Enginsight Automated Pentest is a penetration testing tool that simulates attacks on IT infrastructure from an attacker's perspective. It targets any IP-addressable device, including individual IP addresses, websites, and IP ranges, and supports both external and internal attack vector testing. The tool operates through a component called "Hacktor," which performs several phases of testing: - **Information Gathering**: Footprinting of target systems across ports, HTTP headers, web applications, SNMP (v1/v2/v3), mDNS, SSH, VNC, RDP, and Telnet. - **CVE Scanning**: Detection of known vulnerabilities (Common Vulnerabilities and Exposures) across services such as ports, HTTP headers, web apps, SNMP, SSH, and WMI. Optional credential storage improves scan depth. - **Service Bruteforce**: Credential-based attacks across services including SSH, Telnet, RDP, MySQL, MongoDB, MS SQL, Redis, MariaDB, PostgreSQL, HTTP Basic Auth, HTTP Web Forms, FTP, SNMP, and SMB. - **Service Discovery**: Testing for misconfigurations in authentication, encryption, and access rights across MongoDB, MySQL, HTTP, SSL/TLS, SMTP, SSH, DNS, FTP, LDAP, SMB, and SNMP. - **Custom Scripts**: Extensibility via Python, Ruby, and Bash scripts for custom test scenarios. Tests can be scheduled for recurring execution to support continuous security monitoring. Results are presented in audit reports with automated vulnerability analysis and actionable remediation recommendations. Reports also support comparison with previous audits to track improvement over time. The product is part of the broader Enginsight Cybersecurity Platform.