sharang/compliance-scanner-agent
1
0
Fork 0
Code Issues 51 Pull Requests 1 Actions Packages Projects Releases 1 Wiki Activity
Files
bc7cdd35e435f24f40b7da75c70d7ed55fd1f373
compliance-scanner-agent/docs/features/pentest.md
Sharang Parnerkar c461faa2fb
All checks were successful
CI / Check (push) Has been skipped
Details
CI / Detect Changes (push) Successful in 7s
Details
CI / Deploy Agent (push) Successful in 2s
Details
CI / Deploy Dashboard (push) Successful in 2s
Details
CI / Deploy Docs (push) Successful in 2s
Details
CI / Deploy MCP (push) Successful in 2s
Details
feat: pentest onboarding — streaming, browser automation, reports, user cleanup (#16) 
Complete pentest feature overhaul: SSE streaming, session-persistent browser tool (CDP), AES-256 credential encryption, auto-screenshots in reports, code-level remediation correlation, SAST triage chunking, context window optimization, test user cleanup (Keycloak/Auth0/Okta), wizard dropdowns, attack chain improvements, architecture docs with Mermaid diagrams.

Co-authored-by: Sharang Parnerkar <parnerkarsharang@gmail.com>
Reviewed-on: #16
2026-03-17 20:32:20 +00:00

143 lines
6.4 KiB
Markdown
Raw Blame History

# AI Pentest
The AI Pentest module provides autonomous, LLM-driven penetration testing against your DAST targets. It orchestrates a chain of security tools guided by AI reasoning to discover vulnerabilities that traditional scanning may miss.
## Overview
Navigate to **Pentest** in the sidebar to see the pentest dashboard.
The dashboard shows:
- Total pentest sessions run
- Aggregate finding counts with severity breakdown
- Tool invocation statistics and success rates
- Session cards with status, target, strategy, and finding count
## Starting a Pentest Session
Click **New Pentest** on the dashboard to open the 4-step onboarding wizard:
### Step 1 — Target & Scope
- **App URL** — enter manually or select from existing DAST targets (dropdown)
- **Git Repository URL** — enter manually or select from tracked repositories (dropdown). If an SSH URL is selected, the deploy key is displayed for easy copy
- **Branch / Commit** — auto-populated when you click **Lookup** for a tracked repo
- **App Type** and **Rate Limit**
### Step 2 — Authentication
- **None** — unauthenticated testing
- **Manual Credentials** — provide username/password (encrypted at rest with AES-256-GCM)
- **Auto-Register** — the orchestrator uses the browser tool (headless Chrome) to discover the registration page and create a test account:
- **Registration URL** (optional) — auto-discovered via Playwright if omitted
- **Verification Email** (optional) — override the agent's default mailbox. Uses plus-addressing (`base+sessionid@domain`) and polls IMAP for verification links
- **IMAP Settings** — collapsible section to override host/port/credentials
### Step 3 — Strategy & Instructions
| Strategy | Description |
|----------|-------------|
| **Comprehensive** | Full-spectrum test covering recon, API analysis, injection testing, auth checks, and more |
| **Quick** | Focus on common/high-impact vulnerabilities with minimal tool invocations |
| **Targeted** | SAST-guided — prioritize areas where static analysis found issues |
| **Aggressive** | Maximum payloads, attempt full exploitation |
| **Stealth** | Minimal noise, passive analysis, targeted probes |
- **Initial Instructions** — free-text guidance for the AI
- **Scope Exclusions** — paths to skip
- **Max Duration**, **Tester Name/Email**, **Destructive Tests** toggle
### Step 4 — Disclaimer & Confirm
Review the configuration summary and accept the authorization disclaimer.
The wizard can be closed at any time via the **X** button (top-right corner) or by clicking outside the modal.
::: tip Architecture Deep-Dive
See [Pentest Orchestration Architecture](./pentest-architecture.md) for details on how the LLM loop works, what context is passed, and how findings are correlated to source code.
:::
The AI orchestrator will autonomously select and execute security tools in phases, using the output of each phase to inform the next.
## Session View
Click any session card to open the detailed session view. It shows:
### Summary Cards
- **Findings** — total vulnerabilities discovered
- **Exploitable** — confirmed-exploitable findings
- **Tool Invocations** — total tools executed
- **Success Rate** — percentage of tools that completed successfully
### Severity Distribution
A bar showing the breakdown of findings by severity level (Critical, High, Medium, Low, Info).
### Findings Tab
Lists all discovered vulnerabilities with:
- Severity badge and title
- Vulnerability type and exploitability status
- HTTP method and endpoint
- CWE identifier
- Description and remediation recommendation
- Correlated SAST finding references (when available)
### Attack Chain Tab
A visual DAG (directed acyclic graph) showing the sequence of tools executed during the pentest. Nodes are grouped into phases:
- **Phase-based layout** — tools are organized top-down by execution phase (reconnaissance, analysis, testing, exploitation, etc.)
- **Category icons** — each tool displays an icon indicating its category (recon, XSS, SQLi, SSRF, auth, headers, cookies, TLS, CORS, etc.)
- **Status indicators** — color-coded status dots (green = completed, yellow = running, red = failed)
- **Finding badges** — red badge showing the number of findings produced by each tool
- **Interactive** — hover for details, click to select, scroll to zoom, drag to pan
### Pausing, Resuming & Stopping
- **Pause** — click the **Pause** button on a running session to suspend the orchestrator loop. The session status changes to `paused` and the LLM stops iterating. SSE clients receive a `paused` event.
- **Resume** — click **Resume** on a paused session to continue from where it left off. The status returns to `running` and a `resumed` event is broadcast.
- **Stop** — click **Stop** to permanently halt the session. This marks it as `failed` with reason "Stopped by user".
## Exporting Reports
Click **Export Report** on any session to generate a professional pentest report.
### Export Process
1. Enter an **encryption password** (minimum 8 characters)
2. Click **Export** to generate and download the report
The export produces a **password-protected ZIP archive** (AES-256 encryption) that can be opened with any standard archive tool (7-Zip, WinRAR, macOS Archive Utility, etc.).
### Archive Contents
| File | Description |
|------|-------------|
| `report.html` | Professional HTML report with executive summary, methodology, tools, findings with recommendations, and attack chain timeline |
| `findings.json` | Raw findings data in JSON format for programmatic processing |
| `attack-chain.json` | Raw attack chain data showing tool execution sequence and relationships |
### Report Features
The HTML report includes:
- Company logo and CONFIDENTIAL banner
- Requester information
- Executive summary with overall risk rating
- Severity distribution chart
- Methodology and tools section
- Detailed findings with severity, CWE, endpoint, evidence, remediation guidance, and linked SAST references
- Attack chain timeline
- Print-friendly layout (dark theme on screen, light theme for print)
### Integrity Verification
After export, the dashboard displays the **SHA-256 checksum** of the archive with a copy-to-clipboard button. Use this to verify the archive has not been tampered with after distribution.
::: warning
Only run pentests against applications you own or have explicit written authorization to test. AI-driven pentesting sends real attack payloads that may trigger alerts or cause unintended side effects.
:::
Reference in New Issue View Git Blame Copy Permalink