{"id":44078972,"url":"https://github.com/aancw/pentlog","last_synced_at":"2026-04-01T21:27:58.176Z","repository":{"id":331891950,"uuid":"1124034388","full_name":"aancw/pentlog","owner":"aancw","description":"Evidence-First Pentest Logger - Capture every command, find anything, prove everything.","archived":false,"fork":false,"pushed_at":"2026-03-21T07:31:56.000Z","size":810,"stargazers_count":29,"open_issues_count":5,"forks_count":2,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-21T23:34:54.829Z","etag":null,"topics":["htb","oscp","pentest","pentest-scripts","pentest-tool","readteam","terminal-logger"],"latest_commit_sha":null,"homepage":"https://pentlog.petruknisme.com","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aancw.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":"ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"aancw","buy_me_a_coffee":"petruknisme"}},"created_at":"2025-12-28T07:14:43.000Z","updated_at":"2026-03-21T07:38:12.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/aancw/pentlog","commit_stats":null,"previous_names":["aancw/pentlog"],"tags_count":17,"template":false,"template_full_name":null,"purl":"pkg:github/aancw/pentlog","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aancw%2Fpentlog","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aancw%2Fpentlog/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aancw%2Fpentlog/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aancw%2Fpentlog/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aancw","download_url":"https://codeload.github.com/aancw/pentlog/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aancw%2Fpentlog/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31292262,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T21:15:39.731Z","status":"ssl_error","status_checked_at":"2026-04-01T21:15:34.046Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["htb","oscp","pentest","pentest-scripts","pentest-tool","readteam","terminal-logger"],"created_at":"2026-02-08T08:20:22.128Z","updated_at":"2026-04-01T21:27:58.161Z","avatar_url":"https://github.com/aancw.png","language":"Go","readme":"# PentLog\n\n**Evidence-First Pentest Logger — Capture every command, find anything, prove everything.**\n\nHigh-fidelity terminal logs with AI analysis, searchable content, interactive timelines, and compliance-ready reports. Built on `ttyrec`.\n\nPerfect for **Real-World Engagements**, **Compliance \u0026 Audits**, **OSCP**, and **HackTheBox**.\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"pentlog.png\" width=\"500\"\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/aancw/pentlog/releases\"\u003e\u003cimg alt=\"Release\" src=\"https://img.shields.io/github/v/release/aancw/pentlog?color=blue\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://golang.org\"\u003e\u003cimg alt=\"Go\" src=\"https://img.shields.io/github/go-mod/go-version/aancw/pentlog?color=blue\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/aancw/pentlog/releases\"\u003e\u003cimg alt=\"Downloads\" src=\"https://img.shields.io/github/downloads/aancw/pentlog/total?color=blue\"\u003e\u003c/a\u003e\n  \u003ca href=\"LICENSE\"\u003e\u003cimg alt=\"License\" src=\"https://img.shields.io/badge/License-MIT-blue\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://star-history.com/#aancw/pentlog\u0026Date\"\u003e\u003cimg alt=\"Star History\" src=\"https://img.shields.io/github/stars/aancw/pentlog?style=social\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cstrong\u003e\u003ca href=\"#quick-start\"\u003eQuick Start\u003c/a\u003e • \u003ca href=\"#features\"\u003eFeatures\u003c/a\u003e • \u003ca href=\"#common-workflows\"\u003eWorkflows\u003c/a\u003e • \u003ca href=\"#installation\"\u003eInstall\u003c/a\u003e • \u003ca href=\"#documentation\"\u003eDocs\u003c/a\u003e\u003c/strong\u003e\n\u003c/p\u003e\n\n---\n\n## The Problem with Traditional Logging\n\nUsing `script`, `tmux`, or basic shell redirection during pentests creates **fragmented, unsearchable, unmaintainable evidence**:\n\n- **Lost commands** — Mixed with noise, impossible to extract context\n- **No integrity** — How do you prove logs weren't tampered with?