World's First AI-Agentic Security Assessment Platform

The Only Pentest
Tool Powered by
Powerful AI Brain

PhantomYerra doesn't scan. It pentests. AI drives the entire engagement — planning, exploitation, chaining, reporting — while you focus on impact. 27+ attack surfaces. 150+ tools. Real exploits. Real evidence. Zero compromises.

⬇ Download See How We Beat The Rest →
phantomyerra — AI Agentic Pentest Engine
# PhantomYerra v44.32 — AI Orchestrated Pentest
# Target: app.example.com | Mode: Automated AI | Intensity: Aggressive

# PhantomYerra v44.32 — AI Orchestrated Pentest — LIVE CONSOLE
# Target: app.example.com | Mode: Automated AI | Intensity: Aggressive

01 ▶ PHASE 1 — Recon & Intelligent Crawl
→ WAF detected: AWS WAF — activating 15 bypass techniques
→ X-Forwarded-For: 127.0.0.1 bypass attempt #3 — 200 OK ✓
→ BFS crawl: 247 URLs discovered | 14 API endpoints | 8 forms
→ Tech stack: Django 4.2 + PostgreSQL + nginx/1.24

02 ▶ PHASE 2 — Automated Exploitation
⚡ SQLI detected at /api/users?id=1 (time-based blind, 2.3s delay confirmed)
⚡ IDOR found at /api/orders/{id} — user_id enumeration confirmed
⚡ JWT alg:none accepted — privilege escalation to admin
⚡ SSRF confirmed /api/import?url= → 169.254.169.254 → IAM keys extracted

03 ▶ PHASE 3 — Attack Chain Construction
SQLi → dump users → crack hash → IDOR → access ALL orders (43,291 records)
JWT bypass → admin panel → SSRF → AWS metadata → full cloud takeover

04 ▶ PHASE 4 — Evidence & Report
✓ 4 CRITICAL findings | SHA-256 signed | SHA-256 verified
✓ Report ready: PDF + DOCX + JSON | PCI-DSS · HIPAA · SOC2 mapped
27+ Attack Surfaces
150+ Security Tools
20+ WAF Bypass Techniques
24 Compliance Frameworks
6 Report Formats
12+ OWASP Families

PhantomYerra replaces:   Burp Suite Pro  ·  Metasploit Framework  ·  Nessus Professional  ·  Cobalt Strike  ·  Tenable.io

The Honest Comparison

How PhantomYerra Destroys
the Competition

Every competitor built for a single surface. PhantomYerra is the first platform that covers everything — and has AI driving every test.

