Welcome to the RTFM Application Suite Documentation

RTFM (Recon, Test, Find, Manipulate) is a comprehensive toolkit designed to streamline and automate the workflow of cybersecurity professionals. Built by and for penetration testers, RTFM integrates a powerful set of tools for reconnaissance, vulnerability analysis, exploitation, and reporting into a unified, user-friendly interface.

Whether you're conducting red team operations, simulating adversaries in purple team exercises, or organizing post-engagement data, RTFM accelerates every phase of the engagement lifecycle.

Key Features

  • Modular Architecture – Desktop client, web interface, and CLI support for diverse operational needs.
  • Automated Recon & Enumeration – Integrated with tools like Nmap, WhatWeb, and Searchsploit for fast, customizable scanning.
  • Session & Asset Management – Track findings, users, credentials, services, and exploit paths in structured sessions.
  • AI-Assisted Analysis – Embedded AI support for interpreting results, suggesting next steps, and generating reports.
  • Extensible Workflow – Supports Node-RED integration, custom scripts, and Docker-based deployments.
  • Cross-Platform – Built with Avalonia and .NET, supporting Windows, Linux, and macOS environments.

Start by exploring the sections on Installation, User Guide, Tool Reference, or Advanced Integrations.

RTFM Server

The RTFM Server is the central hub of the RTFM Application Suite, designed to coordinate data storage, user access, and session management across clients and tools. Built on ASP.NET Core with support for PostgreSQL, the server provides a robust backend for collaborative and standalone operations.

Core Responsibilities

  • Session Management Create, load, and manage penetration testing sessions that organize findings, activities, and configurations in a structured format.

  • Database-Backed Storage Persists all critical engagement data including services, credentials, HTTP files, search results, AI responses, custom commands, and more.

  • Web Interface & API Access Comes with a modern web interface for browsing session details and managing users, and exposes RESTful APIs for automation and integrations.

  • Authentication & User Roles Built-in user management supports role-based access, making it suitable for both solo testers and collaborative red/purple teams.

  • Extensible Architecture Easily extended with additional modules (e.g., AI logging, checklists, reporting) and integrates with the RTFMv2 desktop, CLI, and Node-RED workflows.

Deployment Options

  • Local Deployment – Run the server on your own system for full control and offline operations.
  • Docker Support – Prebuilt Docker images enable fast and consistent deployment in containerized environments.
  • Client Access – Desktop, CLI, and Web clients connect to the server via HTTP(S), enabling remote and multi-user workflows.

RTFM Overview

The RTFM Server is the backbone of your operations—store once, access anywhere.

RTFM Client

The RTFM Client is a cross-platform desktop application that serves as the primary interface for interacting with the RTFM Server. Built with Avalonia and .NET, it provides penetration testers with a fast, responsive, and user-friendly environment to manage sessions, execute commands, review results, and interact with AI assistance.

Key Capabilities

  • Session Control Create new sessions, load existing ones, and switch between engagements with a clean tabbed interface.

  • Command Execution Console Run Linux and Windows commands through a built-in terminal emulator that supports output parsing, history tracking, and AI summarization.

  • Checklist System Step through customizable checklists for common tasks like enumeration, privilege escalation, and post-exploitation—all with tracking, notes, and result logging.

  • AI Integration View AI-generated insights and notes based on executed commands, session context, or selected logs.

  • Drag-and-Drop UX Modular controls and dynamic panels allow intuitive interaction with tools, files, and findings—no scripting required.

  • Offline-Ready Operates independently or in sync with the RTFM Server, enabling flexible workflows whether on-site, in the lab, or in the field.

Designed for Professionals

  • Cross-Platform – Compatible with Windows, Linux, and macOS.
  • Integrated Tools – Launch scans, parse Nmap/XML outputs, and interact with structured command templates directly in the UI.
  • Secure Communication – Authenticated API access to the RTFM Server with optional TLS support.
  • Customization Ready – Supports future plugin integration, UI skinning, and user-defined tools.

RTFM Overview

The RTFM Client is your mission control—bringing data, tools, and intelligence together in a single pane of glass.

RTFM CLI

The RTFM CLI is a lightweight command-line interface designed for scripting, automation, and headless operations within the RTFM Application Suite. Ideal for advanced users, remote agents, and integration into larger toolchains, the CLI provides full access to RTFM’s core functionality—without requiring a graphical interface.

Core Features

  • Command Execution Engine Run predefined or custom command templates with dynamic arguments. Supports both Windows and Linux environments.

  • Session Integration Create and update RTFM sessions directly from the CLI. Automatically log command results, metadata, and execution status.

  • WebSocket-Enabled Maintains real-time communication with the RTFM Server for responsive task execution, activity reporting, and collaborative command routing.

  • Proxy & Relay Mode Can operate as a command proxy or relay across network boundaries, enabling access to segmented or isolated targets.

  • Authentication Support Securely authenticate with the RTFM Server using tokens or credentials to access and contribute to team sessions.

  • Custom Input & Parsing Supports custom input fields and optional result parsing for dynamic command behavior and automated extraction of key data.

Use Cases

  • Headless Enumeration – Run automated scan chains from remote agents and store results centrally.
  • Scripting Automation – Integrate with cron jobs, scheduled tasks, or red team orchestration frameworks.
  • Node-RED Integration – Serves as the execution backend for Node-RED RTFM command nodes via WebSocket.
  • Portable Ops – Easily deploy on jump boxes, VPS hosts, or cloud shells for field operations.

RTFM Overview

The RTFM CLI is your automation engine—fast, scriptable, and mission-ready.