A comprehensive, secure evidence management and reporting platform built specifically for professional penetration testers.
** WARNING: ** This is Alpha Software in a pre release, incomplete stage. You use at your own risk. It is strongly advised that you do not use this in an production manner. It is for testing purposes ONLY.
- Overview
- Features
- Installation
- Getting Started
- User Guide
- Report Generation
- Keyboard Shortcuts
- Security
PTVault is designed for penetration testers and security professionals who need a centralized, secure platform to:
- Manage multiple client engagements
- Collect and organize evidence (notes, screenshots, command output)
- Track hosts, ports, and credentials discovered during testing
- Document vulnerabilities with severity ratings and remediation guidance
- Generate professional reports with customizable formatting
- Plan and track test execution using MITRE ATT&CK and Atomic Red Team
All data is stored locally in an encrypted SQLite database, ensuring your sensitive client data never leaves your control.
| Feature | Description |
|---|---|
| Multi-Engagement Support | Manage multiple penetration testing projects simultaneously |
| Host Management | Track target systems with status indicators and color coding |
| Evidence Collection | Store notes, screenshots, command output, and tool results |
| Vulnerability Tracking | Document findings with CVSS scoring and remediation |
| Report Generation | Build professional reports with drag-and-drop formatting |
| Tool Integration | Import results from Nmap, Burp Suite, and Nessus |
| Test Planning | MITRE ATT&CK Navigator and Atomic Red Team integration |
- Master password protection using Argon2id password hashing
- Session-based authentication with JWT tokens
- Local SQLite database (no cloud dependencies)
- Per-engagement data isolation
- Offline-capable for air-gapped environments
- Python 3.10+
- Linux (Kali/Parrot recommended)
- Create a virtual environment (recommended):
python3 -m venv venv
source venv/bin/activate- Install Python dependencies:
pip install -r requirements.txt- Run the application:
python app.pyOr using Flask CLI:
flask runThe application will be available at http://localhost:5000
- Navigate to
http://localhost:5000 - Create a master password (this encrypts your database)
- Log in with your master password
- Create your first engagement to begin
- Click the Engagements tab
- Click + New Engagement
- Fill in the engagement details:
- Name: Project name (e.g., "ACME Corp External Pentest")
- Client Name: Client organization name
- Short Name: Abbreviated identifier (e.g., "ACME-EXT")
- Start/End Dates: Engagement timeline
- Contact: Client point of contact information
- Click Create
- Select your engagement from the sidebar
- Go to the Evidence tab
- Click + Add Host in the left panel
- Enter the IP address or hostname
- The host will appear in your host list
The Engagements section provides an overview of all your penetration testing projects.
| Field | Description |
|---|---|
| Name | Full project name |
| Client Name | Client organization |
| Short Name | Quick reference identifier |
| Description | Project scope and notes |
| Tags | Comma-separated labels for organization |
| Start Date | Engagement start date |
| End Date | Engagement end date |
| Status | Active, Completed, or Archived |
| Contact | Client POC (name, email, phone) |
- Edit: Click the edit icon on any engagement card
- Delete: Click the delete icon (requires confirmation)
- Search: Use the search bar to filter engagements
- Switch: Click any engagement card to make it active
The Evidence section is where you collect and organize all findings during a penetration test.
Hosts are the primary organizational unit for evidence. Each host represents a target system.
Adding Hosts:
- Click + Add Host
- Enter IP address or hostname
- Hosts are automatically created when importing tool output
Host Indicators:
| Indicator | Icon | Description |
|---|---|---|
| Rooted | # |
Full administrative/root access obtained |
| Shell | >_ |
User-level shell access obtained |
| Interested | β
|
Worth further investigation |
| Not Interested | β |
No valuable findings |
| Out of Scope | β |
Do not test this host |
| Flagged | π© |
Needs review or attention |
| Reviewed | β |
Testing completed |
Color Categories: Assign one of 10 colors to visually organize hosts (white, yellow, green, blue, red, purple, orange, teal, cyan, brown).
