pentest-toolkit-pro-html

---
name: pentest-toolkit-pro-html
description: Single-file HTML pentesting toolkit with OWASP WSTG checklists, vulnerability tracking, CVSS scoring, and offline report generation
triggers:
  - use the pentest toolkit pro html tool
  - open the pentesting toolkit web interface
  - work with the offline pentest toolkit
  - customize the pentest toolkit pro html
  - integrate vulnerability tracking in pentest toolkit
  - generate pentest reports with toolkit pro
  - add custom modules to pentest toolkit
  - configure OWASP WSTG checklist in toolkit
---

# PenTest Toolkit Pro HTML Skill

> Skill by [ara.so](https://ara.so) — Security Skills collection.

## What It Does

PenTest Toolkit Pro is a comprehensive, single-file HTML pentesting toolkit designed for security professionals. It runs entirely offline in any web browser without dependencies, providing:

- **Rules of Engagement (RoE)** management and legal framework documentation
- **OWASP WSTG** (Web Security Testing Guide) interactive checklists
- **Vulnerability tracking** with CVSS scoring and classification
- **Report generation** with printable output
- **Cheat sheets** for infrastructure and web pentesting
- **Timeline tracking** for mission progress
- **Contract templates** for pentest engagements
- **Action plan** and remediation recommendations

All data is stored locally in browser localStorage, ensuring complete privacy and offline functionality.

## Installation

### Download and Use

```bash
# Clone the repository
git clone https://github.com/Cyber-Autopsie/PenTest-Toolkit-Pro.git
cd PenTest-Toolkit-Pro

# Open the HTML file directly in browser
# No build process or dependencies required
firefox pentest-toolkit-pro-v6.html
# or
google-chrome pentest-toolkit-pro-v6.html
```

Alternatively, download the single HTML file from the [releases page](https://github.com/Cyber-Autopsie/PenTest-Toolkit-Pro/releases/latest) and open it directly.

### File Structure

```
PenTest-Toolkit-Pro/
├── pentest-toolkit-pro-v6.html   # Main toolkit (single file)
├── preview.png                    # Screenshot
├── README.md
└── LICENSE
```

## Key Features and Usage

### Module Navigation

The toolkit uses a tabbed interface with these main modules:

- **RoE** - Rules of Engagement documentation
- **Contrat** - Contract templates
- **Timeline** - Mission chronology
- **OWASP WSTG** - Web security testing checklist
- **Vulnérabilités** - Vulnerability database
- **Scoring** - CVSS calculator
- **Actions** - Remediation plans
- **Rapport** - Report generation
- **Cheat Infra** - Infrastructure cheat sheet
- **Cheat Web** - Web pentesting cheat sheet
- **Ressources** - Reference links

### Data Storage

All data is persisted in browser localStorage with these keys:

```javascript
// Storage keys used by the toolkit
localStorage.getItem('pentestToolkit_roe')
localStorage.getItem('pentestToolkit_contract')
localStorage.getItem('pentestToolkit_timeline')
localStorage.getItem('pentestToolkit_owaspChecklist')
localStorage.getItem('pentestToolkit_vulnerabilities')
localStorage.getItem('pentestToolkit_actions')
```

## Customization and Extension

### Adding Custom Modules

To add a new module to the toolkit, modify the HTML structure:

```html
<!-- Add navigation button -->
<div class="tab-buttons">
  <button class="tab-btn" data-tab="custom-module">
    📦 Custom Module
  </button>
</div>

<!-- Add content panel -->
<div id="custom-module" class="tab-content">
  <div class="section-header">
    <h2>📦 Custom Module</h2>
    <p>Description of your custom module</p>
  </div>
  
  <div class="content-area">
    <!-- Your module content here -->
    <textarea id="customModuleData" placeholder="Enter data..."></textarea>
    <button onclick="saveCustomData()">Save</button>
  </div>
</div>

<!-- Add JavaScript handler -->
<script>
function saveCustomData() {
  const data = document.getElementById('customModuleData').value;
  localStorage.setItem('pentestToolkit_customModule', data);
  showNotification('Custom data saved', 'success');
}

function loadCustomData() {
  const data = localStorage.getItem('pentestToolkit_customModule') || '';
  document.getElementById('customModuleData').value = data;
}

// Load on page ready
document.addEventListener('DOMContentLoaded', loadCustomData);
</script>
```

