CeretrixCeretrixContact
Open source · by Ceretrix

The ultimate pentest companion.

A self-hosted pentest management workspace. Track engagements, run 50+ tools, auto-import findings, and generate professional reports — all on your own infrastructure.

⭐ Star on GitHubSee pricing
  • Free community edition
  • No credit card required
  • Self-host or cloud
nmap — engagement #42
$ nmap -sV -sC 10.10.110.0/24 | pclog 42 "initial scan"
Starting Nmap 7.94 at 2026-05-20 09:12
Scanning 10.10.110.0/24 [1000 ports]...
PORT     STATE SERVICE      VERSION
22/tcp   open  ssh          OpenSSH 8.9
80/tcp   open  http         nginx 1.22.0
445/tcp  open  microsoft-ds Samba 4.x
8080/tcp open  http-proxy   Squid 5.7
...
✓ 4 findings auto-imported to engagement #42
Auto-imported findings
SMB Null SessionCritical
nginx < 1.24 (CVE-2024-7347)High
Squid SSRF ExposureMedium
SSH weak algorithmsLow
50+
Integrated tools
120+
Vulnerability templates
20+
Report formats
PTES
Checklist integrated
Docker
Ships as image
Everything you need

A full workspace for the engagement lifecycle.

From first recon to final report — every phase of your pentest in one place, with no context switching.

📋

Engagement Tracking

Targets, ports, PTES checklist phases, attack steps, credentials vault, timeline, and time tracking. Archive and restore at any time.

Community
🔍

50+ Integrated Tools

nmap, netexec, bloodhound, impacket, gobuster, ffuf, and 37 more — discover what's installed, launch from the UI, stream live output.

Community
📄

Automated Reporting

Schedule DOCX + PDF reports to generate and deliver automatically. Custom branding, executive summaries, redacted client copies.

Pro
🎓

Exam Mode

OSCP · OSEP · OSED · CRTP · PNPT · CPTS. Live countdown, machine tracking, points tracker, pass/fail badge, and exam-style DOCX.

Community
👥

Team Workspaces

Roles (viewer / operator / owner / admin), invite links, audit log, per-team branding. Full cross-team data isolation enforced in tests.

Community
🖥

Terminal Logging

Pipe any command via pclog. Full ANSI colour replay. Sessions tied to engagements with timestamps and search.

Community
🌐

Web Scanner

TLS, security headers, cookies, CORS, exposed files, tech fingerprint. Deep mode: dir enumeration + JS endpoint extraction.

Community
🔗

Integrations

Jira, Slack, and GitHub issue creation. Nessus + Burp Suite XML import. Webhook delivery on new findings and report completion.

Enterprise
🔒

SSO / SAML

Okta, Azure AD, Google Workspace, and any SAML 2.0 provider. Role mapping from IdP groups. MFA enforcement policy.

Enterprise
📄 Engagement Report — ACME Corp
DOCXPDF
Executive Summary
Risk overview, key findings, remediation timeline
Technical Findings
CriticalKerberoastable service account
CriticalDomain admin credential reuse
HighBloodHound: shortest DA path (3 hops)
MediumWeak password policy (≤ 8 chars)
LowSSH protocol v1 enabled on legacy host
Compiling evidence…82%
🗓
Scheduled Delivery
Every Friday 09:00 UTC → client@acme.com
Automated Reporting

Reports that write themselves — then deliver themselves.

Set a schedule, pick your format, and PentestCompanion handles the rest. Findings, evidence, CVSS scores, and recommendations — assembled and delivered automatically, branded with your logo.

  • DOCX + PDF generation with one click or on a cron schedule
  • Executive summary and full technical report as separate deliverables
  • Branded cover page, headers, footers — upload your logo and color
  • Redact credentials automatically for client-facing copies
  • Email delivery to client addresses on completion
  • Webhook trigger: push to Slack or Jira when report is ready
Get automated reporting →
Tools Hub

50+ tools. Point, click, scan.

The Tools Hub auto-detects what's installed on the host. Click any tool to open a launch form, fill in target and options, and watch output stream live via SSE. When the job finishes, parsed findings land in your engagement automatically.

  • 10 categories: Network, Web, AD/Windows, Impacket, Password, DNS, SSL/TLS, OSINT, Linux, Custom
  • Auto-scan on target creation — tick tools, they run in the background
  • Live SSE output streaming with ANSI colour
  • Auto-import findings to the engagement in one click
  • Job persistence — scans survive server reloads
  • Nessus + Burp Suite XML bulk import
Browse the tool library →
nmap
Network
netexec
AD / Windows
bloodhound-py
AD / Windows
gobuster
Web
ffuf
Web
kerbrute
Password
secretsdump
Impacket
masscan
Network
43 tools across 10 categories7 / 8 installed
Team — Red Cell Alpha
RH
r0b3rt_h
robert@redcell.io
Owner
AK
alex_k
alex@redcell.io
Operator
JT
j_thomas
j.thomas@redcell.io
Viewer
📋 Audit Log
alex_k exported engagement #12 · 5m ago
j_thomas added target 10.10.50.4 · 12m ago
r0b3rt_h changed j_thomas role to Viewer · 1h ago
Team Collaboration

Your whole team. One workspace.

Invite your team, assign roles, and collaborate on engagements without stepping on each other's data. Every security-relevant action is logged and cross-team isolation is enforced end-to-end.

