### Configure Apex Environment Variables Source: https://github.com/pensarai/apex/blob/canary/fern/docs/getting-started.mdx This command copies the example environment file and then instructs the user to edit the new .env file to add their API keys. This is a crucial step for authenticating with AI providers. ```bash cp env.example .env # Edit .env and add your API keys ``` -------------------------------- ### Clone Apex Repository and Navigate to Container Directory Source: https://github.com/pensarai/apex/blob/canary/fern/docs/getting-started.mdx This command clones the Apex repository from GitHub and then navigates into the container directory, which is necessary for setting up the Kali Linux environment. ```bash git clone https://github.com/pensarai/apex.git cd apex/container ``` -------------------------------- ### Install Pensar Apex CLI Source: https://github.com/pensarai/apex/blob/canary/fern/docs/intro.mdx Provides various installation methods for the Pensar Apex CLI tool across different operating systems and package managers. Ensure you have the necessary prerequisites like Node.js for the npm installation method. ```bash curl -fsSL https://pensarai.com/install.sh | bash ``` ```bash brew tap pensarai/tap brew install apex ``` ```powershell irm https://www.pensarai.com/apex.ps1 | iex ``` ```bash npm install -g @pensar/apex ``` -------------------------------- ### Pensar Apex CLI Commands for Pentesting and Management Source: https://github.com/pensarai/apex/blob/canary/fern/docs/getting-started.mdx A collection of common command-line interface commands for Pensar Apex, used for running penetration tests, managing projects and issues, authentication, and system maintenance. ```bash pensar pentest --target # Run a full pentest orchestration ``` ```bash pensar targeted-pentest --target # Run a targeted pentest ``` ```bash pensar auth login # Connect to Pensar Console from the CLI ``` ```bash pensar auth status # Show current auth connection status ``` ```bash pensar auth logout # Disconnect from Pensar Console ``` ```bash pensar projects # List workspace projects ``` ```bash pensar pentests # List/get/dispatch pentests ``` ```bash pensar issues # List/get/update security issues ``` ```bash pensar fixes # List/get security fixes ``` ```bash pensar logs # List/search agent execution logs ``` ```bash pensar upgrade # Update to the latest version ``` ```bash pensar doctor # Check & install optional dependencies ``` ```bash pensar uninstall # Fully remove Pensar (interactive) ``` ```bash pensar uninstall --force # Fully remove Pensar (no confirmation) ``` -------------------------------- ### Start Apex Docker Compose Services Source: https://github.com/pensarai/apex/blob/canary/fern/docs/getting-started.mdx This command builds and starts the Docker Compose services for Apex in detached mode. It ensures all necessary containers, including the Kali Linux environment, are running. ```bash docker compose up --build -d ``` -------------------------------- ### Example: Get Fix Details (Bash) Source: https://github.com/pensarai/apex/blob/canary/fern/docs/cli/fixes.mdx An example showing how to retrieve detailed information, including the code diff, for a specific security fix identified by 'fix_jkl012'. This command is part of the 'pensar fixes' suite. ```bash # Get details and diff for a specific fix pensar fixes get fix_jkl012 ``` -------------------------------- ### Launch and Configure Apex Operator Session Source: https://github.com/pensarai/apex/blob/canary/fern/docs/commands/operator.mdx Demonstrates how to initialize the Apex CLI and start an interactive operator session, including optional flag usage for target definition and mode selection. ```bash # Start Apex pensar # Launch operator session /operator # Or with flags for quick start /operator --target https://api.example.com --mode manual ``` -------------------------------- ### Pentest CLI Examples Source: https://github.com/pensarai/apex/blob/canary/fern/docs/cli/pentest.mdx Demonstrates various ways to use the `pensar pentest` command. Examples include basic blackbox testing, whitebox testing with source code, specifying an AI model, and using the 'exfil' mode for flag extraction. ```bash # Basic blackbox pentest pensar pentest --target https://example.com # Whitebox pentest with source code access pensar pentest --target https://example.com --cwd ./my-app # Specify a model pensar pentest --target https://example.com --model claude-sonnet-4-5 # Exfil mode for CTF-style flag extraction pensar pentest --target https://example.com --mode exfil ``` -------------------------------- ### Install Pensar Apex via Homebrew (macOS) Source: https://github.com/pensarai/apex/blob/canary/fern/docs/getting-started.mdx Installs Pensar Apex using the Homebrew package manager on macOS. This requires Homebrew to be installed on your system. ```bash brew tap pensarai/tap brew install apex ``` -------------------------------- ### Build, Test, and Deploy Benchmarks (Bash) Source: https://github.com/pensarai/apex/blob/canary/benchmarks/argus/chain-benchmarks-design.md This script outlines the standard verification protocol for each implemented benchmark. It includes building Docker images, starting services, confirming vulnerabilities, running automated exploits, and cleaning up resources. The commands are executed using 'make' for build, up, test, exploit, and down/clean operations. ```bash # 1. Build all images make build # 2. Start services, verify healthchecks make up # 3. Confirm vulnerability exists make test # 4. Run automated exploit, verify flag capture make exploit # Expected: "[+] FLAG: FLAG{...