PenTest.WS Documentation
  • What is PenTest.WS?
    • Tier Comparison
  • Getting Started
    • Dashboard
    • Creating An Engagement
    • Main Window Layout
    • Engagement Console
    • Import Nmap & Masscan XML
    • Port Scan Templates
    • Adding Hosts Manually
    • Adding Ports to Hosts
    • Capturing Credentials
  • Hosts & Services
    • Host Page
    • Port Page
    • Global Service Notes
    • Service Command Library
    • Default Service Checklist
    • Scratchpad Editor
  • People & Events
    • People Hacking
    • Events Timeline
  • Views & Filtering
    • Boards
    • The Matrix
    • Subnetting
  • User Libraries
    • Shells Library
    • General Command Library
    • General Notes Library
    • Bookmark Library
  • Built-In Tools
    • Echo Up
    • CyberChef
    • Venom Builder
  • Search Capabilities
    • CVE DB
    • Exploit-DB
    • Nmap Scripts
    • Metasploit Modules
    • Keyword Search
  • Findings
    • Findings Admin
    • Findings Library
    • Engagement Findings
  • Clients & Reporting
    • Write-Ups
    • Clients Manager
    • Reporting Templates
    • Generating Deliverables
  • Collaboration
    • User Maintenance
    • Shared Engagements
    • Access Control List
  • Automation & Integration
    • API
    • SMTP
  • Authentication
    • Two-Factor Authentication
    • LDAP Authentication
  • Exporting & Importing
    • Export Account Items
    • Import Account Items
    • Export to CSV / JSON
  • Pro Tier
    • Admin Panel
    • Intranet Mode
    • Solo Mode
    • Large Engagement Support
Powered by GitBook
On this page
  • Overview
  • Importing People
  • Adding & Editing People
  • Searching & Filtering
  • Linking Events
  • Notes & Recommendations
  • Tier Availability
  1. People & Events

People Hacking

PreviousScratchpad EditorNextEvents Timeline

Last updated 11 days ago

Example URL: https://pentest.ws/e/{engagement.id}/people

The individuals shown in this screenshot are entirely fictitious and generated for demonstration purposes only.

The People page in PenTest.WS is your command center for tracking human targets during a red team engagement. Whether you're importing contacts for phishing, logging vishing attempts, or just enriching targets with metadata, this feature makes it easy to organize, search, and act on human intelligence.

Overview

People are treated as first-class objects in PenTest.WS, just like hosts and services. Each person can include:

  • Full name, job title, company, and location

  • Tags for filtering (e.g. finance, europe)

  • Multiple email addresses, phone numbers, and social links

  • Freeform notes

  • Linked events (calls, texts, phishing, etc.)

  • Custom extra fields from import or manual entry

This makes it easy to build out real-world social engineering scenarios and tie them directly into findings or timelines.

Importing People

To populate the People page, you can upload a file in one of the following formats:

  • .csv

  • .json

  • .xlsx (Excel)

Only first name and last name are required. All other fields are optional but will be mapped where possible:

Field Type
Supports Multiple
Notes

title

No

Job title

company

No

Company name

location

No

City or region

tags

✅ Yes

Comma- or array-delimited

emails

✅ Yes

Multiple email addresses supported

phones

✅ Yes

Supports various phone formats

links

✅ Yes

Social or profile URLs

other fields

✅ Yes (dynamic)

Stored under “Extra Fields” automatically

You can download a sample import file below:

Adding & Editing People

You can also create or update individuals manually. The Edit Person page allows full control over all fields, including:

  • Basic identity fields

  • Tags (freeform)

  • Custom links, emails, and phone numbers

  • Rich text notes

  • Extra fields (added automatically from imports or via the UI)


Searching & Filtering

The People page uses a flexible filter system. You can stack multiple tags and metadata filters like:

  • north america

  • engineering

  • linkedin.com

  • +1-202

Only people matching all active filters are shown, allowing for precise targeting in large datasets.


Linking Events

You can link people to events like:

  • Phone calls (vishing)

  • SMS messages (smishing)

  • Emails or phishing attempts

  • Physical impersonation

Event shortcuts are available from both the main People page and the Edit Person view. All events are timestamped in UTC and can be locked as Evidence to maintain a tamper-proof audit trail.


Notes & Recommendations

  • There’s no hard cap on how many people can be imported, thousands of records are supported.

  • Extra fields added via import or UI can be deleted or renamed at any time.

Tier Availability

People Hacking is available on Pro Tier.

80KB
PTWS_People_Sample_1000.xlsx
Sample File: contains 1,000 fully fictitious entries for testing purposes
Edit Person