Full LLM Pentest Mode
New feature where the LLM drives the entire penetration test cycle autonomously — like a human pentester using Burp Suite / curl.
How it works
- User enters target URL in the Full LLM Pentest page
- The LLM receives the full methodology prompt + target
- LLM plans HTTP requests (up to 10 per round)
- System executes those requests and returns real responses
- LLM analyzes responses, identifies vulnerabilities, adapts strategy
- Repeat for up to 30 rounds across 4 phases
Phases
- AI Recon (0-25%) — Technology fingerprinting, endpoint discovery, attack surface mapping
- AI Testing (25-70%) — SQLi, XSS, LFI, Command Injection, SSRF, CSRF, IDOR, and more
- Post-Exploitation (70-85%) — Vulnerability chaining, data extraction, privilege escalation
- Report (85-100%) — Professional pentest report generation
Key Features
- Anti-hallucination: Findings without real response evidence are automatically rejected
- Full validation pipeline: All findings go through ValidationJudge (negative controls + proof of execution + confidence scoring)
- Methodology injection: 118KB comprehensive pentest methodology (OWASP WSTG, PTES) injected into AI context
- No Kali sandbox required: Uses system HTTP client directly
- Any LLM provider: Works with Claude, GPT, Gemini, Ollama, LMStudio via SmartRouter
Files Changed
backend/core/autonomous_agent.py— New_run_full_llm_pentest()+ helpers (+454 lines)backend/core/vuln_engine/ai_prompts.py— 3 new prompt functions (+219 lines)backend/api/v1/agent.py— NewFULL_LLM_PENTESTmodefrontend/src/pages/FullIATestingPage.tsx— Updated UI for LLM-driven phases