External Pentest

To start an external pentest with our AI agent, go to the Launch Pentest tab in the left sidebar, then click the External Pentest card as shown in the image below. The external pentest agent performs an automated assessment of your internet-facing assets (such as domains and IPs), including recon, exploit scanning, and reporting. From this page, you can onboard or launch a new external pentest in about 30 seconds, just enter your domains or IP addresses and press Start.

After selecting the pentest type, give your engagement a name. You can also assign it to a specific organization or client for easier tracking and reporting.

Next, add the domains, IPs, and CIDR ranges that are in scope. You don’t need to list individual subdomains, the agent will automatically perform subdomain enumeration. When you enter a domain, the scope is treated as *.example.com by default.

When you’re ready to begin, click Next to deploy the agent and start the scan. The agent will automatically run using your selected settings and report results back to the platform.

If everything works correctly, you’ll be greeted with a Congratulations page confirming that your agent has been successfully deployed and your scan has started. If the agent appears to hang on the deployment step for too long, try running it again, as something may have failed. In most cases, deployment should complete in under a minute.

The scan may take a few hours or longer to complete, depending on the size and complexity of the target. Once the scan has started you can come back later to review the pentest results when they’re ready.