Try Claude
Security ScannerScan URLs, IPs, domains and files for threats
AI Tools for Penetration Testers
AI tools for pentesters to research vulnerabilities, analyze attack surfaces, document findings, and stay current on exploit techniques.
Get started for free
Works in Chat, Cowork and Code
SQL Injection · /login endpoint
CRITICAL — unsanitised user input in WHERE clause
CSRF token missing
HIGH — all state-changing endpoints lack token validation
Hardcoded API keys
HIGH — 3 API keys found in client-side JavaScript
Weak password hashing
HIGH — MD5 without salt detected in user table
Unpatched framework
MEDIUM — Express 4.16.x with known prototype pollution CVE
Vulnerability assessment and scanning
Scan systems for vulnerabilities, misconfigurations, and security gaps.
Scan this web application: find injection flaws, authentication bypass, insecure deserialization, and weak encryption
Found 12 vulnerabilities: SQL injection in login, CSRF token missing, hardcoded API keys, weak password hashing, unpatched framework.
ToolRouter scan_app
SQL injection · /login
CRITICAL — unsanitised input in WHERE clause
CSRF token missing
HIGH — state-changing endpoints lack token validation
Hardcoded API keys
HIGH — 3 keys found in client-side JavaScript
Weak password hashing
HIGH — MD5 without salt in user table
Unpatched framework
MEDIUM — Express 4.16.x prototype pollution CVE
CVE and exploit research
Research CVEs affecting target systems, find proof-of-concept exploits.
Find all critical CVEs affecting Apache Tomcat 9.x and Spring Framework 5.x from the last 2 years
Found 15 CVEs: 8 critical, 7 high. Includes CVSS scores, exploit availability, and patch information.
ToolRouter search_cves
CVEs found
15 total — 8 Critical, 7 High severity
CVE-2023-28709 (Tomcat)
CVSS 9.8 · DoS via malformed HTTP/2 · exploit public
CVE-2023-20873 (Spring Boot)
CVSS 9.8 · actuator endpoint exposure in cloud
CVE-2022-22965 (Spring4Shell)
CVSS 9.8 · RCE via DataBinder · actively exploited
Fix
Tomcat 9.0.73+ and Spring 5.3.26+ resolve all critical findings
Penetration testing methodology and standards
Research OWASP, NIST, PTES, and industry testing methodologies.
Look up OWASP Top 10 and NIST Cybersecurity Framework: testing procedures, severity ratings, and remediation guidance
Found official OWASP and NIST docs: testing methodology, vulnerability severity matrix, remediation priorities.
ToolRouter search_docs
OWASP Top 10 (2021)
A01 Broken Access Control · A03 Injection · A07 Auth Failures — highest priority
OWASP Testing Guide v4.2
91 test categories with severity ratings and remediation guidance
NIST CSF functions
Identify · Protect · Detect · Respond · Recover
CVSS scoring
v3.1 scoring system for severity rating and remediation prioritisation
Attack techniques and threat research
Research advanced attack techniques, threat models, and red team strategies.
Research advanced attack techniques: social engineering, physical security bypasses, and post-exploitation persistence mechanisms
Compiled guide: attack vectors, common evasion techniques, privilege escalation methods, and defensive countermeasures.
ToolRouter research
Social engineering
Phishing, vishing, pretexting — target high-privilege users first
Physical security
Tailgating, badge cloning, USB drop attacks
Post-exploitation persistence
Scheduled tasks, registry run keys, WMI subscriptions, service installs
Privilege escalation
Token impersonation, sudo misconfigs, SUID binaries on Linux
Evasion techniques
Process injection, timestomping, AMSI bypass, LOLBAS
Penetration test report generation
Create comprehensive pentest reports with findings, severity ratings, and remediation steps.
Generate a pentest report: executive summary, vulnerability findings with CVSS scores, screenshots, remediation priorities
Created professional report: 12 vulnerabilities categorized by severity, detailed explanations, proof-of-concept steps, and fix recommendations.
ToolRouter repurpose_content
Critical (4)
SQL injection · hardcoded creds · SSRF · RCE via unpatched framework
High (5)
CSRF · weak hashing · exposed admin panel · IDOR · XXE
Medium (3)
Missing security headers · verbose errors · insecure cookie flags
Report sections
Executive summary · technical findings · PoC steps · CVSS scores · fix timeline
Remediation SLA
Critical: 48hr · High: 2 weeks · Medium: next sprint
Ready-to-use prompts
Web app security audit
Scan this web application for: OWASP Top 10 vulnerabilities, injection attacks, authentication issues, and cryptographic weaknesses
Research CVEs
Find all critical and high-severity CVEs for [software/version] from the last 18 months with exploit availability
OWASP methodology
Look up OWASP Top 10, OWASP Testing Guide, and severity ratings for comprehensive security assessment
Attack techniques
Research advanced attack methodologies: lateral movement, privilege escalation, persistence, and evasion techniques
Test report
Generate a professional penetration test report with: executive summary, findings, CVSS scores, screenshots, and remediation steps
Threat modeling
Research threat modeling frameworks: STRIDE, attack trees, and risk assessment methodologies for architecture review
Tools to power your best work
Vulnerability DatabaseSearch CVEs & track new advisories
Content RepurposerTurn any content into posts, scripts, and articles
Deep ResearchAI research reports with citations
Library DocsUp-to-date docs and code examples for any library
165+ tools.
One conversation.
Everything penetration testers need from AI, connected to the assistant you already use. No extra apps, no switching tabs.
Complete penetration test engagement
Assess security, research vulnerabilities, document findings, and present results.
Red team and advanced attack planning
Plan sophisticated attacks, research techniques, and design exploitation chains.
Continuous vulnerability monitoring
Monitor for new CVEs, track vulnerability trends, and maintain security knowledge.
Frequently Asked Questions
How comprehensive is the security scanner for web applications?
Security Scanner detects OWASP Top 10 vulnerabilities, injection attacks, weak authentication, cryptographic issues, and configuration problems. It complements manual testing but doesn't replace thorough penetration testing by experienced professionals.
How quickly does the vulnerability database get new CVEs?
The database tracks CVEs from official sources (NVD, vendor advisories) with near real-time updates. Check regularly for your target systems' dependencies—CVEs are announced constantly.
What methodologies should I follow for testing?
Follow established frameworks: OWASP Testing Guide for comprehensive coverage, NIST SP 800-115 for methodology, PTES for overall engagement structure. Combine with threat modeling (STRIDE) for architecture-level assessment.
How detailed should my pentest reports be?
Include: executive summary, detailed vulnerability descriptions with proof-of-concept, CVSS scores, business impact, remediation steps with timelines, and verified fix verification. Tailor detail level for technical vs. executive audiences.
How do I stay current on new attack techniques?
Monitor CVE databases continuously, research emerging threats through academic and industry sources, follow security conferences (DEF CON, Black Hat, OWASP AppSec), and participate in red team exercises to stay current.
Give your AI superpowers.
Get started for free
Works in Chat, Cowork and Code