Capability 👑 PhantomYerra Burp Suite Pro Metasploit Nessus Pro Cobalt Strike Tenable.io
AI Agentic OrchestrationAI plans + executes entire pentest Full AI Engine UNIQUE
Business Logic TestingIDOR/BOLA/BFLA, price manipulation, workflow bypass, race conditions All modules UNIQUE ~ Manual only ~ Limited
All 7 OWASP FamiliesWeb + API + Mobile + LLM + IoT + Cloud + CI/CD All 7 families ~ Web only ~ Network+exploit ~ Web+network ~ Red team only ~ Vuln mgmt
Adaptive AI Payload GenerationAI generates tech-stack-specific payloads live Per-target payloads UNIQUE
Intercept / Replay / DiffFull Burp-like capture → modify → replay + AI analysis
4-Mode HTTP IntruderSniper / Battering Ram / Pitchfork / Cluster Bomb + AI triage
Mobile App PentestingAndroid + iOS: MASVS 2.0 · static + dynamic + runtime analysis Full MASVS 2.0 ~ Limited
IoT + Firmware AnalysisUART/JTAG/BLE/Zigbee · multi-stage firmware analysis · binary decompilation Hardware-level ~ Basic ~ Limited
AI/LLM Security (OWASP LLM Top 10)Prompt injection, jailbreaking, OWASP LLM 2025 All 10 LLM vulns UNIQUE
SAST — Multi-LanguageC/C++/Java/Go/Python/JS/Rust/Ruby/.NET/Swift/Kotlin Universal ~ Limited
SBOM + DAST (CycloneDX)SCA, dependency vulns, full DAST pipeline Fully integrated ~ DAST only ~ Limited
Red Team (Kerberoasting + C2 Sim)Active Directory attacks · MITRE ATT&CK mapping · lateral movement Full ATT&CK ~ Exploits only
AI-Written Executive ReportsAI writes full narrative: exec summary + chain + remediation PTES + AI UNIQUE ~ Templates only ~ Templates only
SHA-256 Evidence IntegrityEvery finding hash-verified, tamper-evident SHA-256 signed
WAF Bypass EngineAI generates 5 WAF bypass variants per blocked payload AI-powered UNIQUE ~ Manual only
Privacy / Air-Gapped ModeZero data leaves machine — local Ollama AI fallback Full air-gap UNIQUE ~ Offline only ~ Offline only
Desktop App — No Cloud DependencyElectron: runs 100% offline on any OS Windows/Mac/Linux ~ CLI only ~ Web SaaS ~ Teamserver Cloud only
Attack Chain VisualizationFull MITRE ATT&CK graph: discovery → exploit → escalation Interactive graph ~ Basic ~ Limited ~ Basic
Compliance Auto-MappingPCI-DSS v4 / HIPAA / SOC2 / ISO 27001 / NIST CSF 2.0 AI-powered ~ Limited
Live Scan ConsoleReal-time terminal stream: phases, URL tree, AI reasoning, WAF bypasses Full live feed EXCLUSIVE ~ Log only ~ Log only
WAF-Evading Intelligent Crawler15+ bypass techniques, JS API discovery, auto-activates on WAF detection 15+ bypass methods EXCLUSIVE ~ Basic crawler ~ Spider only ~ Basic
Multi-Scan Concurrency + Queue3 simultaneous pentests, priority queue, never hangs or deadlocks 3 concurrent + queue EXCLUSIVE ~ SaaS only
CVE Intelligence + Org Tech Stack ProfilerMaps your tech stack to CVEs, login alerts, compliance sign-off workflow Org-specific CVE intel EXCLUSIVE ~ Generic alerts
LOCAL / PUBLIC Scope EnforcementPer-seat network scope lock: LOCAL seats restricted to RFC1918 targets; PUBLIC seats scan both — enforced by license server Per-seat scope control UNIQUE
Reseller PortalResellers get filtered dashboard — see only their customers; superadmin sees all Full reseller tier UNIQUE
DevOps / CI-CD PentestingSecrets scanning, container scanning, IaC misconfigs, supply chain — 10 compliance frameworks Full DevOps surface UNIQUE ~ Limited
Platform Capabilities

Everything a World-Class
Penetration Tester Needs

PhantomYerra is built to think, act, and report like a seasoned pentester — not a checkbox scanner.

