Overview
Pentest Copilot Enterprise - AI-native autonomous red-teaming
Pentest Copilot Enterprise helps security teams run repeatable external and internal security assessments from one control plane. The platform combines target scoping, agent-based execution, browser automation, exploit-graph analysis, validated findings, retesting, scheduling, reporting, and API/MCP automation.
What Pentest Copilot Runs
External Discovery
Domains, subdomains, web pages, APIs, services, exposed cloud objects, and other internet-facing assets.
Root domain, optional discovery depth, optional authenticated browser sessions.
External Assessment
Contextual web and API vulnerability testing, authenticated and unauthenticated user flows, attack-path construction, and finding validation.
Target domains, authentication mode, browser sessions, attack vectors, rate limits, trajectory scope, and browser controls.
Internal Discovery
Internal hosts and services reachable from a deployed agent.
Connected local agent and authorized subnet/CIDR scope.
Internal Assessment
Active Directory, host, credential, delegation, ADCS, lateral movement, and selected exploit validation paths.
Subnets, agent assignment, allowed exploit families, exclusions, PCE Intercept/Inveigh settings, and RCE safety controls.
Credential Compromise
Credential collection and attack-path workflows for tenants with the credential-compromise module enabled.
Module-specific inputs and approved scope.
Product Layout
The left sidebar is the main navigation. Enterprise onboarding uses these areas:
Dashboard
Guided six-phase launch path, mission status, exploit graph, target entities, agents, and MITRE ATT&CK mapping.
Modules
Configure and run discovery, assessment, credential-compromise, custom, and retest workflows.
Activity
Track running and historical modules, submodules, logs, and schedules.
Reports
Generate executive and comprehensive PDF reports.
Settings
Configure usage, account/team, domains, domain verification, external assessment defaults, agents, API keys and MCP, integrations, email identities, debug tools, and trajectories.
Recommended First Enterprise Run
Sign in to the deployment and confirm your user role has access to scans, reports, settings, and API keys as needed.
Open Settings -> Domains and add the approved root domains.
Verify domain ownership from Settings -> Domain Verification when required.
Confirm at least one execution worker is available:
external scans need a SANDBOX runner, either managed for your deployment or attached to your environment;
internal scans need a local AGENT that can route to the target subnet.
Record browser sessions for each important authenticated role.
Run External Discovery Phase before an external attack phase unless the target surface is already mapped.
Review discovery output, then run External Attack Phase with the needed authentication modes, attack vectors, rate limits, and trajectory scope.
For internal testing, run internal discovery first, then use the internal attack phase page to select subnets, agents, allowed exploits, and exclusions.
Monitor Activity, triage Attack Paths, and generate a report from Reports.
Pentest Copilot enforces scan launch policy. API keys, MCP clients, and UI actions cannot bypass permissions, feature access, usage/credit state, scope controls, or agent availability.
Important Safety Concepts
Whitelist and blacklist rules keep external testing inside approved domain and trajectory scope.
Rate limits and auto-calibration help avoid overwhelming fragile targets or triggering rate limits.
Browser-session readiness prevents authenticated scans from starting with expired or incomplete login state.
Internal exploit selection is explicit per subnet. Some categories can change AD, ADCS, host, credential, or ticket state.
PCE Intercept/Inveigh is opt-in per subnet and binds only to selected agent interfaces.
Max module runtime can cancel remaining submodules when a configured runtime limit is reached.
Please contact queries@bugbase.ai for onboarding, deployment, or engagement-specific questions.
Last updated