Overview The Blackbox Pentest API orchestrates a full penetration testing workflow that combines attack surface discovery with targeted exploitation. It automatically spawns multiple specialized agents to test discovered targets in parallel.
Key Features:
Two-phase workflow: reconnaissance then exploitation
Supports both blackbox and whitebox testing modes
Automatic target prioritization and agent spawning
Parallel execution with configurable concurrency
Comprehensive finding deduplication
Automatic report generation
runPentestAgent Run the deterministic pentest workflow (blackbox or whitebox based on input).
Workflow Phases:
Phase 1 : Runs attack surface discovery (whitebox workflow or blackbox agent)Phase 2 : Spawns targeted pentest agents for each discovered targetPhase 3 : Aggregates results and generates report
import { runPentestAgent } from '@pensar/apex/api/blackboxPentest' ; const result = await runPentestAgent ({ target: 'https://example.com' , model: 'claude-sonnet-4-20250514' , session: sessionInfo , callbacks: { onTextDelta : ( d ) => process . stdout . write ( d . text ), subagentCallbacks: { onSubagentSpawn : ({ subagentId , status }) => { console . log ( ` ${ subagentId } : ${ status } ` ); }, onSubagentComplete : ({ subagentId , status }) => { console . log ( ` ${ subagentId } : ${ status } ` ); }, }, }, }); console . log ( `Found ${ result . findings . length } vulnerabilities` );
Parameters input
PentestWorkflowInput
required
Configuration for the pentest workflow Show PentestWorkflowInput properties
Live target URL — always required
Local codebase path. When provided, enables whitebox attack surface analysis.
AI model identifier (e.g., "claude-sonnet-4-20250514")
Session object providing paths for findings, POCs, logs, etc.
Optional per-provider API key overrides
AbortSignal to cancel the workflow mid-run
Stream event callbacks for monitoring workflow progress Show ConsumeCallbacks properties
Called for each text chunk streamed from the AI
Called when an agent invokes a tool
Called when a tool execution completes
Called when an error occurs
Callbacks for monitoring spawned pentest agents Show SubagentConsumeCallbacks properties
Called when a new pentest agent is spawned
Called when a pentest agent completes
Text deltas from subagents (includes subagentId)
Tool calls from subagents (includes subagentId)
Tool results from subagents (includes subagentId)
Response All vulnerability findings discovered during the pentest severity
'CRITICAL' | 'HIGH' | 'MEDIUM' | 'LOW'
Severity level
Detailed description of the vulnerability
Impact assessment and potential consequences
Evidence demonstrating the vulnerability
Path to the proof-of-concept exploit script
Recommended remediation steps
External references and resources (optional)
Absolute path to the session’s findings directory
Absolute path to the session’s POC scripts directory
Path to the generated pentest report (null if not generated)
Usage Examples Basic Blackbox Pentest
Whitebox Pentest
With Progress Monitoring
With Cancellation
import { runPentestAgent } from '@pensar/apex/api/blackboxPentest' ; import { createSession } from '@pensar/apex/session' ; // Create session const session = await createSession ({ name: 'Full Pentest' , targets: [ 'https://example.com' ], }); // Run full pentest workflow const result = await runPentestAgent ({ target: 'https://example.com' , model: 'claude-sonnet-4-20250514' , session , }); console . log ( `Findings: ${ result . findingsPath } ` ); console . log ( `POCs: ${ result . pocsPath } ` ); if ( result . reportPath ) { console . log ( `Report: ${ result . reportPath } ` ); }
Workflow Details Phase 1: Attack Surface Discovery The workflow begins by discovering the attack surface:
Blackbox mode (default): Runs external reconnaissance using web scraping, DNS enumeration, port scanning, and browser automationWhitebox mode (when cwd provided): Analyzes source code to extract API endpoints, routes, and pages
Both modes produce a list of prioritized targets with specific testing objectives.
Phase 2: Parallel Exploitation The workflow spawns multiple TargetedPentestAgent instances (default: 10 concurrent) to test each target:
Each agent receives specific targets and objectives from Phase 1
Agents run in parallel with bounded concurrency
Findings are automatically deduplicated via shared registry
Progress is tracked via subagent callbacks
Phase 3: Result Aggregation After all agents complete:
All findings are collected from the session’s findings directory
A comprehensive pentest report is generated (if applicable)
Results are returned with paths to findings, POCs, and reports
Attack Surface Run attack surface discovery separately
Targeted Pentest Test specific targets without discovery
Authentication Authenticate before pentesting
Patching Generate patches for vulnerabilities
