Docs

SimpleSec documentation

SimpleSec is an AI-orchestrated penetration testing platform. It runs the same workflow a senior pentester would — recon, enumeration, validation — at machine speed, with every step recorded. These docs walk you from first login to scanning in CI.

How SimpleSec works

SimpleSec is a web app — you work entirely from the dashboard at app.simplesec.ai. There's nothing to install to get started (internal-network testing is the one exception, covered in Internal network access).

Under the hood every test runs a three-part loop:

The planner decides what to do next. It's an LLM constrained to the services and URLs actually discovered on the target — no hallucinated tools, no scans against things that don't exist.
The executor runs real, industry-standard tools (nmap, nuclei, ffuf, sqlmap and 30+ more) through sandboxed adapters.
The judge reviews each step's output and decides whether to advance to the next phase, retry, or pause for human review.

A test progresses through phases — recon → enumeration → validation — and, for internal engagements, into Active Directory and lateral-movement checks. Findings are only promoted once they're proven, and each one keeps a full evidence chain so it stands up under audit.

Note

The scan keeps running on our servers after you close the browser. You can launch a test, walk away, and come back to the results — or have them emailed to you when it finishes.

Core concepts

A few terms show up throughout the product and these docs. Worth knowing before you start:

Workspace

Your tenant. All engagements, assets, findings, and team members live inside a workspace. MSPs and consultancies can run several.

Engagement

A scoped testing project — internal, external, or web. It holds the auth config, the network profile, and every test you run against that scope.

Asset

A target SimpleSec tracks (a host, IP, or web app). You don't have to register them — your first scan does it automatically. After that, they act as a scope allow-list.

Scope

The list of hosts a single test is allowed to touch. Every host in scope must match a registered asset.

Test / Scan

One orchestrated run against a scope. The planner drives it through phases; the judge decides whether to advance, retry, or pause.

Finding

A confirmed result with a severity (critical → info) and an evidence chain back to the exact command that produced it.

What's in these docs

The guides below follow the order you'll actually use them in:

Core workflow

Engagements & assets — Define what you're allowed to test and register your targets.
Running a scan — Launch a test, watch the live run, and handle approvals.
Findings & reports — Triage findings, follow the evidence chain, and export reports.

Advanced

Internal network access — Reach internal targets with WireGuard or the deployable agent.
CI/CD & API — Trigger tests from your pipeline and consume the REST API.

Ready to start?

Head to Getting started to create your account and run your first scan, or jump straight to the topic you need from the sidebar.

Authorized testing only

SimpleSec is an offensive-security tool. Only scan targets you own or have explicit written permission to test. You confirm authorization for every scope you define.