HackMap: A Powerful Local Penetration Testing Mapping Tool for Advanced Graph Note Keeping
In the world of ethical hacking and penetration testing, visualizing attack paths and managing command history can make all the difference during an engagement. That’s where HackMap comes in — a lightweight, local-first tool I developed to streamline pentest mapping with real-time features.
HackMap is an open-source penetration testing mapping tool designed specifically for red teamers. It combines an interactive visual graph with command execution capabilities, all running securely on your localhost.
What is HackMap?
HackMap is a web-based application built with Python and Flask that allows penetration testers to create visual maps of target networks during assessments. Nodes represent hosts or targets, while edges show connections via protocols like RDP, WinRM, or SMB.
Unlike traditional note-taking or separate diagramming tools, HackMap integrates everything into one interface:
- Interactive drag-and-drop graph powered by Cytoscape.js
- Real-time shell command execution with streaming output
- Persistent command history per target, complete with timestamps
- Visual indicators for “owned” systems (with a skull icon!)
- Support for multiple workspaces and graph exports
The tool emphasizes simplicity and security: it runs exclusively on localhost with no authentication required, making it fast and focused without unnecessary overhead.
HackMap is available on GitHub under the MIT License, free for anyone to use, modify, or contribute to.
Key Features of HackMap
Here are the standout features that make HackMap a valuable addition to any red teamer’s toolkit:
Interactive Attack Graph
- Drag and drop nodes to build your network map visually.
- Connect targets with labeled edges (e.g., RDP, SMB, WinRM) to illustrate attack paths.
- Mark nodes as “owned” for quick status tracking.
Real-Time Command Execution
- Execute shell commands directly from a node’s context.
- View live, streaming output without leaving the interface.
- Maintain a full history of commands run per target, including timestamps for accurate reporting.
Reporting and Export
- One-click generation of PDF engagement reports summarizing your findings.
- Export graph data for backups or sharing (while keeping sensitive details local).
Lightweight and Secure Design
- Minimal dependencies: Just Python 3 and Flask.
- No external servers or authentication — pure local operation to avoid risks during engagements.
- Support for multiple workspaces to handle different projects simultaneously.
These features help red teamers stay organized, visualize progress, and document findings efficiently.
How to Install and Use HackMap
Getting started with HackMap is straightforward.
Installation
- Clone the repository:
git clone https://github.com/DotNetRussell/hackmap.git- Navigate to the directory:
cd hackmap- Install dependencies:
pip install -r requirements.txt- Run the application:
python app.py- Open your browser and visit
http://localhost:5000(or the port specified).
That’s it — no complex setup required!
Basic Usage
- Create a new workspace for your engagement.
- Add nodes for discovered targets.
- Connect them with relevant protocols.
- Select a node, execute commands, and watch output stream in real-time.
- Add notes, mark as owned, and generate a PDF report when ready.
For detailed examples and screenshots, check the GitHub README.
Why Use HackMap for Penetration Testing?
Traditional pentest documentation often involves juggling spreadsheets, diagrams in Visio or Draw.io, and separate terminal windows. HackMap solves this by centralizing everything:
- Improved Visibility: See attack paths at a glance.
- Better Organization: Persistent history prevents lost commands.
- Faster Reporting: One-click PDFs save hours on deliverables.
- Ethical and Secure: Local-only design minimizes exposure risks.
Whether you’re testing a small network or a large enterprise engagement, HackMap helps you focus on the hack rather than the housekeeping.
Conclusion
HackMap is my contribution to the infosec community — a practical, no-frills penetration testing mapping tool built for real-world use. If you’re a red teamer tired of fragmented workflows, give it a try and let me know what you think!
Star the repo on GitHub if you find it useful, and feel free to open issues or pull requests for improvements.
Disclaimer: Use HackMap only for authorized penetration testing and ethical hacking activities.