Pentestas help
Pentestas is a continuous application-security platform: it scans your web apps, APIs, networks, and cloud estate; synthesises multi-step attack chains with AI; and delivers verified, exploit-grounded findings instead of generic scanner noise.
This site documents every part of the platform β from your first scan to running agents inside a corporate LAN.
Quick start
Sign up, verify your first domain, and kick off a scan in under five minutes.
Running scans
Web apps, APIs, networks, S3/Azure/GCS buckets, Google Workspace, subdomain enumeration.
Agents
Scan on-prem services, intranet apps, and browser sessions from a tenant-scoped local agent.
Findings
Severity, validation, attack chains, and Exploit-DB matches β understand what you're looking at.
AI features
Claude-powered analysis, auto-generated attack chains, false-positive filtering.
API reference
Programmatic access: JWT, API keys, scans, findings, webhooks.
Popular topics
- Your first scan β pick a target, choose scan types, start scanning.
- Understanding severity β what CRITICAL means, how it differs from HIGH, and how CVSS fits in.
- Attack chains β how Pentestas links multiple findings into a single compromise path.
- Windows agent (.NET) β scan-as-you-browse from a native Windows app.
- Authentication β JWT, API keys, OAuth, and agent keys explained.
New here?
Start with Quick start. If you've never run a vulnerability scanner before, skim the glossary first β Pentestas assumes working familiarity with OWASP, CVSS, and the difference between a CVE and a CWE.
Need to talk to a human?
- Product questions β hello@pentestas.com
- Security issues β security@pentestas.com
- Documentation errors or requests β docs@pentestas.com