Skip to main content

Overview

Pwnbook is organized around engagements — self-contained pentest projects that hold all your targets, tasks, findings, notes, and reports. Before you can create an engagement, you need an account and an organization.
1

Create your account

Navigate to app.pwnbook.io and sign up. Pwnbook uses WorkOS for authentication, so you can sign up with:
  • Email and password
  • Single Sign-On (SSO) if your organization has configured it
After signing up, check your inbox for a verification email and confirm your address.
If your organization has domain-based auto-join enabled, you’ll be added to the right organization automatically when you sign up with a matching email domain.
2

Create or join an organization

Organizations are the top-level container in Pwnbook. All engagements, members, and billing belong to an organization.Creating a new organization:
  1. After logging in, click Create Organization on the home screen.
  2. Enter your organization name.
  3. You’ll be set as the Owner with full administrative access.
Joining an existing organization:
  • Ask an admin or owner to invite you by email from the organization’s Members settings page.
  • If your organization has domain auto-join configured, sign up with your company email and you’ll be added automatically.
You can be a member of multiple organizations. Use the organization switcher in the top navigation to move between them.
3

Create your first engagement

An engagement represents a single pentest project. To create one:
  1. From the home screen, click New Engagement.
  2. Enter a name and optional description for the engagement.
  3. Click Create.
You’ll land on the engagement dashboard, which gives you access to all of the engagement’s features.
4

Add targets

Targets are the systems or assets you’re testing. Inside your engagement:
  1. Navigate to the Recon tab.
  2. Click Add Target.
  3. Enter a hostname, IP address, or CIDR range.
  4. Optionally trigger an automated recon scan to enumerate subdomains, open ports, and running services.
See the Recon documentation for details on automated scanning and network agents.
5

Explore features

Once your engagement is set up, explore what Pwnbook offers:

Tasks

Create and assign tasks to track work items for the engagement.

Wiki

Write collaborative notes and findings in the markdown wiki.

Threat Modeling

Build a visual threat model for the target application or infrastructure.

Reports

Generate a polished pentest report using a customizable template.

API Testing

Execute HTTP requests against targets and save them as templates.

Architecture

Map the target’s components, data flows, and routes.

Next steps

Invite your team

Add team members to your organization and configure their roles.

Configure integrations

Connect Slack, GitHub, AWS, and other tools to your workspace.

Set up the desktop app

Download the Pwnbook desktop app for macOS, Windows, or Linux.

Self-hosting

Run Pwnbook on your own infrastructure for full data control.

Desktop App

Pwnbook ships an Electron-based desktop application for macOS, Windows, and Linux. The desktop app provides the same full-featured experience as the web app, with native OS integration. To install the desktop app:
  1. Go to the Downloads section of the Pwnbook web app.
  2. Select the installer for your operating system.
  3. Run the installer and launch Pwnbook.
  4. Sign in with your existing Pwnbook credentials.
The desktop app connects to the same backend as the web app. If you are self-hosting, configure the desktop app to point to your self-hosted instance’s URL.