ChatOps, a concept originating from Github, is chatroom-driven DevOps for distributed teams, using chatbots (like Hubot) to execute custom scripts and plugins. We, at Radically Open Security, have applied the concept of ChatOps to the penetration testing workflow, and found that it fits outstandingly – for everything from routine scanning to spearphishing to pentest gamification to improving report writing. Chatops provides more transparency for our customers about pentesting. It fits with one of our core prinicples of 'Teach to fish' where clients can see what we do.

This talk discusses the tools that we use (RocketChat, Hubot, Gitlab, pentesting tools) for chatops, and provides battle stories of using Pentesting ChatOps in practice.