Made For Pentesters
Community will help pentesters reduce wasted effort and focus on breaking stuff. It’s the first dedicated client-facing collaboration platform for pentesting – unlike other tools which focus on scan output aggregation or report generation only.
Save Time
High-quality customisable reports, on-demand and at the click of a button.
Save Effort
Integrated, Centralised & Rich Issue Library. Stop re-inventing the wheel.
Save Money
Tools and workflows to reduce project overheads and costs by up to 40%.
Team Collaboration
Collaborate with your team, client and developers.
Methodology
Pre-loaded with industry benchmarks and methodologies, out of the box.
AttackChains
See the attack from hacker's perspective. Chain vulnerabilities together.
Still interested? Try Community
Community
Community is built & optimized for Freelancers, Bug Bounty Hunters, Students, Small Pentest Teams & Small Enterprises.
Community will help you manage your penetration testing projects more effectively, and generate professional reports with minimal effort. You can also collaborate with your teams.
Community is a multi-tenant cloud application and has a Free-Tier and a Pro-Tier.
Reporting
High-Quality On-Demand Reporting
On-demand reporting at the click of a button, whenever you or the client needs it. Reports can be customised and includes templates for Executives, Risk Managers, Third-Parties such as Auditors, and Developers. All reports can be downloaded in PDF, HTML, DOCX, CSV and JSON. JSON export allows you to integrate AttackForge into your own custom report templates.
Custom Reporting
AttackForge ReportGen Is The Easiest-to-Use Pentest Reporting Tool Available!
Create fully customized reports in minutes with no programming required! Based on DOCX templates that you can style. 10x templates are available for free! Reporting is no longer a worry with AttackForge ReportGen!
Attack Chains
Built For Red Teams
Build Attack Chains quickly and effortlessly to help demonstrate exactly what an attacker is doing at every step - in a simple and clear visual story. Help your clients understand your attack paths and focus remediation where its needed. Map Attack Chains to MITRE ATT&CK® Framework in minutes!
Libraries
Rich Issue Library With Over 1300 Vulnerabilities
Immediately access every CWE, CAPEC and other industry standard vulnerability definitions, or create your own. Save time on reporting - it takes on average less than 30 seconds to add a vulnerability to your pentest. No traditional report writing required.
Collaboration
Build Up Your Team and Collaborate
Connect with People to build your dream team and share your vulnerability libraries and test suites. Combine your hard work and avoid reinventing the wheel. Intended for small pentest teams or collaborative groups of freelancers.
Methodologies & Runbooks
Create Custom Checklists & Test Cases For Every Testing Activity
AttackForge comes pre-loaded with common industry benchmarks from OWASP, OSSTMM and others. However you can build your own custom methodologies for Red Team assessments, OSINT, Physical Security sssessments - your only limited by your creativity! You can capture evidence against every test case too.
Import Vulnerabilities
AttackForge Connector Helps You Import Vulnerabilities From Tools, Platforms and Scripts
AttackForge Connector helps you Import vulnerabilities to your Community projects from tools such as Tenable Nessus and Burp Suite Proxy. Or you can use the API for custom imports.
Export Vulnerabilities
AttackForge Connector Helps You Export Vulnerabilities Into Your Ticketing Tools
AttackForge Connector helps you Export vulnerabilities to your ticketing tools including including JIRA & ServiceNow.
Review Workflows
QA Finally Made Easy!
Efficient workflows to review and QA vulnerabilities with your teams. Communication & notifications to keep your teams updated. You can QA every vulnerability on your pentest from just one screen! How good is that!?
Themes
Personalise Your Theme
Enable different themes based on your mood and preference. Discover themes such as Stealth Mode, The Matrix, Lightning, Halloween, RedBack, Neptune, Firestorm, Lost Woods & Amethyst.
Need Help? Check out our Support Site
SMALL BOUTIQUE CONSULTANCY
Client
The client is a small security company in Europe, providing penetration testing services to clients within Europe and North America....
Problems
Client has to compete for work with big and medium sized security companies and therefore relies on their ability to be fast and efficient with time and resources. Client also competes for talent as it is hard to find and even harder to retain good penetration testers.
The problems for this client were:
- Significant time (and therefore cost) spent by the most senior people on penetration testing logistics - scheduling, scoping, collecting necessary information, and doing quality assurance over the reports.
- Language barrier – most of their customers expected reports in English, and a lot of their pentesters come from a non-English speaking background.
- Pentesters being burned out by writing reports.
As the client’s Managing Consultant put it: “If I have to spend my time chasing clients, collecting testing credentials, reviewing reports, and saying goodbye to my best pentesters - who is going to do business development?”.
Solution: AttackForge Community
Community's main purpose is help small security companies and freelancers. It provides proven methodologies, comprehensive vulnerability and issue library, and a secure method of communication with customers.