}" and exit code 0 # 5. Clean up make down && make clean ``` -------------------------------- ### Build and Start Apex Container Source: https://github.com/pensarai/apex/blob/canary/container/README.md Commands to build the Docker image without cache and start the container services in detached mode. This assumes the user has configured the .env file in the container directory. ```bash cd container docker compose build --no-cache docker compose up -d ``` -------------------------------- ### Install Pensar Apex (macOS/Linux) Source: https://github.com/pensarai/apex/blob/canary/README.md Installs Pensar Apex using a curl script for quick setup on macOS and Linux systems. This method downloads and executes an installation script directly from the web. ```bash curl -fsSL https://pensarai.com/install.sh | bash ``` -------------------------------- ### Enter the Kali Linux Apex Container Source: https://github.com/pensarai/apex/blob/canary/fern/docs/getting-started.mdx This command allows you to enter the running Kali Linux container for Apex. Once inside, you can execute Apex commands directly. ```bash docker compose exec kali-apex bash ``` -------------------------------- ### Initiate Pentest Session via CLI Source: https://github.com/pensarai/apex/blob/canary/fern/docs/commands/pentest.mdx Commands to launch the penetration testing wizard or start a session directly using flags. The wizard provides an interactive interface, while flags allow for automated execution. ```bash /pentest ``` ```bash /pentest --target https://example.com --tier 3 ``` ```bash # Start Apex pensar # Launch pentest wizard /pentest ``` -------------------------------- ### Setup and Run Kali Linux Container for Apex Source: https://github.com/pensarai/apex/blob/canary/README.md Sets up and runs Pensar Apex within a preconfigured Kali Linux Docker container for enhanced performance and access to pentesting tools. This involves copying an environment file, starting the container, and accessing its shell. ```bash cd container cp env.example .env # add your API keys docker compose up --build -d docker compose exec kali-apex bash ``` -------------------------------- ### Start Login Flow with 'pensar auth login' Source: https://github.com/pensarai/apex/blob/canary/fern/docs/cli/auth.mdx Executes the 'pensar auth login' subcommand to start the device authorization flow. This process involves obtaining a device code, verifying it in a browser, selecting a workspace, and storing authentication tokens locally. ```bash pensar auth login ``` -------------------------------- ### Install Pensar Apex (npm) Source: https://github.com/pensarai/apex/blob/canary/README.md Installs Pensar Apex globally using the Node Package Manager (npm). This is suitable for users who have Node.js and npm installed. ```bash npm install -g @pensar/apex ``` -------------------------------- ### Example: List Fixes (Bash) Source: https://github.com/pensarai/apex/blob/canary/fern/docs/cli/fixes.mdx An example demonstrating how to list all suggested fixes for an issue identified by 'issue_ghi789'. This command is part of the 'pensar fixes' suite for managing security vulnerabilities. ```bash # List fixes for an issue pensar fixes issue_ghi789 ``` -------------------------------- ### Install Pensar Apex (Homebrew) Source: https://github.com/pensarai/apex/blob/canary/README.md Installs Pensar Apex using the Homebrew package manager on macOS. This involves tapping the Pensar AI repository and then installing the Apex package. ```bash brew tap pensarai/tap && brew install apex ``` -------------------------------- ### POST /pentest Source: https://github.com/pensarai/apex/blob/canary/fern/docs/commands/pentest.mdx Initiates an autonomous penetration testing session. This endpoint can be used via a command-line interface, guiding the user through a wizard or accepting flags for direct configuration. ```APIDOC ## POST /pentest ### Description Initiates an autonomous penetration testing session using Apex. The process can be guided by an interactive wizard or configured directly using command-line flags. ### Method POST ### Endpoint /pentest ### Parameters #### Query Parameters - **target** (string) - Required - The primary URL to test. - **name** (string) - Optional - The name for the penetration