NullSquare

concept

Pentest Agent

The pentest loop end to end — run an assessment, review the result, add context to your assets, triage findings, automate the loop, and watch your posture on the dashboard.

The Pentest Agent works in a loop, not a one-shot scan. You point it at a scope, it maps what is reachable, you tell it which of those things matter, and it runs the next assessment it recommends based on what it just found. Each pass covers more of the surface. Findings flow out the side of the loop for your team to assign and close, and once the rhythm is steady you hand it to automation.

This page is the whole loop on one screen. It is enough for a new visitor to understand how Pentest Agent works before opening the demo or app.

The pentest loop

Everything the Pentest Agent does fits one repeating cycle: run an assessment, review what it found, tell it what matters, and let the next run go deeper. Findings flow out to your team, and the dashboard tracks your posture as the loop runs.

The pentest loop. Each assessment recommends the next based on what it found, so you repeat the cycle to cover more of the surface — and hand steady-state coverage to automation.
Play: run an assessmentInteractive demo · opens in the app

Step 1 — Run an assessment

The first assessment on a scope is discovery: the agent maps reachable hosts, services, endpoints, technologies, and authentication surfaces — you do not write a goal. That map is the raw material for everything after. Each later run goes deeper into the parts you flag as important.

From the home launcher, click Start. The first assessment on a scope is discovery — the agent maps what is reachable on its own, with no goal to write.

Step 2 — Review the result

When a run finishes, its detail page is the record. The overview leads with an executive summary; Activity shows the phase timeline and every step the agent took; the report packages it for stakeholders; and the live terminal replays the whole session — every command, finding, and piece of evidence.

When a run finishes, its detail page is the record — overview and executive summary, the full activity, a stakeholder report, and the live terminal replay of everything the agent did.

Step 3 — Review assets and add context

Discovery tells the agent what is reachable; it cannot tell what matters to your business. Promote the assets you intend to track and add context: criticality, data sensitivity, owner, and authentication boundary. That context is what the agent uses to decide where to look next — so the next run in the loop is sharper than the last.

The discovered assets. Promote the ones that matter and fill in their context — criticality, data sensitivity, owner — which is what the agent uses to decide where to look next.

Step 4 — Triage the findings

Findings are the output that leaves the loop. Open one to read its evidence and the recommended fix, assign an owner, and move it through its lifecycle — in progress, retest, closed, or accepted risk with a rationale.

Findings are worked, not just listed. Open one to read the evidence and recommended fix, assign an owner, and move it through its lifecycle — like any issue tracker.

Step 5 — Automate the loop

Once a scope's loop is steady, you do not have to drive it by hand. An automation re-maps the surface or re-tests a high-value workflow on its own — on a schedule, continuously, or on an event. New findings still flow to your team to triage.

Once a scope's loop is steady, hand it to automation. Give it a goal and a trigger — scheduled, continuous, or on an event like a new pull request — and it keeps running without you.

Step 6 — Continuous monitoring

As the loop runs, the dashboard rolls everything up: a security posture grade, open findings by severity, mean time to remediate, testing cadence, and compliance readiness. This is the continuous-monitoring view — how your posture trends over time as automation keeps testing, not a one-off report.

The dashboard rolls the loop up into one view — a security posture grade, open risk, remediation speed, and compliance readiness — so you can watch your posture trend as automation keeps testing.

Where the details live

That is the whole loop. The app walks operators through setup details — scopes, testing modes, private runners — and assistant chat can explain the active scope, run, finding, or automation when someone needs help in context.

Related articles

Last updated Jul 14, 2026