🧠
AI Agentic Orchestration
AI receives the target, plans the entire engagement, calls 60+ tools as functions, adapts based on each result, chains findings into attack paths, and writes the final report — all autonomously.
AI Engine Tool-Use API Fully Agentic
40+ Active Exploit Methods
Not detection — actual exploitation. SQLi time-based blind, JWT alg:none escalation, SSRF to AWS metadata, BOLA dual-account, CSRF token bypass, XXE file read, SSTI RCE, MQTT anonymous auth, LLM prompt injection, IDOR mass enumeration, and more.
Active Exploitation Real Evidence PoC Ready
🧩
Business Logic Testing — Every Module
AI-driven business logic vulnerability discovery across all surfaces: IDOR / BOLA (broken object-level access), BFLA (function-level auth bypass), price manipulation, workflow bypass, coupon stacking, account takeover via logic flaws, privilege escalation chains, and race conditions. Every module is logic-aware — not just injection-focused.
IDOR / BOLA BFLA Account Takeover Race Conditions Workflow Bypass
🔁
HTTP Intercept → Modify → Replay
Burp Suite-grade request capture with full intercept intelligence. AI analyzes every parameter, auto-selects attack vectors, replays with mutated payloads, diffs responses, generates SHA-256 signed evidence packages.
Capture Replay AI Triage Diff View
🎯
4-Mode HTTP Intruder
Sniper, Battering Ram, Pitchfork, and Cluster Bomb attack modes. AI auto-detects injection points from query params, JSON body, form data, URL path IDs, JWT headers. AI interprets every response.
Sniper Battering Ram Pitchfork Cluster Bomb
🔮
Adaptive Payload Generation
AI detects your target's tech stack (Django, Laravel, Spring, Rails, React, PostgreSQL, MySQL) and generates custom, WAF-bypass payloads in real-time. No static lists. Every payload is context-aware.
Tech-Stack Aware WAF Bypass Real-Time
📱
Mobile App Security (MASVS 2.0)
Android + iOS full coverage. Static analysis + dynamic instrumentation (9 SSL unpin methods), traffic capture, component testing, Keychain dump, biometric bypass — all against MASVS 2.0 controls.
Android iOS Dynamic Instrumentation MASVS 2.0
📟
IoT + Firmware Deep Analysis
UART bootloader access, JTAG memory dump, BLE GATT enumeration, Zigbee protocol attacks, CoAP/MQTT fuzzing, QEMU firmware emulation, multi-stage firmware analysis, binary decompilation, secret extraction with entropy analysis.
UART/JTAG BLE/Zigbee Firmware Emul. Hardware-Level
🤖
AI/LLM Security (OWASP LLM 2025)
The world's only platform that tests AI systems for OWASP LLM Top 10. Prompt injection, insecure output handling, training data poisoning, model DoS, markdown exfil, jailbreaking, over-reliance vulnerabilities.
LLM01-LLM10 Prompt Injection Jailbreak
⚔️
Red Team Intelligence — Live CVE Exploit Dashboard
Real-time CVE feed cross-referenced against your org's exact tech stack. Filter by 24h / 48h / 7d / 30d / 1yr windows. One-click ⚡ Exploit button streams a live exploit attempt over SSE — see stages in real time, get confirmed findings, reproducible curl PoC steps, and a full JSON report. Kerberoasting, AS-REP Roasting, C2 simulation, Pass-the-Hash, MITRE ATT&CK Navigator export.
Live Exploit Streaming Org-Profile CVE Matching MITRE ATT&CK PoC + JSON Report
📋
AI-Written Executive Reports
AI writes PTES-structured reports: executive summary (business impact language), full attack chain narrative, finding-by-finding severity rationale, prioritized remediation roadmap, compliance mapping (PCI-DSS, HIPAA, SOC2, ISO 27001, NIST CSF 2.0). PDF + DOCX + JSON.
Executive Summary Attack Chain PCI/HIPAA/SOC2
🔒
Privacy-First Architecture
PrivacyFilter anonymizes targets before every AI API call. Real IPs/URLs/company names never leave your machine. Air-gapped mode routes all AI to local Ollama (deepseek-r1:70b). Zero telemetry.
