FAQ
Answers to frequently asked questions
Penterep Platform
The Penterep platform is a framework for (security) testing that guides the tester step by step through each test case based on defined checklists. To complete the task, the tester always records the test result, which is used to adjust the next steps to be taken. Vulnerabilities found in the comprehensive knowledge base that is part of the platform are matched by selection to each finding.
Penterep supports teamwork, which allows multiple testers to work on a project simultaneously and have a real-time view of which test cases have already been executed and which are still pending.
Once the test is complete, the platform is set up to export a final report with individual findings, which is added information from the integrated knowledge base and attachments that the tester had saved in the system during testing. This makes creating final reports a one-click affair.
In the case of teamwork, the final report does not need to be exported and forwarded to the staff assigned with remediation. Instead, these workers can see all the findings directly in the system, where they can comment on them or return them to the testers for retesting after remediation.
The Penterep platform is a framework for (security) testing that guides the tester step by step through each test case based on defined checklists. To complete the task, the tester always records the test result, which is used to adjust the next steps to be taken. Vulnerabilities found in the comprehensive knowledge base that is part of the platform are matched by selection to each finding.
Penterep supports teamwork, which allows multiple testers to work on a project simultaneously and have a real-time view of which test cases have already been executed and which are still pending.
Once the test is complete, the platform is set up to export a final report with individual findings, which is added information from the integrated knowledge base and attachments that the tester had saved in the system during testing. This makes creating final reports a one-click affair.
In the case of teamwork, the final report does not need to be exported and forwarded to the staff assigned with remediation. Instead, these workers can see all the findings directly in the system, where they can comment on them or return them to the testers for retesting after remediation.
The Penterep platform ensures that you don't miss any important step during testing. In addition, thanks to checklists that contain detailed guides on how to execute each individual test case, even less experienced testers will be able to perform the security testing. The platform will help you do your testing systematically and by having everything in one place (checklists, findings, notes, attachments), it will allow you to keep all your documents in check while testing.
If you already do testing, you will appreciate the possibility of teamwork, where several testers can work on one project at the same time, seeing in real time what is already completed and what is still waiting to be done. Teamwork will also allow you to involve staff in projects assigned with remediation of individual findings. They will also be able to discuss individual findings directly with the testers via the Penterep platform. The platform will allow these workers to enter the corrections made, based on which the testers can retest straight away. You can also include in the team managers who will have a real-time overview of the testing progress and the workload of individual team members.
The Penterep platform allows you to better plan and estimate the time required for testing. Just import the structure of the environment under test into the platform and you will immediately get an estimate of the time required for the complete testing.
But you will appreciate Penterep especially when creating final reports. Gone are the days when you had to elaborate every finding in detail, including descriptions of risks and threats, calculate severities, insert references, write remediation recommendations and manually include attachments. Creating a report becomes a breeze with the Penterep platform. The final report can be obtained with a single click from the information entered by the testers during testing and from the information included in Penterep's extensive knowledge base.
Thanks to Penterep, you can do your testing systematically, keep track of everything and have your projects neatly organized, but most importantly, you will be as efficient as possible and save considerable time and money.
The Penterep platform ensures that you don't miss any important step during testing. In addition, thanks to checklists that contain detailed guides on how to execute each individual test case, even less experienced testers will be able to perform the security testing. The platform will help you do your testing systematically and by having everything in one place (checklists, findings, notes, attachments), it will allow you to keep all your documents in check while testing.
If you already do testing, you will appreciate the possibility of teamwork, where several testers can work on one project at the same time, seeing in real time what is already completed and what is still waiting to be done. Teamwork will also allow you to involve staff in projects assigned with remediation of individual findings. They will also be able to discuss individual findings directly with the testers via the Penterep platform. The platform will allow these workers to enter the corrections made, based on which the testers can retest straight away. You can also include in the team managers who will have a real-time overview of the testing progress and the workload of individual team members.
