Automated Penetration Testing

Prove the vuln
is real.

5-phase pentesting engine: recon, scanning, CPG attack surface mapping, AI-powered exploit validation, and compliance-mapped reporting. All running inside your boundary.

Download Deva IDE Try Interactive Demo

Penetration Test Assessment - Deva Pentest EngineDAST + Exploit

Pentest Engine Capability Report

Deva IDE - 5-Phase Penetration Testing Pipeline

DOC-PEN-2026-001

5-phase pipeline

AI exploit planning

3 execution modes

Compliance mapped

Local-first

5
Phase
Engine

SEC. 1

5-Phase Execution Pipeline

From recon to reproducible proof-of-concept. Each phase feeds the next - static code analysis meets dynamic testing meets AI-powered exploit generation.

Phase 1

Reconnaissance

Service detection, subdomain enumeration, and target fingerprinting via httpx and subfinder.

Phase 2

Scanning

Port scanning with nmap, vulnerability detection with nuclei templates, and directory fuzzing with ffuf.

Phase 3

Attack Surface Analysis

Code Property Graph maps all endpoints, taint flows, and dangerous APIs. Ranks attack vectors by risk.

Phase 4

Exploitation

LLM-powered exploit planning generates context-aware payloads. HTTP, browser, and CLI adapters validate findings.

Phase 5

Reporting

Proof-of-concept generation, compliance mapping, reproducible exploit scripts, and AI-powered fix suggestions.

SEC. 2

Assessment Types

Web Pentest

Full web application testing with browser automation

API Pentest

REST/GraphQL endpoint discovery and exploitation

Network Pentest

Port scanning, service detection, and network-level vulns

Cloud Pentest

Cloud resource misconfigurations and IAM assessment

Recon / OSINT

Open-source intelligence and subdomain enumeration

SEC. 3

CPG Attack Surface Mapping

Builds a Code Property Graph of your application to discover every HTTP endpoint, trace taint flows from user input to dangerous sinks, and rank attack vectors by risk score.

Express.js, FastAPI, Flask, Django, Gin, Spring, Next.js endpoint discovery

Source-to-sink taint data flow analysis

Dangerous API identification and unsanitized input tracking

Risk-scored attack vector ranking

SEC. 4

Exploit Execution Adapters

Three adapters validate findings through different attack surfaces. LLM-powered planner analyzes actual source code context to generate targeted payloads.

HTTP Adapter

Direct request injection for SQLi, SSRF, path traversal

Browser Adapter

Chromium CDP automation for XSS, CSRF, auth bypass

CLI Adapter

Subprocess execution for command injection verification

// Execution modes

dry_run — Plans only, no requests sent

passive — Read-only probing (HEAD/OPTIONS)

active — Full exploit execution with validation

SEC. 5

Vulnerability Coverage

CWE-89

SQL Injection

CWE-78

Command Injection

CWE-79

Cross-Site Scripting

CWE-918

Server-Side Request Forgery

CWE-22

Path Traversal

CWE-502

Unsafe Deserialization

CWE-611

XML External Entity

CWE-601

Open Redirect

CWE-287

Authentication Bypass

CWE-352

Cross-Site Request Forgery

SEC. 6

Compliance Mapping

Proven vulnerabilities are automatically mapped to compliance controls with audit-ready evidence bundles and reproducible PoC scripts.

OWASP Top 10

2021

PCI-DSS

v4.0

HIPAA

Security Rule

NIST 800-53

Rev 5

SOC 2

Type II

SEC. 7

Safety & Authorization

Scope validation

DNS pre-validation, private IP rejection, tamper-detection via scope hash

Authorization gates

Explicit user consent required before testing. Full audit trail with timestamps

Resource limits

Max 3 concurrent sessions, subprocess throttling, 24-hour session retention

Stop guessing. Prove it.

Automated pentesting that validates real vulnerabilities with reproducible proof-of-concept exploits. Local-first. Authorization-gated.

Download Deva IDE Security Scanner

Prove the vulnis real.