# People Hacking

**Example URL:** <https://pentest.ws/e/{engagement.id}/people>

<figure><img src="https://pentestws.wordpress.com/wp-content/uploads/2025/05/image.png?w=1024" alt=""><figcaption><p><em>The individuals shown in this screenshot are entirely fictitious and generated for demonstration purposes only.</em></p></figcaption></figure>

The **People** page in PenTest.WS is your command center for tracking human targets during a red team engagement. Whether you're importing contacts for phishing, logging vishing attempts, or just enriching targets with metadata, this feature makes it easy to organize, search, and act on human intelligence.

## Overview

People are treated as first-class objects in PenTest.WS, just like hosts and services. Each person can include:

* Full name, job title, company, and location
* Tags for filtering (e.g. `finance`, `europe`)
* Multiple email addresses, phone numbers, and social links
* Freeform notes
* Linked events (calls, texts, phishing, etc.)
* Custom extra fields from import or manual entry

This makes it easy to build out real-world social engineering scenarios and tie them directly into findings or timelines.

## Importing People

To populate the People page, you can upload a file in one of the following formats:

* `.csv`
* `.json`
* `.xlsx` (Excel)

Only `first name` and `last name` are required. All other fields are optional but will be mapped where possible:

| Field Type     | Supports Multiple | Notes                                     |
| -------------- | ----------------- | ----------------------------------------- |
| `title`        | No                | Job title                                 |
| `company`      | No                | Company name                              |
| `location`     | No                | City or region                            |
| `tags`         | ✅ Yes             | Comma- or array-delimited                 |
| `emails`       | ✅ Yes             | Multiple email addresses supported        |
| `phones`       | ✅ Yes             | Supports various phone formats            |
| `links`        | ✅ Yes             | Social or profile URLs                    |
| *other fields* | ✅ Yes (dynamic)   | Stored under “Extra Fields” automatically |

> You can download a sample import file below:

{% file src="<https://1013683115-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHecEAvxd6Z8cSug6DhWr%2Fuploads%2FnFxJoQlyIGA1SQBy8DHD%2FPTWS_People_Sample_1000.xlsx?alt=media&token=83419166-cbe1-4b3a-a5a3-c55997266d0b>" %}
**Sample File:** contains 1,000 fully fictitious entries for testing purposes
{% endfile %}

## Adding & Editing People

<figure><img src="https://1013683115-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHecEAvxd6Z8cSug6DhWr%2Fuploads%2FlldAFqjQpNspVa1S3b24%2Fimage.png?alt=media&#x26;token=d274f923-b9eb-46c1-bfe9-a9365e134d5e" alt=""><figcaption><p><em>Edit Person</em></p></figcaption></figure>

You can also create or update individuals manually. The **Edit Person** page allows full control over all fields, including:

* Basic identity fields
* Tags (freeform)
* Custom links, emails, and phone numbers
* Rich text notes
* Extra fields (added automatically from imports or via the UI)

***

## Searching & Filtering

The People page uses a flexible filter system. You can stack multiple tags and metadata filters like:

* `north america`
* `engineering`
* `linkedin.com`
* `+1-202`

Only people matching **all** active filters are shown, allowing for precise targeting in large datasets.

***

## Linking Events

You can link people to events like:

* Phone calls (vishing)
* SMS messages (smishing)
* Emails or phishing attempts
* Physical impersonation

Event shortcuts are available from both the **main People page** and the **Edit Person** view. All events are timestamped in **UTC** and can be locked as **Evidence** to maintain a tamper-proof audit trail.

***

## Notes & Recommendations

* There’s no hard cap on how many people can be imported, thousands of records are supported.
* Extra fields added via import or UI can be deleted or renamed at any time.

## Tier Availability

**People Hacking** is available on **Pro Tier**.