Skip to main content
Pensar Apex supports multiple AI models from different providers. Model selection impacts testing quality, speed, and cost.

Default Model

The default model is claude-sonnet-4-5 (Anthropic Claude 4.5 Sonnet), which provides:
  • Excellent reasoning for security analysis
  • Tool use capability for pentest actions
  • Large context window (200k tokens)
  • Good balance of performance and cost
For most pentesting scenarios, the default model provides excellent results. Only change if you have specific requirements.

Selecting a Model

Via Command Line

Specify the model with the --model flag: 
pensar pentest --target https://example.com --model claude-opus-4

Via TUI

  1. Launch the TUI: pensar
  2. Navigate to Models screen
  3. Select from available models or enter a custom model name
  4. The selection persists in ~/.pensar/config.json

Programmatic API

Set the model in your code: 
import { runPentestAgent } from '@pensar/apex';

const result = await runPentestAgent({
  target: 'https://example.com',
  model: 'claude-sonnet-4-5',
  // ... other options
});

Model Selection Guide

By Use Case

Use CaseRecommended ModelRationale
General pentestingclaude-sonnet-4-5Best balance of quality and cost
Complex exploitationclaude-opus-4Maximum reasoning for multi-step chains
Budget testingclaude-sonnet-3-5Good quality at lower cost
Enterprise AWSanthropic.claude-sonnet-4-5 (Bedrock)AWS compliance and security
Offline/air-gappedmeta-llama/Llama-3.1-70B-Instruct (vLLM)No external API calls
Whitebox code analysisdeepseek-ai/deepseek-coder-33b-instruct (vLLM)Code-specialized model

By Performance Requirements

Best Quality

claude-opus-4Maximum reasoning capability. Use for complex targets or when quality is critical.

Best Balance

claude-sonnet-4-5Excellent quality with reasonable cost and speed. Recommended default.

Best Cost

claude-sonnet-3-5Lower cost while maintaining good quality. Suitable for large-scale testing.

Model Capabilities

All recommended models support:
  • Tool Use: Execute pentest tools (curl, nmap, etc.)
  • Long Context: Handle large attack surface reports (100k+ tokens)
  • Structured Output: Generate JSON findings and reports
  • Multi-turn Reasoning: Adapt based on target responses
Pensar Apex automatically handles tool calling and structured output for all supported models.

Context Windows

Different models have different context limits:
ModelContext WindowSuitable For
Claude 4.5 Sonnet200k tokensLarge applications, extensive attack surfaces
Claude 4 Opus200k tokensComplex multi-step exploitation
GPT-4128k tokensMedium-sized applications
Llama 3.1 70B128k tokensStandard pentesting scenarios
Larger context windows allow testing more endpoints in a single session without summarization.

Cost Considerations

Model costs vary significantly:

Anthropic Pricing (approximate)

  • Claude 4.5 Sonnet: ~3per1Minputtokens, 3 per 1M input tokens, ~15 per 1M output tokens
  • Claude 4 Opus: ~15per1Minputtokens, 15 per 1M input tokens, ~75 per 1M output tokens
  • Claude 3.5 Sonnet: ~3per1Minputtokens, 3 per 1M input tokens, ~15 per 1M output tokens

Typical Pentest Costs

  • Simple target (5-10 endpoints): 0.500.50 - 2.00
  • Medium target (20-50 endpoints): 2.002.00 - 10.00
  • Large target (100+ endpoints): 10.0010.00 - 50.00
Actual costs depend on target complexity, number of endpoints, and exploitation depth.

Custom Models

You can use any model compatible with your provider:

OpenRouter Custom Models

Any model on openrouter.ai/models: 
pensar pentest --target https://example.com --model mistralai/mixtral-8x22b

vLLM Custom Models

Any model supported by vLLM: 
# Start vLLM with your model
vllm serve WizardLM/WizardCoder-Python-34B-V1.0 --port 8000

# Use in Pensar Apex
export LOCAL_MODEL_URL="http://localhost:8000/v1"
pensar pentest --target https://example.com --model WizardLM/WizardCoder-Python-34B-V1.0
Custom models may not perform well for pentesting. Test thoroughly before production use.

Model Configuration Storage

Your selected model is saved in ~/.pensar/config.json: 
{
  "selectedModelId": "claude-sonnet-4-5",
  "localModelName": null,
  "localModelUrl": null
}
Command-line --model flag always overrides this setting.

Troubleshooting

Ensure the model is supported by your provider:
# Check provider configuration
pensar doctor
Verify API key for the correct provider is set.
Try upgrading to a more capable model:
  • Switch from GPT-4 to Claude: --model claude-sonnet-4-5
  • Switch from Sonnet to Opus: --model claude-opus-4
Claude models generally perform better for security testing.
Use a model with larger context window:
  • Claude models: 200k tokens
  • GPT-4: 128k tokens
Or reduce target scope to test fewer endpoints per run.
For vLLM:
  • Use GPU acceleration
  • Enable quantization (8-bit, 4-bit)
  • Use smaller models (7B or 13B instead of 70B)
See vLLM Setup Guide for optimization tips.

Next Steps

AI Providers

Configure your AI provider API keys

Environment Variables

Complete configuration reference

vLLM Setup

Run models locally with vLLM

Run Pentest

Start testing with your selected model

Build docs developers (and LLMs) love

Get started for freeTalk to us