I built ModernPentest to run continuous automated pentests on any web application or API. Setup takes 5 minutes, and you get a full report with exploitable vulnerabilities in under an hour.
How it works:
- AI agents (Claude Agents SDK) coordinate a multi-stage testing pipeline: discovery, parallel vulnerability testing (injection, access control, authentication), consolidation, and report generation
- Agents run on GCP Cloud Run Jobs (containerized)
- Real-time progress updates via Convex WebSockets
- Security tools: Nuclei, SQLMap, httpx, and custom checks for specific platforms
What it tests:
- Any web application or API (Next.js apps, WordPress sites, Django backends, etc.)
- Deep checks for Supabase RLS policy bypasses and Firebase security rule misconfigurations
- API authentication, authorization, and injection vulnerabilities (OWASP API Top 10)
The speed difference matters. Traditional pentests take 2-4 weeks and give you a point-in-time snapshot. By the time you get results, your codebase has changed. We run in under an hour, so you can test after every deployment.
Remediation validation is another pain point. When you fix a vulnerability, you usually wait 5-10 days for a consultant to verify. Our agents verify your fix in about 5 minutes.
Pricing: $500/month gets you 24 pentests per year (monthly automated + on-demand), SOC 2-ready reports, and remediation tracking. That's $6K/year vs $15K+ for a single traditional pentest.
Tech stack: Next.js frontend, Convex backend, scanning agents on GCP running with Claude Agents SDK.
Demo: https://modernpentest.com
Happy to answer questions about the agent architecture, detection methodology, or false positive handling.