NeuroStrike
On-Prem Agent
Enterprise

Penetration test your entire internal network.

Deploy a lightweight agent inside your network. It sweeps entire subnets, fingerprints every service, detects and verifies known CVEs with proof-of-concept, and hunts for zero-day vulnerabilities — autonomously. No firewall changes. No VPN. No exposed ports.

Request a DemoSee How It Works
PCI DSS 11.3SOC 2 Type IIISO 27001NIS2 / DORA
neurostrike-agent — live scan

Who it's for

Built for teams that own infrastructure

Whether you manage 10 servers or 10,000 — if it runs on your network, NeuroStrike tests it.

Enterprise Security Teams

Continuous penetration testing of internal networks without hiring more pentesters. Automate what used to be a quarterly engagement.

MSPs & Resellers

Offer AI-powered network pentesting as a managed service. White-label ready. Deploy agents across customer networks with centralized management.

SMBs Without Security Teams

Get enterprise-grade penetration testing without enterprise costs. Deploy in minutes, get actionable breach reports — no security expertise required.

How It Works

Deploy in minutes. Breach report by morning.

1

Deploy the agent

A single Docker container or static Go binary. Runs unprivileged. The agent connects outbound to our relay via encrypted WebSocket — no inbound firewall rules, no VPN, no port forwarding.

Single docker compose up command
Hardware fingerprint binds agent to machine
Outbound WSS :443 only — works through corporate proxies
Zero shell access — sandboxed command execution
$ docker compose up -d neurostrike-agent
[agent] Binding hardware fingerprint...
[agent] SHA-256:a3f8c7...21d9 ✓
[agent] WSS tunnel → relay.neurostrike.com:443
[agent] Agent ONLINE — awaiting scan tasks
Your Network
win-dc01:445 :3389 :88
db-prod:5432 :6379 :3306
app-server:80 :443 :22
iot-gateway:502 :44818
file-srv:21 :445 :139
Agent Online
WSS :443
encrypted
outbound only
NeuroStrike Cloud
AI Scan Engine
CIDR Enforcer
Report Builder
Scope Lock
10.0.0.0/24
2

Define your scope

Set a CIDR range (e.g. 10.0.0.0/24) and hit scan. The AI engine orchestrates multiple specialist agents in parallel — each one focused on a different attack vector. Scope is enforced server-side; the agent can never reach outside your defined range.

CIDR-scoped targets enforced at relay and engine level
Parallel agents: recon, infrastructure, auth, zero-day
Each agent adapts based on findings from other agents
Real-time progress visible in dashboard
3

Read your breach report

Every finding includes proof-of-concept commands you can replay. See exactly how the agent chained access across services — the full attack narrative, not a spreadsheet of CVEs. Export compliance-ready PDFs.

Proof-of-concept for every confirmed vulnerability
Attack chain visualization across multiple hosts
Severity, CVSS scoring, and remediation guidance
PDF export for PCI DSS, SOC 2, ISO 27001 audits
NeuroStrikeInternal Network Scan
Scan Active
Active Agents
recon
42 steps
infrastructure
87 steps18 findings
auth_access
34 steps6 findings
zero_day
72 steps3 findings
Findings
CVE-2024-42450: PostgreSQL Auth Bypass
10.0.0.22:5432via infrastructure
Unauthenticated Redis → Webshell ChainZERO-DAY
10.0.0.22:6379via zero_day
Default Credentials: MySQL root:root
10.0.0.22:3306via auth_access
FTP Anonymous Read → .env Credential Leak
10.0.0.30:21via infrastructure
SMB Null Session Enumeration
10.0.0.10:445via infrastructure
Attack Chain: FTP → MySQL → Full DB DumpCHAIN
multi-hostvia zero_day

Capabilities

Not a port scanner. An autonomous attacker.

Each finding shapes the next test. The agent reasons, pivots, and chains — like a human pentester, but faster and more thorough.

Zero-Day Agent — Adaptive Reasoning
Agent reasoning...

