Plan. Execute.
Document.
Hybrid Pentest Orchestration
PentestFlow is a hybrid pentest orchestration platform that combines automated tools, manual testing, AI guidance, and audit-ready reporting in one workflow-driven workspace.
Built for MSSPs, Red Teams, and Enterprise Security
Built for MSSPs
Standardize Multi-Client Pentesting Operations
PentestFlow helps MSSPs and internal security teams run repeatable engagements across many clients while keeping governance, evidence, and compliance artifacts in one controlled workspace.
Governance for shared delivery
Keep client work separated, repeatable, and reviewable.
Pentester
Run repeatable engagements
Follow the same methodology across every client without rebuilding steps, notes, or evidence collection from scratch.
Lead / Manager
Standardize delivery across clients
Assign work, review progress, and keep execution consistent across multiple accounts, teams, and service tiers.
CISO / Program Owner
See governance at a glance
Track audit logs, reporting status, and compliance mapping across client engagements in one controlled workspace.
Compliance-ready by design
Built to support evidence, control, and accountability.
OWASP, PTES, and NIST-aligned workflow mapping
Role-based access and client isolation
Traceable evidence from execution to final report
Consistent outputs for internal reviews and audits
Capabilities
Everything You Need in One Workspace
Standardize how your team executes tests, captures evidence, applies methodology packs, and documents outcomes. PentestFlow is built for repeatable workflows and audit-ready results across the full pentesting lifecycle.
Methodology Library & Builder
Built-in playbooks and drag-and-drop workflows for OWASP web, API, Active Directory, external network, and bug bounty engagements.
Integrated Terminal
Run commands from your local environment with live output, step controls, and no restrictive sandbox between you and the target.
AI-Powered Intelligence
Optional AI via Ollama, Gemini, GPT, or DeepSeek for command suggestions, workflow guidance, explanations, and report drafting.
Evidence Management
Screenshots, command output, and manual evidence are tied to each methodology step with previews, organization, and audit traceability.
Reporting Engine
Export JSON, CSV, and PDF reports with severity, remediation guidance, and executive-ready summaries for stakeholders.
Plugin Ecosystem
Extend PentestFlow with Python plugins — custom commands, routes, and full methodologies. Install from ZIP, toggle on/off, community-driven.
Workflow
How It Works
Three simple stages from methodology design to deliverable report.
Define Your Methodology
Build custom step-by-step workflows using the drag-and-drop builder. Use variables like {{target}} and {{targetIP}} to create reusable playbooks for any engagement.
Import/export JSON • Command + manual steps • Skip / reorder
Execute & Capture
Run commands directly from the interface with real-time streaming output. Evidence is automatically captured and tied to each step — screenshots, logs, and findings.
Live terminal • Auto-evidence • Kill / retry / resume
Report & Share
Generate comprehensive reports in JSON, CSV, or PDF. Share your methodologies with the community gallery, or keep them private for your team.
PDF export • AI analysis • Community gallery
Why PentestFlow
A Workflow Engine, Not Just a Scanner or Reporter
PentestFlow replaces disconnected scanners, notes, terminals, and reporting tools with one workflow engine. Think CI/CD for offensive security: standardize execution, capture evidence, and keep every engagement repeatable, auditable, and ready to scale.
| Capability | Automated ScannersLegion, Nessus, Burp Suite | PentestFlowThe Hybrid Workspace | Reporting ToolsDradis, Serpico, PTA |
|---|---|---|---|
| Command Execution | |||
| Custom Methodologies | |||
| Integrated Evidence | |||
| AI Assistance | |||
| Local-First / Self-Host | |||
| Report Generation |
“Move from ad-hoc testing to a repeatable workflow that the whole team can follow, review, audit, and scale across clients.”
Editions
Choose Your Edition
One codebase, three editions. Start free, move into Professional at $79/month, then scale into Enterprise for governance-heavy teams.
Community
Free & Open Source
Core orchestration for independent pentesters and small consultancies.
- 3 projects
- 5 methodologies
- 1 concurrent execution
Professional
For Professionals
Advanced workflow standardization and reporting for professionals, consultants, and boutique firms.
- Unlimited projects
- Unlimited methodologies
- 3 concurrent executions
Enterprise
For Teams & Orgs
Governance, RBAC, audit trails, and multi-user workflows for MSSPs and enterprise teams.
- Unlimited projects
- Unlimited methodologies
- 10 concurrent executions
Integrations
Connects With Your Stack
From local AI to cloud intelligence, PentestFlow integrates with the tools you already use.
Ollama
Local AI
Gemini
Cloud AI
OpenAI
Cloud AI
DeepSeek
Cloud AI
Shodan
Recon
VirusTotal
Threat Intel
Supabase
Auth & Share
Docker
Deployment
PostgreSQL
Database
Ollama
Local AI
Gemini
Cloud AI
OpenAI
Cloud AI
DeepSeek
Cloud AI
Shodan
Recon
VirusTotal
Threat Intel
Supabase
Auth & Share
Docker
Deployment
PostgreSQL
Database
FAQ
Frequently Asked Questions
PentestFlow is a hybrid pentest orchestration platform where you plan, execute, and document security assessments. It combines structured methodologies, integrated terminal execution, AI guidance, and audit-ready reporting in one self-hosted workspace.