AttackForge® is a suite of penetration testing workflow management & productivity tools, saving time & money on managing pentesting projects and programs.
AttackForge reduces vulnerability remediation times and increases go-to-market speed.
High-quality customizable reports, on-demand and at the click of a button.
Integrated, Centralized & Rich Write-ups Library. Stop re-inventing the wheel.
Tools and workflows to reduce pentest overheads and costs by up to 40%.
From pentester to developer in near real-time. Raise issues fast, fix even faster.
Avoid burning time and money waiting for reports. Get ready for Go-Live instead!
See your organistion's vulnerable areas. Know your real weaknesses.
AttackForge Is Trusted Around The World. Across All Industries & Verticals.
Leveraging the power of AFE, our penetration testers are able to easily collaborate on projects, identify application and infrastructure related vulnerabilities, and provide rapid updates to our customers.
Leveraging the power of AFE, our penetration testers are able to easily collaborate on projects, identify application and infrastructure related vulnerabilities, and provide rapid updates to our customers.
AFE allows us to coordinate our penetration testing efforts by leveraging the calendar and project request systems built into the tool. We have gained the ability to utilize resources more effectively by knowing who is allocated to which project with the click of a button. The dashboard tools available give managers a quick view on priority areas of focus, such as highly exploitable vulnerabilities, total number of vulnerabilities identified, remediation efforts, etc.
The AttackForge team continues to develop a tool for the next generation of penetration testing. They deliver feature asks and new functionality on-time and are receptive to feedback in quick fashion. Finding a platform that suited our needs was a challenge, but AFE has provided flexibility and usability above and beyond initial expectations.
Community is for Freelancers, Bug Bountry Hunters, Students & Small Pentest Teams.
Core is for Consultancies & Small-to-Medium Enterprises.
Enterprise is for Large Enterprises, Government & MSSPs.
Community is trusted by security teams all over the world, from boutique consultancies to top-tier organisations. Community makes communication, collaboration, transparency and reporting much easier, and eliminates many of the pain points for a typical pentesting project.
More Info Log In Sign Up
Core is an affordable & competitive Pentest Management Platform with all the features & workflows you need to manage your penetration testing program, or to provide Pentest-as-a-Service (PTaaS) to your customers.
More Info
Enterprise brings Business, Technology and Security teams together to reduce vulnerability remediation lead times and increase go-to-market speed. Enterprise is proven - put to work in large organisations to help save direct costs, increase visibility and reduce effort on every pentest.
More Info White Paper Case Studies
Passionate about simplifying and demystifying pentesting
Creating technology to help security teams globally better manage penetration testing projects and programs.
To create trusted and rigorous industry standard tools for managing security and penetration testing projects and their related activities.
Pentesting is broken. And we're working hard to fix it.
Pentesting is archaic and disconnected between Business, Technology and Security teams. Reports are manual, static, and delivered sometimes weeks after vulnerabilities are first discovered. Pentesters and Developers aren't collaborating. Pentesters are getting burned out. The disconnect and frustration between all parties is costing big - in wasted effort, wasted time and wasted costs.
We're pioneering a platform and related technologies to fix these problems. To embrace the age of collaboration. To make communication, collaboration, transparency and reporting much easier, and eliminate many of the pain points for a typical pentest project.
Pentesting. Thrilling and Painful.
Being on both sides of pentesting is both thrilling and painful. It is thrilling to see the excitement when someone gets a shell on a server that is n-levels deep. But it's painful to see it happen time and time again, with the same attack from a decade ago.
It is thrilling when issues get fixed, and fast. But it's painful when developers have to wait weeks for a hundred page report, when only five pages are actually relevant to them. And most painful of all is when two of your friends - one a pentester and one a development lead - are arguing over a few vulnerabilities, weeks after the end of a pentest, and many weeks behind go-live deadline, whilst both being correct in their own right.
We see AttackForge as a place where everyone involved in penetration testing can get together and truly collaborate, set aside their differences and work towards the greater cause.
Started Cyber Security Hub - a Melbourne, Australia based consultancy delivering penetration testing and governance, risk and compliance services to organisations. Bootstrapped our way to creating AttackForge minimal viable product.
After much blood, sweat and tears - we finally launched our MVP to our consulting clients. We would spend the next two years refining AttackForge until it was ready for the world.
People really liked Enterprise, but wanted a light, easily accessible version to use on their own projects and clients. Thus Community was (accidently) borne.
