Built by SUMMIT Cyber Group

The AI Pentesting Tool, orchestrated on tools you already trust.

SimpleSec is the AI Pentesting Tool that runs continuous, real adversarial testing and dependency analysis end-to-end — wired into your CI/CD pipeline with an audit-grade evidence trail.

Full Pro access for 7 days · no credit card · your test data stays after the trial.

AI-Driven — adaptive planner Real Tools — nuclei, sqlmap, NetExec Audit-Ready — per-finding evidence

New here? Read how an AI Pentesting Tool actually works

app.simplesec.ai — Helix · Internal AD LIVE
Recon
8 hosts · 41 svc
Enum
26 shares
Validate
9 confirmed
4Exploit
DA path proven
app.simplesec.ai — Reports
SimpleSec dashboard showing branded PDF, JSON, AttackForge, and CSV report exports with per-engagement findings
Pre-deploy evidence for SOC 2PCI-DSSHIPAAISO 27001 · exported to PDFAttackForgeJSONCSV
The annual-pentest problem
364

days between meaningful security validation.

Most organizations test once a year, hand off a 60-page PDF, and call the box checked — while shipping code every hour. SimpleSec replaces the annual engagement with continuous adversarial testing that runs on every push, opens a change-control ticket, and produces audit-grade evidence automatically.

3–5×
more engagements / team
Every push
real adversarial test
How it works

An adaptive planner, not a static playbook.

Every step is a decision the planner makes from the current state of the engagement — discovered hosts, fingerprinted services, harvested credentials. A judge decides continue / retry / pause after each step.

01 · Recon

Map the surface

Port sweeps, subdomain enum, HTTP probing, TLS posture, SMB/LDAP banners.

naabuhttpxsubfindertestssl
02 · Enumeration

Deep-dive services

Directory + parameter fuzzing, JS crawl, CMS probes, SMB share + user enum.

ffufkatanaNetExecenum4linux-ng
03 · Validation

Confirm exploitable

Templated vuln testing, SQLi probing, XSS proof, misconfig sweeps — request + response inline.

nucleisqlmapdalfoxnikto
04 · Exploitation

Prove impact

Data extraction, authenticated execution, credential dumps. Destructive proofs gated by admin approval.

secretsdumpGetUserSPNsNetExec
The differentiator

Real adversarial tooling — not a template scanner.

When SimpleSec dumps NTDS or proves SQL injection, it's the same tool a human consultant would use, run with the same flags, against the same target — orchestrated by a planner that picks the next move from real findings.

Recon & discovery

naabunmap -sVhttpxsubfindertestssl.shssh-audit

Web application

nucleiffufarjunkatanasqlmapdalfoxniktowpscan

Active Directory

NetExecenum4linux-ngGetUserSPNsGetNPUserssecretsdump

Persona-aligned testing

The same target gets tested differently depending on what it is. Personas constrain what the planner will attempt.

External Web
Public apps + APIs — discovery, content fuzzing, OWASP Top 10 validation.
External Network
Internet-facing infra — exposed services, weak TLS, exposed admin panels.
Internal Network
Post-perimeter — LAN sweep, SMB/SSH enum, lateral-move opportunities.
Internal AD
Kerberoasting, AS-REP roasting, NTLM relay, DC dumps when creds land.
API
REST + GraphQL — schema discovery, parameter fuzzing, auth bypass, injection.
Discovery
Lightweight inventory — live-host + service map, downloadable CSV for scoping.
CI/CD + SCA

Adversarial testing in your pipeline.

Every push triggers a real test against your registered assets. Completion fans out three ways — and the same add-on runs Software Composition Analysis without ever touching your source.

HMAC-signed webhooks

SHA-256 per-trigger secret — same scheme as GitHub & Stripe. Your verify code probably works unchanged.

Severity gating

Fail on any critical, warn on high, pass otherwise. Or run async with audit-only reporting.

SCA, same pipeline

osv-scanner runs locally, POSTs only JSON findings. Source never leaves you. Lands in the Compliance Archive.

.github/workflows/simplesec.yml
# every push runs a real adversarial test
name: SimpleSec test
on: [push]
jobs:
  pentest:
    runs-on: ubuntu-latest
    steps:
      - run: |
          curl -X POST https://app.simplesec.ai/api/v1/tests \
            -H "Authorization: Bearer ${{ secrets.SIMPLESEC_API_KEY }}" \
            -d '{"engagement_id": 4455,
                 "commit": "${{ github.sha }}",
                 "callback_url": "${{ secrets.CALLBACK_URL }}"}'
Reporting & compliance

Evidence auditors actually want.

Every CI-triggered test shows up in the Compliance Archive with its commit SHA, severity counts, gating decision, and webhook status. Filter by workspace, decision, type or date — that's your quarterly evidence pack.

a1b9f02 fail
Atlas — API · DAST
a1b9f02 fail
Atlas — API · SCA
7c2e1a8 warn
Northwind · DAST
be01c7d pass
Helix · DAST
Pricing

Scales with your engagement.

From solo evaluation to managed-service operation. No credit card for Free.

Free
$0 / 7-day trial
full Pro access · no card
  • Full findings, evidence & reports
  • Up to 5 tests per 24h
  • Keep your data after day 7 — upgrade to keep testing
Start free
Most popular
Standard
Early access · 80% off $499.99 / mo
$99.99 / mo
for your first year
  • Unlimited tests
  • Full detail + remediation
  • PDF / JSON / CSV reports
  • Internal-network agent
Get Standard
Pro
Early access · 80% off $999.99 / mo
$199.99 / mo*
for your first year
CI/CD pipeline add-on
$99.99/ mo
First 50 tests/mo included · auto-pentest every deploy $5 / test beyond 50 · SCA via osv-scanner included
  • Everything in Standard
  • White-label PDF cover
  • AttackForge export
  • Multi-customer workspaces
Get Pro

Early-access pricing locks in for your first 12 months, then renews at the regular monthly rate. Pro: first workspace included; additional workspaces $99.99/mo early access ($499.99/mo regular). CI/CD add-on $99.99/mo + $5/test beyond 50, SCA included.

Simplifying Offensive Security

Run one against your own perimeter.

Free-tier signup is two clicks and starts a 7-day full-access trial — up to five tests in any 24-hour window, with the same complete findings as the paid tiers — enough to see the planner in action and decide if continuous adversarial testing belongs in your workflow.