# AI Pentest

The AI Pentest module provides autonomous, LLM-driven penetration testing against your DAST targets. It orchestrates a chain of security tools guided by AI reasoning to discover vulnerabilities that traditional scanning may miss.

## Overview

Navigate to **Pentest** in the sidebar to see the pentest dashboard.

The dashboard shows:

- Total pentest sessions run
- Aggregate finding counts with severity breakdown
- Tool invocation statistics and success rates
- Session cards with status, target, strategy, and finding count

## Starting a Pentest Session

1. Click **New Pentest** on the dashboard
2. Select a **DAST target** (must be configured under DAST > Targets first)
3. Choose a **strategy**:

| Strategy | Description |
|----------|-------------|
| **Comprehensive** | Full-spectrum test covering recon, API analysis, injection testing, auth checks, and more |
| **Focused** | Targets specific vulnerability categories based on initial reconnaissance |

4. Optionally provide an initial **message** to guide the AI's focus
5. Click **Start** to begin the session

The AI orchestrator will autonomously select and execute security tools in phases, using the output of each phase to inform the next.

## Session View

Click any session card to open the detailed session view. It shows:

### Summary Cards

- **Findings** — total vulnerabilities discovered
- **Exploitable** — confirmed-exploitable findings
- **Tool Invocations** — total tools executed
- **Success Rate** — percentage of tools that completed successfully

### Severity Distribution

A bar showing the breakdown of findings by severity level (Critical, High, Medium, Low, Info).

### Findings Tab

Lists all discovered vulnerabilities with:

- Severity badge and title
- Vulnerability type and exploitability status
- HTTP method and endpoint
- CWE identifier
- Description and remediation recommendation
- Correlated SAST finding references (when available)

### Attack Chain Tab

A visual DAG (directed acyclic graph) showing the sequence of tools executed during the pentest. Nodes are grouped into phases:

- **Phase-based layout** — tools are organized top-down by execution phase (reconnaissance, analysis, testing, exploitation, etc.)
- **Category icons** — each tool displays an icon indicating its category (recon, XSS, SQLi, SSRF, auth, headers, cookies, TLS, CORS, etc.)
- **Status indicators** — color-coded status dots (green = completed, yellow = running, red = failed)
- **Finding badges** — red badge showing the number of findings produced by each tool
- **Interactive** — hover for details, click to select, scroll to zoom, drag to pan

### Stopping a Session

Running sessions can be stopped from the dashboard by clicking the **Stop** button on the session card. This immediately halts all tool execution.

## Exporting Reports

Click **Export Report** on any session to generate a professional pentest report.

### Export Process

1. Enter an **encryption password** (minimum 8 characters)
2. Click **Export** to generate and download the report

The export produces a **password-protected ZIP archive** (AES-256 encryption) that can be opened with any standard archive tool (7-Zip, WinRAR, macOS Archive Utility, etc.).

### Archive Contents

| File | Description |
|------|-------------|
| `report.html` | Professional HTML report with executive summary, methodology, tools, findings with recommendations, and attack chain timeline |
| `findings.json` | Raw findings data in JSON format for programmatic processing |
| `attack-chain.json` | Raw attack chain data showing tool execution sequence and relationships |

### Report Features

The HTML report includes:

- Company logo and CONFIDENTIAL banner
- Requester information
- Executive summary with overall risk rating
- Severity distribution chart
- Methodology and tools section
- Detailed findings with severity, CWE, endpoint, evidence, remediation guidance, and linked SAST references
- Attack chain timeline
- Print-friendly layout (dark theme on screen, light theme for print)

### Integrity Verification

After export, the dashboard displays the **SHA-256 checksum** of the archive with a copy-to-clipboard button. Use this to verify the archive has not been tampered with after distribution.

::: warning
Only run pentests against applications you own or have explicit written authorization to test. AI-driven pentesting sends real attack payloads that may trigger alerts or cause unintended side effects.
:::