Community

Made For Pentesters


Community will help pentesters reduce wasted effort and focus on breaking stuff. It’s the first dedicated client-facing collaboration platform for pentesting – unlike other tools which focus on scan output aggregation or report generation only.

Save Time

High-quality customisable reports, on-demand and at the click of a button.

Save Effort

Integrated, Centralised & Rich Issue Library. Stop re-inventing the wheel.

Save Money

Tools and workflows to reduce project overheads and costs by up to 40%.

Team Collaboration

Collaborate with your team, client and developers.

Methodology

Pre-loaded with industry benchmarks and methodologies, out of the box.

AttackChains

See the attack from hacker's perspective. Chain vulnerabilities together.

Still interested? Try Community

img
Automated Reports

Reporting

High-Quality On-Demand Reporting

On-demand reporting at the click of a button, whenever you or the client needs it. Reports can be customised and includes templates for Executives, Risk Managers, Third-Parties such as Auditors, and Developers. All reports can be downloaded in PDF, HTML, DOCX, CSV and JSON. JSON export allows you to integrate AttackForge into your own custom report templates.

ReportGen

Custom Reporting

AttackForge ReportGen Is The Easiest-to-Use Pentest Reporting Tool Available!

Create fully customized reports in minutes with no programming required! Based on DOCX templates that you can style. 10x templates are available for free! Reporting is no longer a worry with AttackForge ReportGen!

Attack Chains

Attack Chains

Built For Red Teams

Build Attack Chains quickly and effortlessly to help demonstrate exactly what an attacker is doing at every step - in a simple and clear visual story. Help your clients understand your attack paths and focus remediation where its needed. Map Attack Chains to MITRE ATT&CK® Framework in minutes!

Vulnerability Library

Libraries

Rich Issue Library With Over 1300 Vulnerabilities

Immediately access every CWE, CAPEC and other industry standard vulnerability definitions, or create your own. Save time on reporting - it takes on average less than 30 seconds to add a vulnerability to your pentest. No traditional report writing required.

Teams

Collaboration

Build Up Your Team and Collaborate

Connect with People to build your dream team and share your vulnerability libraries and test suites. Combine your hard work and avoid reinventing the wheel. Intended for small pentest teams or collaborative groups of freelancers.

Stealth Mode

Methodologies & Runbooks

Create Custom Checklists & Test Cases For Every Testing Activity

AttackForge comes pre-loaded with common industry benchmarks from OWASP, OSSTMM and others. However you can build your own custom methodologies for Red Team assessments, OSINT, Physical Security sssessments - your only limited by your creativity! You can capture evidence against every test case too.

Enterprise Connector

Import Vulnerabilities

AttackForge Connector Helps You Import Vulnerabilities From Tools, Platforms and Scripts

AttackForge Connector helps you Import vulnerabilities to your Community projects from tools such as Tenable Nessus and Burp Suite Proxy. Or you can use the API for custom imports.

Enterprise Connector

Export Vulnerabilities

AttackForge Connector Helps You Export Vulnerabilities Into Your Ticketing Tools

AttackForge Connector helps you Export vulnerabilities to your ticketing tools including including JIRA & ServiceNow.

Stealth Mode

Review Workflows

QA Finally Made Easy!

Efficient workflows to review and QA vulnerabilities with your teams. Communication & notifications to keep your teams updated. You can QA every vulnerability on your pentest from just one screen! How good is that!?

Stealth Mode

Themes

Personalise Your Theme

Enable different themes based on your mood and preference. Discover themes such as Stealth Mode, The Matrix, Lightning, Halloween, RedBack, Neptune, Firestorm, Lost Woods & Amethyst.

Need Help? Check out our Support Site

Case Study

SMALL BOUTIQUE CONSULTANCY


Client

The client is a small security company in Europe, providing penetration testing services to clients within Europe and North America....

Problems

Client has to compete for work with big and medium sized security companies and therefore relies on their ability to be fast and efficient with time and resources. Client also competes for talent as it is hard to find and even harder to retain good penetration testers.
The problems for this client were:

  1. Significant time (and therefore cost) spent by the most senior people on penetration testing logistics - scheduling, scoping, collecting necessary information, and doing quality assurance over the reports.
  2. Language barrier – most of their customers expected reports in English, and a lot of their pentesters come from a non-English speaking background.
  3. Pentesters being burned out by writing reports.

As the client’s Managing Consultant put it: “If I have to spend my time chasing clients, collecting testing credentials, reviewing reports, and saying goodbye to my best pentesters - who is going to do business development?”.

