Documentation AI Auto Pentest

AI Automated Pentesting

VerityLayer's AI Auto Pentest module is an advanced, strictly constrained LLM-based agent capable of performing reconnaissance and active exploitation testing across your authorized attack surface.

Activating the Agent

Navigate to Auto Pentest > Launch. The system requires explicit scoping controls before any offensive action is commenced. You MUST define:
  • Allowed Target IPs / Domains: The exact networks the agent is allowed to touch.
  • Allowed Techniques: Whether to enable port scanning, directory brute forcing, blind SQL injection, etc.
  • Review Mode: Opt to make the agent request human approval before executing any complex or destructive exploits.

Constraint Engine

We utilize a proprietary parsing pipeline AutoPentestOptimizedPayloadEngine that intercepts ALL commands the AI attempts to execute on the runner nodes.

  • Syntax Validation: Checks constraints logic
  • Path Traversal Guard: Prevents the agent from interacting with local disk outside /tmp/wargames/
  • Payload Sanitization: Ensures no catastrophic system calls are made against the target, and strips malicious persistence scripts.

    • Web Reconnaissance

    The AI has access to an integrated headless browser specifically built for Web App Sec. It can crawl SPA applications, inspect DOM trees for secrets, trace JavaScript dependencies for outdated libraries, and attempt basic XSS/CSRF payload injections automatically. Results are piped directly to the common Vulnerability Management dashboard for review and prioritization.