Quick Start
The shortest useful path
Use this flow when you want to start a new engagement quickly.
- Create a session and define the target IP or host.
- Optional: load the demo session from Settings. On Free, if the one-session limit is already reached, PentestPath can replace the current session with demo data.
- Import Nmap XML results, or stage them in Infrastructure Hub for review.
- Build the attack graph with nodes, status, notes, and tags.
- Use Arsenal suggestions from the selected node, and send useful commands to the terminal for review.
- Capture findings and evidence while you work, including terminal output and annotated screenshots.
- Write the report in Markdown, then export HTML or Pro PDF when ready.
- Export the session as
.ptpxfor backup or transfer.
Recommended first session routine
1. Start with scope
Fill in the target field and session notes before adding graph nodes. That gives the Arsenal and the reporting workflow a consistent source of context.
2. Build from imports
If you already have Nmap output, import it early. Infrastructure Hub is useful when you want to review hosts and services before pushing them into the graph.
3. Keep evidence attached to the work
Use findings and evidence during the engagement instead of writing everything at the end. PentestPath is designed to keep graph, terminal, notes, and reporting aligned.
For screenshots, paste from the clipboard or select an image file, annotate the important region, and redact secrets before saving the evidence item.