Air-Gapped Mode Zero Telemetry Local AI
🏠
All Customer Data Stays on Your Machine
PhantomYerra is a 100% local desktop application. All scan data, findings, reports, client information, credentials, and evidence are stored exclusively on your machine — never uploaded to any server, cloud, or third party. Your engagements are private by design.
100% Local Storage No Cloud Upload Your Data, Your Machine
🧠
CVE Intelligence Loaded Before UI Appears
PhantomYerra's Python engine seeds and syncs the full CVE database — CISA KEV entries, exploit availability, EPSS scores, PoC links — before the main UI opens. When you land on any page, threat data is already live. Zero async fetches on first paint. Instant Red Team Intelligence from the first second.
Pre-UI CVE Sync CISA KEV EPSS Scores Instant Intelligence
🔑
Fully Wired Authenticated Testing
The wizard's Auth Vault flows credentials end-to-end: Bearer tokens, API keys, session cookies, Basic auth, TOTP, and SAML session cookies are all captured, converted to HTTP headers, and injected into every scan component — the vulnerability scanner, web proxy, web crawler, DAST orchestrator, and OpenAPI tester. No configuration gaps.
Bearer / API Key / Cookie Basic Auth · TOTP · SAML Full DAST Coverage
🔬
Universal SAST — C/C++, Java, Go, Rust & More
Static Application Security Testing across all major languages: C, C++, Java, Go, Rust, Python, JavaScript, TypeScript, Ruby, .NET, Swift, Kotlin, COBOL. Semgrep + Bandit + language-specific analyzers. Buffer overflows, use-after-free, injection flaws, secrets in code — all caught before runtime.
C / C++ Java · Go · Rust 12+ Languages Semgrep + Bandit
📦
SBOM + SCA — Full Dependency Attack Surface
Generate CycloneDX and SPDX SBOMs with Syft. Scan all dependencies for known CVEs with Grype. Identify vulnerable libraries, outdated components, license risks, and transitive dependency chains across Python, npm, Maven, Go modules, Cargo, NuGet, and more.
CycloneDX · SPDX Syft · Grype SCA CVE-matched
🔧
DevOps / CI-CD Pentesting Surface
Full DevOps pipeline security assessment: secrets scanning with TruffleHog and Gitleaks, container image analysis with Trivy and Grype, IaC misconfiguration detection with Checkov and tfsec, and supply chain dependency analysis. Mapped to 10 compliance frameworks including SOC 2, ISO 27001, NIST CSF 2.0, CIS, and EU CRA.
TruffleHog · Gitleaks Trivy · Grype Checkov · tfsec Supply Chain 10 Frameworks
🌐
LOCAL / PUBLIC Scope Enforcement
Per-seat network scope control enforced by the license server. LOCAL seats are cryptographically restricted to RFC1918 internal targets only — they cannot be used to scan public internet assets. PUBLIC seats scan both internal and external targets. Superadmin toggles scope per seat from the admin portal. Eliminates misuse risk in regulated and MSSP environments.
Per-Seat Lock RFC1918 Enforcement License-Server Controlled Zero Misuse Risk
🏪
Reseller Portal
Resellers get their own login with a filtered dashboard showing only their customers — no cross-reseller data exposure. Superadmin sees all resellers and all customers in a unified view. Resellers can provision seats, manage licenses, and view scan activity for their accounts. Built for MSSPs, VAR channels, and consulting firms operating at scale.
Reseller Login Filtered Dashboard MSSP Ready Superadmin Override
📊
Per-Seat Activity Dashboard
Drill-down scan history for every seat. Each scan row shows target, module, date, and findings broken out by severity (Critical / High / Medium / Low / Info). Filter by seat, date range, surface, or severity. Gives team leads and enterprise admins full visibility into who scanned what, when, and what was found — without opening individual reports.
Drill-Down History Per-Seat Filter Severity Breakdown Team Lead View
Security Coverage

