Web Application Pentest

To start a web application pentest with our AI agent, go to the Launch Pentest tab in the left sidebar, then click the Web App Pentest card as shown in the image below. The web app pentest agent scans your website for OWASP Top 10-style vulnerabilities, such as sql injection, XSS, IDOR, and authentication issues. To get started, just enter the target domain and provide a username and password for authenticated testing. You can also supply custom authentication headers if needed, or skip authentication entirely to run an unauthenticated scan. The process can take as little as 30 seconds.

After selecting the pentest type, give your engagement a name. You can also assign it to a specific organization or client for easier tracking and reporting.

After you give the project a name you can move on to the next step. In this step you need to supply the login url of the web application.

Once you’ve entered the login URL, provide the credentials for an account on the application. You only need to supply the username and password , the agent will handle the rest of the login flow automatically. If needed, you can also manually provide authentication headers or cookies. For unauthenticated applications, you can skip the login step entirely by toggling the Use Login Page option off.

When you’re ready to begin, click Next to deploy the agent and start the scan. The agent will automatically run using your selected settings and report results back to the platform.

If everything works correctly, you’ll be greeted with a Congratulations page confirming that your agent has been successfully deployed and your scan has started. If the agent appears to hang on the deployment step for too long, try running it again, as something may have failed. In most cases, deployment should complete in under a minute.

The scan may take a few hours or longer to complete, depending on the size and complexity of the target. Once the scan has started you can come back later to review the pentest results when they’re ready.