-
-
Notifications
You must be signed in to change notification settings - Fork 2
Home
Welcome to the official documentation for pentlog.
Pentlog supports different workflows depending on your needs:
- Client Mode: Best for professional engagements. Tracks Client, Engagement, Scope, etc.
- Exam/Lab Mode: Optimized for CTFs and Certifications (OSCP, PNPT, etc.). Tracks Exam Name and Target IP.
- Log Only Mode: Minimal setup. Just asks for a Project Name and starts logging immediately to a simplified path.
Use the create command to start a new logging context.
pentlog create
# Prompts for: Context Type
# - Client Mode: Full metadata (Client, Engagement, Scope, Phase)
# - Exam/Lab Mode: Exam Name, Target IP
# - Log Only: Project Name (Defaults to "QuickLog")Once initialized, start a recorded shell session.
pentlog shell
# Enters a recorded shell with custom PS1 and instant-logging.-
Client Mode: Use
switchto move between phases (e.g., recon -> exploit). -
Exam/Lab Mode: Use
switchto quickly jump to a New Target IP without re-running the setup wizard.
pentlog switch
# Prompts for:
# - Select from History (Interactive list of recent sessions)
# - Enter Manual/New (Prompts for Client/Target + Phase)
# Or toggle quickly to the previous session:
pentlog switch -Add timestamped notes during your session without leaving the terminal.
# Add a note (e.g. "Found SQLi")
pentlog note add "Found SQLi"
# Review list of notes (Interactive)
# Works both inside a shell (current session) AND offline (select past session)
pentlog note listAll commands function interactively.
# Search logs and notes (Interactive Loop)
# - Select Client -> Engagement -> Query
# - View results in a color-perfect pager (less)
# - Jump straight to interesting lines of code
pentlog search
# Export a report (Interactive Menu)
# - Select Phase
# - Preview in Pager or Save to File
pentlog exportReplay recorded sessions with full fidelity.
# Lists recent sessions to pick from
pentlog replay
# Or specify ID directly (Linux Only)
pentlog replay 1 -s 2.0Generate SHA256 hashes of all logs for evidence integrity.
pentlog freezeView an interactive executive summary of your engagement logic, including evidence size, recent findings, and statistical breakdowns.
pentlog dashboardKeep your tool up to date.
# Check version
pentlog version
# Update automatically
pentlog updateAnalyze your reports with AI to get a summary of the findings.
There are two ways to use the AI analysis feature:
-
Analyze an existing report:
# Summarized analysis (default) pentlog analyze <report_file> # Full analysis pentlog analyze --full-report <report_file>
-
Analyze a report during export:
# Summarized analysis (default) pentlog export --analyze # Full analysis pentlog export --analyze --full-report
Generate and install shell completion scripts for Zsh and Bash.
pentlog completionSelect your shell and follow the prompts.
Manage disk usage by archiving old or completed sessions.
# Interactive Mode (Recommended)
pentlog archive
# Archive all 'acme' sessions (Backup mode - Keeps originals)
pentlog archive acme
# Archive 'acme' sessions older than 30 days and DELETE originals
pentlog archive acme --days 30 --delete
# Archive specific phase or engagement
pentlog archive acme -p recon
pentlog archive acme -e internal-audit
# List archives
pentlog archive list-
User Configuration & Context:
~/.pentlog/context.json -
Database:
~/.pentlog/pentlog.db(SQLite session metadata) -
Manual Session Logs:
~/.pentlog/logs/<client>/<engagement>/<phase>/manual-<operator>-<timestamp>.{tty,json} -
Evidence Hashes:
~/.pentlog/hashes/sha256.txt -
Export Reports:
~/.pentlog/reports/<client>/ -
Archives:
~/.pentlog/archive/<client>/