testing session. - **tier** (integer) - Optional - The auto-approve permission tier (1-5). - **model** (string) - Optional - The AI model to use for the test. - **auth-url** (string) - Optional - The URL of the login page for authenticated testing. - **auth-user** (string) - Optional - The username for authentication. - **auth-pass** (string) - Optional - The password for authentication. - **auth-instructions** (string) - Optional - Custom instructions for complex authentication flows. - **hosts** (string) - Optional - Comma-separated list of allowed hostnames for the test scope. - **ports** (string) - Optional - Comma-separated list of allowed ports for the test scope. - **strict** (boolean) - Optional - Enables strict scope mode, limiting testing to only allowed hosts and ports. - **headers** (string) - Optional - Specifies the header mode: 'none', 'default', or 'custom'. - **header** (string) - Optional - Custom header in 'Name:Value' format. Can be repeated for multiple headers. ### Request Example ```bash /pentest --target https://example.com --tier 3 --name "MyTestSession" --hosts "example.com,api.example.com" --ports "443,8080" ``` ### Response #### Success Response (200) - **session_id** (string) - The unique identifier for the initiated pentest session. - **status** (string) - The current status of the pentest session (e.g., 'initializing', 'running'). #### Response Example ```json { "session_id": "sess_abcdef123456", "status": "initializing" } ``` ``` -------------------------------- ### Manage Interactive Operator Sessions Source: https://context7.com/pensarai/apex/llms.txt Starts an interactive TUI session for real-time AI collaboration. Supports manual or planned modes and provides various keyboard shortcuts for tool approval and session control. ```bash /operator --target https://example.com \ --name investigation-session \ --mode plan \ --autopilot \ --model claude-opus-4-5 ``` -------------------------------- ### Run Apex Benchmark Runner (Bun) Source: https://github.com/pensarai/apex/blob/canary/benchmarks/argus/chain-benchmarks-design.md This command executes the Apex benchmark runner using Bun. It specifies the branches to test and the AI model to be used for evaluation. This is part of the post-implementation verification process to assess AI agent performance against the benchmarks. ```bash bun run apex-benchmark -- --branches APEX-XXX-25 --model claude-haiku-4-5 ``` -------------------------------- ### Run Pensar Apex TUI Source: https://github.com/pensarai/apex/blob/canary/README.md Launches the Text-based User Interface (TUI) for Pensar Apex. This command is used after installation to start the interactive penetration testing environment. ```bash pensar ``` -------------------------------- ### Configure Docker Compose for Network Scanning Source: https://github.com/pensarai/apex/blob/canary/fern/docs/getting-started.mdx This configuration snippet, when added to `docker-compose.yml`, sets the Docker network mode to 'host'. This is recommended for Linux users to enable comprehensive network scanning capabilities within Apex. ```yaml services: kali-apex: # ... other configurations ... network_mode: host ``` -------------------------------- ### Open Theme Picker - Bash Source: https://github.com/pensarai/apex/blob/canary/fern/docs/commands/themes.mdx Opens an interactive theme picker to browse and select available themes. This command has an alias '/theme'. ```bash # Opens an interactive theme picker /themes ``` -------------------------------- ### Configure AI Providers Source: https://context7.com/pensarai/apex/llms.txt Sets up AI provider API keys for Apex testing. Supports TUI-based configuration or environment variable injection for providers like Anthropic, OpenAI, and AWS Bedrock. ```bash export ANTHROPIC_API_KEY="your_key_here" export OPENAI_API_KEY="your_key_here" /providers ``` -------------------------------- ### Install Pensar Apex (Windows PowerShell) Source: https://github.com/pensarai/apex/blob/canary/README.md Installs Pensar Apex on Windows using PowerShell. This command downloads and executes an installation script from the web. ```powershell irm https://www.pensarai.com/apex.ps1 | iex ``` -------------------------------- ### API Version Downgrade Attack (Go) Source: https://github.com/pensarai/apex/blob/canary/benchmarks/argus/chain-benchmarks-design.md This Go code snippet, using the Gin framework, shows how an API version downgrade attack can be performed. By sending a specific `Accept-Version` header (e.g., `v1`), a request intended for the more secure v2 API can be routed to the legacy v1 code, which may lack proper authentication checks. ```go package main import ( "github.com/gin-gonic/gin" "net/http" ) func main() { router := gin.Default() // v2 API route v2 := router.Group("/api/v2") v2.GET("/users/:id", func(c *gin.Context) { version := c.GetHeader("Accept-Version") if version == "v1" { // Route to v1 handler if version is v1 