Pensar provides a comprehensive set of commands for AI-powered penetration testing, from interactive TUI sessions to automated security assessments.
Command Structure
pensar [command] [options]
Available Commands
pensar
Launch the interactive Terminal UI for guided penetration testing
pentest
Run a full orchestrated pentest with attack surface discovery
targeted-pentest
Execute a focused pentest against specific objectives
quicktest
Run a rapid, objective-focused penetration test
benchmark
Compare security posture across repository branches
swarm
Run parallel pentests on multiple targets simultaneously
auth
Authenticate to target applications and verify auth mechanisms
doctor
Check dependencies and system configuration
upgrade
Update Pensar to the latest version
Quick Reference
Launch TUI
Start the interactive Terminal UI with full visual interface and guided workflows.
Full Pentest
# Blackbox pentest
pensar pentest --target https://example.com
# Whitebox pentest with source code analysis
pensar pentest --target https://example.com --cwd /path/to/source
# Exfiltration mode (pivoting & flag extraction)
pensar pentest --target https://example.com --mode exfil
Targeted Pentest
pensar targeted-pentest \
--target https://example.com \
--objective "Test authentication bypass" \
--objective "Check for SQL injection"
Quick Test
# Rapid, focused testing
pensar quicktest \
--target http://localhost:3000 \
--objective "Test for SQL injection"
Benchmark
# Compare security across branches
pensar benchmark /path/to/repo main develop
pensar benchmark /path/to/repo --all-branches --limit 5
Swarm
# Test multiple targets in parallel
pensar swarm targets.json
pensar swarm '["https://api.example.com", "https://admin.example.com"]'
Authentication
# Authenticate to target
pensar auth --target https://app.example.com --username admin --password pass
pensar auth --target https://api.example.com --bearer "eyJ..."
System Check
# Check dependencies and AI provider configuration
pensar doctor
Update
# Update to latest version
pensar upgrade
Global Options
These options work with any command:
Display help information for the command
Show the current Pensar version
Command Output
Most pentest commands generate structured output:
- Findings: JSON file with discovered vulnerabilities
- POCs: Proof-of-concept exploit scripts
- Reports: Human-readable security assessment reports
- Session Data: Stored in
~/.pensar/sessions/ for later review
Environment Variables
Pensar respects standard environment variables for AI provider configuration:
# Anthropic (default provider)
export ANTHROPIC_API_KEY="your-key-here"
# OpenAI
export OPENAI_API_KEY="your-key-here"
# OpenRouter
export OPENROUTER_API_KEY="your-key-here"
# AWS Bedrock
export BEDROCK_API_KEY="your-key-here"
export AWS_ACCESS_KEY_ID="your-key-here"
export AWS_SECRET_ACCESS_KEY="your-key-here"
# Local vLLM
export LOCAL_MODEL_URL="http://localhost:8000/v1"
Usage Patterns
Interactive Exploration (TUI)
Best for learning, exploration, and manual testing:
Automated CI/CD Integration
Best for continuous security testing:
pensar pentest --target "$TARGET_URL" --model gpt-4o > pentest.log
Focused Vulnerability Research
Best for testing specific attack vectors:
pensar targeted-pentest \
--target "$TARGET_URL" \
--objective "Test for IDOR vulnerabilities" \
--objective "Check session management"
Next Steps
Getting Started
Set up Pensar and run your first pentest
Configuration
Configure AI providers and customize settings
