// neopentest ai · defensive
Your pentest output, an AI report.
Run your own authorized toolchain — nmap, nikto, ffuf — then bring the output here. NeoPentest normalizes and scores every finding, enforces your scope allowlist, and writes a client-ready report with defensive remediation. It never runs tools and never generates payloads.
Frequently asked questions
Does NeoPentest run the scanners for me?
No. You run your own licensed tools (nmap, nikto, ffuf, or any scanner) on targets you are authorized to test, then paste or upload the output here. NeoPentest is the analysis and reporting brain — it never launches tools and never touches your targets.
Does it generate exploit payloads?
No. The AI layer is defensive and remediation-only. It explains findings, assigns severity, and writes fixes and a report. It will not produce exploit code, injection strings, or control-bypass techniques.
What formats can I import?
nmap XML (-oX), ffuf JSON, nikto text output, a generic findings JSON array, or freeform severity-tagged text. Formats are auto-detected and normalized into one findings model.
How does scope enforcement work?
Each engagement carries an in-scope allowlist (domains and/or CIDRs) plus a written-authorization attestation. Findings whose host falls outside the allowlist are flagged OUT-OF-SCOPE and excluded from AI analysis and the report.
Do you store my scan output?
No. Raw tool output is never persisted. Only normalized finding metadata (host, port, type, severity, title), your engagement scope, and an audit log are stored.