Evidence-First Pentest Logger β Capture every command, find anything, prove everything.
High-fidelity terminal logs with AI analysis, searchable content, interactive timelines, and compliance-ready reports. Built on ttyrec.
Perfect for Real-World Engagements, Compliance & Audits, OSCP, and HackTheBox.
Quick Start β’ Features β’ Commands β’ Install β’ Docs β’ Contributing
Using script, tmux, or basic shell redirection during pentests creates fragmented, unsearchable, unmaintainable evidence:
- π΄ Lost commands β Mixed with noise, impossible to extract context
- π΄ No integrity β How do you prove logs weren't tampered with?
- π΄ Manual reports β Hours spent copying/pasting into documents
- π΄ Evidence gaps β ANSI codes, terminal artifacts, overwrites break readability
- π΄ Compliance nightmares β No audit trails, no encrypted archives
- β Evidence-First Design β Every command + output captured with perfect fidelity using Virtual Terminal Emulator (handles colors, overwrites, redrawsβwhat you see matches what happened)
- β Context & Metadata β Automatic timestamps, operator tracking, client/engagement organization from day one
- β Searchable Everything β Find any command across all sessions with regex + boolean operators in seconds
- β Compliance-Ready β Integrity hashes, AES-256 encrypted archives, detailed audit trails
- β Reports in Minutes β Auto-generate Markdown/HTML with AI-powered summaries (no manual copy/paste)
- β
No Root Required β Works as normal user; logs land safely in
~/.pentlog/ - β Interactive Workflows β Intuitive TUI for engagement creation, phase switching, searching, and notes
- β
Replayable β Faithful session playback with
ttyplaypreserves exact timing - β
Integrity Protection β
pentlog freezegenerates SHA256 hashes for evidence packaging
# 1. Install (macOS/Linux) β ~30 seconds
curl -sSf https://raw.githubusercontent.com/aancw/pentlog/main/install.sh | sh
# 2. Setup (one-time) β Verify dependencies
pentlog setup
# 3. Create engagement β Interactive wizard
pentlog create
# 4. Start recording β Shell with ttyrec running
pentlog shell
# β You now have high-fidelity logs in ~/.pentlog/logs/
# β Logs are indexed in SQLite, ready to search
# 5. Search logs β Find commands across all sessions
pentlog search
# 6. Export report β Generate Markdown/HTML for client
pentlog exportWhat you get after 5 minutes:
- β Searchable terminal logs with perfect fidelity (ANSI colors, overwrites, etc.)
- β Timestamped commands organized by Client β Engagement β Phase
- β Compliance-ready HTML reports with AI summaries
- β Encrypted archives for secure client delivery
| Feature | Why It Matters |
|---|---|
| π¬ High-Fidelity Recording | Every keystroke + output captured with perfect terminal accuracy (ANSI colors, overwrites, redraws preserved) |
| π Interactive Search | Find any command across all sessions instantly with regex and boolean operatorsβno more grep chaos |
| π Virtual Terminal Emulator | What you see in the viewer is exactly what you saw in your shell (unlike script or tmux which break on special chars) |
| πΎ Compliance-Ready Export | Generate Markdown/HTML reports with AI summaries, integrity hashes, and encrypted archives in seconds |
| π Automatic Context | Every command timestamped and organized by Client β Engagement β Phaseβno manual naming or organizing |
| Feature | Description |
|---|---|
| π€ AI Analysis | Summarize findings with Google Gemini or Ollama (local LLM) |
| π― Timeline Extraction | Interactive timeline browser to reconstruct your attack sequence |
| π Notes & Bookmarks | Add timestamped annotations to sessions for later review |
| β¨οΈ Quick Hotkeys | Ctrl+N for notes, Ctrl+G for vulns during shell sessions |
| π Full Replay | Faithful playback with ttyplay preserves exact timing |
| π‘οΈ Crash Recovery | Protect evidence from SSH disconnects, OOM kills, and unexpected crashes |
| π‘ Live Share | Share terminal sessions in real-time via browser with dark-themed viewer |
| π AES-256 Archive | Password-protected encrypted archives for secure client delivery |
| Command | Description |
|---|---|
| Session Management | |
create |
Initialize a new engagement context (Interactive) |
shell |
Start a recorded shell with the engagement context loaded |
shell --share |
Start a recorded shell with live browser sharing enabled |
share |
Share a live or recorded session for read-only viewing |
sessions |
List and manage recorded sessions |
switch |
Switch to a different pentest phase |
| Analysis & Search | |
search |
Search command history across all sessions (Regex & Boolean) |
timeline |
Interactive browser for command timeline extraction |
dashboard |
Show an interactive dashboard of your pentest activity |
note |
Manage session notes and bookmarks |
| Reporting | |
export |
Export commands for a specific phase (Markdown/HTML) |
analyze |
Analyze a report with an AI provider to summarize findings |
vuln |
Manage findings and vulnerabilities |
| Data Management | |
archive |
Archive old sessions with optional encryption |
import |
Restore archived sessions back into pentlog |
