pentree

Walk pentest methodology trees, step by step

v1.1.1

Linux

Quick Start

Install via jcli (recommended)

jcli install pentree

If you don't have jcli yet, install it first with curl -fsSL https://cli.johlem.net/tools/jcli/install.sh | bash.

Walk through an engagement

pentree list                                          # available embedded trees
pentree run web_app --target https://example.com      # start the auto walker
pentree status                                        # show coverage + per-node state
pentree mark recon.dns complete --note "no MX, 1 NS"  # advance a node manually
pentree report --target https://example.com           # emit Markdown report

What it does

pentree is an interactive pentest methodology engine. Load an OWASP-WSTG-shaped decision tree (web app, network, mobile, cloud, …) and walk it node-by-node — pentree tracks which checks you've completed, which you've marked N/A, and which still need attention. Auto-saves to a session file after every state transition so a crash loses at most one step. Built in Rust, single binary.

Embedded methodology trees. The Rust port bundles its trees via include_str!. Adding a new tree is a single YAML file + one row in EMBEDDED_TREES. The trees ship inside the binary — no separate registry to fetch.
State machine with rewinds. pending → in_progress → complete | skipped | n_a, plus complete → pending because real engagements re-open findings. Illegal transitions exit 3 (bad input).
Per-session storage. Sessions live at ${PENTREE_HOME:-~/.pentree}/sessions/<id>.json with mode 0600 — session files can contain notes referencing client systems.
Markdown reports. pentree report emits Markdown with {target}, {tester}, {date}, {scope} substitution + a full coverage table. Skip the banner so the output is a clean artefact for the engagement deliverable.

Subcommands

Command	Status	What it does
`list`	working	List embedded trees + brief descriptions
`run <tree> --auto`	working	Walk the tree automatically, marking unattended steps as pending
`run <tree>`	partial	Interactive walker — currently falls back to `--auto` with a notice. Interactive prompt loop is a future enhancement
`status`	working	Show per-node state + coverage % (n_a + skipped count as "addressed")
`mark <node> <state> [--note]`	working	Advance one node. Validates transitions, exits 3 on illegal moves
`report`	working	Emit Markdown report with full coverage table
`resume --session <ID>`	future	Reload an existing session — currently happens implicitly via the session file name

On-disk layout

~/.pentree/sessions/<id>.json   # session state, chmod 600

The PENTREE_HOME env var overrides the default so pentree can be sandboxed for testing or used out of a shared user account.

Authorisation: pentree itself is a methodology tracker — it doesn't scan anything by itself. Commands it suggests (per node) are executed by the operator. Run only against systems you own or have explicit written authorisation to test.