Client had tried Community with a testing project and then introduced it to the principal pentesting team. The first full pentest was executed in February 2019. Customers’ representatives were invited for the third project.
Results
1. After several projects, the time spent on logistics went down by 50%. Quality assurance (such as peer and tech reviews of the reports) was reduced by 90%.
2. The language issues went away entirely as Community provided the most word heavy components such as vulnerability definitions out-of-the-box.
3. Pentesters are happier as they do not need to write reports any more.
4. The clients' customers reported that the use of Community helped them to track and fix vulnerabilities faster, saving time and money. Community paid for itself after the second project. One day of wages saved on writing reports is more than annual Pro subscription fees.
Will It Work For You?
If you are concerned with having your pentesters happy, and keeping your overheads and costs low – go for Community. Try it for free. If your deliver more than 30 projects then go for Enterprise.
FREELANCE PENETRATION TESTER
Client
This freelance penetration tester is based in the United States and had come across Community from a Reddit post. He had been conducting pentesting professionally for over 5 years, with the last year working as a freelancer. Before freelancing, he was working for a large retail bank in the US. The bank had built it's own internal reporting capability which helped pentesters significantly. All other processes were mostly manual, such as email communications for interactions with clients / internal business units and their related technology teams....
Problems
Since leaving the bank, he had set up his own legal entity, insurances, background checks, purchased all standard commercial tools which are typically used during professional engagements, and was ready to start working as a freelancer. However there were a number of challenges that he faced:
- No Report templates. Freelancer had no intellectual property rights over previous report templates used at the bank, and needed to create a new report template to use with own clients.
- Reputation, Trust and Pipeline. As he was only new to this type of work and sales - it was difficult to win work and convince people to go with him, and why he's a better choice than cheaper offshore alternatives.
- Visibility and Maturity. It was difficult for this freelancer to demonstrate that his methodology and testing coverage would be aligned with client's expectations. The lack of visibility until a report was produced at end of testing meant that he was having to manually write daily status updates each day so that the client could have visbility over testing progress, and what was being covered off daily.
This created additional overheads and stress for this freelancer, which was especially difficult as he was also learning how to run a small business for the first time. As he had put it "I needed something to keep client's happy and coming back".
Solution: AttackForge Community
Community is a full collaboration platform which bring's pentesters and their clients together in one place. For the first handful of projects using Community - he had not invited clients directly to Community project workspaces. Instead he had indicated to them that he was using a tool to help him with tracking and reporting. He was adding his findings daily using the in-built Vulnerability and Issue Library, and ticking off test cases as he went along. At the end of each day, he downloaded the report and sent this to the client.
After getting used to Community - he started to invite client's directly to their project workspaces. This meant that he no longer needed to send them daily updates and that they could log in and see progress for themselves, and download reports when they needed it.
The feedback he had recieved from client's was mostly positive, and importantly helped him to build trust and pipeline as they could see exactly what was being tested (scope), when it was tested (timestamps), how it was tested (test cases), upload details directly to the workspace when needed, and all evidence to help them understand the issue and how to fix it.
Eventually, few of his clients who had got used to Community had requested that he gives access to developers directly so they could see the findings and start actioning them, without the client having to be a bottleneck. This meant that client spent less time and effort managing logistics and communication, which freed up a lot of their time.
Some of the regular clients who were using Community had also started managing their remediation testing through Community. The clients developers' were selecting which issues were ready for retest and requesting a retest round, and the freelancer was able to perform this swiftly and invoice client for the retesting performed.
Results
1. Freelancer no longer needed to worry about maintaining his own report template as customers were happy with the results produced from Community as it was sufficient for developers to understand the issues and how to fix them.
2. Freelancer was able to show new prospective clients his sanitised/de-identified projects to help give him a competitive advantage when bidding for new work. Prospective client's could see that industry standard methodologies were being used and detailed information for findings was being produced. This helped to build trust and win more clients and work.
3. Freelancer was able to create 'stickiness' with his regular clients, as they were now using his Community projects as their defect management tool for penetration testing findings, providing him with regular income and helping him to build his pipeline.
Will It Work For You?
If you are a freelance penetration tester and you need a tool to help take some pressure off you and keep your clients happy - Community is for you. It is free to sign up and start using immediately. However if your client's requirement is to have their data isolated and not stored in a multi-tenant solution, then Community is not for you.
Compare Products & Tiers
Do more with Community
Our prices are very easy to understand. There's no extra or hidden fees. You just pay what is listed here. You can cancel at any time.
Free
Monthly
$0
/ user /
Create Pentesting Projects
ReportGen For Custom Reports
Invite People to Your Projects
Automated & On-Demand Reports
Integrate Into Your Own Reports
Import Vulnerabilities to Projects
Custom Vulnerability Library - Preloaded 1300+ Vulnerabilities
JIRA / Slack / ServiceNow Integration
Remediation Tracking
Free Forever!