freeze |
Generate SHA256 hashes of all session logs for integrity |
gif |
Convert sessions to animated GIF (720p/1080p) |
serve |
Start HTTP server to view HTML reports with GIF players |
recover |
Recover and manage crashed or stale sessions |
| Utilities | |
replay |
Replay a recorded session with full fidelity |
status |
Show current tool and engagement status |
setup |
Verify dependencies and prepare local logging |
reset |
Clear the current active engagement context |
completion |
Generate auto-completion scripts for Zsh and Bash |
update |
Update pentlog to the latest version automatically |
- Go 1.24.0+ (if building from source)
- ttyrec (terminal recording tool)
- ttyplay (optional, for session replay)
curl -sSf https://raw.githubusercontent.com/aancw/pentlog/main/install.sh | sh
pentlog setup # One-time dependency check and setupgit clone https://github.com/aancw/pentlog.git
cd pentlog
go build -o pentlog main.go
# Or cross-compile for Linux
GOOS=linux GOARCH=amd64 go build -o pentlog main.goAutomatic (recommended):
pentlog setup # Auto-installs on macOS, Ubuntu, Fedora, AlpineManual Installation:
- macOS:
brew install ttyrec - Ubuntu/Debian/WSL:
sudo apt-get install ttyrec - Fedora:
sudo dnf install ttyrec - Alpine:
sudo apk add ttyrec
- Password-Protected Archives: Use interactive mode (
pentlog archive) instead of--passwordflag to avoid storing passwords in shell history - Database Permissions: Sensitive files are created with 0600 permissions automatically
- Evidence Integrity: Use
pentlog freezebefore archiving for compliance audits
| Feature | script |
tmux |
PentLog |
|---|---|---|---|
| Terminal Fidelity | β Breaks on special chars | β Perfect (Virtual Terminal Emulator) | |
| Searchable Logs | β Manual grep chaos | β Session-by-session only | β Full-text search + regex + boolean operators |
| Automatic Organization | β Manual naming | β Manual naming | β Client β Engagement β Phase auto-organized |
| Timestamps | β No timestamps | β Every command timestamped | |
| Compliance Ready | β No integrity | β No integrity | β Hashes + encryption + audit trails |
| Replay | β No timing info | β
Faithful playback with ttyplay |
|
| Reports | β Manual copy/paste | β Manual copy/paste | β Auto-generate Markdown/HTML + AI summaries |
| Database | β Just files | β Just files | β Indexed SQLite for fast searching |
| Root Required | β Works as user | β Works as normal user | |
| Live Sharing | β Not supported | β Not supported | β Real-time browser viewer with scrollback |
| Crash Recovery | β Logs lost | β Protected from SSH/OOM crashes |
- Quick Start Guide - Set up and run your first engagement
- User Guide - Deep dive into all commands and features
- Modes Guide - Client Mode vs. Exam/Lab Mode vs. Log-Only Mode
- AI Analysis Setup - Configure Gemini or Ollama for report summarization
- Export & Reporting - Generate Markdown and HTML reports
- Archiving & Encryption - Create encrypted evidence packages
- Roadmap - Implemented features and future plans
- Changelog - Version history and improvements
- Contributing - Help us improve PentLog
Problem: Client demands evidence of every command. Your manual notes + tmux logs are a mess.
Solution:
- Auto-capture everything with perfect terminal fidelity
- Organize by Client β Engagement β Phase automatically
- Export compliance-ready HTML reports with AI summaries in minutes
- Archive with encryption for secure client delivery
Problem: Regulators need tamper-proof logs, audit trails, and encryption. Your shell history isn't enough.
Solution:
- Generate integrity hashes with
pentlog freezebefore archiving - Encrypt sessions with AES-256 for secure evidence packaging
- Maintain detailed audit trails with timestamps and operator tracking
- Create audit-ready reports with searchable content
Problem: Need to document every step for writeups. Fighting with formatting and missing commands.
Solution:
- Search across all sessions to find any command instantly
- Export clean Markdown reports with proper formatting
- Perfect terminal fidelity means what you see is what you get
- Timeline browser helps reconstruct your attack flow
Problem: Need reproducible, timestamped terminal sessions for analysis and playback.
Solution:
- Record sessions with precise timing for faithful
ttyplayreplay - Extract command timelines for detailed activity analysis
- Search across historical sessions for patterns and techniques
- Generate GIF recordings for documentation and presentations
We welcome contributions! Start by checking:
- Roadmap - See what's planned
- Contributing Guide - Review guidelines
- Open Issues - Find items to work on
- roomkangali - AI Summary feature & logo design
- ttyrec/ttyplay authors - Underlying recording technology
- Go community - Bubble Tea, Cobra, and other excellent libraries
MIT License - See LICENSE for details.
- π Documentation: docs/wiki/Home.md
- π Issues: GitHub Issues
- π¬ Discussions: GitHub Discussions
- β Star us on GitHub if you find PentLog useful!
Made for professionals. Evidence-first. No compromises.