HandleV1UserRequest(c) // Assuming this function exists and is vulnerable return } // Handle v2 request normally userID := c.Param("id") c.JSON(http.StatusOK, gin.H{ "message": "Data from v2 API for user " + userID, "version": "v2", }) }) router.Run(":8080") } func HandleV1UserRequest(c *gin.Context) { // This function represents the legacy v1 API handler // It might lack proper authentication checks, allowing unauthorized access userID := c.Param("id") c.JSON(http.StatusOK, gin.H{ "message": "Data from v1 API (vulnerable) for user " + userID, "version": "v1", }) } // Example request: // GET /api/v2/users/1 // Headers: {"Accept-Version": "v1"} ``` -------------------------------- ### Run Apex Tests with Bun Source: https://github.com/pensarai/apex/blob/canary/CONTRIBUTING.md Executes the test suite for the Apex project using the Bun runtime. This command ensures that new changes do not introduce regressions. ```bash bun run test ``` -------------------------------- ### Switch Theme by Name - Bash Source: https://github.com/pensarai/apex/blob/canary/fern/docs/commands/themes.mdx Directly switches to a specified theme by its name. The theme name is case-insensitive. ```bash # Switch directly to a named theme (e.g., 'darkly') /themes darkly ``` -------------------------------- ### Execute Penetration Test with Authentication Source: https://context7.com/pensarai/apex/llms.txt Configures and initiates a penetration test session using specific target URLs, authentication credentials, and model selection. This command supports strict scope modes and custom header configurations. ```bash /pentest --target https://example.com \ --name production-api-test \ --tier 3 \ --model claude-sonnet-4-5 \ --auth-url https://example.com/login \ --auth-user testuser \ --auth-pass testpass123 \ --hosts api.example.com,cdn.example.com \ --ports 443,8080 \ --strict \ --headers default ``` -------------------------------- ### Get Issue Details Source: https://github.com/pensarai/apex/blob/canary/fern/docs/cli/issues.mdx Returns detailed information about a specific issue, including vulnerability description, reproduction steps, and severity. ```APIDOC ## GET /issues/{issueId} ### Description Returns detailed information about a specific issue. ### Method GET ### Endpoint /issues/{issueId} ### Path Parameters - **issueId** (string) - Required - The unique identifier of the issue to retrieve. ### Response #### Success Response (200) - **issueId** (string) - The unique identifier for the issue. - **title** (string) - The title of the issue. - **description** (string) - A detailed description of the vulnerability. - **severity** (string) - The severity level of the issue. - **status** (string) - The current status of the issue. - **reproductionSteps** (string) - Steps to reproduce the vulnerability. - **scanId** (string) - The ID of the scan the issue belongs to. - **branch** (string) - The branch the issue is associated with. #### Response Example ```json { "issueId": "issue_ghi789", "title": "SQL Injection Vulnerability", "description": "The application is vulnerable to SQL injection attacks.", "severity": "critical", "status": "open", "reproductionSteps": "1. Navigate to the login page. 2. Enter ' OR '1'='1 in the username field.", "scanId": "scan_uvw456", "branch": "develop" } ``` ``` -------------------------------- ### User Registration API Source: https://github.com/pensarai/apex/blob/canary/benchmarks/argus/chain-benchmarks-design.md Allows for the registration of new users. This endpoint is vulnerable to Tenant Header Injection and Mass Assignment, allowing an attacker to register a user in an unintended tenant's namespace. ```APIDOC ## POST /api/v1/register ### Description Registers a new user. Vulnerable to Tenant Header Injection and Mass Assignment. ### Method POST ### Endpoint /api/v1/register ### Parameters #### Query Parameters - **X-Tenant-Id** (string) - Optional - The tenant ID to associate the user with. Can be overridden by the attacker. #### Request Body - **username** (string) - Required - The desired username. - **password** (string) - Required - The user's password. - **email** (string) - Required - The user's email address. ### Request Example ```json { "username": "attacker_user", "password": "insecure_password", "email": "attacker@example.com" } ``` ### Response #### Success Response (200) - **message** (string) - Success message. - **user_id** (string) - The ID of the newly created user. #### Response Example ```json { "message": "User registered successfully.", "user_id": "some-user-id" } ``` ``` -------------------------------- ### Manage Projects and Pentests Source: https://context7.com/pensarai/apex/llms.txt Interacts with the Pensar Console API to list projects and manage scan lifecycles. Allows users to dispatch new scans and retrieve detailed scan information. ```bash pensar projects pensar pentests proj_abc123 pensar pentests dispatch proj_abc123 --branch main --level full ```