Full expert control β run individual tools, craft custom payloads, and log findings manually. No AI orchestration required.
Best for: Expert pentesters who prefer direct tool control, complex engagements requiring custom tooling, or environments where AI features are disabled (air-gapped, regulated industries).
Prerequisites
Written authorization from client (mandatory β checked before any active scan)
Scan tools installed (Settings β Tools)
Target in approved scope list
No AI key required β all manual mode features work without Claude
1
Open Tool Runner
From the Home Screen, click any attack surface, then select Manual Mode in Wizard Step 2. Or navigate directly to Tools β Tool Runner from the left sidebar.
π‘ Keyboard shortcut: Ctrl+T opens the Tool Runner from anywhere in the app.
2
Select a Tool from the Library
The Tool Runner shows all 60+ installed tools organized by category: Recon, Web, API, Network, Cloud, Mobile, RE, and Reporting. Click any tool to open its configuration panel.
3
Configure and Run
Each tool panel shows all available flags with descriptions. Fill in the target and any options, then click Run. Output streams live to the Results panel. You can run multiple tools simultaneously in separate tabs.
4
Log Findings Manually
When you find a vulnerability, click + Add Finding in the Findings panel (or press Ctrl+F). Enter the finding details β PhantomYerra calculates CVSS and EPS scores automatically from the severity inputs.
5
Attach Evidence
In the Finding Detail panel, click Attach Evidence to upload screenshots, HTTP request/response captures, or tool output files. All evidence is SHA-256 hashed and RFC 3161 timestamped for chain of custody.
6
Generate Report
When your manual testing is complete, go to Reports β Generate. In manual mode, reports use template-based generation (no AI required). Select Executive, Technical, or Compliance template and download the PDF.
β±οΈ Duration: fully determined by the tester. Manual mode imposes no time constraints or auto-progression.
Press Ctrl+F or click + Add Finding in the Findings panel. The Finding Editor opens with all required fields.
2
Fill in Finding Details
Title : SQL Injection in /api/users?id= parameter
Type : sql_injection
Severity : Critical
CVSS Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
(PhantomYerra calculates score: 9.8 automatically)
URL / Location : https://target.com/api/users?id=1
Parameter : id
Evidence : Screenshot + HTTP request/response
PoC Steps : 1. Send GET /api/users?id=1'-- ... (exact steps)
Remediation : Use parameterized queries / prepared statements
3
Attach Evidence Files
Drag and drop evidence files into the Evidence section: screenshots (.png/.jpg), Burp Suite exports (.xml), tool output (.txt/.json), or video recordings (.mp4). Each file is automatically SHA-256 hashed and RFC 3161 timestamped.
4
Set Finding Status
Status options:
Confirmed : Verified exploitable β include in report
Suspected : Needs more testing to confirm
Informational : Low risk, include as note
False Positive: Mark as FP, exclude from report counts
5
Link to Attack Chain
In the Finding Detail, click Add to Attack Chain to link this finding to other related findings. The Attack Chain visualizer shows how findings combine into a full compromise path.
Check that the tool binary path is correct in Settings β Tools. Some tools require elevated privileges (nmap raw socket mode requires root/admin). Try running the tool from the integrated terminal first to confirm it works, then use the Tool Runner.
Ensure all 8 CVSS v3.1 base metric fields are filled in. The score only calculates when all fields have a value. Use the CVSS calculator reference in the Finding Editor (click the "?" icon next to CVSS Vector) if you're unsure which values to select.
Yes. Go to Findings β Import β select format: Burp Suite XML, Nessus .nessus, OpenVAS XML, SARIF, or generic CSV. PhantomYerra maps imported findings to its schema and calculates CVSS scores where possible.
Related Topics
β‘ Automated AI Modeπ§ Semi-Automated Modeπ Reports & Exports