Skip to content

Quick Start

The shortest useful path

Use this flow when you want to start a new engagement quickly.

  1. Create a session and define the target IP or host.
  2. Optional: load the demo session from Settings. On Free, if the one-session limit is already reached, PentestPath can replace the current session with demo data.
  3. Import Nmap XML results, or stage them in Infrastructure Hub for review.
  4. Build the attack graph with nodes, status, notes, and tags.
  5. Use Arsenal suggestions from the selected node, and send useful commands to the terminal for review.
  6. Capture findings and evidence while you work, including terminal output and annotated screenshots.
  7. Write the report in Markdown, then export HTML or Pro PDF when ready.
  8. Export the session as .ptpx for backup or transfer.

1. Start with scope

Fill in the target field and session notes before adding graph nodes. That gives the Arsenal and the reporting workflow a consistent source of context.

2. Build from imports

If you already have Nmap output, import it early. Infrastructure Hub is useful when you want to review hosts and services before pushing them into the graph.

3. Keep evidence attached to the work

Use findings and evidence during the engagement instead of writing everything at the end. PentestPath is designed to keep graph, terminal, notes, and reporting aligned.

For screenshots, paste from the clipboard or select an image file, annotate the important region, and redact secrets before saving the evidence item.

Continue reading

PentestPath documentation