\n- **Manual reports** — Hours spent copying/pasting into documents\n- **Evidence gaps** — ANSI codes, terminal artifacts, overwrites break readability\n- **Compliance nightmares** — No audit trails, no encrypted archives\n\n---\n\n## Quick Start\n\n```bash\n# Install (macOS/Linux) — see Installation section for more options\ncurl -sSf https://raw.githubusercontent.com/aancw/pentlog/main/install.sh | sh\npentlog setup\n\n# Create engagement and start recording\npentlog create \u0026\u0026 pentlog shell\n\n# Search and export\npentlog search \u0026\u0026 pentlog export\n```\n\nAfter 5 minutes you get:\n- Searchable terminal logs with perfect fidelity\n- Timestamped commands organized by Client → Engagement → Phase\n- Compliance-ready HTML reports\n- Encrypted archives for client delivery\n\n---\n\n## Features\n\n### Core Capabilities\n\n| Feature | Description |\n|---------|-------------|\n| **High-Fidelity Recording** | Every keystroke + output captured with perfect terminal accuracy using Virtual Terminal Emulator (ANSI colors, overwrites, redraws preserved) |\n| **Interactive Search** | Find any command across all sessions instantly with regex and boolean operators |\n| **Automatic Organization** | Commands timestamped and organized by Client → Engagement → Phase—no manual naming |\n| **Compliance-Ready Export** | Generate Markdown/HTML reports with AI summaries, integrity hashes, encrypted archives |\n| **Full Replay** | Faithful playback with `ttyplay` preserves exact timing |\n| **Live Sharing** | Share terminal sessions in real-time via browser with dark-themed viewer |\n| **AI Analysis** | Summarize findings with Google Gemini or Ollama (local LLM) |\n| **Timeline Extraction** | Interactive timeline browser to reconstruct attack sequences |\n| **Notes \u0026 Bookmarks** | Add timestamped annotations to sessions for later review |\n| **AES-256 Encryption** | Password-protected encrypted archives for secure client delivery |\n| **Crash Recovery** | Protect evidence from SSH disconnects, OOM kills, unexpected crashes |\n\n### Comparison with Alternatives\n\n| Feature | `script` | `tmux` | PentLog |\n|---------|----------|--------|---------|\n| **Terminal Fidelity** | ❌ Breaks on special chars | ⚠️ Lossy (missing redraws) | ✅ Perfect (Virtual Terminal Emulator) |\n| **Searchable Logs** | ❌ Manual grep chaos | ❌ Session-by-session only | ✅ Full-text search + regex + boolean |\n| **Automatic Organization** | ❌ Manual naming | ❌ Manual naming | ✅ Client → Engagement → Phase auto-organized |\n| **Timestamps** | ⚠️ Only start/end | ❌ No timestamps | ✅ Every command timestamped |\n| **Compliance Ready** | ❌ No integrity | ❌ No integrity | ✅ Hashes + encryption + audit trails |\n| **Replay** | ❌ No timing info | ⚠️ Live sessions only | ✅ Faithful playback with `ttyplay` |\n| **Reports** | ❌ Manual copy/paste | ❌ Manual copy/paste | ✅ Auto-generate Markdown/HTML + AI |\n| **Database** | ❌ Just files | ❌ Just files | ✅ Indexed SQLite for fast searching |\n| **Root Required** | ❌ Works as user | ⚠️ Often needs sudo | ✅ Works as normal user |\n| **Live Sharing** | ❌ Not supported | ❌ Not supported | ✅ Real-time browser viewer |\n| **Crash Recovery** | ❌ Logs lost | ⚠️ May lose session | ✅ Protected from SSH/OOM crashes |\n\n---\n\n## Common Workflows\n\n### Starting a New Engagement\n```bash\npentlog create    # Interactive wizard: Client, Engagement, Scope, Operator, Phase\npentlog shell     # Start recording with ttyrec\n# Work normally in your shell...