Arsenal
What Arsenal Is
Arsenal is PentestPath's command suggestion layer. It proposes contextual commands based on the selected node, tags, service names, ports, and matched patterns in your session.
What It Includes In 2.2.0
- bundled command cards for common pentest workflows
- richer command-mode entries for Nmap, Gobuster, FFUF, Nuclei, Hydra, SQLMap, WPScan, and NetExec
- search across the library
- context-aware ranking
- external references such as GTFOBins, LOLBAS, and HackTricks links
- direct send-to-terminal for review before execution
Arsenal is not an automation engine. It prepares useful commands and leaves final review to you.
Built-In Substitution
When you copy a command from the Arsenal panel, or send it to the terminal, PentestPath currently resolves these placeholders in the UI:
$TARGET$TARGET_DOMAIN$TARGET_NAME$LHOST
Some built-in entries intentionally keep placeholders such as $PORTS, $USER, $PASS, $DOMAIN, $DC, $SIZE, $DB, or $TABLE. Edit those values before running the command.
See Arsenal Variables for precise substitution behavior.
Send To Terminal
Arsenal commands can be sent to the active integrated terminal. The command is inserted for review; PentestPath does not press Enter or run it automatically.
Use this when you want to:
- preserve shell context
- edit unresolved placeholders
- verify flags and paths
- keep command history close to the session graph
Free And Pro
Free includes:
- basic Arsenal
- built-in command suggestions
- copy command
- send command to terminal
Pro adds:
- custom Arsenal entries
- Arsenal favorites
Usage Advice
Treat Arsenal as a starting point. Validate target values, ports, credentials, callback IPs, wordlists, output paths, and rate limits before running anything.