The Penterep platform allows you to better plan and estimate the time required for testing. Just import the structure of the environment under test into the platform and you will immediately get an estimate of the time required for the complete testing.
But you will appreciate Penterep especially when creating final reports. Gone are the days when you had to elaborate every finding in detail, including descriptions of risks and threats, calculate severities, insert references, write remediation recommendations and manually include attachments. Creating a report becomes a breeze with the Penterep platform. The final report can be obtained with a single click from the information entered by the testers during testing and from the information included in Penterep's extensive knowledge base.
Thanks to Penterep, you can do your testing systematically, keep track of everything and have your projects neatly organized, but most importantly, you will be as efficient as possible and save considerable time and money.
If you are a penetration tester or a business that does security testing, the answer to this question is self-explanatory. Yes, the Penterep platform fully meets all your requirements. Penterep was developed specifically with you in mind.
But you will also benefit from the Penterep platform if you are a developer (of web and mobile applications), network administrator or operator of any IT systems. If you're serious about security, you should test your security to prevent potential attackers from exploiting weaknesses in your applications and causing you significant damage.
However, testing is not only relevant to security and the IT segment. With Penterep you can test almost anything. If you tell us what you are after, we can create checklists that are tailored precisely to your needs.
If you are a penetration tester or a business that does security testing, the answer to this question is self-explanatory. Yes, the Penterep platform fully meets all your requirements. Penterep was developed specifically with you in mind.
But you will also benefit from the Penterep platform if you are a developer (of web and mobile applications), network administrator or operator of any IT systems. If you're serious about security, you should test your security to prevent potential attackers from exploiting weaknesses in your applications and causing you significant damage.
However, testing is not only relevant to security and the IT segment. With Penterep you can test almost anything. If you tell us what you are after, we can create checklists that are tailored precisely to your needs.
Most of the available penetration testing tools (vulnerability scanners) have chosen to go the automated testing route. While this type of testing is very fast, it is also unreliable and unable detect all vulnerabilities. For example, vulnerabilities where the impact of the threat occurs in a different place from the input, or authorization or business logic errors are either not found at all or only with great difficulty using these tools.
This means that automated testing must be complemented by manual testing, in which those components are checked that the automated test was unable to verify. But this raises the question of which tests have been performed by the automatic scanner and which should be done manually.
We therefore decided to go a different way than others and support testers precisely in manual testing. Our aim was to make the testers' work in this area as easy and efficient as possible.
This does not mean, however, that we reject automated tools. They certainly have their inalienable role in testing. That is why we decided for the option to connect various external tools. Any tool that will be able to use our API can be called directly from within the Penterep platform. The results of these external tools are then automatically transmitted and logged in the platform. Our own scripts for automated testing are available under the designation PenterepTools.
Most of the available penetration testing tools (vulnerability scanners) have chosen to go the automated testing route. While this type of testing is very fast, it is also unreliable and unable detect all vulnerabilities. For example, vulnerabilities where the impact of the threat occurs in a different place from the input, or authorization or business logic errors are either not found at all or only with great difficulty using these tools.
This means that automated testing must be complemented by manual testing, in which those components are checked that the automated test was unable to verify. But this raises the question of which tests have been performed by the automatic scanner and which should be done manually.
We therefore decided to go a different way than others and support testers precisely in manual testing. Our aim was to make the testers' work in this area as easy and efficient as possible.
This does not mean, however, that we reject automated tools. They certainly have their inalienable role in testing. That is why we decided for the option to connect various external tools. Any tool that will be able to use our API can be called directly from within the Penterep platform. The results of these external tools are then automatically transmitted and logged in the platform. Our own scripts for automated testing are available under the designation PenterepTools.
As we do not believe that a fully automated security test that is truly complete is possible, this option is not included with the Penterep platform. However, Penterep allows you to schedule a set of automated tests, the results of which are automatically logged in the Penterep platform environment, and the tests that have been performed are marked in the checklists. The tester then manually performs only those tests that have not been executed by automated tools. The Penterep platform thus essentially enables automated testing to be combined with manual testing in the most efficient and complementary way.