\n# Press Ctrl+O to pause, Ctrl+T to resume\n# Press Ctrl+N to add notes, Ctrl+G to add vulnerabilities\n```\n\n### Searching and Reporting\n```bash\npentlog search              # Interactive search with regex + boolean operators\npentlog search \"nmap\"        # Find all nmap commands\npentlog search \"exploit OR shell\"  # Boolean search\npentlog export              # Generate Markdown/HTML report\npentlog export --analyze    # Include AI-powered summary\n```\n\n### Managing Evidence\n```bash\npentlog timeline            # Extract command timeline from session\npentlog freeze              # Generate SHA256 hashes for integrity\npentlog archive             # Create encrypted ZIP archive\npentlog import archive.zip  # Restore archived sessions\n```\n\n### Analyzing and Sharing\n```bash\npentlog analyze report.md   # AI analysis of your report\npentlog shell --share       # Live share session via browser\npentlog serve               # HTTP server for HTML reports with GIF players\npentlog gif session.tty     # Convert session to animated GIF\n```\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eView All Commands\u003c/strong\u003e\u003c/summary\u003e\n\n| Command | Description |\n| :--- | :--- |\n| **Session Management** ||\n| `create` | Initialize a new engagement context (Interactive) |\n| `shell` | Start a recorded shell with the engagement context loaded |\n| `shell --share` | Start a recorded shell with live browser sharing enabled |\n| `pause` | Pause the current recording session (Ctrl+O hotkey) |\n| `resume` | Resume a paused recording session (Ctrl+T hotkey) |\n| `share` | Share a live or recorded session for read-only viewing |\n| `sessions` | List and manage recorded sessions |\n| `switch` | Switch to a different pentest phase |\n| **Analysis \u0026 Search** ||\n| `search` | Search command history across all sessions (Regex \u0026 Boolean) |\n| `timeline` | Interactive browser for command timeline extraction |\n| `dashboard` | Show an interactive dashboard of your pentest activity |\n| `note` | Manage session notes and bookmarks |\n| **Reporting** ||\n| `export` | Export commands for a specific phase (Markdown/HTML) |\n| `analyze` | Analyze a report with an AI provider to summarize findings |\n| `vuln` | Manage findings and vulnerabilities |\n| **Data Management** ||\n| `archive` | Archive old sessions with optional encryption |\n| `import` | Restore archived sessions back into pentlog |\n| `freeze` | Generate SHA256 hashes of all session logs for integrity |\n| `gif` | Convert sessions to animated GIF (720p/1080p) |\n| `serve` | Start HTTP server to view HTML reports with GIF players |\n| `recover` | Recover and manage crashed or stale sessions |\n| **Utilities** ||\n| `replay` | Replay a recorded session with full fidelity |\n| `status` | Show current tool and engagement status |\n| `setup` | Verify dependencies and prepare local logging |\n| `reset` | Clear the current active engagement context |\n| `completion` | Generate auto-completion scripts for Zsh and Bash |\n| `update` | Update pentlog to the latest version automatically |\n\n\u003c/details\u003e\n\n\n## Installation\n\n### Requirements\n\n- **Go 1.24.0+** (if building from source)\n- **ttyrec** (terminal recording tool)\n- **ttyplay** (optional, for session replay)\n\n### Quick Install\n\n```bash\ncurl -sSf https://raw.githubusercontent.com/aancw/pentlog/main/install.sh | sh\npentlog setup  # One-time dependency check and setup\n```\n\n### Build from Source\n\n```bash\ngit clone https://github.com/aancw/pentlog.git\ncd pentlog\ngo build -o pentlog main.go\n\n# Or cross-compile for Linux\nGOOS=linux GOARCH=amd64 go build -o pentlog main.go\n```\n\n### Install System Dependencies\n\n**Automatic** (recommended):\n```bash\npentlog setup  # Auto-installs on macOS, Ubuntu, Fedora, Alpine\n```\n\n**Manual Installation**:\n- **macOS**: `brew install ttyrec`\n- **Ubuntu/Debian/WSL**: `sudo apt-get install ttyrec`\n- **Fedora**: `sudo dnf install https://github.com/ovh/ovh-ttyrec/releases/download/v1.1.7.1/ovh-ttyrec-1.1.7.1-1.x86_64.rpm`\n- **Alpine**: `sudo apk add ttyrec`\n\n### Security Best