Agentless & Passive Recon
mDNS, ARP, header analysis, traffic fingerprints - quickly map local networks without endpoints.
Platform Capabilities
Modular Offensive Security. One Verification-First Architecture.
Pentesterra combines vulnerability management, attack surface mapping, breach simulation, and controlled exploitation into one continuous workflow with evidence-first prioritization.
Core Modules
Coverage across infrastructure, applications, and offensive validation operations.
VM
Vulnerability Management
Continuous detection, prioritization, and lifecycle management across the asset inventory.
ANPT
Automated Network Pentesting
Controlled exploit validation for internal and external exposure with operational guardrails.
BAS
Breach & Attack Simulation
Scenario-driven simulation to validate control effectiveness and identify realistic attack paths.
WEB
Web App Pentest
SPA/API-focused testing with authenticated flows, token handling, and controlled payload strategy.
Detailed Capabilities
Port & Service Discovery
Fast, accurate service detection, versioning and vuln fingerprinting.
MS Active Directory Testing
Automated AD enumeration, ACL analysis, credential abuse simulation, and safe lateral movement validation.
Automated Attack Path Calculation
Graph-based attack-path calculation, prioritized by exploitability and business impact.
Safe Exploit Validation
Uses real-world tools in non-malicious modes to validate true exploitability (no malware/ransomware). GOV customers may enable additional toolsets under contract.
Web Pentesting
Modern web, SPA, API testing via public/private proxies and Tor; support for authentication flows, CSRF, JWT, WAF evasion.
Advanced Evasion
Adaptive probe strategies when WAF/IDS is detected - stealthier payloads & timing adjustments.
Scope Controls & RBAC
Define scan scope, approval gates, and role-based access control to functions and data.
Scanner Access Control
Separate access for scanner nodes; limit who can run, view, or configure nodes.
Prioritization & Risk Scoring
Vulnerability ranking, business-context tagging, and remediation guidance.
NO external tools required
The platform includes required scanning & exploitation capabilities - no third-party procurement needed.
Continuous KB
Auto-updating database of vulnerabilities, CVEs, exploits, and threat intelligence.
Business Process & Logic DetectionNEW
Automatically identifies business processes (BP-PAY-001, BP-AUTH-001) and logic vulnerabilities - IDOR, bypassable workflows, mass assignment, race conditions - with regulatory scope mapping to PCI-DSS, GDPR, HIPAA, and SOX.
Attack Chain Analysis
Graph-based engine combining web, network, and DevGuard findings into directed kill-chain paths (up to 20 chains, depth ≤ 5). Phases: Initial Access → Exploitation → Privilege Escalation → Lateral Movement → Impact. Each chain scored by exploitability and blast radius.
Architecture & Operating Modes
Cloud control plane with distributed scanner nodes across external, internal, and on-prem zones.
- Self-Service SaaS - full operator control for security teams.
- Managed Service - expert-led engagements through the same platform workflows.
- Single-Tenant / GOV - sovereign deployments, air-gap options, and strict segmentation.
- MSSP Mode - multi-tenant operations with per-client isolation and governance boundaries.
Licensing Matrix
Compare availability by module and deployment tier.
| Feature / Tier | VM | ANPT | BAS | Web pentesting | MSSP | GOV |
|---|---|---|---|---|---|---|
| Cloud core | Included | Included | Included | Included | Included | Included |
| Network scanning | Included | Included | Not included | Included | Included | Included |
| Passive reconnaissance | Included | Included | Not included | Included | Included | Included |
| AD scanning | Included | Included | Not included | Not included | Included | Included |
| Network pentesting | Not included | Included | Not included | Not included | Included | Included |
| Web scanning & pentesting | Not included | Not included | Not included | Included | Included | Included |
| Automated exploitation | Not included | Included | Not included | Included | Included | Included |
| Breach attack simulation | Not included | Not included | Included | Included | Included | Included |
| On-prem scanners | Included | Included | Included | Included | Included | Included |
| Cloud scanners | Included | Included | Included | Included | Included | Included |
| Verifiy vulnerability | Not included | Included | Not included | Included | Included | Included |
| Managed service option | Included | Included | Included | Included | Included | Included |
| Emhanced avoid protection | Not included | Not included | Not included | Not included | Not included | Included |
| Full air-gap support | Not included | Not included | Not included | Not included | Not included | Included |
| Full on-prem installation | Not included | Not included | Not included | Not included | Not included | Included |
| Support 24x7 | Included | Included | Included | Included | Included | Included |
FAQ
Can Pentesterra operate in air-gapped or sovereign environments?
Yes. The GOV Edition supports full air-gap deployment, compliance packaging, and optional on-prem orchestration with controlled update channels.
How do managed pentests work alongside automation?
Our red-team analysts operate through the same platform, layering expert-led engagements on top of automated discovery, exploit validation, and reporting.
Is there an API for integrating findings into existing workflows?
Pentesterra offers a full REST API for triggering scans, fetching results, and pulling reports programmatically - for CI/CD automation or custom tooling. Jira integration creates tickets automatically from verified findings. The built-in workflow with role-based access control handles triage, assignment, and approval natively.
What is the Dynamic Rule Security Engine (DRSE)?
DRSE is a KB-based rule engine that defines automated behavior triggered by scan events. Rules can apply a specific scan profile and trigger a re-scan, send an alert when a particular threat class is detected, or launch an enrichment workflow. DRSE is not a false positive filter - it's a programmable behavior layer on top of standard scan logic, letting security teams encode response logic that runs automatically when certain conditions are met.
How does exploit verification work?
Pentesterra uses multiple verification paths depending on what was found. Own scripts (split into verify-only and exploit modes, both non-destructive). KB-matched checks. nmap NSE scripts and nuclei templates. Attack Brain Chain for full attack vector simulation end-to-end - the same way a pentester would manually chain findings. And generated PoCs attached to findings. The KB is continuously updated with new vulnerabilities, detection methods, and exploitation patterns, so coverage expands without a model retrain cycle.
What is Attack Chain Analysis?
Attack Chain Analysis combines findings from web pentests, network scans, and DevGuard code scanning into directed kill-chain graphs. The engine calculates up to 20 attack paths (depth ≤ 5), scoring each by exploitability and blast radius, mapped to MITRE ATT&CK kill-chain phases.
How does AI work in Pentesterra - is it a pentest GPT or LLM wrapper?
Pentesterra is not a pentest GPT or LLM wrapper. The AI component - PentestBrain - is an adaptive reasoning engine that decides which exploitation tool runs next based on live scan data, interprets payloads, and escalates attack paths. LLM reasoning drives the verification loop; scanning, exploitation, and evidence collection are performed by Pentesterra's own engine and scanner nodes - not generated by a language model.