Solution: AttackForge Community

Community's main purpose is help small security companies and freelancers. It provides proven methodologies, comprehensive vulnerability and issue library, and a secure method of communication with customers.

Client had tried Community with a testing project and then introduced it to the principal pentesting team. The first full pentest was executed in February 2019. Customers’ representatives were invited for the third project.

Results

1. After several projects, the time spent on logistics went down by 50%. Quality assurance (such as peer and tech reviews of the reports) was reduced by 90%.

2. The language issues went away entirely as Community provided the most word heavy components such as vulnerability definitions out-of-the-box.

3. Pentesters are happier as they do not need to write reports any more.

4. The clients' customers reported that the use of Community helped them to track and fix vulnerabilities faster, saving time and money. Community paid for itself after the second project. One day of wages saved on writing reports is more than annual Pro subscription fees.

Will It Work For You?

If you are concerned with having your pentesters happy, and keeping your overheads and costs low – go for Community. Try it for free. If your deliver more than 30 projects then go for Enterprise.

Case Study

FREELANCE PENETRATION TESTER


Client

This freelance penetration tester is based in the United States and had come across Community from a Reddit post. He had been conducting pentesting professionally for over 5 years, with the last year working as a freelancer. Before freelancing, he was working for a large retail bank in the US. The bank had built it's own internal reporting capability which helped pentesters significantly. All other processes were mostly manual, such as email communications for interactions with clients / internal business units and their related technology teams....

Problems

Since leaving the bank, he had set up his own legal entity, insurances, background checks, purchased all standard commercial tools which are typically used during professional engagements, and was ready to start working as a freelancer. However there were a number of challenges that he faced:

  1. No Report templates. Freelancer had no intellectual property rights over previous report templates used at the bank, and needed to create a new report template to use with own clients.
  2. Reputation, Trust and Pipeline. As he was only new to this type of work and sales - it was difficult to win work and convince people to go with him, and why he's a better choice than cheaper offshore alternatives.
  3. Visibility and Maturity. It was difficult for this freelancer to demonstrate that his methodology and testing coverage would be aligned with client's expectations. The lack of visibility until a report was produced at end of testing meant that he was having to manually write daily status updates each day so that the client could have visbility over testing progress, and what was being covered off daily.

This created additional overheads and stress for this freelancer, which was especially difficult as he was also learning how to run a small business for the first time. As he had put it "I needed something to keep client's happy and coming back".

Solution: AttackForge Community

Community is a full collaboration platform which bring's pentesters and their clients together in one place. For the first handful of projects using Community - he had not invited clients directly to Community project workspaces. Instead he had indicated to them that he was using a tool to help him with tracking and reporting. He was adding his findings daily using the in-built Vulnerability and Issue Library, and ticking off test cases as he went along. At the end of each day, he downloaded the report and sent this to the client.

After getting used to Community - he started to invite client's directly to their project workspaces. This meant that he no longer needed to send them daily updates and that they could log in and see progress for themselves, and download reports when they needed it.

The feedback he had recieved from client's was mostly positive, and importantly helped him to build trust and pipeline as they could see exactly what was being tested (scope), when it was tested (timestamps), how it was tested (test cases), upload details directly to the workspace when needed, and all evidence to help them understand the issue and how to fix it.

Eventually, few of his clients who had got used to Community had requested that he gives access to developers directly so they could see the findings and start actioning them, without the client having to be a bottleneck. This meant that client spent less time and effort managing logistics and communication, which freed up a lot of their time.

Some of the regular clients who were using Community had also started managing their remediation testing through Community. The clients developers' were selecting which issues were ready for retest and requesting a retest round, and the freelancer was able to perform this swiftly and invoice client for the retesting performed.

Results

1. Freelancer no longer needed to worry about maintaining his own report template as customers were happy with the results produced from Community as it was sufficient for developers to understand the issues and how to fix them.

2. Freelancer was able to show new prospective clients his sanitised/de-identified projects to help give him a competitive advantage when bidding for new work. Prospective client's could see that industry standard methodologies were being used and detailed information for findings was being produced. This helped to build trust and win more clients and work.

3. Freelancer was able to create 'stickiness' with his regular clients, as they were now using his Community projects as their defect management tool for penetration testing findings, providing him with regular income and helping him to build his pipeline.

Will It Work For You?

If you are a freelance penetration tester and you need a tool to help take some pressure off you and keep your clients happy - Community is for you. It is free to sign up and start using immediately. However if your client's requirement is to have their data isolated and not stored in a multi-tenant solution, then Community is not for you.

