This roadmap outlines the near-term priorities for OWASP Penetration Testing Kit (PTK). It’s intentionally high-level and may evolve based on community feedback and maintainer capacity.
- Improve the PTK experience when launched via ZAP (Chrome/Firefox)
- Stabilize launch, install, and configuration flows
- Enhance interoperability between ZAP workflows and PTK workflows (scanning, reporting, and findings visibility)
- Reduce friction for first-time users (docs, onboarding, troubleshooting)
- Add automation capabilities to support repeatable security testing workflows
- Enable recording/replay and scripted flows where feasible (e.g., login + navigation)
- Make PTK easier to include in E2E test pipelines (e.g., Playwright / Cypress / Selenium driven flows)
- Policy-driven scan execution (select only passive / active checks, per target/environment)
- Better reporting and export workflows (HTML/PDF consistency, portal integration)
- Performance improvements for large targets and long scans
- Expanded correlation and deduplication across engines (DAST/SAST/IAST/SCA)
- More modules and curated test packs for common app stacks and frameworks
- Improved team workflows (shared configurations, repeatable scans, collaboration)
- Open an issue for feature requests or bugs: https://github.com/DenisPodgurskii/pentestkit/issues
- Submit PRs (see CONTRIBUTING.md): https://github.com/DenisPodgurskii/pentestkit/blob/master/CONTRIBUTING.md