People Hacking
Last updated
Last updated
Example URL: https://pentest.ws/e/{engagement.id}/people
The People page in PenTest.WS is your command center for tracking human targets during a red team engagement. Whether you're importing contacts for phishing, logging vishing attempts, or just enriching targets with metadata, this feature makes it easy to organize, search, and act on human intelligence.
People are treated as first-class objects in PenTest.WS, just like hosts and services. Each person can include:
Full name, job title, company, and location
Tags for filtering (e.g. finance
, europe
)
Multiple email addresses, phone numbers, and social links
Freeform notes
Linked events (calls, texts, phishing, etc.)
Custom extra fields from import or manual entry
This makes it easy to build out real-world social engineering scenarios and tie them directly into findings or timelines.
To populate the People page, you can upload a file in one of the following formats:
.csv
.json
.xlsx
(Excel)
Only first name
and last name
are required. All other fields are optional but will be mapped where possible:
title
No
Job title
company
No
Company name
location
No
City or region
tags
✅ Yes
Comma- or array-delimited
emails
✅ Yes
Multiple email addresses supported
phones
✅ Yes
Supports various phone formats
links
✅ Yes
Social or profile URLs
other fields
✅ Yes (dynamic)
Stored under “Extra Fields” automatically
You can download a sample import file below:
You can also create or update individuals manually. The Edit Person page allows full control over all fields, including:
Basic identity fields
Tags (freeform)
Custom links, emails, and phone numbers
Rich text notes
Extra fields (added automatically from imports or via the UI)
The People page uses a flexible filter system. You can stack multiple tags and metadata filters like:
north america
engineering
linkedin.com
+1-202
Only people matching all active filters are shown, allowing for precise targeting in large datasets.
You can link people to events like:
Phone calls (vishing)
SMS messages (smishing)
Emails or phishing attempts
Physical impersonation
Event shortcuts are available from both the main People page and the Edit Person view. All events are timestamped in UTC and can be locked as Evidence to maintain a tamper-proof audit trail.
There’s no hard cap on how many people can be imported, thousands of records are supported.
Extra fields added via import or UI can be deleted or renamed at any time.
People Hacking is available on Pro Tier.