Loading...
Loading...
Run an AWS Security Agent penetration test against a live web application — registers and verifies the target domain, exercises the supplied endpoints with the managed Security Agent service, and returns verified runtime findings. Use when the user asks to pentest, run a penetration test, test their app's attack surface, find runtime vulnerabilities, register or verify a target domain, or check pentest status / findings.
npx skill4agent add aws/agent-toolkit-for-aws pentesting-with-aws-security-agentsetup-security-agent.security-agent/config.json| Placeholder | How to resolve |
|---|---|
| |
| |
| |
| |
| |
| |
| |
.security-agent/config.jsonsetup-security-agentaws securityagent batch-get-agent-spaces --agent-space-ids <id>agent_space_idconfig.jsonsetup-security-agent<target>aws securityagent create-target-domain --agent-space-id <id> \
--target-domain-name <domain> --verification-method HTTP_ROUTE.well-known/...aws securityagent verify-target-domain --agent-space-id <id> --target-domain-id <td-id>target_domain_id.security-agent/config.jsontarget_domains: { "<domain>": "<td-id>" }pentest-<timestamp>aws securityagent create-pentest --agent-space-id <id> --title <title> \
--service-role <role-arn> \
--assets endpoints=[{uri=https://example.com/api/login},{uri=https://example.com/api/upload}]pentestIdaws securityagent start-pentest-job --agent-space-id <id> --pentest-id <pentest-id>pentestJobId.security-agent/pentests.json[]{
"pentest_id": "p-...",
"pentest_job_id": "pj-...",
"agent_space_id": "as-...",
"title": "pentest-...",
"endpoints": ["https://..."],
"started_at": "2026-06-01T20:00:00Z",
"status": "IN_PROGRESS"
}sleep 900aws securityagent batch-get-pentest-jobs --agent-space-id <id> --pentest-job-ids <pj-id>statusCOMPLETEDFAILEDSTOPPEDCOMPLETEDaws securityagent list-findings --agent-space-id <id> --pentest-job-id <pj-id>nextToken--next-token <token>aws securityagent batch-get-findings --agent-space-id <id> --finding-ids <id1> <id2> ...🟣 CRITICAL: {name}
Endpoint: {endpoint}
{description}.security-agent/pentest-{pentest_job_id}.md.security-agent/pentest-{pentest_job_id}.mdaws securityagent stop-pentest-job --agent-space-id <id> --pentest-job-id <pj-id>create-pentesttarget_domain_idconfig.jsonValidationExceptionverify-target-domaintarget domain not verifiedIN_PROGRESSAccessDeniedSecurityAgentScanRole