Skip to main content

What is an engagement?

An engagement is a self-contained workspace for a penetration test or security assessment. Think of it as a project folder that keeps all of your work organized in one place — targets, tasks, notes, API requests, threat models, architecture diagrams, and final reports. Every piece of work in Pwnbook belongs to an engagement. When you start a new pentest, you create a new engagement.

Engagement lifecycle

Engagements have two states:
StateDescription
ActiveThe engagement is in progress. All features are available, and the engagement appears in your active list.
ArchivedThe engagement is complete. It moves to the archived list but remains fully accessible for reference. You can unarchive at any time.
Archive completed engagements to keep your active list clean without losing any historical data.

What lives inside an engagement

Each engagement contains a full set of tools for conducting and documenting a security assessment:
The systems or assets under assessment. Targets can be hostnames, IP addresses, or CIDR ranges. Each target can have recon scans run against it to discover subdomains, open ports, and running services.
A task list scoped to the engagement. Tasks can be assigned to team members, given due dates, and tracked through to completion. See Tasks.
A collaborative markdown wiki for notes, findings, and documentation. Wiki pages support rich markdown and can be shared externally via share links. See Wiki.
Generate formal pentest reports from customizable templates. Reports pull in findings and metadata from the engagement. See Reports.
Visual threat models built on a canvas. Map assets, threats, and attack vectors for the target application or infrastructure. See Threat Modeling.
A built-in HTTP request tool for testing APIs and web endpoints. Requests are saved per engagement and support templates and community scripts. See API Testing.
Component maps and data flow diagrams for the target application. Identify component-level risks and import infrastructure from cloud providers. See Architecture Modeling.

Creating an engagement

  1. From the home screen or the engagements list, click New Engagement.
  2. Enter a name for the engagement. Choose something descriptive, such as the client name or target application.
  3. Optionally add a description with scope notes or objectives.
  4. Click Create.
You’ll be taken to the engagement dashboard immediately.

Engagement dashboard

The engagement dashboard gives you an at-a-glance summary of the engagement’s status, including open tasks, recent activity, and quick links to each section. Use the sidebar navigation within the engagement to move between Targets, Tasks, Wiki, Reports, Threat Models, API Requests, and Architecture.

Managing engagements

Archiving an engagement

When a pentest is complete:
  1. Open the engagement.
  2. Click the menu in the top right.
  3. Select Archive Engagement.
The engagement moves to the Archived tab in your engagement list.

Deleting an engagement

Deleting an engagement permanently removes all its contents — targets, tasks, wiki pages, reports, and all associated data. This action cannot be undone.
To delete an engagement:
  1. Open the engagement.
  2. Click the menu in the top right.
  3. Select Delete Engagement.
  4. Confirm the deletion in the prompt.

Engagement permissions

Access to an engagement is governed by your role within the organization. Members of an organization can access engagements they are added to. Owners and admins can access all engagements in the organization. See Roles & Permissions for more detail.