High-risk tools in Pentest Ai
24 of the 51 tools in Pentest Ai are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
run_probeExecuterun_probe
-
run_reconExecuteStart a reconnaissance scan against a target. Returns immediately with an engagement_id while the recon agent runs asynchronously. Poll get_engagement_status(engagement...
-
run_toolExecuteRun a specific security tool against a target. Returns structured results that are automatically stored in the findings database.
-
start_campaignExecuteStart a multi-target campaign. Creates one engagement per target. Accepts a list of IPs, hostnames, or URLs.
-
start_engagementExecuteStart a new pentest engagement against a target. AUTHORIZED TARGETS ONLY. This initiates reconnaissance and begins the automated assessment. All findings are stored and...
-
authenticated_scanExecuteRun a deterministic authenticated web scan (no LLM required). Logs in, crawls same-host pages, probes each parameterized endpoint with SQLi/XSS/command-injection payloa...
-
builtin_scanExecuteRun built-in security scans without requiring any external tools. Works immediately after install. Scan types: all, ports, headers, ssl, paths, dns, secrets. Includes: ...
-
ensure_tools_installedExecuteensure_tools_installed
-
http_requestExecutehttp_request
-
scan_dns_builtinExecutePerform DNS enumeration (built-in).
-
scan_ports_builtinExecuteScan common ports on a target (built-in, no nmap required).
-
test_active_directoryExecuteRun Active Directory security assessment. Includes: BloodHound enumeration, Kerberoasting, AS-REP roasting, privilege escalation paths, delegation attacks, and domain d...
-
test_api_securityExecuteRun API security testing (REST + GraphQL) following OWASP API Top 10. Tests for: BOLA/IDOR, JWT alg-confusion, OAuth callback validation, rate-limit bypass, mass assign...
-
test_cloudExecuteRun cloud security assessment. Providers: aws, azure, gcp Tests for: Misconfigurations, exposed secrets, overly permissive IAM, vulnerable services, and privilege ...
-
test_credentialsExecuteRun authentication testing (default creds, password spray, MFA bypass). Lockout-aware. Prefers spraying over brute force on production targets. Returns immediately with...
-
test_mobileExecuteRun mobile app security testing (Android or iOS). Static + dynamic analysis. OWASP Mobile Top 10 coverage. Returns immediately with engagement_id; agent runs asynchrono...
-
test_privescExecuteRun privilege escalation enumeration on a compromised host. Platforms: linux, windows, container. Uses linpeas/winpeas/deepce plus kernel-exploit-suggester. Enumeration...
-
test_social_engineeringExecuteRun a social engineering assessment (phishing simulation, OSINT, DMARC audit). Returns immediately with engagement_id; agent runs asynchronously.
-
test_vulnerabilitiesExecuteRun vulnerability scanning (Nuclei + RouterSploit + nikto + dirb). De-duplicates against findings already in the engagement, filters false positives, scores by CVSS + E...
-
test_web_appExecutetest_web_app
-
test_wirelessExecuteRun wireless security assessment (WiFi + Bluetooth). Returns immediately with engagement_id; agent runs asynchronously.
-
validate_findingExecuteValidate a specific finding with a safe, non-destructive proof of concept. Confirms the vulnerability is real and exploitable without causing damage. Runs asynchronousl...
-
plan_toolsExecuteplan_tools
-
resume_engagementExecuteResume an interrupted engagement from its last checkpoint. Returns immediately with status='running' and runs the resume in a background task — same async-task pattern ...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.