Skip to content

Arsenal

What Arsenal Is

Arsenal is PentestPath's command suggestion layer. It proposes contextual commands based on the selected node, tags, service names, ports, and matched patterns in your session.

What It Includes In 2.2.0

  • bundled command cards for common pentest workflows
  • richer command-mode entries for Nmap, Gobuster, FFUF, Nuclei, Hydra, SQLMap, WPScan, and NetExec
  • search across the library
  • context-aware ranking
  • external references such as GTFOBins, LOLBAS, and HackTricks links
  • direct send-to-terminal for review before execution

Arsenal is not an automation engine. It prepares useful commands and leaves final review to you.

Built-In Substitution

When you copy a command from the Arsenal panel, or send it to the terminal, PentestPath currently resolves these placeholders in the UI:

  • $TARGET
  • $TARGET_DOMAIN
  • $TARGET_NAME
  • $LHOST

Some built-in entries intentionally keep placeholders such as $PORTS, $USER, $PASS, $DOMAIN, $DC, $SIZE, $DB, or $TABLE. Edit those values before running the command.

See Arsenal Variables for precise substitution behavior.

Send To Terminal

Arsenal commands can be sent to the active integrated terminal. The command is inserted for review; PentestPath does not press Enter or run it automatically.

Use this when you want to:

  • preserve shell context
  • edit unresolved placeholders
  • verify flags and paths
  • keep command history close to the session graph

Free And Pro

Free includes:

  • basic Arsenal
  • built-in command suggestions
  • copy command
  • send command to terminal

Pro adds:

  • custom Arsenal entries
  • Arsenal favorites

Usage Advice

Treat Arsenal as a starting point. Validate target values, ports, credentials, callback IPs, wordlists, output paths, and rate limits before running anything.

PentestPath documentation