sharang/compliance-scanner-agent
1
0
Fork 0
Code Issues 51 Pull Requests 1 Actions Packages Projects Releases 1 Wiki Activity
Files
bc7cdd35e435f24f40b7da75c70d7ed55fd1f373
compliance-scanner-agent/docs/features/pentest.md
Sharang Parnerkar c461faa2fb
All checks were successful
CI / Check (push) Has been skipped
Details
CI / Detect Changes (push) Successful in 7s
Details
CI / Deploy Agent (push) Successful in 2s
Details
CI / Deploy Dashboard (push) Successful in 2s
Details
CI / Deploy Docs (push) Successful in 2s
Details
CI / Deploy MCP (push) Successful in 2s
Details
feat: pentest onboarding — streaming, browser automation, reports, user cleanup (#16) 
Complete pentest feature overhaul: SSE streaming, session-persistent browser tool (CDP), AES-256 credential encryption, auto-screenshots in reports, code-level remediation correlation, SAST triage chunking, context window optimization, test user cleanup (Keycloak/Auth0/Okta), wizard dropdowns, attack chain improvements, architecture docs with Mermaid diagrams.

Co-authored-by: Sharang Parnerkar <parnerkarsharang@gmail.com>
Reviewed-on: #16
2026-03-17 20:32:20 +00:00

6.4 KiB
Raw Blame History

AI Pentest

The AI Pentest module provides autonomous, LLM-driven penetration testing against your DAST targets. It orchestrates a chain of security tools guided by AI reasoning to discover vulnerabilities that traditional scanning may miss.

Overview

Navigate to Pentest in the sidebar to see the pentest dashboard.

The dashboard shows:

  • Total pentest sessions run
  • Aggregate finding counts with severity breakdown
  • Tool invocation statistics and success rates
  • Session cards with status, target, strategy, and finding count

Starting a Pentest Session

Click New Pentest on the dashboard to open the 4-step onboarding wizard:

Step 1 — Target & Scope

  • App URL — enter manually or select from existing DAST targets (dropdown)
  • Git Repository URL — enter manually or select from tracked repositories (dropdown). If an SSH URL is selected, the deploy key is displayed for easy copy
  • Branch / Commit — auto-populated when you click Lookup for a tracked repo
  • App Type and Rate Limit

Step 2 — Authentication

  • None — unauthenticated testing
  • Manual Credentials — provide username/password (encrypted at rest with AES-256-GCM)
  • Auto-Register — the orchestrator uses the browser tool (headless Chrome) to discover the registration page and create a test account:
    • Registration URL (optional) — auto-discovered via Playwright if omitted
    • Verification Email (optional) — override the agent's default mailbox. Uses plus-addressing (base+sessionid@domain) and polls IMAP for verification links
    • IMAP Settings — collapsible section to override host/port/credentials

Step 3 — Strategy & Instructions

Strategy Description
Comprehensive Full-spectrum test covering recon, API analysis, injection testing, auth checks, and more
Quick Focus on common/high-impact vulnerabilities with minimal tool invocations
Targeted SAST-guided — prioritize areas where static analysis found issues
Aggressive Maximum payloads, attempt full exploitation
Stealth Minimal noise, passive analysis, targeted probes
  • Initial Instructions — free-text guidance for the AI
  • Scope Exclusions — paths to skip
  • Max Duration, Tester Name/Email, Destructive Tests toggle

Step 4 — Disclaimer & Confirm

Review the configuration summary and accept the authorization disclaimer.

The wizard can be closed at any time via the X button (top-right corner) or by clicking outside the modal.

::: tip Architecture Deep-Dive See Pentest Orchestration Architecture for details on how the LLM loop works, what context is passed, and how findings are correlated to source code. :::

The AI orchestrator will autonomously select and execute security tools in phases, using the output of each phase to inform the next.

Session View

Click any session card to open the detailed session view. It shows:

Summary Cards

  • Findings — total vulnerabilities discovered
  • Exploitable — confirmed-exploitable findings
  • Tool Invocations — total tools executed
  • Success Rate — percentage of tools that completed successfully

Severity Distribution

A bar showing the breakdown of findings by severity level (Critical, High, Medium, Low, Info).

Findings Tab

Lists all discovered vulnerabilities with:

  • Severity badge and title
  • Vulnerability type and exploitability status
  • HTTP method and endpoint
  • CWE identifier
  • Description and remediation recommendation
  • Correlated SAST finding references (when available)

Attack Chain Tab

A visual DAG (directed acyclic graph) showing the sequence of tools executed during the pentest. Nodes are grouped into phases:

  • Phase-based layout — tools are organized top-down by execution phase (reconnaissance, analysis, testing, exploitation, etc.)
  • Category icons — each tool displays an icon indicating its category (recon, XSS, SQLi, SSRF, auth, headers, cookies, TLS, CORS, etc.)
  • Status indicators — color-coded status dots (green = completed, yellow = running, red = failed)
  • Finding badges — red badge showing the number of findings produced by each tool
  • Interactive — hover for details, click to select, scroll to zoom, drag to pan

Pausing, Resuming & Stopping

  • Pause — click the Pause button on a running session to suspend the orchestrator loop. The session status changes to paused and the LLM stops iterating. SSE clients receive a paused event.
  • Resume — click Resume on a paused session to continue from where it left off. The status returns to running and a resumed event is broadcast.
  • Stop — click Stop to permanently halt the session. This marks it as failed with reason "Stopped by user".

Exporting Reports

Click Export Report on any session to generate a professional pentest report.

Export Process

  1. Enter an encryption password (minimum 8 characters)
  2. Click Export to generate and download the report

The export produces a password-protected ZIP archive (AES-256 encryption) that can be opened with any standard archive tool (7-Zip, WinRAR, macOS Archive Utility, etc.).

Archive Contents

File Description
report.html Professional HTML report with executive summary, methodology, tools, findings with recommendations, and attack chain timeline
findings.json Raw findings data in JSON format for programmatic processing
attack-chain.json Raw attack chain data showing tool execution sequence and relationships

Report Features

The HTML report includes:

  • Company logo and CONFIDENTIAL banner
  • Requester information
  • Executive summary with overall risk rating
  • Severity distribution chart
  • Methodology and tools section
  • Detailed findings with severity, CWE, endpoint, evidence, remediation guidance, and linked SAST references
  • Attack chain timeline
  • Print-friendly layout (dark theme on screen, light theme for print)

Integrity Verification

After export, the dashboard displays the SHA-256 checksum of the archive with a copy-to-clipboard button. Use this to verify the archive has not been tampered with after distribution.

::: warning Only run pentests against applications you own or have explicit written authorization to test. AI-driven pentesting sends real attack payloads that may trigger alerts or cause unintended side effects. :::

Reference in New Issue View Git Blame Copy Permalink