# Pwnbook Docs

## Docs

- [AI Providers](https://docs.pwnbook.io/admin/ai-providers.md): Configure Anthropic or OpenAI API keys to enable the AI assistant and AI-powered features across Pwnbook. Manage provider settings from the server admin panel.
- [Billing](https://docs.pwnbook.io/admin/billing.md): Configure Stripe for subscription billing, manage organization plans, and set up webhooks. Billing is optional — Pwnbook runs without it, but enabling it unlocks plan-based feature gating.
- [Administration Overview](https://docs.pwnbook.io/admin/overview.md): The Pwnbook server admin panel provides centralized control over users, organizations, AI providers, and billing. Only server admins can access this panel.
- [User Management](https://docs.pwnbook.io/admin/users.md): Server admins can view all users registered on the Pwnbook platform, manage their organization memberships, and control server admin privileges.
- [API Authentication](https://docs.pwnbook.io/api-reference/authentication.md): Learn how to generate API keys, use them in requests, manage scopes and permissions, and rotate keys securely.
- [Engagements API](https://docs.pwnbook.io/api-reference/endpoints/engagements.md): Create, read, update, and manage engagements via the Pwnbook API.
- [Organizations API](https://docs.pwnbook.io/api-reference/endpoints/organizations.md): Read organization details, manage members, and configure organization settings via the Pwnbook API.
- [API Introduction](https://docs.pwnbook.io/api-reference/introduction.md): The Pwnbook REST API lets you integrate Pwnbook into your security workflows, automate engagement management, and build custom tooling on top of the platform.
- [Engagements](https://docs.pwnbook.io/concepts/engagements.md): Engagements are the core project unit in Pwnbook. Each engagement represents a single penetration test or security assessment and contains everything related to that work.
- [Organizations](https://docs.pwnbook.io/concepts/organizations.md): Organizations are the top-level container in Pwnbook. All engagements, members, billing, and settings belong to an organization.
- [Roles & Permissions](https://docs.pwnbook.io/concepts/roles-permissions.md): Pwnbook uses a role-based access control system within organizations. Understand what each role can do and how to configure custom roles, SSO, and 2FA.
- [AI Chat](https://docs.pwnbook.io/features/ai-chat.md): Pwnbook includes an AI security assistant powered by Anthropic Claude or OpenAI GPT. Get help with methodology, payload generation, report writing, and more — right inside the platform.
- [API Testing](https://docs.pwnbook.io/features/api-testing.md): Pwnbook's built-in API tester lets you craft and execute HTTP requests against target systems, save templates, leverage community scripts, and review full execution history.
- [Architecture Modeling](https://docs.pwnbook.io/features/architecture.md): Map the components, data flows, and routes of target applications. Identify component-level risks and import infrastructure from cloud providers for a comprehensive architecture view.
- [Network Tester](https://docs.pwnbook.io/features/network-tester.md): Deploy lightweight agents across your infrastructure to run commands and craft network packets from within target environments.
- [Recon](https://docs.pwnbook.io/features/recon.md): Pwnbook's recon capabilities let you manage targets and automate reconnaissance scanning. Discover subdomains, open ports, and running services with the built-in recon worker.
- [Reports](https://docs.pwnbook.io/features/reports.md): Generate professional pentest reports directly from your engagement data. Use customizable templates, build executive dashboards, and deliver polished deliverables to clients.
- [Tasks](https://docs.pwnbook.io/features/tasks.md): Track work items for your engagements with Pwnbook's built-in task management. Create, assign, and close tasks to coordinate your team's testing effort.
- [Threat Modeling](https://docs.pwnbook.io/features/threat-modeling.md): Build interactive, diagram-based threat models for your engagements. Identify assets, threats, and attack vectors visually on an interactive canvas.
