Self-hosted Pentest / OSCP prep workspace - Pentest-Companion
Built this self-hosted workspace for fun, sharing it in case it helps the next person prepping!
https://github.com/Poellie01/PentestCompanion
After doing the OSCP exam and thinking / prepping for OSEP, I wondered what my biggest bottlenecks were during the exam. Most of the issues I had was that all of my information was all over the place, screenshots, logs, files, all in folders and separate note files. That's why I started this project, Pentest-Companion. It can be used for regular pentesting engagements / OSCP- style exams. etc.
Currently it has the following features:
Engagements:
Run engagements end-to-end. Targets, ports, attack steps, credentials, loot, checklists, timeline — all in one place. Auto-seeded phase checklists for recon, web, AD, post-ex, and pivoting. Archive completed engagements, link them to clients.
Findings & Reporting
Findings with interactive CVSS v3.1 calculator, severity workflow, comments, evidence files, and CVE auto-lookup. A 24-template library (need to add way more).. Generate branded DOCX and PDF reports with cover pages, executive summaries, and per-finding walkthroughs. Per-engagement toggles for redacting credentials on client-shareable copies.
Built-In Web Scanner
Passive security analysis: TLS, HTTP security headers, cookies, CORS, exposed files, HTTP methods, and tech fingerprinting. Deep mode adds directory enumeration and JavaScript endpoint extraction. Scan results auto-promote into a linked engagement's findings. Compare any two scans to see what changed.
Terminal Session Logging
Pipe any shell command into the app via a simple bash helper. Output streams in live with ANSI colors preserved. Personal API tokens for authentication. View any session per engagement.
Tools
Hash identifier with hashcat-mode reference table · Base64 encoder/decoder · Exam timer · Command renderer with placeholder substitution · Nmap output parser · Tool-output scratchpad that auto-detects what tool produced the output · Markdown notes with autosave.
Data portability
Importers for Nessus, Burp Suite, Nmap XML, bulk host lists, and Obsidian vaults. Exporters for findings as JSON, the full engagement as a .zip bundle (data + evidence files), and the finding library as a JSON bundle for sharing between teams. The full export → import round-trip works, so you can wipe the testing box after the engagement.
Teams & Multi-tenancy
Self-service registration creates an isolated team workspace. Roles (viewer / operator / owner / admin), single-use invite links, audit log, per-team branding settings (logo, color, footer that appear on every report). Cross-team isolation enforced on every endpoint and proven by tests.
Authentication
Password reset flow, CSRF protection on every form, HttpOnly + SameSite session cookies, SSRF guards on the scanner, strict path containment on file operations, structured request logging, friendly error pages. 24 automated tests including cross-team leakage proofs.
Deployment
One command (docker compose up -d) gets you a production-ready instance with a persistent volume, healthcheck, gunicorn, and a non-root user. SQLite by default.