/pentest
Overview
The /pentest command starts a thorough, comprehensive penetration test using an advanced AI agent. This mode performs in-depth security analysis and is ideal for production security audits, compliance requirements, and comprehensive vulnerability assessments.
Usage
What is Thorough Pentest?
Thorough Pentest mode performs an exhaustive security assessment that:
- Comprehensive coverage of all attack surfaces
- Deep analysis of complex vulnerabilities
- Advanced exploitation techniques
- Detailed documentation of all findings
- Complete audit trail of testing activities
Thorough Pentest is the gold standard for production security audits, compliance testing, and comprehensive security assessments.
How It Works
Testing Methodology
Thorough Pentest follows a systematic approach based on industry-standard penetration testing methodologies:
1. Reconnaissance
Comprehensive discovery of the target application:
- Attack surface mapping
- Technology stack identification
- Entry point enumeration
- Hidden endpoint discovery
- API documentation analysis
2. Vulnerability Assessment
Systematic vulnerability identification:
- OWASP Top 10 testing
- Business logic flaws
- Authentication/authorization issues
- Input validation weaknesses
- Configuration vulnerabilities
- Known CVE checking
3. Exploitation
Proof-of-concept development:
- Vulnerability chaining
- Privilege escalation
- Data exfiltration paths
- Impact demonstration
- Exploitation automation
4. Post-Exploitation
Impact analysis:
- Lateral movement possibilities
- Data access scope
- System compromise potential
- Business impact assessment
5. Documentation
Comprehensive reporting:
- Executive summary
- Technical findings
- Proof-of-concepts
- Remediation roadmap
- Risk prioritization
Vulnerability Coverage
Thorough Pentest examines all major vulnerability categories:
- SQL Injection
- NoSQL Injection
- Command Injection
- LDAP Injection
- XML Injection
- Template Injection
- Broken authentication
- Session management
- Password policies
- MFA bypass
- OAuth flaws
- Access control issues
- IDOR vulnerabilities
- Privilege escalation
- Missing function level access control
- Sensitive data exposure
- Information disclosure
- API data leakage
- Error message leaks
- Default credentials
- Unnecessary services
- Verbose errors
- Security headers
- TLS/SSL issues
- Reflected XSS
- Stored XSS
- DOM-based XSS
- CSRF vulnerabilities
- Workflow bypasses
- Rate limiting issues
- Payment manipulation
- Logic flaws
- API authentication
- Rate limiting
- Mass assignment
- Excessive data exposure
Configuration Options
When launching Thorough Pentest, provide comprehensive details:
Target Specification
Scope Definition
Clearly define in-scope and out-of-scope systems to ensure testing stays within authorized boundaries.
- In Scope: All systems you have permission to test
- Out of Scope: Third-party services, shared infrastructure
- Special Considerations: Production data, DOS attacks, social engineering
Authentication Details
Provide comprehensive authentication information:
- User Credentials: Multiple user roles (admin, standard user, guest)
- API Keys: All API authentication tokens
- Session Data: Cookies, JWT tokens, OAuth tokens
- MFA Details: If applicable, temporary MFA codes
Testing Parameters
Fine-tune the testing approach:
- Aggressiveness Level: Conservative, moderate, or aggressive
- Rate Limits: Respect application rate limiting
- Testing Hours: Preferred time windows
- Notification: Contact for critical findings
Duration & Resource Usage
Thorough Pentest typically takes several hours to multiple days depending on:
- Application complexity
- Attack surface size
- Number of features
- Depth of testing required
Resource Considerations
- API Token Usage: Higher than Quick Test (thousands to tens of thousands of tokens)
- Network Traffic: Significant requests to target application
- Time Investment: Plan for extended testing periods
- Cost: Budget for AI API costs based on application size
Interpreting Results
Thorough Pentest provides comprehensive documentation:
Vulnerability Reports
Each finding includes:
Risk Scoring
Vulnerabilities are scored using:
- CVSS v3.1: Industry-standard vulnerability scoring
- Business Impact: Contextualized risk to your organization
- Exploitability: Likelihood and ease of exploitation
- Data Sensitivity: Impact on sensitive data
When to Use Thorough Pentest
Comprehensive security assessment before production deployment
Meet regulatory requirements (SOC 2, ISO 27001, PCI DSS)
Security assessment of acquisition targets
Periodic comprehensive security assessments
After significant application changes or refactors
Post-incident comprehensive security review
Best Practices
Recommendations for Optimal Results:
- Use Claude 3.5 Sonnet or Opus for best testing quality
- Provide multiple user roles for authorization testing
- Run during maintenance windows to avoid production impact
- Document all credentials and scope details upfront
- Monitor application during testing for issues
- Save sessions for future reference and retesting
Quick Test vs Thorough Pentest
Session Management
Thorough Pentest sessions are automatically saved:
- Resume Testing: Continue multi-day assessments
- Review Findings: Access historical test results
- Compare Tests: Track security improvements over time
- Export Reports: Generate compliance documentation
Use /sessions to manage your penetration test sessions.
Exporting Results
After testing completes, export results in various formats:
- PDF Reports: Executive and technical reports
- JSON/CSV: Raw data for integration with other tools
- Markdown: Documentation-friendly format
- SARIF: For integration with security tools