AI that reasons about what it finds

Our zero-day agent follows a structured reasoning loop: observe, hypothesize, test, reason, pivot. When it finds an open Redis port with no auth, it doesn't just flag it — it tries to write a webshell, tests lateral movement, and chains access across services.

This is how real attackers operate. No scanner does this.

Full Subnet Discovery

Sweeps entire CIDR ranges with nmap. Every live host, open port, and running service — mapped automatically.

Service Fingerprinting

Exact version detection across 20+ protocols: HTTP, SSH, FTP, MySQL, PostgreSQL, Redis, SMB, RDP, SNMP, LDAP, Modbus, and more.

CVE Detection & Verification

Every detected version cross-referenced against CVE databases. Each match verified with proof-of-concept — not just a signature match.

Credential Testing

Default and common passwords on every authenticated service. MySQL root, Redis no-auth, FTP anonymous, admin panels.

Zero-Day Discovery

AI-driven adaptive reasoning. Probes protocol edge cases, fuzzes inputs, chains cross-service access to find vulnerabilities with no CVE.

Attack Chain Detection

Connects findings across services and hosts. Leaked credential → SSH → database → full dump. The complete attack path.

OT / SCADA / IoT

Tests industrial protocols: Modbus, EtherNet/IP, BACnet. Identifies exposed PLCs and SCADA interfaces on your network.

Multi-Protocol Coverage

HTTP, HTTPS, FTP, SSH, Telnet, MySQL, PostgreSQL, MongoDB, Redis, SMB, LDAP, SMTP, SNMP, RDP, VNC, and more.

Compliance Reports

Every finding mapped to compliance frameworks. Export PDF reports ready for PCI DSS 11.3, SOC 2, ISO 27001, NIS2, and DORA.

Security Architecture

Zero trust by design

The agent is a stateless tool runner. It can't execute shell commands, access arbitrary files, or reach outside your defined scope.

No Shell Access

Commands are parsed into binary + arguments. No pipes, redirects, or shell operators. Metacharacter injection is impossible.

CIDR Scope Enforcement

Every command is validated server-side at the relay before reaching the agent. IP targets, URLs, and DNS lookups are all checked against your defined CIDR range.

Outbound Only

The agent initiates a WSS connection to our relay on :443. No inbound firewall rules needed. Works through corporate proxies and NAT.

Hardware Fingerprint

Agent is cryptographically bound to its host machine via hardware fingerprint. Prevents agent token theft and replay attacks.

JWT Authentication

Agent token → SHA-256 → ES256 JWT with PKCS8 keys. Every command is authenticated and authorized. Tokens are scoped per-organization.

Minimal Footprint

Single static Go binary or Docker container. No root required, no dependencies, no background daemons. Runs unprivileged and uses minimal resources.

Deployment

Your infrastructure, your way

Docker Compose

One command. No root required. Ideal for quick deployments and dev environments. Agent auto-updates via container registry.

docker compose up -d

Bare Metal / Systemd

Single static Go binary. No dependencies, no runtime. Works on air-gapped networks. Managed via systemd unit file.

./neurostrike-agent --token <TOKEN>

Kubernetes

Deploy as a DaemonSet to scan from every node. Helm chart available. Supports node selectors and tolerations for targeted placement.

helm install neurostrike ./chart
Partner Program

Resell AI-powered pentesting to your customers

MSPs, MSSPs, and security consultancies: offer NeuroStrike as a managed service. Deploy agents across customer networks, manage scans centrally, and deliver branded breach reports — without hiring pentesters.

Multi-tenant management — one dashboard, all customers
White-label reports with your branding
Volume-based pricing with partner margins
Dedicated partner engineering support
Co-marketing and lead referral programs
Become a Partner
10 min
Average deploy time
24/7
Continuous testing
20+
Protocols tested
0
Firewall changes

Get Started

See what an attacker sees. Before they do.

Request a demo and we'll show you a live scan against a test environment — subnet sweep, CVE detection, and zero-day discovery in under 15 minutes.

Request a DemoPartner With Us
NeuroStrike | Autonomous Attack Simulation Platform