Skip to main content
The pensar quicktest command performs a rapid, objective-focused penetration test against a target without running full attack surface discovery.

Synopsis

pensar quicktest --target <target> --objective <objective> [options]

Description

Quicktest is optimized for fast, targeted security testing when you:
  • Want to test a specific hypothesis quickly
  • Already know what vulnerability to look for
  • Need rapid feedback during development
  • Have time constraints
Quicktest skips the full attack surface discovery phase. For comprehensive testing, use pensar pentest instead.

Required Arguments

--target
string
required
Target URL, domain, or IP address to test.
pensar quicktest --target https://example.com --objective "..."
Can be:
  • Full URL: https://api.example.com
  • Domain: example.com
  • IP address: 192.168.1.100
  • Localhost: http://localhost:3000
--objective
string
required
Testing objective or hypothesis.
pensar quicktest \
  --target https://example.com \
  --objective "Test for SQL injection in login form"
Be specific about what you want to test.

Options

--model
string
default:"claude-sonnet-4-5"
AI model to use for testing.
pensar quicktest --target ... --objective ... --model claude-opus-4
--headers
string
default:"default"
Header mode for requests.Values:
  • none - No custom headers
  • default - Add User-Agent: pensar-apex
  • custom - Use custom headers defined with --header
pensar quicktest --target ... --objective ... --headers custom
--header
string
Add custom header (requires --headers custom).
pensar quicktest \
  --target api.example.com \
  --objective "Test API authentication" \
  --headers custom \
  --header "User-Agent: pensar_client123" \
  --header "X-Custom-Header: value"
Can be specified multiple times for multiple headers.

Examples

Test Specific Vulnerability

pensar quicktest \
  --target http://localhost:3000 \
  --objective "Find SQL injection vulnerabilities"

==========================================================
QUICKTEST
==========================================================
Target:     http://localhost:3000
Objective:  Find SQL injection vulnerabilities
Model:      claude-sonnet-4-5

→ Testing objective...
→ Analyzing application behavior...
→ Testing SQL injection payloads...
✓ Found SQL injection in /api/login
→ Creating proof-of-concept...
✓ POC created: poc_sqli_login.sh

==========================================================
RESULTS
==========================================================
Findings:  1 (1 CRITICAL)
Path:      ~/.pensar/sessions/quicktest_abc123/findings.json
POCs:      ~/.pensar/sessions/quicktest_abc123/pocs/
Time:      2m 18s

API Security Testing

pensar quicktest \
  --target https://api.example.com \
  --objective "Test for IDOR vulnerabilities in user endpoints" \
  --headers custom \
  --header "Authorization: Bearer eyJ..."

Development Feedback Loop

Test during development: 
# After implementing a feature
pensar quicktest \
  --target http://localhost:8000 \
  --objective "Test new file upload feature for path traversal"

# Fix any issues found
# Re-test
pensar quicktest \
  --target http://localhost:8000 \
  --objective "Verify file upload path traversal is fixed"

Multiple Custom Headers

pensar quicktest \
  --target api.staging.example.com \
  --objective "Test authentication bypass" \
  --headers custom \
  --header "User-Agent: Mozilla/5.0" \
  --header "X-API-Key: test-key-123" \
  --header "X-Request-ID: pensar-test"

Quicktest vs Pentest

FeatureQuicktestPentest
SpeedFast (2-5 min)Comprehensive (10-30 min)
ScopeSingle objectiveFull attack surface
DiscoveryNoneFull recon & mapping
Best forSpecific testsComplete audit
Use caseDev feedbackProduction testing
Use quicktest during development for rapid feedback. Use pentest for comprehensive security audits.

Writing Good Objectives

Specific and actionable:
"Test for SQL injection in login form"
"Check for IDOR in /api/users/{id} endpoint"
"Test file upload for path traversal"
"Verify JWT token signature validation"
These objectives are:
  • Focused on a single vulnerability class
  • Reference specific components/endpoints
  • Testable with clear pass/fail criteria

Use Cases

Development Testing

Quick security checks during feature development

Hypothesis Testing

Test if a specific vulnerability exists

Regression Testing

Verify security fixes work as intended

Bug Bounty

Quickly test specific attack vectors

Limitations

Quicktest does not perform:
  • Attack surface discovery
  • Subdomain enumeration
  • Service fingerprinting
  • Comprehensive endpoint mapping
For complete security coverage, use pensar pentest.

Troubleshooting

Possible reasons:
  1. Vulnerability doesn’t exist - The specific issue may not be present
  2. Objective too narrow - Try a broader objective or use pentest
  3. Target unreachable - Verify network connectivity
  4. Authentication required - Add auth headers with --header
You must specify at least one objective:
pensar quicktest --target example.com --objective "Test for XSS"
Ensure you set --headers custom:
# Wrong:
pensar quicktest --target ... --header "Auth: token"

# Right:
pensar quicktest --target ... --headers custom --header "Auth: token"

Next Steps

Full Pentest

Run comprehensive security testing

Targeted Pentest

Multiple objectives with full discovery

Environment Variables

Configure API keys and headers

Findings

Understand vulnerability findings

Build docs developers (and LLMs) love

Get started for freeTalk to us