Core Operations Managing Pentests

ThreatExploit Studio allows you to run automated penetration tests against your infrastructure. This guide covers how to schedule new tests, control their active execution, and analyze the findings once a test is complete.

stateDiagram-v2
    [*] --> Scheduled
    Scheduled --> Running
    Running --> Stopped : Pause test
    Stopped --> Running : Resume test
    Running --> Completed
    Completed --> [*]

Scheduling a Pentest

When starting a new pentest, you have full control over what is tested and how aggressive the automated agent should be.

  1. 1

    Define your targets

    Specify the hosts, IP addresses, or URLs you want to test. For each target, you'll need to define the scope (e.g., targeted vs. holistic) and the type of test (black box or white box).

  2. 2

    Choose an execution style

    Decide whether the agent should run in a SAFE mode (scanning and identifying vulnerabilities) or an AGGRESSIVE mode. You can also toggle active exploitation on or off.

  3. 3

    Provide context (Optional)

    Attach saved Playbooks or Memory items to guide the agent's behavior and provide it with specific environmental context.

Configuration Options

When configuring your pentest, you can adjust several parameters to fit your security needs:

ParameterDescriptionOptions
targetsThe systems to be tested and their specific configurations.List of target objects
styleThe intensity of the scanning behavior.SAFE (default) or AGGRESSIVE
exploitWhether the agent should actively attempt to exploit found vulnerabilities.true or false
lightweightRuns a faster, less exhaustive scan using a reduced toolset.true or false
playbook_nameA saved playbook to guide the pentest execution steps.String (Optional)
memory_namesSaved memory items to provide context to the agent.List of strings (Optional)

Enabling the exploit flag or setting the style to AGGRESSIVE allows the agent to actively exploit vulnerabilities. Only use these settings on environments where you have explicit permission and where potential service disruption is acceptable.

How do I configure a target?

Each target in your targets list requires specific details so the agent knows how to approach it:

  • target: The actual host, IP, or URL.

  • scope: Set to TARGETED (focus only on the specific asset) or HOLISTIC (look at the broader environment).

  • type: Set to BLACK_BOX (no prior knowledge) or WHITE_BOX (authenticated).

  • credentials: If using WHITE_BOX, provide the necessary authentication details here.

Can I pass inline memory?

Yes! If you don't want to save a memory item permanently, you can pass memory_items directly when scheduling the test. These are formatted as a list of objects containing a name and content.

Example Configuration

Here is an example of the configuration payload used to schedule a targeted, safe pentest:

{
  "targets": [
    {
      "target": "https://api.example.com",
      "scope": "TARGETED",
      "type": "BLACK_BOX"
    }
  ],
  "style": "SAFE",
  "exploit": false,
  "lightweight": true,
  "playbook_name": "Standard Web API Audit"
}

Controlling Execution

You don't have to wait for a pentest to finish if you need to make changes to your environment or if the test is impacting performance.

  • Stop a pentest: You can pause a running pentest at any time. The agent will safely halt its current tasks.

  • Resume a pentest: Once you are ready, you can resume a previously stopped pentest, and the agent will pick up where it left off.

Viewing and Analyzing Results

As your pentests run and complete, ThreatExploit Studio provides multiple ways to review the evidence and findings.

Browsing Pentests

You can view a paginated list of all historical and active pentests. If you need details on a specific run, you can retrieve the exact configuration, status, and high-level results using the pentest's unique ID.

Gathering Evidence

For completed tests, you can:

  • Get structured reports: Export the findings into a structured report data format.

  • Browse the file tree: View the exact evidence files, logs, and artifacts generated during the test.

  • Download archives: Get a direct download URL for the complete evidence archive to store locally or attach to your internal ticketing systems.

Ask the AI Assistant
You don't have to dig through logs manually! Use the Pentest Chat feature to ask the AI questions about a specific pentest's results. It can help you analyze findings, understand your attack surface, and even provide remediation advice based on the exact evidence gathered.