The targeted-pentest command runs a focused security assessment against specific testing objectives, ideal for investigating particular vulnerability classes or security concerns.
Syntax pensar targeted-pentest --target < ur l > --objective < tex t > [--objective < tex t > ...] [options]
Description Unlike the full pentest command which performs comprehensive attack surface discovery, targeted-pentest focuses exclusively on your specified objectives. This makes it ideal for:
Testing specific vulnerability hypotheses
Focused security audits
Regression testing after security fixes
Investigating specific attack vectors
Required Options Target URL, domain, or IP address to test Examples :
https://example.comhttp://192.168.1.100:8080api.example.com Testing objective or security goal (repeatable) Define what you want to test. You can specify multiple objectives by using the flag multiple times. Examples :
"Test for SQL injection in login form""Check authentication bypass vulnerabilities""Verify session management security""Test file upload restrictions" At least one --objective is required. You can specify multiple objectives to test several attack vectors in a single run.
Optional Parameters AI model to use for security analysis Default : claude-sonnet-4-5Supported models :
claude-sonnet-4-5 (recommended)claude-opus-4-0gpt-4ogpt-4-turboCustom models via OpenRouter or local vLLM
Example :Examples Single Objective Testing Test for SQL injection vulnerabilities:
pensar targeted-pentest \ --target https://example.com \ --objective "Test for SQL injection in all input fields"
Output :============================================================ TARGETED PENTEST ============================================================ Target: https://example.com Model: claude-sonnet-4-5 Objectives: 1. Test for SQL injection in all input fields → Analyzing target... → Testing login form → calling fetch_http ✓ fetch_http completed → calling execute_command ✓ Found SQL injection in username parameter ============================================================ RESULTS ============================================================ Findings: 3 Path: /home/user/.pensar/sessions/jkl012/findings.json POCs: /home/user/.pensar/sessions/jkl012/pocs/
Multiple Objectives Test several security aspects in one run:
pensar targeted-pentest \ --target https://app.example.com \ --objective "Test authentication mechanisms for bypass vulnerabilities" \ --objective "Check for insecure direct object references (IDOR)" \ --objective "Verify session management follows security best practices"
Output :============================================================ TARGETED PENTEST ============================================================ Target: https://app.example.com Model: claude-sonnet-4-5 Objectives: 1. Test authentication mechanisms for bypass vulnerabilities 2. Check for insecure direct object references (IDOR) 3. Verify session management follows security best practices → Testing objective 1: Authentication bypass... ✓ No authentication bypass found ✓ Multi-factor authentication properly implemented → Testing objective 2: IDOR vulnerabilities... → calling fetch_http ✓ Found IDOR in /api/users/:id endpoint ✓ Found IDOR in /api/documents/:id endpoint → Testing objective 3: Session management... ✓ Found insecure session cookie (missing HttpOnly flag) ✓ Session tokens predictable via weak random number generator ============================================================ RESULTS ============================================================ Findings: 4 Path: /home/user/.pensar/sessions/mno345/findings.json POCs: /home/user/.pensar/sessions/mno345/pocs/
API Security Testing Focus on REST API vulnerabilities:
pensar targeted-pentest \ --target https://api.example.com/v2 \ --objective "Test API authentication and authorization" \ --objective "Check for mass assignment vulnerabilities" \ --objective "Verify rate limiting implementation"
Custom Model Selection Use a specific model for testing:
pensar targeted-pentest \ --target https://example.com \ --objective "Test for XSS vulnerabilities" \ --model gpt-4o
Regression Testing Verify that a security fix works:
pensar targeted-pentest \ --target https://staging.example.com \ --objective "Verify CVE-2024-1234 SQL injection is patched in /api/search"
