Entities

Entities represent distinct objects in the attack surface that can be discovered, analyzed, and exploited. Each entity type has specific properties and unique identifiers that allow the system to track and deduplicate findings across different assessment phases.

Pentest Copilot supports an exhaustive list of entities that are capable to handle any kind of engagement, below are a few important entities:

Types of Entities

  • Domain (Root):Represents a DNS domain or subdomain that is part of the target organization's attack surface. It can be either a root domain (e.g., example.com) or a subdomain (e.g., api.example.com).

    • WebPage: Represents a specific URL endpoint discovered on a web application. It captures both the structure of URLs (with dynamic parameters) and their raw content for analysis.

  • Subnet (Root): Represents a network subnet discovered during internal assessment. It defines an IP address range that can contain multiple hosts and is used as a starting point for internal network enumeration.

    • Host: Represents an individual computer, server, or device discovered within a network subnet during internal assessment.

  • APKFile (Root): Represents an Android application package file that can be analyzed for security vulnerabilities

    • Activity: Represents an Android application screen or activity discovered through APK analysis. In Android development, an Activity is a single screen with a user interface, and each APK can contain multiple activities that define the app's functionality and user interaction flows.

  • Trajectory: Represents a sequence of interactions (actions) that achieve a specific goal on a web application or mobile app. It's used for automated testing and vulnerability discovery by recording and replaying user behaviors. [Found in external assessments for both Android and Web scans]

    • APIAction: Represents HTTP API calls made during the trajectory

    • BrowserAction: Represents browser-based user interactions eg. clicking a button, filling a form

    • AndroidAction: Represents mobile app interactions e.g. Click, swipe, type, scroll

PreviousAttack DashboardNextRelations

Last updated