Pentest Engine

Overview

The Pentest Engine runs an end-to-end penetration test against authorized targets — from reconnaissance through exploitation to a finished report. It combines automated tooling with an AI exploitation layer and a library of exploit validators that confirm whether a vulnerability is truly exploitable.

Key benefits

Benefit	Capability	Business value
Full pipeline	OSINT → recon → DAST → exploitation → report	One workflow instead of stitching tools together
Confirmed risk	Exploit validators	Separates real, exploitable issues from noise
Scale	AI-assisted payloads and orchestration	Cover more ground than manual testing alone

How it works

The pipeline

A pentest moves through stages: OSINT (open-source intelligence on the target), recon (surface and service discovery), DAST (dynamic scanning of running web apps), exploitation (validating findings, with an AI layer that generates and adapts payloads), and reporting.

Exploit validators

Rather than reporting a “possible” vulnerability, the engine includes validators for common classes — SQL injection, XSS, SSRF, RCE, LFI, XXE, SSTI, IDOR, CORS, JWT issues, insecure deserialization, file upload, GraphQL, and more — that attempt safe confirmation so you act on proven issues.

Tooling and coverage

The engine orchestrates a large library of integrated tools (network scanning, web testing, and more), gated by a per-phase permission matrix so only approved tools run at each stage. Dedicated modules cover web pentesting, Active Directory attacks, and cloud-specific techniques.

Implementation / workflow

Define authorized targets (URLs / hosts) and confirm scope.
Launch the pentest from the Security Test Hub or the New Scan Web PT option.
Monitor progress through the pipeline stages.
Review validated findings and export the pentest report.

Best practices

Only test assets you’re authorized to test.
Start with recon/DAST, then enable exploitation on confirmed targets.
Use exploit-validated findings to drive the most credible remediation conversations.