### Customizing OWASP WSTG Checklist

The OWASP WSTG module uses checkboxes with localStorage persistence:

```javascript
// Add custom security test items
function addCustomOWASPTest(category, testId, testName, description) {
  const checklistHTML = `
    <div class="checklist-item">
      <input type="checkbox" id="${testId}" 
             onchange="saveOWASPProgress()">
      <label for="${testId}">
        <strong>${testName}</strong>
        <span class="test-desc">${description}</span>
      </label>
    </div>
  `;
  
  document.querySelector(`#${category}-tests`).insertAdjacentHTML(
    'beforeend', 
    checklistHTML
  );
}

// Example: Add custom authentication test
addCustomOWASPTest(
  'authentication',
  'WSTG-ATHN-99',
  'Test Custom OAuth Flow',
  'Verify custom OAuth 2.0 implementation security'
);
```

### Adding Vulnerability Templates

Create custom vulnerability entry templates:

```javascript
function addVulnerabilityTemplate(vuln) {
  const vulnEntry = {
    id: Date.now(),
    title: vuln.title || '',
    severity: vuln.severity || 'Medium',
    cvss: vuln.cvss || '5.0',
    description: vuln.description || '',
    impact: vuln.impact || '',
    remediation: vuln.remediation || '',
    status: 'Open',
    foundDate: new Date().toISOString().split('T')[0]
  };
  
  // Get existing vulnerabilities
  const vulns = JSON.parse(
    localStorage.getItem('pentestToolkit_vulnerabilities') || '[]'
  );
  
  vulns.push(vulnEntry);
  localStorage.setItem('pentestToolkit_vulnerabilities', JSON.stringify(vulns));
  
  return vulnEntry.id;
}

// Example: Add SQL injection finding
addVulnerabilityTemplate({
  title: 'SQL Injection in Login Form',
  severity: 'Critical',
  cvss: '9.8',
  description: 'The login endpoint is vulnerable to SQL injection via the username parameter',
  impact: 'Complete database compromise, authentication bypass',
  remediation: 'Implement prepared statements and input validation'
});
```

### Customizing Report Generation

Modify report output by updating the print stylesheet or export function:

```javascript
function generateCustomReport() {
  const reportData = {
    client: document.getElementById('clientName').value,
    date: new Date().toLocaleDateString('fr-FR'),
    vulnerabilities: JSON.parse(
      localStorage.getItem('pentestToolkit_vulnerabilities') || '[]'
    ),
    timeline: JSON.parse(
      localStorage.getItem('pentestToolkit_timeline') || '[]'
    )
  };
  
  // Generate custom HTML report
  const reportHTML = `
    <!DOCTYPE html>
    <html>
    <head>
      <title>Pentest Report - ${reportData.client}</title>
      <style>
        @page { margin: 2cm; }
        body { font-family: Arial, sans-serif; }
        .critical { color: #d32f2f; font-weight: bold; }
        .high { color: #f57c00; }
        .medium { color: #fbc02d; }
        .low { color: #388e3c; }
      </style>
    </head>
    <body>
      <h1>Penetration Test Report</h1>
      <h2>Client: ${reportData.client}</h2>
      <h3>Date: ${reportData.date}</h3>
      
      <h2>Executive Summary</h2>
      <p>Total vulnerabilities found: ${reportData.vulnerabilities.length}</p>
      
      <h2>Findings</h2>
      ${reportData.vulnerabilities.map(v => `
        <div class="vulnerability ${v.severity.toLowerCase()}">
          <h3>${v.title} [${v.severity}]</h3>
          <p><strong>CVSS:</strong> ${v.cvss}</p>
          <p><strong>Description:</strong> ${v.description}</p>
          <p><strong>Impact:</strong> ${v.impact}</p>
          <p><strong>Remediation:</strong> ${v.remediation}</p>
        </div>
      `).join('')}
    </body>
    </html>
  `;
  
  // Open in new window for printing
  const printWindow = window.open('', '_blank');
  printWindow.document.write(reportHTML);
  printWindow.document.close();
  printWindow.print();
}
```

