Session Management

Sessions are the foundation of RTFMv2's organizational structure. Each session represents a distinct engagement, penetration test, or red team operation, containing all associated targets, scan results, findings, and artifacts.

Creating a New Session

Start a fresh engagement with the session creation wizard.

Step-by-Step Process

  1. Launch the GUI and click "New Session" from the dashboard
  2. Configure Session Details:
    • Session Name: Unique identifier for the engagement
    • Description: Optional notes about the engagement scope
    • Encryption Password: Secure the session database
    • Storage Location: Directory where session data will be saved
  3. Define IP Ranges:
    • Add target IP addresses, ranges, or CIDR notation
    • Import from text file (one IP/range per line)
    • Paste from clipboard
    • Exclude specific IPs or ranges
  4. Set Engagement Parameters (optional):
    • Start/End dates for the engagement
    • Client information
    • Rules of engagement notes
    • Custom tags for organization

IP Range Configuration

The IP range manager supports multiple input formats:

Single IP Address:

192.168.1.10

IP Range:

192.168.1.1-192.168.1.50
10.0.0.1-254

CIDR Notation:

192.168.1.0/24
10.0.0.0/16
172.16.0.0/12

Multiple Targets:

192.168.1.0/24
10.0.0.50
172.16.1.1-172.16.1.100

Exclusions:

Add IPs or ranges to exclude from scans:

Include: 192.168.1.0/24
Exclude: 192.168.1.1, 192.168.1.254

Opening an Existing Session

Load previously created sessions from the server or local storage.

Opening Server Sessions

Sessions created on the RTFMv2 server or synchronized from the Console:

  1. Navigate to "Open Session" from the dashboard
  2. Select "Server Sessions" tab
  3. Browse available sessions:
  4. Session name and creation date
  5. Target count and scan status
  6. Last modified timestamp
  7. Enter decryption password
  8. Click "Load Session"

Opening Local Sessions

Load sessions from local filesystem:

  1. Navigate to "Open Session" from the dashboard
  2. Select "Local Sessions" tab
  3. Click "Browse" to select session directory
  4. Enter decryption password
  5. Click "Load Session"

Session Dashboard

Once a session is loaded, the dashboard displays:

Overview Panel

  • Session Name & Status
  • Total Hosts: Live, down, and unknown
  • Active Scans: Running tasks
  • Findings Summary: Vulnerabilities by severity
  • Recent Activity: Latest scans and discoveries

Quick Actions

  • Start common scans (Nmap, Nuclei)
  • Add new hosts or ranges
  • Generate reports
  • Access AI analysis
  • View network map

Session Statistics

  • Scan Coverage: Percentage of IPs scanned
  • Port Coverage: Total open ports discovered
  • Service Enumeration: Identified services
  • Vulnerability Count: Categorized by severity

Session Settings

Access advanced session configuration:

General Settings

  • Session name and description
  • Encryption password change
  • Storage location
  • Auto-save interval

Scan Defaults

  • Default Nmap options
  • Scanner timeout values
  • Concurrent scan limits
  • Retry policies

AI Configuration

  • Enable/disable background analysis
  • AI agent preferences
  • Chat history retention

Notification Settings

  • Real-time alerts for findings
  • Scan completion notifications
  • Critical vulnerability alerts
  • Email/webhook integrations

Data Retention

  • Automatic cleanup of old data
  • Screenshot storage limits
  • Log file rotation
  • Archive options

Best Practices

Session Organization

  • Use clear, descriptive session names (e.g., "ACME-Corp-External-2024-Q1")
  • Tag sessions by client, test type, or date
  • Maintain separate sessions for different network segments
  • Archive completed sessions regularly

Security

  • Use strong encryption passwords (minimum 12 characters)
  • Store session backups in encrypted volumes
  • Limit session sharing to authorized team members
  • Regularly change session passwords for long engagements

Performance

  • Limit concurrent scans to avoid network congestion
  • Split large IP ranges into multiple sessions
  • Enable auto-save to prevent data loss
  • Periodically archive old scan results

Collaboration

  • Document significant findings immediately
  • Use session tags for team organization
  • Export findings reports for stakeholder review
  • Synchronize sessions with version control for team access

Next Steps

Now that you have a session configured: