Core concepts - Pentest-Tools.com documentation

Core workflow

Define your assets

Add the targets you want to test, such as domains, IPs, URLs, or network ranges.

Run scans

Run scans using the appropriate tools for your targets.

Review findings

Analyze discovered vulnerabilities, triage them, and plan remediation.

Generate reports

Create professional reports for stakeholders and compliance requirements.

Key components

Workspaces

Workspaces help you organize assets and scans by project, client, or any other logical grouping. Learn more:

Organize work with workspaces

Assets & targets

Assets are the systems you’re authorized to test. They can be hostnames or IP addresses. Targets are the specific items scanned in a scan job, and each belongs to an asset. One asset can have multiple targets, for example multiple URLs under the same hostname, or services on different ports. Learn more:

Tools

Tools are the scanners and utilities you use to test your assets. They are organized into categories such as reconnaissance, vulnerability scanning, exploitation, and more. Each tool category produces different output: not all tools generate findings or create scans. Learn more:

Scans

Scans are the security tests you run against your targets using the platform’s tools. Learn more:

Findings

Findings are the vulnerabilities and security issues discovered during scans. Learn more:

Attack surface

The attack surface view shows your external-facing assets discovered across scans. The platform populates it automatically from supported scanners. Learn more:

Attack surface overview

Reports

Reports compile your findings into documentation you can share with stakeholders or use for compliance. Learn more:

WorkspacesOrganize your security testing by project, client, or engagement using workspaces

⌘I

​Core workflow

​Key components

​Workspaces

​Assets & targets

​Tools

​Scans

​Findings

​Attack surface

​Reports