When a host is selected, the following tabs are available:
| Tab | Description |
|---|---|
| Indicators | Set host status and color |
| Notes | Markdown notes specific to this host |
| Open Ports | Port, protocol, service, version, state |
| Findings | Vulnerabilities discovered on this host |
| Credentials | Usernames and passwords found |
The "General" entry in the host list provides engagement-wide storage:
- Notes: Engagement-level observations
- Credentials: Credentials not tied to a specific host
- Terminal Dumps: Raw command output capture
- Findings: Vulnerabilities not specific to one host
| Type | Use Case |
|---|---|
| Note | Text observations and documentation |
| Screenshot | Visual evidence (images) |
| Command Output | Terminal/console results |
| Tool Output | Parsed results from security tools |
| Other | Miscellaneous evidence |
PTVault can parse and import results from:
- Nmap (XML format): Imports hosts, ports, services
- Burp Suite (XML format): Imports findings and requests
- Nessus (XML format): Imports vulnerabilities
To import:
- Click the Import button in the sidebar
- Select the tool type
- Choose your XML file
- Review and confirm the import
The Port Grid provides a visual matrix showing open and filtered ports across all hosts in the engagement.
- Rows: Individual hosts (IP addresses)
- Columns: Port numbers
- Green cells: Open ports
- Orange cells: Filtered ports
- Empty cells: Closed or not scanned
This view is useful for:
- Identifying common services across hosts
- Spotting unusual open ports
- Planning lateral movement paths
The Tools section provides integrated security utilities.
Generate Metasploit payloads without memorizing complex commands.
Options:
- Platform: Windows, Linux, macOS, Web, Android
- Category: Meterpreter, Shell, Exec, PHP, Java, Python
- Format: EXE, DLL, MSI, ELF, JAR, WAR, APK, ASP, etc.
- Encoder: Shikata Ga Nai, XOR, Alpha Mixed, etc.
- Encryption: XOR, AES-256, RC4, Base64
- Bad Characters: Characters to avoid in shellcode
- Architecture: x86, x64
- LHOST/LPORT: Callback address and port
Calculate vulnerability severity scores using the Common Vulnerability Scoring System.
Base Metrics:
- Attack Vector (Network, Adjacent, Local, Physical)
- Attack Complexity (Low, High)
- Privileges Required (None, Low, High)
- User Interaction (None, Required)
- Scope (Unchanged, Changed)
- Confidentiality Impact (None, Low, High)
- Integrity Impact (None, Low, High)
- Availability Impact (None, Low, High)
Embedded data transformation tool for encoding, decoding, and analyzing data.
The Reporting section helps you document vulnerabilities and generate professional reports.
Build a reusable library of vulnerability writeups.
Writeup Types:
- Finding: Technical vulnerability documentation
- Narrative: Executive summaries, methodology descriptions
Finding Properties:
| Field | Description |
|---|---|
| Name | Vulnerability title |
| Category | Classification (e.g., Injection, XSS) |
| Criticality | Critical, High, Medium, Low |
| CVSS Score | Numeric severity (0.0-10.0) |
| Description | Technical details (supports Markdown) |
| Remediation | Fix recommendations (supports Markdown) |
| Tags | Keywords for searching |
Narrative Properties:
| Field | Description |
|---|---|
| Name | Section title |
| Category | Document section type |
| Description | Content (supports Markdown) |
| Tags | Keywords for searching |
See the dedicated Report Generation section below.
Plan and track penetration testing activities using industry frameworks.
Import and visualize ATT&CK Navigator layers to plan your testing coverage.
Features:
- Import JSON layer files
- View technique coverage
- Track tested vs. untested techniques
Access the Atomic Red Team library of executable tests.
Setup:
- Click Download Atomics to fetch the library
- Wait for the download to complete (progress shown)
- Browse techniques by tactic or search
Using Atomics:
- View test details and prerequisites
- Copy commands for execution
- Track execution status per engagement
- Record output and link evidence
The Report Generation feature allows you to build professional penetration testing reports using a drag-and-drop interface.