### Exporting Data

Export toolkit data to JSON for backup or integration:

```javascript
function exportAllData() {
  const allData = {
    roe: localStorage.getItem('pentestToolkit_roe'),
    contract: localStorage.getItem('pentestToolkit_contract'),
    timeline: JSON.parse(localStorage.getItem('pentestToolkit_timeline') || '[]'),
    owasp: JSON.parse(localStorage.getItem('pentestToolkit_owaspChecklist') || '{}'),
    vulnerabilities: JSON.parse(localStorage.getItem('pentestToolkit_vulnerabilities') || '[]'),
    actions: JSON.parse(localStorage.getItem('pentestToolkit_actions') || '[]'),
    exportDate: new Date().toISOString()
  };
  
  const dataStr = JSON.stringify(allData, null, 2);
  const dataBlob = new Blob([dataStr], { type: 'application/json' });
  const url = URL.createObjectURL(dataBlob);
  
  const downloadLink = document.createElement('a');
  downloadLink.href = url;
  downloadLink.download = `pentest-toolkit-export-${Date.now()}.json`;
  downloadLink.click();
  
  URL.revokeObjectURL(url);
}

function importData(jsonFile) {
  const reader = new FileReader();
  reader.onload = function(e) {
    const data = JSON.parse(e.target.result);
    
    // Restore all data
    if (data.roe) localStorage.setItem('pentestToolkit_roe', data.roe);
    if (data.contract) localStorage.setItem('pentestToolkit_contract', data.contract);
    if (data.timeline) localStorage.setItem('pentestToolkit_timeline', JSON.stringify(data.timeline));
    if (data.owasp) localStorage.setItem('pentestToolkit_owaspChecklist', JSON.stringify(data.owasp));
    if (data.vulnerabilities) localStorage.setItem('pentestToolkit_vulnerabilities', JSON.stringify(data.vulnerabilities));
    if (data.actions) localStorage.setItem('pentestToolkit_actions', JSON.stringify(data.actions));
    
    location.reload(); // Reload to reflect changes
  };
  reader.readAsText(jsonFile);
}
```

## Common Patterns

### Starting a New Pentest Engagement

```javascript
// 1. Clear previous engagement data (optional)
function startNewEngagement() {
  if (confirm('Clear all existing data and start new engagement?')) {
    localStorage.clear();
    location.reload();
  }
}

// 2. Set engagement details in RoE
function initializeEngagement(details) {
  const roeTemplate = `
PENTEST ENGAGEMENT
==================

Client: ${details.clientName}
Scope: ${details.scope}
Start Date: ${details.startDate}
End Date: ${details.endDate}
Contact: ${details.contactEmail}

AUTHORIZED TARGETS
------------------
${details.targets.map(t => `- ${t}`).join('\n')}

RULES OF ENGAGEMENT
-------------------
- Testing hours: ${details.testingHours}
- Communication protocol: ${details.commProtocol}
- Emergency contact: ${details.emergencyContact}
`;
  
  localStorage.setItem('pentestToolkit_roe', roeTemplate);
  document.getElementById('roeContent').value = roeTemplate;
}

// Example usage
initializeEngagement({
  clientName: 'Acme Corp',
  scope: 'Web Application Security Assessment',
  startDate: '2026-06-01',
  endDate: '2026-06-15',
  contactEmail: 'security@acme.example',
  targets: ['https://app.acme.example', '10.0.0.0/24'],
  testingHours: '09:00 - 18:00 UTC',
  commProtocol: 'Email + Slack',
  emergencyContact: '+1-555-0100'
});
```