  • Roles: Viewer, Operator, Owner, Admin
  • Invite links with role assignment
  • Full audit log — logins, role changes, exports, member removals
  • Cross-team data isolation enforced on every route
  • Per-team branding: logo, accent color, footer
  • SAML / SSO + MFA enforcement (Enterprise)
  • Dedicated instance with SLA (Enterprise)
Pricing

Start free. Scale when you need to.

Community edition is free forever and fully open-source. Upgrade for cloud hosting, automated reporting, and enterprise controls.

Community
$0
Free forever · Self-hosted · AGPL-3.0

Everything you need to run a professional pentest. Self-host on any machine, Docker-ready in minutes.

  • Unlimited engagements & targets
  • 50+ integrated tools
  • DOCX + PDF report generation
  • PTES checklist + CVSS v3.1
  • Terminal logging (pclog)
  • Exam Mode (OSCP/OSEP/CRTP…)
  • Nessus + Burp Suite import
  • Team (up to 5 members)
  • Automated report delivery
  • Cloud hosting
Download on GitHub →
Coming Soon
Pro
$29/mo
Per seat · Billed monthly · Cancel anytime

Full-featured cloud instance, automated reporting, and priority support. Everything Community has, plus the things that save you hours.

  • Everything in Community
  • Cloud-hosted — no server needed
  • Automated report delivery (scheduled DOCX/PDF → email)
  • Custom report branding
  • Unlimited team members
  • Daily encrypted backups
  • Advanced audit log export (CSV/JSON)
  • Priority email support (24h SLA)
  • Custom finding library (unlimited templates)
  • REST API access
  • SSO / SAML
  • Dedicated instance
Coming Soon
Enterprise
Custom
Annual contract · Volume discounts available

Dedicated infrastructure, SSO, compliance exports, SLA support, and custom integrations for large red teams and MSSPs.

  • Everything in Pro
  • Dedicated instance (cloud or on-prem)
  • SSO / SAML 2.0 (Okta, Azure AD, Google)
  • Jira + Slack + GitHub integrations
  • Webhooks on findings & report events
  • Compliance audit export (SOC2 / ISO27001)
  • Custom SLA (99.9% uptime)
  • Dedicated Slack channel + CSM
  • Custom report templates
  • On-boarding & training sessions
Contact sales →
Compare

Pick the tier that fits.

FeatureCommunityProEnterprise
Core Platform
Engagements & targets
Integrated tool hub (50+ tools)
PTES checklist + CVSS v3.1
Web scanner (passive + deep)
Terminal logging (pclog)
Exam Mode (OSCP/OSEP/CRTP…)
Nessus + Burp Suite import
Reporting
DOCX + PDF report generation
Custom branding (logo + color)
Automated scheduled delivery
Email delivery to client
Custom report templatesLimited
Team & Security
Team membersUp to 5UnlimitedUnlimited
Roles & permissions
Audit log
Audit log export (CSV/JSON)
SSO / SAML 2.0
MFA enforcement policy
Infrastructure & Integrations
HostingSelf-hostedCloud (managed)Cloud or on-prem
Daily encrypted backups
REST APIBasic
Webhooks
Jira / Slack / GitHub
Uptime SLA99.5%99.9%
Support
Community forum + GitHub issues
Priority email support
Dedicated Slack channel + CSM
Trusted by red teams

What operators are saying.

★★★★★

"Finally a pentest platform that doesn't feel like it was built for managers. The terminal logging and auto-import from nmap alone saved me hours per engagement."

MV
m4rc0_v
Senior Penetration Tester · OSCP, OSEP
★★★★★

"We evaluated five platforms. PentestCompanion is the only one that ships a real finding library, CVSS calc, and proper evidence management without a six-figure price tag."

SL
sarah_l
Red Team Lead · F500 financial services
★★★★★

"The automated report delivery on Pro is a game changer. Clients get a branded PDF every Friday morning without me lifting a finger after the engagement is done."

RK
r_knight
Independent Consultant · CRTP, PNPT
Questions

Frequently asked.

What's the difference between Community and Cloud?

Community is the open-source edition you self-host — everything in the GitHub repo with no strings attached. Cloud (Pro/Enterprise) adds a managed instance you don't have to maintain, automated report scheduling and email delivery, daily encrypted backups, REST API, and (Enterprise) SSO, integrations, and a dedicated instance. The core workspace features are identical.

How does automated reporting work?

On Pro, open any engagement, click Report → Schedule, choose the format (DOCX, PDF, or both) and a cron expression (e.g. "Every Friday at 09:00 UTC"), then add recipient email addresses. PentestCompanion assembles the report — pulling current findings, evidence, CVSS scores, and your team branding — and emails it automatically. You can still generate reports manually at any time.

Can I migrate from self-hosted Community to Cloud?

Yes. Export your engagement as a .pcbundle (Engagement → Export), then import it into your Cloud instance via Dashboard → Import Engagement. All findings, evidence, credentials, and timeline data are preserved. Contact support if you need to migrate multiple engagements in bulk.

Is my data isolated from other teams?

Yes. Every route that accepts an object ID goes through a require_* helper that returns a 404 for any cross-team access — this is covered by test_leakage.py in the test suite. On Cloud, each team's data is isolated at the database level. Enterprise customers can request a dedicated instance for full infrastructure isolation.

Does the Tools Hub work on the Cloud plan?

The Cloud environment runs a hardened Kali Linux base image with the full tool suite pre-installed. All 50+ tools in the hub are available without setup. Output and auto-import work identically to a self-hosted Kali deployment.

Run engagements like Ceretrix does.

Self-host the community edition today, or talk to us about cloud hosting and custom deployments.

⭐ Star on GitHubTalk to us