> For the complete documentation index, see [llms.txt](https://copilot-docs.bugbase.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://copilot-docs.bugbase.ai/enterprise/readme.md).

# Overview

Pentest Copilot Enterprise helps security teams run repeatable external and internal security assessments from one control plane. The platform combines target scoping, agent-based execution, browser automation, exploit-graph analysis, validated findings, retesting, scheduling, reporting, and API/MCP automation.

<figure><img src="/files/aBhxDiWdefswIZWal0bF" alt=""><figcaption></figcaption></figure>

## What Pentest Copilot Runs

| Assessment type           | What it covers                                                                                                                                | Typical operator input                                                                                                      |
| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- |
| **External Discovery**    | Domains, subdomains, web pages, APIs, services, exposed cloud objects, and other internet-facing assets.                                      | Root domain, optional discovery depth, optional authenticated browser sessions.                                             |
| **External Assessment**   | Contextual web and API vulnerability testing, authenticated and unauthenticated user flows, attack-path construction, and finding validation. | Target domains, authentication mode, browser sessions, attack vectors, rate limits, trajectory scope, and browser controls. |
| **Internal Discovery**    | Internal hosts and services reachable from a deployed agent.                                                                                  | Connected local agent and authorized subnet/CIDR scope.                                                                     |
| **Internal Assessment**   | Active Directory, host, credential, delegation, ADCS, lateral movement, and selected exploit validation paths.                                | Subnets, agent assignment, allowed exploit families, exclusions, PCE Intercept/Inveigh settings, and RCE safety controls.   |
| **Credential Compromise** | Credential collection and attack-path workflows for tenants with the credential-compromise module enabled.                                    | Module-specific inputs and approved scope.                                                                                  |

## Product Layout

The left sidebar is the main navigation. Enterprise onboarding uses these areas:

| Section       | Purpose                                                                                                                                                                             |
| ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Dashboard** | Guided six-phase launch path, mission status, exploit graph, target entities, agents, and MITRE ATT\&CK mapping.                                                                    |
| **Modules**   | Configure and run discovery, assessment, credential-compromise, custom, and retest workflows.                                                                                       |
| **Activity**  | Track running and historical modules, submodules, logs, and schedules.                                                                                                              |
| **Reports**   | Generate executive and comprehensive PDF reports.                                                                                                                                   |
| **Settings**  | Configure usage, account/team, domains, domain verification, external assessment defaults, agents, API keys and MCP, integrations, email identities, debug tools, and trajectories. |

## Recommended First Enterprise Run

1. Sign in to the deployment and confirm your user role has access to scans, reports, settings, and API keys as needed.
2. Open **Settings -> Domains** and add the approved root domains.
3. Verify domain ownership from **Settings -> Domain Verification** when required.
4. Confirm at least one execution worker is available:
   * external scans need a SANDBOX runner, either managed for your deployment or attached to your environment;
   * internal scans need a local AGENT that can route to the target subnet.
5. Record browser sessions for each important authenticated role.
6. Run **External Discovery Phase** before an external attack phase unless the target surface is already mapped.
7. Review discovery output, then run **External Attack Phase** with the needed authentication modes, attack vectors, rate limits, and trajectory scope.
8. For internal testing, run internal discovery first, then use the internal attack phase page to select subnets, agents, allowed exploits, and exclusions.
9. Monitor **Activity**, triage **Attack Paths**, and generate a report from **Reports**.

{% hint style="warning" %}
Pentest Copilot enforces scan launch policy. API keys, MCP clients, and UI actions cannot bypass permissions, feature access, usage/credit state, scope controls, or agent availability.
{% endhint %}

## Important Safety Concepts

* **Whitelist and blacklist rules** keep external testing inside approved domain and trajectory scope.
* **Rate limits** and auto-calibration help avoid overwhelming fragile targets or triggering rate limits.
* **Browser-session readiness** prevents authenticated scans from starting with expired or incomplete login state.
* **Internal exploit selection** is explicit per subnet. Some categories can change AD, ADCS, host, credential, or ticket state.
* **PCE Intercept/Inveigh** is opt-in per subnet and binds only to selected agent interfaces.
* **Max module runtime** can cancel remaining submodules when a configured runtime limit is reached.

{% content-ref url="/pages/m0MFk64j3GzxywJZ70vv" %}
[Scan Noise and Safety](/enterprise/scan-noise-and-safety.md)
{% endcontent-ref %}

Please contact <queries@bugbase.ai> for onboarding, deployment, or engagement-specific questions.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://copilot-docs.bugbase.ai/enterprise/readme.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.