arsenal

Base command library on Free, with favorites and custom entries in Pro.

More

Local AI Assistant

Pro-only assistant connected to your local Ollama endpoint and model.

More

Vault Security

Optional password-protected local vault with optional TOTP for sensitive local data.

More

Team Mode Beta

Real-time collaboration included in Pro as a beta workflow.

Pricing

Simple tiers.

Free is enough to explore the workflow. Pro unlocks the capacity and delivery features that matter once the tool becomes part of your actual engagement process.

Pro
USD 47.99
One-time payment, excl. VAT
Buy Pro
  • USD 47.99 one-time for Pro, excl. VAT
  • Device activation stored locally after validation
  • 14-day offline grace after successful validation
Comparison

Free vs Pro

Team Mode stays included in Pro as beta.
Feature
Free
Pro
Sessions
1
Unlimited
Integrated terminals
Yes
Yes
Findings & Evidence
Yes
Yes
Screenshot annotation
Yes
Yes
Base Arsenal
Yes
Yes
Arsenal send to terminal
Yes
Yes
HTML export
Yes
Yes
Typst PDF export
No
Yes
Arsenal Favorites
No
Yes
Custom Arsenal
No
Yes
AI Assistant
No
Yes
Team Mode Beta
No
Yes
Resources

Public entry points for users and releases.

The public release repository is where the website, docs, changelog, binaries, and support flow now meet.