Practices\n\n- **Password-Protected Archives**: Use interactive mode (`pentlog archive`) instead of `--password` flag to avoid storing passwords in shell history\n- **Database Permissions**: Sensitive files are created with 0600 permissions automatically\n- **Evidence Integrity**: Use `pentlog freeze` before archiving for compliance audits\n\n---\n\n## Documentation\n\n### Getting Started\n- **[Docs Home](https://pentlog.petruknisme.com/)** - Full documentation site\n- **[Quick Start](https://pentlog.petruknisme.com/getting-started/quickstart/)** - Set up and run your first engagement\n- **[User Guide](https://pentlog.petruknisme.com/guide/sessions/)** - Deep dive into all commands and features\n- **[Core Concepts](https://pentlog.petruknisme.com/getting-started/concepts/)** - Client Mode vs. Exam/Lab Mode vs. Log-Only Mode\n\n### Advanced Topics\n- **[AI Analysis](https://pentlog.petruknisme.com/guide/ai-analysis/)** - Configure Gemini or Ollama for report summarization\n- **[Export \u0026 Reporting](https://pentlog.petruknisme.com/guide/export/)** - Generate Markdown and HTML reports\n- **[Archiving \u0026 Encryption](https://pentlog.petruknisme.com/advanced/archiving/)** - Create encrypted evidence packages\n\n### Project Info\n- **[Roadmap](ROADMAP.md)** - Implemented features and future plans\n- **[Changelog](CHANGELOG.md)** - Version history and improvements\n- **[Contributing](CONTRIBUTING.md)** - Help us improve PentLog\n\n---\n\n## Use Cases\n\n**Penetration Testing Engagements** - Auto-capture everything with perfect terminal fidelity, organize by Client → Engagement → Phase automatically, export compliance-ready HTML reports with AI summaries.\n\n**Compliance \u0026 Audits** - Generate integrity hashes with `pentlog freeze`, encrypt sessions with AES-256, maintain detailed audit trails with timestamps and operator tracking.\n\n**Certifications (OSCP, HTB)** - Search across all sessions to find any command instantly, export clean Markdown reports, use timeline browser to reconstruct attack flows.\n\n**Security Research \u0026 Red Teaming** - Record sessions with precise timing for faithful replay, extract command timelines for detailed analysis, generate GIF recordings for documentation.\n\n---\n\n## Contributing\n\nWe welcome contributions! Start by checking:\n1. [Roadmap](ROADMAP.md) - See what's planned\n2. [Contributing Guide](CONTRIBUTING.md) - Review guidelines\n3. [Open Issues](https://github.com/aancw/pentlog/issues) - Find items to work on\n\n---\n\n## Acknowledgements\n\n- **[roomkangali](https://github.com/roomkangali)** - AI Summary feature \u0026 logo design\n- **ttyrec/ttyplay authors** - Underlying recording technology\n- **Go community** - Bubble Tea, Cobra, and other excellent libraries\n\n---\n\n## License\n\nMIT License - See [LICENSE](LICENSE) for details.\n\n---\n\n## Support \u0026 Sponsorship\n\nIf you find PentLog useful, consider supporting its development:\n\n\u003ca href=\"https://www.buymeacoffee.com/petruknisme\" target=\"_blank\"\u003e\u003cimg src=\"https://cdn.buymeacoffee.com/buttons/v2/default-yellow.png\" alt=\"Buy Me A Coffee\" style=\"height: 150px !important;width: 700px !important;\" \u003e\u003c/a\u003e\n\nYour support helps maintain and improve this tool for the security community.\n\n**Resources:**\n- **Documentation**: [docs/wiki/Home.md](docs/wiki/Home.md)\n- **Issues**: [GitHub Issues](https://github.com/aancw/pentlog/issues)\n- **Discussions**: [GitHub Discussions](https://github.com/aancw/pentlog/discussions)\n\n---\n\n**Made for professionals. Evidence-first. No compromises.**\n","funding_links":["https://github.com/sponsors/aancw","https://buymeacoffee.com/petruknisme","https://www.buymeacoffee.com/petruknisme"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faancw%2Fpentlog","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faancw%2Fpentlog","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faancw%2Fpentlog/lists"}