As we do not believe that a fully automated security test that is truly complete is possible, this option is not included with the Penterep platform. However, Penterep allows you to schedule a set of automated tests, the results of which are automatically logged in the Penterep platform environment, and the tests that have been performed are marked in the checklists. The tester then manually performs only those tests that have not been executed by automated tools. The Penterep platform thus essentially enables automated testing to be combined with manual testing in the most efficient and complementary way.
Yes, the Penterep platform provides an API to call our automated testing scripts - PenterepTools, or any third party tools or scripts for which a wrapper will be created to communicate via the API with the platform.
Individual automated tests can then be run directly from within the Penterep platform for individual test cases. It is also possible to manage the queue of scheduled tasks via the clearly structured test scheduler.
External tools such as PenterepTools then run on the tester's computer or on any other device (for example, a dedicated server).
Yes, the Penterep platform provides an API to call our automated testing scripts - PenterepTools, or any third party tools or scripts for which a wrapper will be created to communicate via the API with the platform.
Individual automated tests can then be run directly from within the Penterep platform for individual test cases. It is also possible to manage the queue of scheduled tasks via the clearly structured test scheduler.
External tools such as PenterepTools then run on the tester's computer or on any other device (for example, a dedicated server).
If you want to participate in projects that are administered by another Penterep licensee, you need to register first. The licensee will then be able to track you down in the system and send you an invitation to participate in one of their projects.
Without registration, it is not possible to participate in projects managed by Penterep.
If you want to participate in projects that are administered by another Penterep licensee, you need to register first. The licensee will then be able to track you down in the system and send you an invitation to participate in one of their projects.
Without registration, it is not possible to participate in projects managed by Penterep.
Yes, Team type licences and above allow you to collaborate on individual projects in a team. The team can include not only testers but also managers, developers, IT administrators, or representatives of your clients. Each team member has a specific role and access to only those functions that are defined for that role.
For example, the manager can follow the testing progress, create various statistics about tests and workers, while testers enter new data and test results into the project. Developers or IT administrators can comment on individual findings and record the fixes deployed.
Teamwork is one of the key strengths of the Penterep platform.
Yes, Team type licences and above allow you to collaborate on individual projects in a team. The team can include not only testers but also managers, developers, IT administrators, or representatives of your clients. Each team member has a specific role and access to only those functions that are defined for that role.
For example, the manager can follow the testing progress, create various statistics about tests and workers, while testers enter new data and test results into the project. Developers or IT administrators can comment on individual findings and record the fixes deployed.
Teamwork is one of the key strengths of the Penterep platform.
Yes, with freelancer licences and above, you can not only customize the visual appearance of the final reports to match your company's graphic manual, but credit to customizable templates you can also adapt the actual layout and content of the reports.
Yes, with freelancer licences and above, you can not only customize the visual appearance of the final reports to match your company's graphic manual, but credit to customizable templates you can also adapt the actual layout and content of the reports.
Operating the Penterep server on your own hardware and network is only possible with the Enterprise licence. The server is supplied in the form of a virtual machine that can be deployed in your own environment. By running your own server, you gain full control over access to the server and the security of the stored data.
Operating the Penterep server on your own hardware and network is only possible with the Enterprise licence. The server is supplied in the form of a virtual machine that can be deployed in your own environment. By running your own server, you gain full control over access to the server and the security of the stored data.
Licensing of the Penterep Platform
By registering on this website, you automatically obtain a Free licence that is completely free of charge and provides the basic functionality of the platform, allowing you to get a clear idea of the platform.
On then logging in to your account, you will also have the option to upgrade your licence online to one of the higher versions (Single or Team) or purchase one of the available modules. If you are interested in the Enterprise version, please contact our sales department at sales@penterep.com.
