People Hacking

PreviousScratchpad Editor NextEvents Timeline

Last updated 16 days ago

People Hacking

Example URL: https://pentest.ws/e/{engagement.id}/people

The People page in PenTest.WS is your command center for tracking human targets during a red team engagement. Whether you're importing contacts for phishing, logging vishing attempts, or just enriching targets with metadata, this feature makes it easy to organize, search, and act on human intelligence.

Overview

People are treated as first-class objects in PenTest.WS, just like hosts and services. Each person can include:

Full name, job title, company, and location
Tags for filtering (e.g. finance, europe)
Multiple email addresses, phone numbers, and social links
Freeform notes
Linked events (calls, texts, phishing, etc.)
Custom extra fields from import or manual entry

This makes it easy to build out real-world social engineering scenarios and tie them directly into findings or timelines.

Importing People

To populate the People page, you can upload a file in one of the following formats:

.csv
.json
.xlsx (Excel)

Only first name and last name are required. All other fields are optional but will be mapped where possible:

Field Type

Supports Multiple

Notes

title

Job title

company

Company name

location

City or region

tags

✅ Yes

Comma- or array-delimited

emails

✅ Yes

Multiple email addresses supported

phones

✅ Yes

Supports various phone formats

links

✅ Yes

Social or profile URLs

other fields

✅ Yes (dynamic)

Stored under “Extra Fields” automatically

You can download a sample import file below:

Adding & Editing People

You can also create or update individuals manually. The Edit Person page allows full control over all fields, including:

Basic identity fields
Tags (freeform)
Custom links, emails, and phone numbers
Rich text notes
Extra fields (added automatically from imports or via the UI)

Searching & Filtering

The People page uses a flexible filter system. You can stack multiple tags and metadata filters like:

north america
engineering
linkedin.com
+1-202

Only people matching all active filters are shown, allowing for precise targeting in large datasets.

Linking Events

You can link people to events like:

Phone calls (vishing)
SMS messages (smishing)
Emails or phishing attempts
Physical impersonation

Event shortcuts are available from both the main People page and the Edit Person view. All events are timestamped in UTC and can be locked as Evidence to maintain a tamper-proof audit trail.

Notes & Recommendations

There’s no hard cap on how many people can be imported, thousands of records are supported.
Extra fields added via import or UI can be deleted or renamed at any time.

Tier Availability

People Hacking is available on Pro Tier.

PreviousScratchpad Editor NextEvents Timeline

Last updated 16 days ago

Example URL: https://pentest.ws/e/{engagement.id}/people

Overview

People are treated as first-class objects in PenTest.WS, just like hosts and services. Each person can include:

Full name, job title, company, and location
Tags for filtering (e.g. finance, europe)
Multiple email addresses, phone numbers, and social links
Freeform notes
Linked events (calls, texts, phishing, etc.)
Custom extra fields from import or manual entry

This makes it easy to build out real-world social engineering scenarios and tie them directly into findings or timelines.

Importing People

To populate the People page, you can upload a file in one of the following formats:

.csv
.json
.xlsx (Excel)

Only first name and last name are required. All other fields are optional but will be mapped where possible:

Field Type

Supports Multiple

Notes

title

Job title

company

Company name

location

City or region

tags

✅ Yes

Comma- or array-delimited

emails

✅ Yes

Multiple email addresses supported

phones

✅ Yes

Supports various phone formats

links

✅ Yes

Social or profile URLs

other fields

✅ Yes (dynamic)

Stored under “Extra Fields” automatically

You can download a sample import file below:

Adding & Editing People

You can also create or update individuals manually. The Edit Person page allows full control over all fields, including:

Basic identity fields
Tags (freeform)
Custom links, emails, and phone numbers
Rich text notes
Extra fields (added automatically from imports or via the UI)

Searching & Filtering

The People page uses a flexible filter system. You can stack multiple tags and metadata filters like:

north america
engineering
linkedin.com
+1-202

Only people matching all active filters are shown, allowing for precise targeting in large datasets.

Linking Events

You can link people to events like:

Phone calls (vishing)
SMS messages (smishing)
Emails or phishing attempts
Physical impersonation

Notes & Recommendations

There’s no hard cap on how many people can be imported, thousands of records are supported.
Extra fields added via import or UI can be deleted or renamed at any time.

Tier Availability

People Hacking is available on Pro Tier.