Web Terminal
The Web Terminal gives you a fully functional command-line shell directly in your browser. No SSH client, no VPN, no configuration needed — just open RTF and start running commands.
The terminal runs on the RTF server, which is pre-loaded with common red team tools including nmap, gobuster, ffuf, nikto, sqlmap, hydra, hashcat, and more.
Opening a Terminal Session
- Go to Terminal in the left sidebar
- Click New Session
- Optionally give the session a name (e.g., "recon-phase", "web-scan")
- The terminal opens immediately — you're connected to a live shell
Terminal Sessions
RTF supports multiple concurrent sessions. Each session is independent — you can have:
- One session for recon scanning
- Another for web enumeration
- Another for post-exploitation
Sessions persist until you close them. If you navigate away and come back, your session is still active with its history.
Sessions Linked to Techniques
When you open a terminal session from within the context of a MITRE technique (e.g., while viewing a technique in the navigator), the session is automatically tagged to that technique.
This means:
- Your command history is organized by technique
- Sessions appear filtered when you're viewing a specific technique
- The tool tracking system knows which technique your commands relate to
Command History and Tool Tracking
RTF automatically tracks every command you run in the terminal:
- Commands are saved to the engagement's command history
- The tool tracking system identifies which tool you used (nmap, gobuster, etc.)
- This data feeds into the Analytics Dashboard to show your top tools and usage patterns
- Command history is visible in the Analytics → Top Tools section
Some internal commands are filtered out automatically (e.g., cd, ls, short one-character inputs). Only meaningful tool commands are tracked.
Pre-installed Tools
The RTF terminal environment comes with these tools pre-installed:
| Category | Tools |
|---|---|
| Network Scanning | nmap, masscan |
| Web Discovery | gobuster, ffuf, nikto |
| Subdomain Enumeration | subfinder |
| Vulnerability Scanning | nuclei |
| SQL Injection | sqlmap |
| Password Attacks | hydra, hashcat |
| DNS | dnsutils (dig, nslookup, host) |
Need a tool that isn't listed? Use the Package Manager → to install it.
File Browser
The terminal also includes a File Browser sidebar that lets you:
- Browse the filesystem on the RTF server
- See file details (size, type, permissions)
- Navigate directories without typing
lsandcd
The file browser works alongside the terminal — you can browse to a directory and your terminal automatically switches to that path.
Managing Sessions
From the Sessions panel you can:
- View all active sessions and their last command
- Switch between sessions without closing any
- Reconnect to a session you navigated away from
- Delete a session when you're done with it
Terminal Keyboard Shortcuts
| Shortcut | Action |
|---|---|
Ctrl+C | Interrupt current process |
Ctrl+L | Clear terminal screen |
Tab | Autocomplete |
↑ / ↓ | Navigate command history |
Ctrl+A | Go to beginning of line |
Ctrl+E | Go to end of line |
Resizing the Terminal
The terminal window automatically adjusts to your browser window size. You can also drag the edges to resize if the terminal is in a split view.
Tips
- Name your sessions — "nmap-scan", "web-enum", "exploit" makes it easy to switch between tasks
- Check tool suggestions first — before opening a terminal, get AI Tool Suggestions to know what to run
- Save important output — pipe output to files (
nmap -oX scan.xml ...) so you can reference it later - The terminal is on the RTF server — it has access to the server's network, not your local machine. Make sure your VPN or routing is set up on the server side if needed.
Next Steps
- Package Manager → — install additional tools
- AI Tool Suggestions → — get command recommendations
- Findings → — record what you discover using the terminal