By registering on this website, you automatically obtain a Free licence that is completely free of charge and provides the basic functionality of the platform, allowing you to get a clear idea of the platform.
On then logging in to your account, you will also have the option to upgrade your licence online to one of the higher versions (Single or Team) or purchase one of the available modules. If you are interested in the Enterprise version, please contact our sales department at sales@penterep.com.
Penterep platform licences are valid for one year from purchase. After that, the licence must be renewed. With expired licences, you will temporarily have read-only access to your data. You will need to renew your licence to regain full access.
Penterep platform licences are valid for one year from purchase. After that, the licence must be renewed. With expired licences, you will temporarily have read-only access to your data. You will need to renew your licence to regain full access.
The licences for individual modules are not limited in time. Once purchased, you can use the modules at any time as long as you have an active main licence for the Penterep platform. Modules must be purchased for the corresponding number of users who will work with the module.
The licences for individual modules are not limited in time. Once purchased, you can use the modules at any time as long as you have an active main licence for the Penterep platform. Modules must be purchased for the corresponding number of users who will work with the module.
Yes, if a user is no longer using a particular module, you can deny them that module and assign it to another user. In case you have a shortage of free (unassigned) module licences and are thus unable to assign that module to other users, you can purchase additional licences for the modules concerned at any time.
Yes, if a user is no longer using a particular module, you can deny them that module and assign it to another user. In case you have a shortage of free (unassigned) module licences and are thus unable to assign that module to other users, you can purchase additional licences for the modules concerned at any time.
Yes, we are continuously updating individual modules and we are also working on new versions of modules that bring more substantial changes. You will receive routine module updates free of charge. When a completely new version of a module is released, it is necessary to purchase new licences for this new version. However, you can stay with the version you are currently using and continue to use it without restrictions.
Yes, we are continuously updating individual modules and we are also working on new versions of modules that bring more substantial changes. You will receive routine module updates free of charge. When a completely new version of a module is released, it is necessary to purchase new licences for this new version. However, you can stay with the version you are currently using and continue to use it without restrictions.
You can upgrade to a higher version of the main licence (Free, Single or Team) at any time. In the case of an upgrade, the licence is extended by one year from the date of purchase of the new version of the licence. If your current licence is still valid, you will be compensated when upgrading by subtracting on a proportional basis the amount for the remaining days you have not used on that previous licence.
If you purchased any modules, you will keep these modules and you can continue to use them with the new version of the main licence.
You can upgrade to a higher version of the main licence (Free, Single or Team) at any time. In the case of an upgrade, the licence is extended by one year from the date of purchase of the new version of the licence. If your current licence is still valid, you will be compensated when upgrading by subtracting on a proportional basis the amount for the remaining days you have not used on that previous licence.
If you purchased any modules, you will keep these modules and you can continue to use them with the new version of the main licence.
A licence downgrade is unfortunately not possible for technical reasons. Once you upgrade to a higher version of the licence, you will no longer be able to downgrade from that version in the future.
A licence downgrade is unfortunately not possible for technical reasons. Once you upgrade to a higher version of the licence, you will no longer be able to downgrade from that version in the future.
Our terms and conditions preclude the possibility of transferring the licence for the Penterep platform or individual modules to a third party.
Our terms and conditions preclude the possibility of transferring the licence for the Penterep platform or individual modules to a third party.
Modules – Checklists
Yes of course. If you happen to miss any test cases or vulnerability or attack descriptions in our checklists, just let us know and we will do our best to add the new information to the knowledge base as soon as possible. It will help us greatly if you also add specific texts describing the test or vulnerability to your request.
Yes of course. If you happen to miss any test cases or vulnerability or attack descriptions in our checklists, just let us know and we will do our best to add the new information to the knowledge base as soon as possible. It will help us greatly if you also add specific texts describing the test or vulnerability to your request.
