Commands

/sessions

Overview

The /sessions command displays all your saved penetration testing sessions, allowing you to review past tests, resume interrupted assessments, and track your security testing history over time.

Usage

$/sessions

What are Sessions?

Sessions in Apex represent individual penetration testing runs. Each session contains:

  • Test Configuration: Target details, scope, and parameters
  • Progress State: What has been tested and what remains
  • Findings: All discovered vulnerabilities and issues
  • Test Logs: Complete audit trail of testing activities
  • Metadata: Timestamps, duration, AI model used

Sessions are automatically saved during testing, so you never lose your work even if testing is interrupted.

Session Management

When you run /sessions, you’ll see a list of all saved sessions with:

Session Name

Automatically generated or custom name for the test

Target

The application or domain that was tested

Status

In Progress, Completed, or Paused

Timestamp

When the session was created or last updated

Duration

Total time spent on the assessment

Findings

Number of vulnerabilities discovered

Resuming Sessions

To resume a previous testing session:

1

Open Sessions

Run /sessions to view all saved sessions

2

Select Session

Choose the session you want to resume from the list

3

Review State

Check what has been tested and what findings exist

4

Continue Testing

The AI agent will resume from where testing left off

Pro Tip: Resume sessions when you need to continue multi-day comprehensive assessments or retest after fixes have been applied.

Use Cases

Multi-Day Assessments

For large applications requiring extended testing:

Day 1: Initial reconnaissance and authentication testing
        ↓ Save session
Day 2: Resume and test API endpoints
        ↓ Save session
Day 3: Resume and test business logic
        ↓ Complete assessment

Regression Testing

Verify that security fixes haven’t introduced new issues:

1

Load Original Session

Resume the session from your initial security assessment

2

Retest Fixed Issues

Verify that reported vulnerabilities have been remediated

3

Scan for New Issues

Check if fixes introduced new security problems

4

Compare Results

Compare findings between original and retest sessions

Continuous Security Testing

Track security posture over time:

  • Weekly Scans: Compare findings week-over-week
  • Release Testing: Test each release and track improvements
  • Trend Analysis: Identify security trends and patterns

Session Information

Each session provides detailed information:

Test Configuration

  • Primary URL or domain
  • Scope definition
  • In-scope/out-of-scope systems
  • API endpoints included
  • Credentials used
  • User roles tested
  • Token information
  • Session cookies
  • Testing mode (Quick Test or Thorough Pentest)
  • AI model used
  • Aggressiveness level
  • Rate limiting settings
  • Total vulnerabilities found
  • Severity breakdown
  • Vulnerability types
  • Critical issues requiring immediate attention

Test Results

Access comprehensive results from each session:

Vulnerability Reports

Detailed write-ups of each security issue

Proof of Concepts

Working POCs to demonstrate vulnerabilities

Remediation Guidance

Fix recommendations for each issue

Test Coverage

What was tested and coverage metrics

Managing Sessions

Organizing Sessions

Keep your sessions organized:

  • Naming Convention: Use descriptive names (e.g., “ProductionAPI-Q4-2025”)
  • Tagging: Add tags for easy filtering (e.g., “compliance”, “pre-production”)
  • Archiving: Archive old sessions to keep the list clean
  • Deletion: Remove test sessions that are no longer needed

Session States

Sessions can be in different states:

StateDescriptionActions Available
In ProgressCurrently running or pausedResume, View, Export
CompletedTesting finishedView, Export, Archive
FailedError during testingView logs, Retry
ArchivedOlder session moved to archiveView, Unarchive, Delete

Exporting Session Data

Export session results for documentation or integration:

1

Select Session

Choose the session you want to export from /sessions

2

Choose Format

Select export format (PDF, JSON, CSV, Markdown, SARIF)

3

Configure Export

Choose what to include (findings, logs, POCs, etc.)

4

Export

Generate and download the export file

Export Formats

Best for: Executive reporting and compliance documentation

Includes:

  • Executive summary
  • Detailed findings
  • Proof-of-concepts
  • Remediation recommendations
  • Appendices with technical details

Best for: Tool integration and programmatic access

Contains:

  • Structured vulnerability data
  • Test metadata
  • Raw findings
  • API-friendly format

Best for: Spreadsheet analysis and tracking

Columns:

  • Vulnerability name and type
  • Severity and CVSS score
  • Affected components
  • Status and remediation

Best for: Documentation and knowledge bases

Formatted for:

  • README files
  • Wiki pages
  • Documentation sites
  • GitHub/GitLab issues

Best for: CI/CD and security tool integration

Compatible with:

  • GitHub Advanced Security
  • Azure DevOps
  • GitLab Security Dashboards
  • Other SARIF-compatible tools

Session Comparison

Compare multiple sessions to track security improvements:

Original Assessment (Jan 2025)
Fixes Applied
Regression Test (Feb 2025)
Compare Results:
- 15 vulnerabilities fixed
- 2 new issues introduced
- Security posture improved 85%

Best Practices

Session Management Tips:

  1. Use descriptive names for easy identification
  2. Save sessions regularly during long assessments
  3. Export results after each completed test
  4. Archive old sessions to keep the list manageable
  5. Review sessions before retesting to understand previous findings
  6. Track metrics over time to measure security improvements

Retention and Storage

Sessions are stored locally on your machine in the Apex configuration directory. Ensure you have adequate disk space for session storage, especially for long-running comprehensive tests.

Storage Location

Session data is typically stored at:

macOS/Linux
$~/.pensar/apex/sessions/
Windows
1%USERPROFILE%\.pensar\apex\sessions\

Backup Sessions

Backup important sessions:

$# Backup session directory
>cp -r ~/.pensar/apex/sessions/ /path/to/backup/
>
># Or backup specific session
>cp ~/.pensar/apex/sessions/session-id.json /path/to/backup/

Troubleshooting

Issue: Cannot resume a saved session

Solutions:

  1. Check that the session file isn’t corrupted
  2. Verify API credentials are still valid
  3. Ensure the target is still accessible
  4. Try exporting data and starting a new session

Issue: Previous sessions don’t appear in the list

Solutions:

  1. Check the session storage directory
  2. Verify file permissions
  3. Look in archived sessions
  4. Check if sessions were created under a different user

Issue: Cannot export session results

Solutions:

  1. Ensure you have write permissions in the export directory
  2. Check available disk space
  3. Verify the session data is complete
  4. Try a different export format
/quicktest

Start a new quick test session

/pentest

Start a new thorough pentest session

/config

Configure session defaults

/help

View all available commands