AttackMesh
Full-stack automated penetration testing management. Orchestrate security scanners, track vulnerabilities through their full lifecycle, deliver findings through a branded client portal, and generate professional reports — all in one self-hosted Docker deployment.
Product site: attackmesh.io →
Core Features
Everything a pentest team needs to manage engagements from scoping to client delivery.
Engagement Management
Create engagements with defined scope, SOW/ROE document gates, and superadmin approval workflows. Track status from scoping through remediation verification.
Automated Scanning
Dispatch Nmap, Nuclei, OWASP ZAP, and Metasploit scans via Celery workers. Real-time output streaming over SSE. Rate-limited with per-tool queues.
Finding Lifecycle
Track vulnerabilities with severity ratings, CVSS scores, CVE/CWE references, MITRE ATT&CK mapping, evidence uploads, comments, and a full retest workflow.
Client Portal
Branded, slug-based portal for client organizations. Client viewers and admins see findings, timelines, and download reports. Self-service registration with team management.
Compliance Mapping
Auto-map findings to 6 frameworks: PCI-DSS, NIST 800-53, HIPAA, SOC 2, OWASP Top 10, and CIS v8. Dedicated dashboard with pass/fail control matrix and framework-selectable reports.
Scheduled Scans + Delta Alerting
Cron-based recurring scans with automatic net-new finding detection. Get alerted only when something new appears — no noise from previously known vulnerabilities.
Reporting
Generate PDF, HTML, and JSON reports via WeasyPrint and Jinja2 templates. Executive summaries, finding details, remediation matrices, and compliance framework sections. Branded with org logo and colors.
Integrations
Bi-directional Jira sync (auto-create issues, receive status + comment updates). Slack notifications and slash commands. Outbound webhooks with HMAC-SHA256 signatures and exponential backoff.
Enterprise Security
TOTP MFA with backup codes, OIDC SSO, RBAC with 5 role levels, org-scoped multi-tenancy, full audit log, HttpOnly JWT cookies with CSRF protection, and HSTS enforcement.
Autonomous Pentesting Agent
An LLM-driven agent that conducts security assessments with human oversight — not a chatbot wrapper, a real pentesting workflow engine.
How It Works
The agent runs as a Celery task with a 5-phase state machine: reconnaissance, enumeration, vulnerability scanning, exploitation analysis, and reporting. At each phase, it selects and executes security tools, analyzes results, and decides next steps — all within a strict scope boundary.
A conversational chat interface lets you interact with the agent in real time. Ask questions, provide guidance, or just watch it work. The agent can ask you for input when it encounters decisions that need human judgment.
- ✓ Multi-provider LLM support (Anthropic, OpenAI, Ollama, Groq)
- ✓ Real-time SSE streaming with ChatGPT-style interface
- ✓ Approval gates for sensitive operations
- ✓ Kill switch with immediate task termination
- ✓ Per-phase timeouts and iteration guards
- ✓ Target whitelist enforcement on every tool call
- ✓ AI-generated writeup suggestions + threat intel enrichment
- ✓ Auto-generated PDF report on completion
- ✓ Attack state graph with D3 visualization
- ✓ Smart scan suggestions based on finding analysis
How AttackMesh Works
Four steps from engagement creation to client delivery.
Scope
Create an engagement, define in-scope targets and networks, upload SOW/ROE documents, and get superadmin approval before any scanning begins.
Scan
Launch automated scans with Nmap, Nuclei, ZAP, or Metasploit. Or deploy the AI agent for an autonomous assessment. Real-time output streaming keeps you informed.
Analyze
Review auto-generated findings with severity ratings, CVSS scores, CVE references, and MITRE ATT&CK mapping. Enrich with EPSS probability, KEV status, and NVD data.
Deliver
Generate branded PDF/HTML reports, share findings through the client portal, track remediation, and verify fixes through the retest workflow.
Technology Stack
9 Docker containers, zero external dependencies. Everything runs on your infrastructure.
FastAPI
Async Python API with SQLAlchemy 2.0, Pydantic v2, and full OpenAPI documentation.
Vue 3 + TypeScript
Composition API frontend with Pinia state management, Tailwind CSS, and Vite for instant HMR.
PostgreSQL 16
Primary datastore with UUID keys, JSONB columns, GIN full-text indexes, and materialized views.
Redis 7
Celery broker, result backend, JWT refresh token store, SSE ticket exchange, and general cache.
Celery Workers
Distributed task queue with per-tool queues (Nmap, Nuclei, Metasploit, ZAP, Reports), rate limiting, and lifecycle hooks.
Nginx
Reverse proxy with Cloudflare real-IP passthrough, security headers, HSTS, CSP, and SSE support.
WeasyPrint + Jinja2
PDF/HTML report generation with branded templates, executive summaries, and compliance sections.
LiteLLM
Multi-provider AI abstraction supporting Anthropic, OpenAI, Ollama, and Groq with per-org API key management.
Docker Compose
Single-command deployment. All 9 services orchestrated with health checks, restart policies, and isolated networks.
Plans
Self-hosted pricing. Open-source core with paid tiers for advanced features.
- ✓ Nmap + Nuclei scanning
- ✓ Finding management
- ✓ 1 user seat
- ✓ Community support
- ✓ Everything in Community
- ✓ OWASP ZAP scanning
- ✓ AI Agent
- ✓ PDF Reports
- ✓ Scheduled Scans
- ✓ Finding Templates
- ✓ Everything in Solo
- ✓ Metasploit scanning
- ✓ Branded Reports
- ✓ Client Portal
- ✓ Jira / Slack / Webhooks
- ✓ Compliance Mapping
- ✓ Up to 15 users
- ✓ Everything in Small Business
- ✓ SSO / SAML
- ✓ Unlimited users
- ✓ Priority support
- ✓ Custom integrations
Ready to automate your pentest workflow?
Deploy AttackMesh on your infrastructure in under 5 minutes.
Product site: attackmesh.io →