Overview
Deadend is an agentic pentesting tool that runs in the terminal. Deadend CLI’s goal is to push AI capabilities in offensive security by focusing on web applications.
Installation
Section titled “Installation”Here’s a quick example to get you started:
# Install deadendcurl -fsSL https://straylabs.ai/install.sh | bashSome interesting features
Section titled “Some interesting features”Front-end app indexing
Section titled “Front-end app indexing”When working in a black-box environment, Single Page Apps can have a lot of ressources. As security practionners, we might sometimes need to go over the page’s source code to understand what is going, retrieve nested endpoints in JS files.
Usage and modes
Section titled “Usage and modes”Different modes are available, which each one having a specific purposes.
Plan mode
Section titled “Plan mode”The plan mode helps build a plan before the exploitation.
Yolo mode
Section titled “Yolo mode”The yolo mode is a full autonomous mode. Defines its own plan and reiterate until it finds an end.
Research mode
Section titled “Research mode”Integration with our usual tooling
Section titled “Integration with our usual tooling”The goal is not to change the way we work, but enhance it. So we wanted to make it possible to keep our usual pentesting workflow. The agent, when configured, can redirects the traffic to the usual testing environment such as Burp and Zap.
To set it up, just add the proxy when starting deadend.
deadend --proxy http://127.0.0.1:8080Continuous state reporting
Section titled “Continuous state reporting”What’s Next?
Section titled “What’s Next?”- Learn the basics in our Getting Started guide
- Explore the API reference
- Check out examples and tutorials