Skip to main content

Cyberstrike is now open source! AI-powered penetration testing for security professionals. Star on GitHub

On this page

First Security Scan

This guide walks you through running your first security scan with Cyberstrike, from launching the TUI to interpreting results.

🎬 GIF: first-scan.gif

Running first security scan

Launching Cyberstrike

Start Cyberstrike in your target directory:

Terminal window
cd /path/to/target
cyberstrike

The terminal user interface (TUI) displays:

  • Input prompt at the bottom for commands
  • Response area in the center for AI output
  • Status bar showing model and token usage

Selecting an Agent

Choose a specialized agent for your assessment:

Terminal window
# Web application testing
cyberstrike --agent web-application


# Cloud infrastructure
cyberstrike --agent cloud-security


# Network penetration testing
cyberstrike --agent internal-network


# Bug bounty reconnaissance
cyberstrike --agent bug-hunter

Or switch agents during a session with /agents.

Basic Reconnaissance

Start with information gathering:

> Perform reconnaissance on example.com

The agent will:

  1. Enumerate subdomains
  2. Identify technologies
  3. Discover endpoints
  4. Map the attack surface

Web Application Scan

For web application testing:

> Launch the browser and scan https://target.com for vulnerabilities

The agent will:

  1. Launch browser with traffic capture
  2. Spider the application
  3. Test for common vulnerabilities
  4. Report findings with evidence

Example Session 

> Navigate to https://target.com/login and test for SQL injection


[Launching browser...]
[Navigating to login page...]
[Testing username field...]
[Testing password field...]


FINDING: SQL Injection
━━━━━━━━━━━━━━━━━━━━━━━━
WSTG-ID: WSTG-INPV-05
Location: POST /api/login
Parameter: username
Payload: admin' OR '1'='1 --
Severity: High (CVSS 8.6)
Evidence: Response contains SQL error message

Quick Scan Mode

Run a single command without entering interactive mode:

Terminal window
cyberstrike run "scan example.com for open ports and services"

With file attachment:

Terminal window
cyberstrike run "analyze this code for vulnerabilities" -f src/auth.ts

Understanding Output

Finding Format

When a vulnerability is recorded for a session, it uses the following fields (matching the agent’s report_vulnerability input and the stored session record):

Required

  • title β€” Short name of the finding
  • severity β€” One of: critical, high, medium, low, info
  • description β€” Detailed explanation of the finding

Optional

  • id β€” Assigned when the finding is persisted in a session
  • cwe_id β€” CWE identifier when applicable (e.g. CWE-79)
  • file β€” Path to the affected file
  • line_start / line_end β€” Line range in that file
  • steps_to_reproduce β€” Numbered steps to reproduce
  • poc β€” Proof of concept (steps, request, or description)
  • business_impact β€” Impact on the business
  • recommendation β€” Fix or mitigation guidance
  • status β€” open, fixed, or ignored (default open)
  • message_id β€” Link to the chat message that reported the finding, when set
  • time β€” created and updated timestamps (milliseconds), when persisted

Example layout (illustrative):

FINDING: [title]
━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Severity: [critical | high | medium | low | info]
Description: [description]
CWE ID: [cwe_id, optional]
File: [file, optional]
Lines: [line_start–line_end, optional]
Steps to reproduce: [steps_to_reproduce, optional]
Proof of concept: [poc, optional]
Business impact: [business_impact, optional]
Recommendation: [recommendation, optional]
Status: [open | fixed | ignored]

Severity Levels

LevelCVSSDescription
Critical9.0-10.0Immediate exploitation risk
High7.0-8.9Significant security impact
Medium4.0-6.9Moderate risk
Low0.1-3.9Minor security concern
Info0.0Informational finding

Saving Results

Export Session 

/share

Creates a shareable link to the session.

Export HAR File

For browser-based testing:

> Export the captured traffic to HAR file

Memory Storage

Save important findings to memory:

> Remember that the target uses PostgreSQL 14.2 on port 5432

Common Scan Types

Subdomain Enumeration 

> Enumerate all subdomains for target.com

Port Scanning 

> Scan 10.0.0.0/24 for open ports

Vulnerability Scanning 

> Run nuclei templates against https://target.com

API Testing 

> Test the REST API at https://api.target.com for OWASP Top 10

Next Steps

After your first scan:

  1. Review Security Agents for specialized testing
  2. Learn about Tools for manual testing
  3. Configure Permissions for automation
  4. Set up MCP servers for extended capabilities

Tip

Use /compact to summarize long sessions and continue testing without losing context.