Penetration Testing

The Penetration Testing module is an add-on to the Vulnios platform. It enables automated security assessments against web applications, APIs, networks, and infrastructure using battle-tested open-source tools.

Unlike static scanning, PT runs active probes — port scans, injection attempts, fuzzing, directory brute-forcing, and TLS analysis — giving you a real attacker's view of your attack surface.

All 11 tools run in hardened Docker containers with zero data persistence:

Projects group related targets and runs. Think of each project as one application, client, or environment.

• Create projects with name, description, and optional tags.
• Add targets: hostnames, IP addresses, URL ranges, or CIDR blocks.
• Targets are validated before addition to prevent unauthorized scanning.
• Import targets from CSV for bulk operations.
• Per-target authentication support for authenticated scanning.

Runs are individual pen test executions against your project's targets.

• On-demand runs from the dashboard with one click.
• Configure which tools to run or use the default "all tools" profile.
• Real-time progress monitoring with per-tool status.
• Concurrent run limits based on your PT plan tier.
• Scheduled runs with cron support (PT Pro+ and above).

Each run produces structured findings with full evidence:

• Severity ratings (Critical → Info) with CVSS scores.
• Tool attribution — which engine found each issue.
• Evidence: HTTP request/response, screenshots, and command output.
• Remediation recommendations with fix priority.
• Export to HTML, JSON, PDF, CSV (format depends on plan tier).
• Compliance mapping: PCI-DSS, OWASP Top 10, ISO 27001.
• AI-powered narrative reports (PT Pro+ and above).