Compare Products & Tiers


Do more with Community

Our prices are very easy to understand. There's no extra or hidden fees. You just pay what is listed here. You can cancel at any time.

Free

Monthly

$0

/ user /

Create Pentesting Projects
ReportGen For Custom Reports
Invite People to Your Projects
Automated & On-Demand Reports
Integrate Into Your Own Reports
Import Vulnerabilities to Projects
Custom Vulnerability Library - Preloaded 1300+ Vulnerabilities
JIRA / Slack / ServiceNow Integration
Remediation Tracking
Free Forever!


POPULAR

Pro

Monthly

/ user /

Everything in Free Tier
Unlimited Projects
Customise On-Demand Reports
Import Up To 500 Vulnerabilities on Your Projects
Create Teams To Share Knowledge
Access Powerful Analytics
Custom Test Suites
Unlimited Project Scope & Uploads
Priority Support
All amounts are in Australian Dollars


Free

Pro

Vulnerabilities

Global Dashboard For All Your Vulnerabilities
View & Search Vulnerabilities by Project, Asset, Priority and Status
Track by Open, Closed and Ready For Retest
Analytics, Trend Analysis & SLAs
Create Attack Chains & Map to MITRE ATT&CK® Framework
Import Vulnerabilities from BURP, Nessus, Qualys and more! (Limited) (500/project)
Export & Sync Vulnerabilities With JIRA & ServiceNow
Detailed Vulnerability Information - Give Your Developers & Engineers more!
Upload and Store Vulnerability Evidence & Artefacts (Limited)
Audit Trail For Life of Vulnerability - From Open to Retest to Closed
Access & Manage Your Vulnerability Library (Pre-loaded with 1300+ Templates)
Share Your Custom Vulnerability Libraries with Your Team
Choose When Your Vulnerabilities Are Visible To Project Team
Choose Your Vulnerability Scoring System, Including CVSS v3.1 Baseline, Temporal or Environmental

Projects

Global & Project Dashboards - Single-Pane of Glass
Custom Test Suites and Methodologies (Runbooks)
Create & Manage Projects (Limited)
Event Notifications on Start/Stop Testing, New Vulnerabilities & more
Test Tracking Support with Daily Breakdowns
Secure Workspace For Collecting Test Entry Criteria / Requirements & Storing Test Logs (Limited)
Create Private, Team & Reporting Notes
View & Action Test Cases on Every Project

Collaboration

Invite People To Collaborate on Your Projects
Scheduling & Calendar - Track Planned & Upcoming Projects
Private Slack & Discord Channels For Communication
Request, Track and Perform Remediation Testing
Invite People To Your Team

Reporting

Detailed On-Demand Vulnerability Reports (PDF, HTML, DOCX, CSV & JSON)
AttackForge ReportGen - Create Fully Customised & Personalized Reports
AttackForge ReportGen - 10x Starter DOCX Templates with No-Code Required
Robust Reporting Engine for Complex Logic & Bespoke Reporting Requirements
Quality Assurance (QA) Workflow & Revision Notes
Export JSON Into Your Own Reports and Tools

Security

Mandatory Multi-Factor Authentication (MFA)
Encrypted Communications & Storage
Role-Based Access Controls On Projects

Support

Support Centre For Immediate Help & Support
Training Videos
Email Support
Priority Email Support

Personalization

Custom Themes

Need help choosing? We've got you covered

Why not give Community a try?

Hall of Fame


Recognizing and celebrating contributions made by the community
to help us create better & more secure technology for all.

Hall of Fame

Jay Davis, Founder, Indigo IT-Labs

Thank you for your ideas & contributions which have lead to some of the
most loved & used features in AttackForge.


Stefan Vink, Founder, Svitsec

Thank you for your ideas on workflow improvements which have increased the
efficiency & satisfaction of pentesters using AttackForge.


Juan Sacco, Sr. Penetration Tester, Avast Software s.r.o.
Marek Toth, Penetration Tester, Avast Software s.r.o.
Nada Al-Noaimi, Cybersecurity Specialist, Saudi Aramco
Omar Al-Harbi, Cybersecurity Specialist, Saudi Aramco

Thank you for your responsible disclosure of security vulnerabilities.
Your contributions help improve the security of our products
and benefit security teams all over the world.

Security

For Peace of Mind


As a software security provider, AttackForge is committed to providing highly secure and reliable software for our customers. Check Out Our Full Security Statement