Penetration Testing
Scoped, methodology-driven testing across web, network, cloud, and internal estates.
Offensive security
Attackers don't run checklists. Neither do we.
Ceretrix is an offensive security firm built by operators. We run engagements that show you exactly where you'd lose — and we hand your engineers the findings, evidence, and remediation guidance to fix it before someone else gets there.
What we break
All services →Engagements built for engineers, not checklists.
Red Team & Adversary Simulation
Objective-based engagements that test detection, response, and the assumptions in between.
Custom Security Tooling
Tooling built around your stack — automation, agents, and platforms your team actually uses.
Automated Pentest Engagement
Pentest Companion
Our flagship open-source tool: a self-hosted pentest management workspace. Track engagements, run tools, auto-import findings, and generate professional reports — all on your own infrastructure.
pentestcompanion · engagement view
engagement acme-corp-q2-external status in_progress scope 12 hosts / 3 webapps findings 14 (3 crit · 5 high · 4 med · 2 low) methodology PTES · OWASP WSTG tools nmap, ffuf, sqlmap, burp, ... [+] auto-imported 47 nuclei → 6 actionable [+] cvss v3.1 + CVE lookup (NVD) [+] report acme-corp-q2-external.docx
Stop guessing where you'd lose first.
Send us your scope. We'll send back an engagement plan — and findings your engineers can close.