An LLM-powered pentester that reads the app like an operator.
Traditional DAST fires thousands of payloads blindly. AOBTD watches the target, understands each endpoint, and sends specialist agents after the bugs that actually matter — with a PoC to prove it.
Thousands of requests, no concept of this is a login form or I already understood this page pattern. High cost, high noise, shallow coverage.
Extracts every form, input and query-param with zero-LLM parsing, groups them by endpoint pattern, and hands the bundle to specialist agents that plan targeted probes — then proves each finding.
Everything persists to a single SQLite store — the web UI reads the same DB, so any historical scan replays like a live one.
Login flows, weak credentials, JWT handling, session logic.
SQLi in login and generic params, reflection points, payload surfaces.
IDOR, BOLA, tenant crossing — objects you shouldn't be able to reach.
Multi-step exploits — authenticate, then pivot to an access bug.
A medium target runs in ~6 minutes for about $0.90 in LLM spend with MiniMax-M2.7-highspeed.





Severity-sorted reports with request/response PoC, steps to reproduce, impact and remediation.
Keyboard-navigable demo tour through confirmed findings. ← / → / Esc.
Form and input discovery runs without a single LLM call — and keeps running after the budget is spent.
Four levels — ok / warning / critical / exhausted. Reasoners back off; extraction never stops.
Anthropic, OpenAI, or any OpenAI-compatible endpoint — MiniMax, DeepSeek, local Ollama.
Markdown or HTML report in one file. Ctrl+P for a clean PDF.
CLI and web UI share the same store — script a scan, browse it in the UI, or drive the whole thing from the dashboard.