seclens-enterprise-web
Pentest Enterprise Web
Purpose
Perform comprehensive vulnerability assessments on web applications and APIs (REST/GraphQL) to identify security flaws, logic errors, and compliance issues.
Prerequisites
Authorization Requirements
- Written authorization (scope document signed by asset owner)
- Target environment classification: Internal / External / Hybrid
- Rules of Engagement: Testing hours, notification procedures, emergency contacts
Evasion Profile Selection
| Profile | Use Case | Characteristics |
|---|---|---|
| Quiet | Production systems, WAF-protected targets | Low request rate, header rotation, timing jitter |
| Standard | Staging environments, time-limited tests | Balanced speed/stealth |
| Aggressive | Internal networks, comprehensive coverage | Maximum parallelism, full payloads |
More from jd-opensource/joysafeter
pentest-osint-recon
Open Source Intelligence gathering and attack surface management for external reconnaissance.
89pentest-mobile-app
OWASP Mobile Top 10 security testing for Android and iOS — local storage, certificate pinning bypass, IPC abuse, and binary protections.
59pentest-api-deep
Deep OWASP API Security Top 10 testing for REST, GraphQL, gRPC, and WebSocket APIs — BFLA, mass assignment, rate limiting, and unsafe consumption.
58pentest-exploit-validation
Proof-driven exploitation with 4-level evidence system, bypass exhaustion protocol, mandatory evidence checklists, and strict EXPLOITED/POTENTIAL/FALSE_POSITIVE classification.
54pentest-ai-llm-security
AI/LLM application security testing — prompt injection, jailbreaking, data exfiltration, and insecure output handling per OWASP LLM Top 10.
54pentest-secrets-exposure
Discover hardcoded credentials, leaked API keys, exposed configuration files, sensitive data in artifacts, and information disclosure via error handling.
52