pensar targeted-pentest

Overview

The pensar targeted-pentest command runs a focused penetration test with one or more specific testing objectives. Unlike pensar pentest which performs broad autonomous testing, targeted pentests let you direct the AI agent toward particular vulnerability classes or areas of concern.

Usage

$ pensar targeted-pentest --target <url> --objective <text> [options]

Options

Flag	Description
`--target <url>`	(required) Target URL, domain, or IP address
`--objective <text>`	(required, repeatable) A specific testing objective
`--model <model>`	AI model to use (defaults to your configured provider’s default)
`--header "Name: Value"`	Custom HTTP header sent on every in-scope request (repeatable)
`--headers-from <file>`	Load headers from a JSON object or `Name: Value` file
`--no-global-headers`	Skip the snapshot of `pensar config headers` defaults

Examples

$ # Single objective
$ pensar targeted-pentest --target https://api.example.com \
>   --objective "Test for SQL injection in the login endpoint"
$ 
$ # Multiple objectives
$ pensar targeted-pentest --target https://example.com \
>   --objective "Test for IDOR vulnerabilities in the /api/users endpoint" \
>   --objective "Check for authentication bypass on admin routes" \
>   --objective "Verify CORS configuration"
$ 
$ # With a specific model
$ pensar targeted-pentest --target https://example.com \
>   --objective "Test for XSS in search functionality" \
>   --model claude-opus-4-8
$ 
$ # Inject an API key on every in-scope request
$ pensar targeted-pentest --target https://api.example.com \
>   --objective "Find IDOR in /users/:id" \
>   --header "X-API-Key: $KEY"

Output

============================================================
TARGETED PENTEST
============================================================
Target:  https://example.com
Model:   claude-sonnet-4-5
Objectives:
  1. Test for SQL injection in the login endpoint
  2. Check for authentication bypass on admin routes
...
============================================================
RESULTS
============================================================
Findings:  2
Path:      /home/user/.pensar/sessions/.../findings.json
POCs:      /home/user/.pensar/sessions/.../pocs/

When to Use

Use pensar targeted-pentest when you:

Have specific vulnerability hypotheses to validate
Want to focus testing on particular endpoints or features
Need faster, more focused results than a full pentest
Are investigating a specific area flagged by code review or other tools

pensar pentest

Run a broad autonomous pentest

/operator

Interactive testing with step-by-step control