### Tracking Vulnerability Workflow

```javascript
// Add vulnerability with full lifecycle
function trackVulnerability(finding) {
  const vuln = {
    id: Date.now(),
    title: finding.title,
    severity: calculateSeverity(finding.cvss),
    cvss: finding.cvss,
    cwe: finding.cwe || '',
    description: finding.description,
    location: finding.location,
    impact: finding.impact,
    remediation: finding.remediation,
    status: 'Open',
    foundDate: new Date().toISOString().split('T')[0],
    evidence: finding.evidence || []
  };
  
  const vulns = JSON.parse(
    localStorage.getItem('pentestToolkit_vulnerabilities') || '[]'
  );
  vulns.push(vuln);
  localStorage.setItem('pentestToolkit_vulnerabilities', JSON.stringify(vulns));
  
  return vuln.id;
}

function calculateSeverity(cvss) {
  const score = parseFloat(cvss);
  if (score >= 9.0) return 'Critical';
  if (score >= 7.0) return 'High';
  if (score >= 4.0) return 'Medium';
  return 'Low';
}

// Example: Track XSS finding
trackVulnerability({
  title: 'Reflected XSS in Search Parameter',
  cvss: '6.1',
  cwe: 'CWE-79',
  description: 'User input in search parameter is reflected without sanitization',
  location: 'GET /search?q=<script>alert(1)</script>',
  impact: 'Session hijacking, credential theft, defacement',
  remediation: 'Implement output encoding and Content Security Policy',
  evidence: ['screenshot1.png', 'request.txt']
});
```

## Troubleshooting

### Data Not Persisting

**Problem**: Changes don't save between sessions.

**Solution**: Check browser localStorage limits and permissions:

```javascript
// Test localStorage availability
function testLocalStorage() {
  try {
    localStorage.setItem('test', 'test');
    localStorage.removeItem('test');
    return true;
  } catch (e) {
    console.error('localStorage not available:', e);
    return false;
  }
}

// Check storage quota
if (navigator.storage && navigator.storage.estimate) {
  navigator.storage.estimate().then(estimate => {
    console.log(`Storage: ${estimate.usage} / ${estimate.quota} bytes`);
  });
}
```

### Print/Export Issues

**Problem**: Report doesn't print correctly or looks broken.

**Solution**: Ensure print media queries are loaded:

```javascript
// Force print stylesheet application
function fixPrintStyles() {
  const printStyle = document.createElement('style');
  printStyle.media = 'print';
  printStyle.textContent = `
    @page { margin: 2cm; }
    .no-print { display: none !important; }
    .page-break { page-break-after: always; }
  `;
  document.head.appendChild(printStyle);
}

// Call before printing
window.onbeforeprint = fixPrintStyles;
```

### Browser Compatibility

**Problem**: Toolkit doesn't work in certain browsers.

**Solution**: The toolkit requires modern browser features. Check compatibility:

```javascript
// Feature detection
function checkCompatibility() {
  const features = {
    localStorage: typeof(Storage) !== "undefined",
    fetch: typeof(fetch) !== "undefined",
    es6: typeof(Promise) !== "undefined"
  };
  
  const incompatible = Object.entries(features)
    .filter(([, supported]) => !supported)
    .map(([feature]) => feature);
  
  if (incompatible.length > 0) {
    alert(`Browser incompatible. Missing: ${incompatible.join(', ')}`);
    return false;
  }
  return true;
}
```

### Large Data Performance

**Problem**: Toolkit becomes slow with many vulnerabilities.

**Solution**: Implement pagination or lazy loading:

```javascript
// Paginate vulnerability list
function displayVulnerabilitiesPaginated(page = 1, perPage = 20) {
  const vulns = JSON.parse(
    localStorage.getItem('pentestToolkit_vulnerabilities') || '[]'
  );
  
  const start = (page - 1) * perPage;
  const end = start + perPage;
  const pageVulns = vulns.slice(start, end);
  
  const container = document.getElementById('vulnList');
  container.innerHTML = pageVulns.map(v => `
    <div class="vuln-item" data-id="${v.id}">
      <h3>${v.title} <span class="severity-${v.severity.toLowerCase()}">${v.severity}</span></h3>
      <p>CVSS: ${v.cvss} | Found: ${v.foundDate}</p>
    </div>
  `).join('');
  
  // Add pagination controls
  const totalPages = Math.ceil(vulns.length / perPage);
  if (totalPages > 1) {
    container.innerHTML += `
      <div class="pagination">
        ${page > 1 ? `<button onclick="displayVulnerabilitiesPaginated(${page - 1})">Previous</button>` : ''}
        Page ${page} of ${totalPages}
        ${page < totalPages ? `<button onclick="displayVulnerabilitiesPaginated(${page + 1})">Next</button>` : ''}
      </div>
    `;
  }
}
```