// tool reference · Vulnerability & Assessment
NeoPentest AI Pro
Turn authorized scan output into a scored, correlated, client-ready pentest report.
What it does
AI findings-intelligence and reporting for authorized penetration tests. You run your own licensed toolchain (nmap, nikto, ffuf, …) and paste the output; NeoPentest normalises, correlates, scores and writes defensive remediation plus a client-ready report.
When to use it
- You have finished an authorised engagement and the report is the remaining work.
- Scan output from several tools needs deduplicating and correlating into one narrative.
- A client needs a readable report, not raw nmap output.
Inputs
Field names are the actual form parameters, verified against source.
| Field | Type | Required | Notes |
|---|---|---|---|
| engagement_id | select | required | The authorised engagement this output belongs to. Ingestion is gated on this record existing. |
| scan_output | textarea | required | Raw output from your own tools. Up to — bytes. |
| test_type | select | optional | What produced it (nmap, nikto, ffuf, …). |
| scope | textarea | optional | Engagement scope — hosts and ranges you are authorised to test. |
| window_start | date | optional | Authorised testing window start. |
| window_end | date | optional | Authorised testing window end. |
| auth_ref | text | optional | Authorisation reference — the client contract or letter. |
| retest | checkbox | optional | Mark as a retest, to diff against the previous run. |
| use_ai | checkbox | optional | AI remediation and narrative. |
| authorized | checkbox | required | You confirm written authorisation for this engagement. |
What you get back
Normalised, deduplicated, scored findings with defensive remediation and a client-ready report. Exportable, and shareable as a read-only client link.
Worked example
Input
engagement: ACME-2026-07 (scope 203.0.113.0/24, window 15-17 Jul, auth ref: SOW-114) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.4 (protocol 2.0) 443/tcp open https nginx 1.14.0 3306/tcp open mysql MySQL 5.7.31
Output (abridged)
FINDINGS — 3 correlated, scored
HIGH MySQL 3306 reachable from the test network
A database should not be reachable from a client subnet at all.
This is the finding the client will act on first.
-> Bind 127.0.0.1 or restrict by security group. Not a patch --
an architecture change.
MEDIUM OpenSSH 7.4 -- end of life
Version disclosure plus an unsupported branch. No known remote
pre-auth RCE, so this is hygiene, not an emergency.
-> Upgrade to a supported release.
LOW nginx 1.14.0 discloses its exact version
-> server_tokens off;
REPORT: executive summary, methodology, scope, findings with evidence,
remediation, retest checklist. Client-ready.
How it works
It does NOT run tools and does NOT generate exploit payloads — that boundary is the product. It ingests output you produced with your own licensed toolchain, behind an engagement record that captures scope, window and authorisation reference. Deterministic normalisation and correlation run first; AI writes the remediation and narrative.
Limits
Read live from the platform configuration.
| Free | — — Pro only |
| Pro | — analyses / month |
| Max input | — bytes |
| Max findings | — |
| Rate limit | 12 requests / 10 minutes |
Limitations — what it does not do
It reports; it does not test. It will not run a scan, will not generate an exploit, and cannot verify that your authorisation is genuine — the engagement record is a control, not proof. Findings are only as good as the scan output you paste, and a tool that missed something cannot be corrected here.
Privacy
Only metadata is stored — engagement record, scores and report artefacts. Share links use 128-bit tokens with an expiry you set, and are revocable.
Standards
PTESOWASP Testing GuideCVSSNIST SP 800-115