The report generator has three panels:
| Panel | Purpose |
|---|---|
| Available Items (Left) | Source content to add to your report |
| Workspace (Center) | Your report structure - drag items here |
| Live Preview (Right) | Real-time preview of your report |
-
Create or Load a Report
- Enter a name in the report name field
- Or select an existing report from the dropdown
-
Add Content
- Drag items from the left panel to the workspace
- Items can be reordered by dragging within the workspace
-
Edit Content
- Click the edit (pencil) icon on any item to customize
- Changes appear immediately in the preview
-
Save and Export
- Click Save to preserve your work
- Export as HTML, Markdown, PDF, or Word
Vulnerabilities documented during the current engagement. Each finding includes:
- Title and severity badge
- Description content
- Remediation recommendations
- CVSS score (if set)
Reusable vulnerability templates from your writeups library.
Structural and visual elements to enhance your report.
PTVault includes 20 format tools organized into categories. Each tool can be customized after adding to your report.
Icon: β | Editor: None
Adds vertical whitespace between sections. Useful for visual separation.
Icon: β | Editor: None
Inserts a horizontal line to separate content sections.
Icon: π | Editor: None
Inserts a page break for printed/PDF output. Displayed as a dashed line indicator in the preview.
Export: Creates actual page break in PDF/print output
Icon: H | Editor: Yes
Creates a styled heading for report sections.
Editor Options:
| Option | Description |
|---|---|
| Header Text | The heading content |
| Level | H1 (Title), H2 (Section), H3 (Subsection), H4 (Minor) |
| Numbered | Enable section numbering |
| Number | Manual section number (e.g., "1.1", "2.3.1") |
Use Cases:
- Report title (H1)
- Major sections like "Executive Summary" (H2)
- Subsections like "Critical Findings" (H3)
- Minor headings (H4)
Icon: ΒΆ | Editor: Yes
Rich text paragraph with Markdown support.
Supported Markdown:
**bold**for bold text*italic*for italic text`code`forinline code[link text](url)for hyperlinks- Lists and other standard Markdown
Use Cases:
- Methodology descriptions
- Scope statements
- Custom narrative content
Icon: β | Editor: Yes
Styled blockquote with optional attribution.
Editor Options:
| Option | Description |
|---|---|
| Quote Text | The quoted content |
| Attribution | Source or speaker (optional) |
Use Cases:
- Client requirements or statements
- Excerpts from policies
- Important callouts from documentation
Icon: β’ | Editor: Yes
Unordered list with customizable items.
Editor Features:
- Add items with + Add Item button
- Edit items inline
- Remove items with the X button
- Reorder by dragging
Use Cases:
- Feature lists
- Affected systems
- Recommendations without priority
Icon: 1. | Editor: Yes
Ordered list with customizable items.
Editor Features:
- Add items with + Add Item button
- Edit items inline
- Remove items with the X button
- Reorder by dragging
Use Cases:
- Step-by-step procedures
- Prioritized recommendations
- Attack chain documentation
Icon: β | Editor: Yes
Checkbox list with checked/unchecked states.
Editor Options:
| Option | Description |
|---|---|
| Checklist Title | Header for the checklist |
| Items | Each with text and checkbox state |
Use Cases:
- Remediation tracking
- Compliance checklists
- Testing coverage verification
Icon: <> | Editor: Yes
Syntax-highlighted code with language selection.
Editor Options:
| Option | Description |
|---|---|
| Title | Optional filename or description |
| Language | Syntax highlighting language |
| Code | The code content |
Supported Languages: Bash, Python, JavaScript, PowerShell, SQL, PHP, Java, C#, XML/HTML, JSON, YAML, Plain Text
Use Cases:
- Exploit code examples
- Configuration snippets
- Proof-of-concept scripts
Icon: $_ | Editor: Yes
Terminal-style display showing command and its output.
Editor Options:
| Option | Description |
|---|---|
| Command | The command that was run |
| Output | The resulting output |
Preview: Dark terminal theme with green command line and white output text
Use Cases:
- Demonstrating successful exploits
- Showing enumeration results
- Documenting proof of access
Icon: β | Editor: Yes
Colored callout box for important information.
Alert Types:
| Type | Color | Icon | Use Case |
|---|---|---|---|
| Info | Blue | βΉ | General information, tips |
| Warning | Yellow | β | Cautions, potential issues |
| Danger | Red | β | Critical warnings, security risks |
| Success | Green | β | Positive outcomes, mitigations |
Use Cases:
- Highlighting critical risks
- Noting important caveats
- Calling out key recommendations
Icon: β
| Editor: Yes
Highlighted summary box for critical discoveries.
