Server Overview
The RTFMv2 Server is a centralized web application that enables penetration testing teams to collaborate on engagements, manage findings, generate reports, and centralize data. Built with ASP.NET Core, it provides a secure, multi-user platform for managing the entire lifecycle of security assessments.
Key Features
Collaboration & Data Management
- Session Management: Create and manage engagement sessions with multiple team members
- Real-time Collaboration: Multiple users can work on the same session simultaneously
- Host & Service Tracking: Centralized database of discovered hosts and services
- Finding Management: Create, edit, and organize security findings with severity levels
- User Management: Role-based access control and session permissions
Reporting & Export
- PDF Report Generation: Professional penetration testing reports using QuestPDF
- HTML Export: Export findings and data in HTML format
- Customizable Templates: Configure finding sections and report structure
- Bulk Export: Export all findings from a session at once
AI-Powered Features
- AI Integration: Connect to OpenAI-compatible APIs for intelligent analysis
- Automated Analysis: AI-assisted finding descriptions and recommendations
- Report Enhancement: AI-powered report content generation
Security & Authentication
- JWT Authentication: Secure API access with JSON Web Tokens
- Cookie-based Auth: Session-based authentication for web interface
- Identity Framework: Built on ASP.NET Core Identity for user management
- TLS Support: HTTPS encryption with certificate management
- Session Isolation: Users only see sessions they have permission to access
Interface Components
The server provides several key interfaces organized by function:
| Module | Purpose |
|---|---|
| Home Dashboard | Overview and quick access to recent sessions |
| Session Management | Create, edit, archive, and manage engagement sessions |
| Findings | Document vulnerabilities and security issues |
| Hosts & Services | Track discovered infrastructure |
| Reports | Generate professional PDF and HTML reports |
| Admin Dashboard | System administration, user management, and configuration |
| User Management | Add/remove users and manage session permissions |
| Data Creator | Import data from external sources |
Quick Start
- Complete initial setup and configuration.
- Create your first session and add targets.
- Document findings and generate reports.
Next Steps
- Sessions & Collaboration
- Findings & Reporting
- Administration
- Configuration & Security
- Workflows & Troubleshooting
Support & Resources
- Documentation: Complete guides for all RTFMv2 components
- Source Code: Available for customization and extension
- Community: Share experiences and best practices with other users