Nepenthes is an open-source tool for managing network penetration tests, with a focus on external tests with large numbers of hosts; in particular web-heavy networks. Nepenthes can manage different network based scans in parallel; anything from grabbing SSL information and taking screenshots to standard nmap scans. It uses a queueing and scheduling system to allow off-hours scans, scheduled from anywhere around the world. Scans can be performed from as many hosts as desired, including using public clouds. With a web frontend, Nepenthes makes it easy for multiple team members to collaborate on a test, allowing for easy extraction of desired information. A flexible worker system and easy Rails extensibility make Nepenthes easy to modify, as has been done for several tests at Matasano. These features are usually included in future tests to make the experience even better. This presentation will be a tour of the reasons for Nepenthes’ existence (the need for a high-capacity scanner and a workflow that combines data from different tools), its features, a demonstration, and information on how to get, install, and extend Nepenthes. The talk will assume some familiarity with external network penetration tests and tools, but no specific knowledge is strictly necessary.