Output :============================================================ TARGETED PENTEST ============================================================ Target: https://staging.example.com Model: claude-sonnet-4-5 Objectives: 1. Verify CVE-2024-1234 SQL injection is patched in /api/search → Testing /api/search endpoint... → Attempting SQL injection payloads ✓ Parameterized queries detected ✓ Input validation properly implemented ✓ SQL injection attack unsuccessful - vulnerability appears fixed ============================================================ RESULTS ============================================================ Findings: 0 Path: /home/user/.pensar/sessions/pqr678/findings.json POCs: /home/user/.pensar/sessions/pqr678/pocs/
File Upload Security Test file upload functionality:
pensar targeted-pentest \ --target https://example.com \ --objective "Test file upload for unrestricted file upload vulnerability" \ --objective "Check if uploaded files can be executed" \ --objective "Verify file type validation"
Output Files The targeted-pentest command generates output files in the session directory:
findings.json JSON file with discovered vulnerabilities:
[ { "id" : "vuln-001" , "title" : "IDOR in User Profile API" , "severity" : "high" , "cvss" : 8.1 , "description" : "The /api/users/:id endpoint allows unauthorized access..." , "objective" : "Check for insecure direct object references (IDOR)" , "poc" : "pocs/idor-user-profile.py" , "remediation" : "Implement proper authorization checks..." } ]
pocs/ Proof-of-concept exploit scripts:
pocs/ ├── idor-user-profile.py └── session-cookie-theft.sh
Use Cases Hypothesis Testing
Compliance Audits
Regression Testing
Bug Bounty
Test a specific vulnerability theory: pensar targeted-pentest \ --target https://example.com \ --objective "Test if JWT tokens are properly validated"
Perfect for:
Security research
Validating suspicions
Focused investigations
Verify specific security requirements: pensar targeted-pentest \ --target https://example.com \ --objective "Verify OWASP Top 10 compliance for authentication" \ --objective "Check PCI-DSS requirement 6.5.1 (injection flaws)"
Useful for:
Regulatory compliance
Security certifications
Audit preparation
Confirm security fixes: pensar targeted-pentest \ --target https://staging.example.com \ --objective "Verify fix for SQL injection in search functionality"
Ideal for:
Post-fix validation
CI/CD security gates
Continuous testing
Focus on high-value targets: pensar targeted-pentest \ --target https://example.com \ --objective "Test admin panel for privilege escalation" \ --objective "Check payment flow for logic flaws"
Great for:
Bug bounty hunting
High-value target focus
Efficient time usage
Objective Writing Tips Be Specific --objective "Test if the /api/users endpoint is vulnerable to SQL injection via the 'search' parameter"
Include Context --objective "Verify that uploaded profile pictures cannot execute as PHP scripts"
Reference Standards --objective "Check for OWASP A01:2021 Broken Access Control in admin API endpoints"
Comparison with Full Pentest Feature pentesttargeted-pentestAttack surface discovery ✅ Automatic ❌ Manual Testing scope Comprehensive Focused Number of findings Many Specific Execution time Longer Faster Use case Initial assessment Hypothesis testing Whitebox support ✅ Yes ❌ No
Use pentest for initial security assessments and targeted-pentest for focused investigations or regression testing.
Environment Variables API key for Claude models (recommended)
Troubleshooting Objective Not Being Tested If your objective isn’t being addressed:
Make it more specific :# Instead of: --objective "Test security" # Use: --objective "Test the login form at /login for SQL injection in username field"
Break down complex objectives :# Instead of one complex objective, use multiple: --objective "Test authentication bypass" \ --objective "Test authorization bypass" \ --objective "Test session fixation"
No Findings If the test completes with no findings:
The target may be secure for the tested objectives ✅
Try rephrasing your objectives
Use the full pentest command for broader testing
Check logs: ~/.pensar/sessions/*/agent.log
Authentication Required For authenticated testing:
# Use the TUI for authentication setup: pensar # Then navigate to: Operator Dashboard > Auth Wizard
pentest - Comprehensive automated pentestpensar - Interactive TUI with manual controldoctor - Check system configuration
Next Steps
Writing Objectives Learn to write effective security testing objectives
Interpreting Results Understand and act on pentest findings
