PTHelper: An open source tool to support the Penetration Testing process
Jacobo Casado de Gracia, Alfonso Sánchez-Macián
TL;DR
PTHelper addresses the time-consuming and information-siloed nature of penetration testing by delivering a modular, open-source toolkit that automates the full pentest lifecycle while preserving human oversight. The system orchestrates four modules—Scanner, Exploiter, NLPAgent, and Reporter—to collect data, identify and prepare exploits, generate executive and finding reports via prompt-engineered NLP, and render a SAFR-formatted document. Demonstrations in black-box infrastructure and HackTheBox validate end-to-end functionality and real-world applicability, showing reduced tester interactions and a coherent integrated report workflow. The work contributes a practical, extensible framework that can evolve to cover web/mobile pentesting and performance optimizations, thereby accelerating secure-architecture assessments in enterprise settings.
Abstract
Offensive security is one of the state of the art measures to protect enterprises and organizations. Penetration testing, broadly called pentesting, is a branch of offensive security designed to find, rate and exploit these vulnerabilities, in order to assess the security posture of an organization. This process is often time-consuming and the quantity of information that pentesters need to manage might also be difficult to handle. This project takes a practical approach to solve the automation of pentesting and proposes a usable tool, called PTHelper. This open-source tool has been designed in a modular way to be easily upgradable by the pentesting community, and uses state of the art tools and artificial intelligence to achieve its objective.