Yes, if you are an Enterprise licence holder, you have access to administrative functions where you can define your own tests, vulnerabilities and checklists. Thus you can easily create your own modules for testing any area with your own resources.
Yes, if you are an Enterprise licence holder, you have access to administrative functions where you can define your own tests, vulnerabilities and checklists. Thus you can easily create your own modules for testing any area with your own resources.
Yes, if you need to create a module with checklists tailored specifically to your needs, feel free to contact our sales department at sales@penterep.com. We will contact you to go through the details.
Yes, if you need to create a module with checklists tailored specifically to your needs, feel free to contact our sales department at sales@penterep.com. We will contact you to go through the details.
PenterepMail
The PenterepMail vulnerable virtual server is meant to be used in teaching computer security or to demonstrate attacks that can be directed against many different vulnerabilities. The virtual machine contains a large number of vulnerabilities in the technologies used, including several vulnerable web applications and also a vulnerable Android mobile application.
The PenterepMail vulnerable virtual server is meant to be used in teaching computer security or to demonstrate attacks that can be directed against many different vulnerabilities. The virtual machine contains a large number of vulnerabilities in the technologies used, including several vulnerable web applications and also a vulnerable Android mobile application.
Yes, PenterepMail is and always will be completely free. PenterepMail is distributed under the MIT licence, which gives you some freedoms.
Yes, PenterepMail is and always will be completely free. PenterepMail is distributed under the MIT licence, which gives you some freedoms.
Yes, you can use PenterepMail for free even for commercial purposes, such as teaching or various demonstrations. So if you are a lecturer in IT security, PenterepMail can be a great asset to easily demonstrate the different vulnerabilities and corresponding attacks.
Yes, you can use PenterepMail for free even for commercial purposes, such as teaching or various demonstrations. So if you are a lecturer in IT security, PenterepMail can be a great asset to easily demonstrate the different vulnerabilities and corresponding attacks.
Given that the included web applications run on non-existent domains, they only contain self-signed certificates. Therefore, when accessing applications via HTTPS, you will need to grant these certificates an exception to make them trustworthy for your browser.
Because there are a number of obsolete technologies deployed to easily test for exploits, the encryption of included web applications does not support TLS version 1.2 and higher, which are required by new versions of web browsers. For testing, you will thus need to disable the prohibition of these outdated algorithms in your browser settings. In a future version of PenterepMail, there will be an upgrade to newer technologies that will fix this problem.
Given that the included web applications run on non-existent domains, they only contain self-signed certificates. Therefore, when accessing applications via HTTPS, you will need to grant these certificates an exception to make them trustworthy for your browser.
Because there are a number of obsolete technologies deployed to easily test for exploits, the encryption of included web applications does not support TLS version 1.2 and higher, which are required by new versions of web browsers. For testing, you will thus need to disable the prohibition of these outdated algorithms in your browser settings. In a future version of PenterepMail, there will be an upgrade to newer technologies that will fix this problem.
PenterepTools
PenterepTools is the designation of the scripts we develop for security testing. These scripts are written in Python and can be run either manually from a terminal or directly from our Penterep platform via ptmanager.
PenterepTools is the designation of the scripts we develop for security testing. These scripts are written in Python and can be run either manually from a terminal or directly from our Penterep platform via ptmanager.
Yes, all our scripts designated as PenterepTools are available to you completely free for both private and commercial use. The tools under PenterepTools are distributed under the GNU GPL licence.
Yes, all our scripts designated as PenterepTools are available to you completely free for both private and commercial use. The tools under PenterepTools are distributed under the GNU GPL licence.
All our scripts are available at https://pypi.org/search/?q=pentereptools, from where you can easily install them with the command "pip install <scriptname>". The scripts are optimized for use in the Kali Linux operating system.
All our scripts are available at https://pypi.org/search/?q=pentereptools, from where you can easily install them with the command "pip install <scriptname>". The scripts are optimized for use in the Kali Linux operating system.