We finally made our first international Enterprise sale. This was an exciting time for the team, and the much needed fuel to ignite our fire towards accelerating AttackForge product development into new and uncharted markets.
AttackForge now has paying customers on every continent (except Antarctica!)
We hit record numbers in AttackForge - over 50 thousand Vulnerabilities registered on AttackForge; over 3.5 thousand Pentests delivered; and over 5 thousand registered Users.
Core is Now Available!
An affordable & competitive Pentest Management Platform for Consultancies & Small-to-Medium Enterprises.
We're honoured and super excited to be back at Black Hat USA Arsenal for 2022! This time we are focusing on our freely available pentest reporting tool - AttackForge ReportGen - and the power of version 2, released earlier this year. We're also taking a bigger team with us to the USA! And will be at Defcon as well. Can't wait to catch up with all the people we have not seen over past few years!
AttackForge were excited to make our first appearance on Risky.biz. Co-founders Stas & Fil talk about efficient ways of managing large penetration testing programs.
AttackForge team will be presenting virtually at this years' BlackHat Europe in November. It has been 12 months since our last BlackHat event, in that time we have worked around the clock to bring exciting new features and capabilities to our free community edition of AttackForge. We can't wait to show everyone the progress we have made!
We have just released the highly anticipated new product to the AttackForge lineup - Core.
Core is an affordable & competitive Pentest Management Platform with all the features & workflows you need to manage your penetration testing program, or to provide pentesting services to your customers.
If you are a Consultancy or a Small-to-Medium Enterprise, and conducting more than a dozen pentests per year - check out how Core can:
View the full press release here.
We're honoured and super excited to be back at Black Hat Europe Arsenal for 2020! BHEU Arsenal is where it all started for us few years ago, and we can't wait to show everyone all the new and exciting features we have built into the free version Community!
“This partnership is a big deal for security teams as a whole, not just the practitioners of VM or pen testing individually” said Stephen Carter, CEO and Co-founder of Nucleus. “We saw an opportunity to bring together traditionally independent red team penetration test data with vulnerability scan data to manage them together. This integration allows organizations to unlock additional collaboration and cohesion across both red and blue teams, at scale, in way that was impossible before.”
“The partnership between Nucleus Security & AttackForge bridges a gap that every security team faces. Until now, pentest data has lived outside of vulnerability management programs, in arbitrary and static reports – making pentest vulnerabilities impossible to track & analyze” said Fil & Stas, Co-founders of AttackForge. “By seamlessly integrating pentest data from AttackForge into Nucleus, organizations gain a true representation of the security posture of their assets, enabling leaders to make informed decisions when it comes to remediation and prioritization.”
The AttackForge team will be back at Black Hat Asia 2020! We are excited to show Singapore how far we have come in the last 12 months, with new and exciting features for pentesters, students and technology teams!
The AttackForge team will be showcasing Enterprise at Australia's biggest software security conference for technology professionals - OWASP AppSecDay 2019! Ensure to check out the demo of Enterprise, and enter the draw to win a free 12-month subscription for AttackForge Pro.
We are honoured and privileged to be accepted into the Black Hat Europe Arsenal for 2019! Looking forward to showcasing all the new features and capabilities we have built into AttackForge since we last presented here in 2018, and also catching up with friends!
Excited to be speaking with Duncan McAlynn (@infosecwar) to share our experiences and thoughts on why we believe pentesting is broken, and how we are trying to solve the problems. Interested to hear thoughts from the LIVE audience on whether they have had similar experiences to us. Oh and we are randomly giving away three (3) AttackForge Pro Yearly subscriptions worth $600 each, so make sure you stick around for the LIVE Q&A for a chance to win.
And now for the big one. The Grand Black Hat. We are honoured, proud and thrilled to be presenting in the Black Hat USA Arsenal 2019! We were promised it's going to be big. We can't wait, we have worked so hard on new features for Community and we're very excited to show the world!
Community was accepted into Black Hat Asia Arsenal 2019. We learned so much from the Europe conference, we were excited to show everyone our progress and how we addressed community feedback. It was a stellar event - Singapore really knows how to turn it up!
An exciting and nerve-racking time for our team. Community was accepted into the prestigious Black Hat Arsenal. This would be our first major public announcement and showcase of Community. Would it stack up and be accepted by the community? We hope so :) EDIT: it was!