Skip to main content
The pensar quicktest command performs a rapid, objective-focused penetration test against a target without running full attack surface discovery.

Synopsis

pensar quicktest --target <target> --objective <objective> [options]

Description

Quicktest is optimized for fast, targeted security testing when you:
  • Want to test a specific hypothesis quickly
  • Already know what vulnerability to look for
  • Need rapid feedback during development
  • Have time constraints
Quicktest skips the full attack surface discovery phase. For comprehensive testing, use pensar pentest instead.

Required Arguments

--target
string
required
Target URL, domain, or IP address to test.
pensar quicktest --target https://example.com --objective "..."
Can be:
  • Full URL: https://api.example.com
  • Domain: example.com
  • IP address: 192.168.1.100
  • Localhost: http://localhost:3000
--objective
string
required
Testing objective or hypothesis.
pensar quicktest \
  --target https://example.com \
  --objective "Test for SQL injection in login form"
Be specific about what you want to test.

Options

--model
string
default:"claude-sonnet-4-5"
AI model to use for testing.
pensar quicktest --target ... --objective ... --model claude-opus-4
--headers
string
default:"default"
Header mode for requests.Values:
  • none - No custom headers
  • default - Add User-Agent: pensar-apex
  • custom - Use custom headers defined with --header
pensar quicktest --target ... --objective ... --headers custom
--header
string
Add custom header (requires --headers custom).
pensar quicktest \
  --target api.example.com \
  --objective "Test API authentication" \
  --headers custom \
  --header "User-Agent: pensar_client123" \
  --header "X-Custom-Header: value"
Can be specified multiple times for multiple headers.

Examples

Test Specific Vulnerability

pensar quicktest \
  --target http://localhost:3000 \
  --objective "Find SQL injection vulnerabilities"

==========================================================
QUICKTEST
==========================================================
Target:     http://localhost:3000
Objective:  Find SQL injection vulnerabilities
Model:      claude-sonnet-4-5

→ Testing objective...
→ Analyzing application behavior...
→ Testing SQL injection payloads...
✓ Found SQL injection in /api/login
→ Creating proof-of-concept...
✓ POC created: poc_sqli_login.sh

==========================================================
RESULTS
==========================================================
Findings:  1 (1 CRITICAL)
Path:      ~/.pensar/sessions/quicktest_abc123/findings.json
POCs:      ~/.pensar/sessions/quicktest_abc123/pocs/
Time:      2m 18s

API Security Testing

pensar quicktest \
  --target https://api.example.com \
  --objective "Test for IDOR vulnerabilities in user endpoints" \
  --headers custom \
  --header "Authorization: Bearer eyJ..."

Development Feedback Loop

Test during development: 
# After implementing a feature
pensar quicktest \
  --target http://localhost:8000 \
  --objective "Test new file upload feature for path traversal"

# Fix any issues found
# Re-test
pensar quicktest \
  --target http://localhost:8000 \
  --objective "Verify file upload path traversal is fixed"

Multiple Custom Headers

pensar quicktest \
  --target api.staging.example.com \
  --objective "Test authentication bypass" \
  --headers custom \
  --header "User-Agent: Mozilla/5.0" \
  --header "X-API-Key: test-key-123" \
  --header "X-Request-ID: pensar-test"

Quicktest vs Pentest

FeatureQuicktestPentest
SpeedFast (2-5 min)Comprehensive (10-30 min)
ScopeSingle objectiveFull attack surface
DiscoveryNoneFull recon & mapping
Best forSpecific testsComplete audit
Use caseDev feedbackProduction testing
Use quicktest during development for rapid feedback. Use pentest for comprehensive security audits.

Writing Good Objectives

Specific and actionable:
"Test for SQL injection in login form"
"Check for IDOR in /api/users/{id} endpoint"
"Test file upload for path traversal"
"Verify JWT token signature validation"
These objectives are:
  • Focused on a single vulnerability class
  • Reference specific components/endpoints
  • Testable with clear pass/fail criteria

Use Cases

Development Testing

Quick security checks during feature development

Hypothesis Testing

Test if a specific vulnerability exists

Regression Testing

Verify security fixes work as intended

Bug Bounty

Quickly test specific attack vectors

Limitations

Quicktest does not perform:
  • Attack surface discovery
  • Subdomain enumeration
  • Service fingerprinting
  • Comprehensive endpoint mapping
For complete security coverage, use pensar pentest.

Troubleshooting

Possible reasons:
  1. Vulnerability doesn’t exist - The specific issue may not be present
  2. Objective too narrow - Try a broader objective or use pentest
  3. Target unreachable - Verify network connectivity
  4. Authentication required - Add auth headers with --header
You must specify at least one objective:
pensar quicktest --target example.com --objective "Test for XSS"
Ensure you set --headers custom:
# Wrong:
pensar quicktest --target ... --header "Auth: token"

# Right:
pensar quicktest --target ... --headers custom --header "Auth: token"

Next Steps

Full Pentest

Run comprehensive security testing

Targeted Pentest

Multiple objectives with full discovery

Environment Variables

Configure API keys and headers

Findings

Understand vulnerability findings