Editor Options:
| Option | Description |
|---|---|
| Title | Finding headline |
| Content | Brief description |
Use Cases:
- Executive summary highlights
- Most critical vulnerabilities
- Key risk indicators
Icon: π· | Editor: Yes
Structured evidence documentation with image placeholder.
Editor Options:
| Option | Description |
|---|---|
| Image Caption | Description of the screenshot/image |
| Description | Detailed explanation of the evidence |
| Impact | Business or technical impact statement |
Use Cases:
- Screenshot evidence with context
- Proof-of-concept documentation
- Visual evidence explanation
Icon: πΌ | Editor: Yes
Placeholder for images with caption.
Editor Options:
| Option | Description |
|---|---|
| Caption | Figure caption (e.g., "Figure 1: Login Page") |
| Width | 100% (Full), 75% (Large), 50% (Medium), 25% (Small) |
Use Cases:
- Marking where screenshots will be inserted
- Placeholder during report drafting
- Figure references
Icon: β¦ | Editor: Yes
Customizable data table with headers and rows.
Editor Features:
- Add/remove columns
- Add/remove rows
- Edit header text
- Edit cell content
Use Cases:
- Vulnerability summary tables
- Host/port matrices
- Comparison data
Icon: ββ | Editor: Yes
Side-by-side content columns.
Editor Options:
| Option | Description |
|---|---|
| Left Title | Left column heading |
| Left Content | Left column content (Markdown) |
| Right Title | Right column heading |
| Right Content | Right column content (Markdown) |
Use Cases:
- Before/After comparisons
- Current State vs. Recommendations
- Technical vs. Business impact
Icon: β | Editor: Yes
Vertical timeline showing sequential events.
Editor Features:
- Add steps with + Add Step button
- Each step has: Time, Title, Description
Use Cases:
- Attack chain documentation
- Incident timeline
- Testing methodology phases
Icon: β£ | Editor: Yes
Visual likelihood Γ impact risk assessment grid.
Editor Options:
| Option | Description |
|---|---|
| Matrix Size | 3Γ3 (Simple) or 5Γ5 (Detailed) |
| Highlighted Cell | Click to select risk position |
3Γ3 Matrix Labels:
- Likelihood: High, Medium, Low
- Impact: Low, Medium, High
5Γ5 Matrix Labels:
- Likelihood: Critical, High, Medium, Low, Info
- Impact: Rare, Unlikely, Possible, Likely, Certain
Use Cases:
- Overall engagement risk assessment
- Individual finding risk visualization
- Executive summary graphics
Icon: β | Editor: Yes
Visual CVSS score display with vector breakdown.
Editor Options:
| Option | Description |
|---|---|
| CVSS Score | Numeric score (0.0-10.0) |
| CVSS Vector | Full vector string |
Severity Colors:
| Score Range | Severity | Color |
|---|---|---|
| 0.0 | None | Gray |
| 0.1-3.9 | Low | Blue |
| 4.0-6.9 | Medium | Yellow |
| 7.0-8.9 | High | Orange |
| 9.0-10.0 | Critical | Red |
Vector Breakdown: Automatically parses and displays Attack Vector, Attack Complexity, Privileges Required, User Interaction, Scope, and CIA Impact.
Use Cases:
- Individual finding severity cards
- Vulnerability scoring documentation
- Risk communication to stakeholders
| Format | Description |
|---|---|
| HTML | Standalone HTML file with embedded styles |
| Markdown | Plain text Markdown format |
| Opens print dialog for PDF generation | |
| Word | DOCX format for Microsoft Word |
| Shortcut | Action |
|---|---|
Ctrl+N |
New evidence (quick capture) |
Ctrl+F |
Focus search bar |
Ctrl+E |
Open export dialog |
Esc |
Close active modal |
- Local Storage: All data stored in local SQLite database
- Password Hashing: Argon2id algorithm for master password
- Session Security: JWT-based authentication tokens
- No Cloud: No external data transmission
- Use a strong master password
- Store the database file securely
- Back up your database regularly
- Use full-disk encryption on your system
- Export and delete engagement data after project completion
MIT License - see LICENSE file for details.
PTVault - Secure your findings, streamline your reporting.