AutoPT
Continuous Security Testing
Without the Scheduling Nightmare
AutoPT is Security Arsenal's automated penetration testing engine. It builds an isolated sandbox network to replicate your environment, deploys jump host agents directly onto hosts with network access for internal assessments — no VPN, no firewall exceptions needed. When AlertMonitor is deployed, AutoPT routes through your existing Sensors. Findings surface in AlertMonitor. Invoices generate automatically.
How AutoPT works
AutoPT builds its own sandbox network per engagement to attempt to duplicate your environment before testing begins. Depending on scope, it will hunt for zero-day exploits alongside all standard tests. Jump host agents can be deployed to any host with internal network access — no VPN or firewall changes needed. For clients with AlertMonitor deployed, AutoPT routes traffic through your existing Sensors for even deeper internal visibility.
Isolated Sandbox Network
AutoPT builds its own isolated sandbox network per engagement, attempting to replicate your environment before any active testing begins. No shared infrastructure, no cross-contamination between engagements.
On Demand or Scheduled
Run tests manually or trigger them automatically as part of AlertMonitor monitoring workflows.
AlertMonitor Integration
Test findings surface directly inside AlertMonitor — correlated against your live asset inventory and alert pipeline.
Auto-Billing via Invoice Ninja
Invoices generated and sent automatically through your billing system. Every engagement shows on your next invoice.
Compliance-Mapped Output
Reports map findings to PCI-DSS, OWASP, SOC2, and HIPAA — ready for auditors and leadership.
Full Coverage
REST, GraphQL, SOAP APIs. Web apps. Cloud (IAM, S3, serverless, containers). External and internal networks. Full red team simulation.
Jump Host Agent Deployment
AutoPT deploys lightweight jump host agents to any host that has access to the target network — enabling internal assessments without VPN or firewall modifications.
What AutoPT tests
Reconnaissance
Passive and full-spectrum recon: subdomain enumeration, port scanning, technology fingerprinting, API discovery, JavaScript secret extraction, hidden endpoint mapping.
Vulnerability Assessment
Full OWASP Top 10. API security (REST, GraphQL, SOAP). Deep SQL injection — error-based, union, blind time-based, WAF bypass. XSS in all forms. Auth and session testing: login flows, password reset, JWT, OAuth, 2FA weaknesses. Access control: IDOR, BOLA, privilege escalation, mass assignment. SSRF, file upload bypass, deserialization, business logic manipulation, cryptographic weaknesses.
Full Automated Pipelines
Per-Engagement Pricing
Priced per engagement, per target. Invoices are generated automatically and sent through to the billing system — it shows on your next invoice. Volume pricing and recurring monthly testing packages available.
Reconnaissance
Reporting
Vulnerability Assessment
Full Automated Pipelines
Custom
Volume pricing and recurring monthly testing packages available. Contact us for a custom quote if you need ongoing automated testing across multiple targets or want to schedule AutoPT as part of your AlertMonitor monitoring workflow.
Talk to Us About AutoPT