- [Variable Substitution](https://docs.pwnbook.io/features/variable-substitution.md): Reference secrets from a connected secrets manager anywhere Pwnbook accepts a credential — using a simple {{provider.name}} template syntax.
- [Wiki](https://docs.pwnbook.io/features/wiki.md): Pwnbook's wiki gives every engagement a collaborative, markdown-based knowledge base. Write findings, document methodology, and share notes internally or with external stakeholders.
- [Introduction](https://docs.pwnbook.io/index.md): Pwnbook is a pentest management platform built for security teams. Manage engagements, collaborate on findings, model threats, automate recon, and generate reports — all in one place.
- [Aikido Security](https://docs.pwnbook.io/integrations/aikido.md): Import vulnerability findings from Aikido Security's continuous scanning into Pwnbook engagements, including code vulnerabilities, exposed secrets, and dependency issues.
- [Arnica](https://docs.pwnbook.io/integrations/arnica.md): Connect Arnica to import code security posture and supply chain findings into Pwnbook, including hardcoded secrets, risky code changes, and developer risk signals.
- [AWS Integration](https://docs.pwnbook.io/integrations/aws.md): Connect Pwnbook to AWS to discover cloud resources, identify security misconfigurations, and import infrastructure into your engagement's architecture model.
- [Bitwarden Secrets Manager](https://docs.pwnbook.io/integrations/bitwarden.md): Store your integration credentials in Bitwarden Secrets Manager and reference them in Pwnbook using {{bw.secret_name}} — without ever exposing raw secrets inside Pwnbook.
- [Checkmarx One](https://docs.pwnbook.io/integrations/checkmarx.md): Import SAST findings from Checkmarx One into Pwnbook engagements to triage, annotate, and track remediation alongside your pentest work.
- [GitHub Integration](https://docs.pwnbook.io/integrations/github.md): Connect Pwnbook to GitHub to enable PR-based threat modeling, repository scanning, and webhook-driven security automation for your development workflows.
- [Google Calendar](https://docs.pwnbook.io/integrations/google-calendar.md): Sync Pwnbook engagement tasks and milestones to Google Calendar so your pentest schedule stays visible alongside the rest of your team's calendar.
- [Leen](https://docs.pwnbook.io/integrations/leen.md): Connect Leen to sync your asset inventory with Pwnbook engagements, keeping target lists up to date from a central asset management source of truth.
- [Integrations Overview](https://docs.pwnbook.io/integrations/overview.md): Pwnbook connects with the security and development tools your team already uses. Enable integrations through the marketplace to pull external findings into engagements and push activity to your existing workflows.
- [Plane](https://docs.pwnbook.io/integrations/plane.md): Sync Pwnbook tasks with Plane.so issues for teams that use Plane as their primary project management tool.
- [Semgrep](https://docs.pwnbook.io/integrations/semgrep.md): Run Semgrep SAST scans against connected repositories and pull findings — vulnerabilities, secrets, and supply chain issues — directly into your Pwnbook engagements.
- [Slack Integration](https://docs.pwnbook.io/integrations/slack.md): Connect Pwnbook to Slack to receive notifications about engagement activity, task updates, recon scan completions, and security alerts directly in your Slack channels.
- [Snyk](https://docs.pwnbook.io/integrations/snyk.md): Pull Snyk vulnerability findings for open source dependencies, container images, and code into Pwnbook engagements for unified security tracking.
- [Local Development](https://docs.pwnbook.io/local-development.md): Run Pwnbook from source for development, testing, or contributing to the project.
- [Quickstart](https://docs.pwnbook.io/quickstart.md): Get up and running with Pwnbook in minutes. This guide walks you through creating an account, setting up your organization, and launching your first engagement.
- [Self-Hosting](https://docs.pwnbook.io/self-hosting.md): Deploy Pwnbook on your own infrastructure using Docker Compose. This guide covers prerequisites, environment configuration, and getting the full stack running.

## OpenAPI Specs

- [openapi](https://docs.pwnbook.io/api-reference/openapi.json)

## Optional

- [Community](https://github.com/pwnbook)
- [Support](mailto:support@pwnbook.io)