Get started
Tools / Penetration Testing
Penetration Testing icon

Penetration Testing

AI-powered black-box pen testing

Try with Claude

Penetration Testing is a black-box web application security testing tool that crawls your app's attack surface, scans for misconfigurations, and tests for the most common and damaging vulnerability classes — all powered by AI-generated payloads. It produces a structured report with severity ratings, proof-of-concept evidence, and remediation guidance.

The tool follows the standard penetration testing workflow: reconnaissance first to map endpoints and input surfaces, then targeted testing for injection, XSS, authentication bypass, and SSRF. AI reasoning is used to generate context-aware payloads rather than generic pattern matching, which means it finds vulnerabilities that signature-based scanners miss.

Important: Only use this tool on systems you own or have explicit written permission to test. Unauthorised security testing is illegal.

What you can do

  • Crawl any web app to map its full attack surface — endpoints, forms, auth flows, tech stack
  • Scan for security headers, exposed paths, server disclosure, and TLS issues
  • Test for SQL injection, NoSQL injection, and command injection with AI-generated payloads
  • Test for reflected and stored Cross-Site Scripting in HTML, attribute, and JavaScript contexts
  • Test for authentication bypass, IDOR, and privilege escalation
  • Test URL-accepting parameters for Server-Side Request Forgery
  • Generate a structured report with executive summary, severity breakdown, and remediation steps

Who it's for

Security engineers, developers, bug bounty hunters, and DevSecOps teams who need to validate their applications against real attack vectors before release or as part of ongoing security reviews.

How to use it

  1. Start with recon to map the attack surface — this returns a session object for all subsequent skills
  2. Run scan_vulnerabilities to check headers, exposed paths, and TLS configuration
  3. Use test_injection, test_xss, test_auth, and test_ssrf — each requires authorized: true
  4. Finish with generate_report to compile all findings into a readable report

Getting started

No setup required — the tool runs on the platform's AI models by default.

Reconnaissance

Crawl a target URL to map its attack surface. Discovers endpoints, forms, input parameters, authentication flows, and tech stack. Returns a session that subsequent test skills use.

Returns: Session object with attack surface map: endpoints, forms, auth flows, input surfaces, and tech stack
Scan Vulnerabilities

Run vulnerability scans against the target including security header checks, exposed path detection, server version disclosure, and TLS analysis. Uses nuclei when available.

Returns: Vulnerability findings with severity distribution and evidence
Test Injection

AI-powered injection vulnerability testing. Uses LLM reasoning to generate context-aware SQL, NoSQL, and command injection payloads, execute them, and analyze responses. Requires authorization.

Returns: Confirmed injection findings with PoC payloads, request/response evidence, and remediation
Test Cross-Site Scripting

AI-powered Cross-Site Scripting testing. Generates context-aware XSS payloads for HTML, attribute, and JavaScript contexts. Tests both reflected and stored XSS. Requires authorization.

Returns: Confirmed XSS findings with payloads, reflection context, and remediation
Test Authentication

AI-powered authentication and authorization testing. Tests for auth bypass, IDOR, privilege escalation, and session handling issues. Optionally accepts test credentials. Requires authorization.

Returns: Auth bypass, IDOR, and privilege escalation findings with evidence
Test Server-Side Request Forgery

AI-powered Server-Side Request Forgery testing. Tests URL-accepting parameters for internal network access, cloud metadata exposure, and redirect-based SSRF. Requires authorization.

Returns: SSRF findings with payloads, internal info leakage evidence, and remediation
Generate Report

Compile all findings from a scan session into a structured penetration test report. Includes executive summary, severity distribution, PoC evidence, and remediation recommendations.

Returns: Full penetration test report in markdown or structured JSON
Loading reviews...

Loading activity...

v0.022026-03-22
  • Added subtitle, expanded description, and agent instructions
v0.012026-03-20
  • Initial release

Penetration Testing Use Cases(8)

Browse all 8 Penetration Testingguides →
Open Scan Web Application Vulnerabilities

Scan Web Application Vulnerabilities

Run comprehensive vulnerability scans against web applications to identify security weaknesses.

Penetration Testing icon
Penetration Testing4 agent guides
Open Test API Security

Test API Security

Assess the security of REST APIs by testing authentication, authorization, input validation, and injection resistance.

Penetration Testing icon
Penetration Testing4 agent guides
Open Research Vulnerabilities by Software

Research Vulnerabilities by Software

Search for known vulnerabilities affecting specific software products, libraries, or frameworks in your stack.

Vulnerability Database icon
Vulnerability Database4 agent guides
Open Screen Entities Against Sanctions Lists

Screen Entities Against Sanctions Lists

Check individuals and companies against OFAC, UN, EU, and other global sanctions lists before onboarding or transacting.

Compliance Screening icon
Compliance Screening4 agent guides
See every Penetration Testinguse case (Claude, ChatGPT, Copilot, OpenClaw guides) →

Workflows

Full Security Assessment
Pentest icon
Pentest
security-httpx icon
security-httpx
security-nuclei icon
security-nuclei
Vulnerability Database icon
Vulnerability Database
Compliance Security Audit
security-nuclei icon
security-nuclei
Vulnerability Database icon
Vulnerability Database
Pentest icon
Pentest
Deep Research icon
Deep Research
Web Application Security Test
Pentest icon
Pentest
security-httpx icon
security-httpx
Site Crawler icon
Site Crawler
Web Screenshot icon
Web Screenshot
View all 7 workflows

Related Tools

Related Categories

🛡️ Security

Popular with

Backend DeveloperCyber Insurance SpecialistCybersecurity AnalystCybersecurity ConsultantIT ConsultantMaritime Security OfficerPre-Sales EngineerSales Engineer

Frequently Asked Questions

Do I need permission before running a test?

Yes. Only test systems you own or have explicit permission to assess.

What should I run first?

Start with `recon`. It maps the attack surface and creates the session used by the later tests.

What kinds of issues does it look for?

It covers injection, XSS, SSRF, authentication problems, misconfigurations, and related web app weaknesses.

How do I get a readable report?

Use `generate_report` at the end of the workflow. You can choose markdown for reading or JSON for structured output.