Pro
Monthly
/ user /
Everything in Free Tier
Unlimited Projects
Customise On-Demand Reports
Import Up To 500 Vulnerabilities on Your Projects
Create Teams To Share Knowledge
Access Powerful Analytics
Custom Test Suites
Unlimited Project Scope & Uploads
Priority Support
All amounts are in Australian Dollars
Free |
Pro |
|
Vulnerabilities |
||
|---|---|---|
| Global Dashboard For All Your Vulnerabilities | ||
| View & Search Vulnerabilities by Project, Asset, Priority and Status | ||
| Track by Open, Closed and Ready For Retest | ||
| Analytics, Trend Analysis & SLAs | ||
| Create Attack Chains & Map to MITRE ATT&CK® Framework | ||
| Import Vulnerabilities from BURP, Nessus, Qualys and more! | (Limited) | (500/project) |
| Export & Sync Vulnerabilities With JIRA & ServiceNow | ||
| Detailed Vulnerability Information - Give Your Developers & Engineers more! | ||
| Upload and Store Vulnerability Evidence & Artefacts | (Limited) | |
| Audit Trail For Life of Vulnerability - From Open to Retest to Closed | ||
| Access & Manage Your Vulnerability Library (Pre-loaded with 1300+ Templates) | ||
| Share Your Custom Vulnerability Libraries with Your Team | ||
| Choose When Your Vulnerabilities Are Visible To Project Team | ||
| Choose Your Vulnerability Scoring System, Including CVSS v3.1 Baseline, Temporal or Environmental | ||
Projects |
||
| Global & Project Dashboards - Single-Pane of Glass | ||
| Custom Test Suites and Methodologies (Runbooks) | ||
| Create & Manage Projects | (Limited) | |
| Event Notifications on Start/Stop Testing, New Vulnerabilities & more | ||
| Test Tracking Support with Daily Breakdowns | ||
| Secure Workspace For Collecting Test Entry Criteria / Requirements & Storing Test Logs | (Limited) | |
| Create Private, Team & Reporting Notes | ||
| View & Action Test Cases on Every Project | ||
Collaboration |
||
| Invite People To Collaborate on Your Projects | ||
| Scheduling & Calendar - Track Planned & Upcoming Projects | ||
| Private Slack & Discord Channels For Communication | ||
| Request, Track and Perform Remediation Testing | ||
| Invite People To Your Team | ||
Reporting |
||
| Detailed On-Demand Vulnerability Reports (PDF, HTML, DOCX, CSV & JSON) | ||
| AttackForge ReportGen - Create Fully Customised & Personalized Reports | ||
| AttackForge ReportGen - 10x Starter DOCX Templates with No-Code Required | ||
| Robust Reporting Engine for Complex Logic & Bespoke Reporting Requirements | ||
| Quality Assurance (QA) Workflow & Revision Notes | ||
| Export JSON Into Your Own Reports and Tools | ||
Security |
||
| Mandatory Multi-Factor Authentication (MFA) | ||
| Encrypted Communications & Storage | ||
| Role-Based Access Controls On Projects | ||
Support |
||
| Support Centre For Immediate Help & Support | ||
| Training Videos | ||
| Email Support | ||
| Priority Email Support | ||
Personalization |
||
| Custom Themes |
Need help choosing? We've got you covered
References and Reviews
CAPEC Community Organization Usage
AttackForge pen test platform showcased at Black Hat Europe
AttackForge Introduction Video [YouTube]
Pluralsight: Conducting Active Reconnaissance for CompTIA PenTest+
Podcast: Why Pentesting is Broken Today [with the AttackForge Team]
The Pen Testing Tools We’re Thankful for This Season
AttackForge – Penetration Testing Platform
AttackForge – Penetration Testing Platform
Black Hat Europe Arsenal 2021 [Video]
Black Hat Europe Arsenal 2020 [Video]
Black Hat Asia Arsenal 2020 [Video]
Black Hat Europe Arsenal 2019
Black Hat USA Arsenal 2019
Black Hat Asia Arsenal 2019
Black Hat Europe Arsenal 2018
Why not give Community a try?
Hall of Fame
Recognizing and celebrating contributions made by the community
to help us create better & more secure technology for all.
Thank you for your ideas & contributions which have lead to some of the
most loved & used features in AttackForge.
Thank you for your ideas on workflow improvements which have increased the
efficiency & satisfaction of pentesters using AttackForge.
Marek Toth, Penetration Tester, Avast Software s.r.o.
Nada Al-Noaimi, Cybersecurity Specialist, Saudi Aramco
Omar Al-Harbi, Cybersecurity Specialist, Saudi Aramco
Thank you for your responsible disclosure of security vulnerabilities.
Your contributions help improve the security of our products
and benefit security teams all over the world.
For Peace of Mind
As a software security provider, AttackForge is committed to providing highly secure and reliable software for our customers. Check Out Our Full Security Statement