SimpleSec by Summit Cyber

AI-orchestrated pentests, run on tools you already trust.

SimpleSec runs a full external or internal pentest end-to-end — recon, enumeration, validation — using 35+ industry-standard tools coordinated by an AI planner. Real findings. Evidence-backed. No black box.

Request access → ▸ Watch demo See how it works

No credit card. Free tier shows opportunities; paid tiers reveal full finding details and reports.

simplesec — engagement: acme-external

[planner] phase: recon → discovered 14 hosts, 41 services
[planner] phase: enumeration → queueing nuclei, ffuf, testssl
[nuclei]   running 4,217 templates against 8 web targets
[ffuf]     fuzzing /admin, /api, /backup paths
[finding] high — exposed .git directory at api.acme.example
[finding] high — outdated Apache (CVE-2023-25690)
[finding] critical — SQL injection on /search?q=
[planner] phase: validation → sqlmap confirmed, evidence captured
[report]  draft PDF + AttackForge export ready█

SimpleSec Acme Corp · External streaming

Engagements

Runs

Findings

287

Critical

Severity breakdown

Critical · 4

High · 11

Medium · 9

Low · 7

Scan activity (14d)

Recent findings

Crit SQL injection on /search?q= api.acme.example

High Exposed .git directory backup.acme.example

High Outdated Apache (CVE-2023-25690) www.acme.example

Med Weak TLS cipher suite mail.acme.example

0 +

Tools orchestrated

as one workflow

Phases automated

recon → enum → validate → AD

0 %

Evidence chain

every finding, traceable

Glue scripts to maintain

you launch, we run

Built on the tools your auditor already recognizes

nmap nuclei sqlmap ffuf subfinder httpx netexec kerberoast dalfox wpscan testssl katana naabu nikto whatweb kiterunner arjun secretsdump + more

What SimpleSec actually does

We don't replace your judgment. We replace the tedious orchestration, the glue scripts, and the half-finished tool outputs sitting in a folder somewhere.

Planning

AI-driven planning

An LLM planner picks the next action based on what's been discovered, with a deterministic rule engine fallback. Every action is sanitized against detected services — no hallucinated tools, no wasted scans.

Orchestration

35+ integrated tools

nmap, nuclei, sqlmap, ffuf, netexec, dalfox, wpscan, kerberoast and more — orchestrated as one workflow. You don't install them; you don't glue them together.

Internal scanning

Internal networks via agent

Drop a WireGuard agent into a customer's network and run authenticated, internal pentests from the cloud. The agent is encrypted end-to-end and tunneled through your engagement profile.

Evidence

Evidence-backed findings

Every finding is tied to the exact tool output, command logs, and parsed records that produced it. Reproducible. Defensible. Auditor-ready.

Governance

Approvals & audit log

Destructive actions and credential spray gate behind admin approval. Every CRUD action, decision, and configuration change is timestamped and attributed.

Reporting

AttackForge & PDF export

Findings auto-map to the AttackForge schema with CVSS:3.1 lookups from NVD, remediation templates, and attack scenarios. Export structured PDFs and CSVs for your client deliverables.

Differentiator

Pentest the inside, not just the perimeter.

Most "AI pentest" tools stop at the public internet. SimpleSec runs internal pentests through a WireGuard agent you drop into your client's environment — encrypted end-to-end, scoped per engagement, revocable in one click. Active Directory enumeration, Kerberos roasting, lateral movement validation: from the cloud, on your terms.

▸ Per-engagement network access profiles
▸ Encrypted at rest (Fernet) — keys, configs, credentials
▸ netexec, kerberoast, asreproast, secretsdump out of the box

$ simplesec agent --engagement acme-internal

✓ WireGuard tunnel established (51820/udp)

✓ Reachability check: 10.0.0.0/16 — 412 hosts

✓ Active Directory: 3 domain controllers, 1,840 users

! kerberoast — 7 SPNs with weak service tickets

! netexec smb — 12 hosts with SMB signing disabled

! secretsdump — DA hash extracted on dc01.acme.local

→ all findings captured with evidence chain

Built for three kinds of operators

Small business

Run a real pentest without hiring a security team. Start with a free baseline scan and see what an attacker would.

See pricing →

Internal security team

Continuous coverage of internal and external attack surface. Approval gates and audit logs that satisfy your change-management process.

Member tier →

Consultants & MSPs

Manage multiple client organizations from one console. Per-engagement network profiles, separate evidence stores, branded reports.

Consultant tier →

Ready to see what your environment looks like to an attacker?

We're onboarding new organizations manually so we can make sure your scope is right and your scans land cleanly. Tell us about your environment and we'll set you up.

Request access See pricing