Multi-Agent Pentest¶
The Multi-Agent Pentest is an autonomous, black-box penetration testing engine that deploys a team of coordinated AI agents inside a sandboxed environment. A core agent orchestrates specialised child agents that perform reconnaissance, targeted exploitation, validation, and reporting — mirroring the workflow of a human pentester.
Capabilities¶
- Multi-agent orchestration: A core agent spawns and coordinates focused child agents (e.g. "SQLi Discovery", "XSS Validation", "Auth Testing") to divide the attack surface
- Full sandbox environment: Agents run inside a sandbox with classic pentesting tools, a browser, and an http proxy.
- Broad vulnerability coverage: XSS, SQL injection, IDOR/BOLA, SSRF, command injection, access control, and business logic flaws
- Evidence-rich reporting: Findings include curl requests, responses, commands, and step-by-step reasoning
- Real-time activity streaming: Agent thinking and tool calls are streamed as scan events so you can follow the pentest live
Configuration¶
Basic Configuration¶
The multi-agent pentest is enabled by default on all automated pentesting scans. No additional configuration is required.
To explicitly disable it:
Natural-Language Instructions¶
Use automated_pentesting.multi_agent_pentest.instructions to guide the pentest scope, priorities, or constraints. This field is optional but helps the agents focus on what matters most.
automated_pentesting:
multi_agent_pentest:
enabled: true
instructions: |
Focus on the checkout and payment flow. The /api/v2/orders and
/api/v2/payments endpoints are the highest-priority targets.
Avoid the /admin panel entirely. Authentication tokens expire
after 15 minutes — re-authenticate if you get 401s.
Good things to include:
- High-value endpoints or workflows to prioritize
- Areas or endpoints to avoid (destructive actions, out-of-scope domains)
- Specific vulnerability classes to focus on
- Authentication or session quirks (token expiry, CSRF requirements)
- Known technologies or frameworks the target uses
Authentication¶
When the target requires authentication, configure it in the scan's authentication block. The agents receive the authentication configuration and use it to access protected surfaces.
automated_pentesting:
multi_agent_pentest:
enabled: true
authentication:
presets:
- type: headers
users:
- username: user@example.com
headers:
Authorization: "Bearer eyJhbGciOiJIUzI1NiJ9..."
Vulnerability Categories¶
Findings are automatically classified into one of the following categories:
| Category | Examples |
|---|---|
| XSS | Reflected, stored, and DOM-based cross-site scripting |
| SQL Injection | Error-based, union-based, blind, and time-based SQL injection |
| SSRF | Server-side request forgery, internal service access |
| Command Injection | OS command injection, remote code execution |
| Access Control | IDOR, privilege escalation, authentication bypass, broken authorization |
| Business Logic | Workflow manipulation, race conditions, state tampering |
Requirements¶
- Reachable target: The scan must be able to reach the target URL
- Web application: Designed for web applications and APIs accessible over HTTP/HTTPS
- Authentication (optional): Configure when important surfaces are behind login
Limitations¶
- Coverage depends on what the agents can discover and reach within the scan timeout
- The default scan timeout is approximately 4 hours
- Agents stay on the configured target domain and do not navigate to external sites
- Natural-language instructions improve focus but do not replace scan scope or authentication setup
Related Documentation¶
- How It Works: Understanding AI pentesting capabilities
- XSS Agent: Dedicated XSS testing agent
- SQLI Agent: Dedicated SQL injection testing agent
- BOLA Agent: Authorization testing agent
- Business Logic Agent: Business workflow testing agent
- Authentication: Set up authentication for scans