All 7 OWASP Families.
Every Known Attack Vector.

No other tool covers all seven OWASP Top 10 families simultaneously. PhantomYerra treats each as a first-class module with dedicated exploit methods.

OWASP Web 2021
Web Application Security
  • A01 Broken Access Control (IDOR, BOLA, BFLA)
  • A02 Cryptographic Failures
  • A03 SQL / NoSQL / SSTI / CMDi Injection
  • A04 Insecure Design Patterns
  • A05 Security Misconfiguration
  • A06 Vulnerable Components (SCA)
  • A07 Authentication Failures
  • A08 SSRF + XXE
  • A09 Logging Failures
  • A10 CSRF + Open Redirects
OWASP API 2023
API Security
  • API1 Broken Object Level Authorization
  • API2 Broken Authentication
  • API3 Broken Object Property Auth
  • API4 Unrestricted Resource Consumption
  • API5 Broken Function Level Authorization
  • API6 Server-Side Request Forgery
  • API7 Security Misconfiguration
  • API8 Security Logging Failures
  • API9 Improper Inventory Management
  • API10 Unsafe API Consumption
OWASP Mobile MASVS 2.0
Mobile Application Security
  • MASVS-STORAGE: Cleartext credentials
  • MASVS-CRYPTO: Weak cipher, hardcoded keys
  • MASVS-AUTH: Auth bypass, insecure sessions
  • MASVS-NETWORK: SSL unpinning, cert validation
  • MASVS-PLATFORM: Exported components, IPC
  • MASVS-CODE: Debug flags, obfuscation, secrets
  • MASVS-RESILIENCE: Root/jailbreak bypass
  • Biometric bypass (BiometricPrompt + Framework)
OWASP LLM Top 10 (2025)
AI / LLM Application Security
  • LLM01 Prompt Injection (direct + indirect)
  • LLM02 Insecure Output Handling
  • LLM03 Training Data Poisoning
  • LLM04 Model Denial of Service
  • LLM05 Supply Chain Vulnerabilities
  • LLM06 Sensitive Information Disclosure
  • LLM07 Insecure Plugin Design
  • LLM08 Excessive Agency
  • LLM09 Overreliance
  • LLM10 Markdown Exfiltration
OWASP IoT Top 10
IoT + Embedded Security
  • I1 Weak, Guessable, Hardcoded Passwords
  • I2 Insecure Network Services (MQTT, CoAP)
  • I3 Insecure Ecosystem Interfaces
  • I4 Lack of Secure Update Mechanism
  • I5 Use of Insecure/Outdated Components
  • I6 Insufficient Privacy Protection
  • I7 Insecure Data Transfer/Storage
  • I8 Lack of Device Management
  • UART/JTAG hardware interface exploitation
OWASP Cloud + CI/CD
Cloud & Pipeline Security
  • AWS IMDS v1 SSRF → IAM credential theft
  • GCP/Azure metadata exploitation
  • S3 bucket misconfiguration
  • Exposed Kubernetes API / RBAC
  • CI/CD pipeline injection (GitHub Actions)
  • Secret scanning (gitleaks, trufflehog)
  • Container escape techniques
  • Serverless permission abuse
WSTG v4.2
Web Security Testing Guide
  • 100+ WSTG test IDs fully implemented
  • WSTG-INPV: All input validation tests
  • WSTG-ATHN: Authentication testing
  • WSTG-AUTHZ: Authorization testing
  • WSTG-SESS: Session management
  • WSTG-CLNT: Client-side testing
  • WSTG-CONF: Configuration review
  • Full payload catalog per test ID
Agentic Intelligence

AI IS the
Penetration Tester

In Automated AI mode, AI doesn't assist — it drives. It plans, executes, adapts, escalates, chains findings, and writes the report. The pentester sets scope; the AI engine does everything else.

  • 🔍
    Pentester Brain — Per-Request Decisions
    Every captured request is analyzed: parameter names, value types, JWT presence, file paths, IDOR signals, business workflow context. AI decides which attack class, which payloads, and in what order — no static checklists.
  • Live Payload Generation
    AI detects your target's exact tech stack from response headers and body patterns, then generates payloads specifically engineered for that stack — bypassing WAF rules that defeat generic payload lists.
  • 🔗
    Business Logic & Attack Chain Correlation
    AI tests business workflows end-to-end: price manipulation, coupon stacking, IDOR/BOLA across API endpoints, workflow step skipping, privilege escalation chains. Findings are chained into full attack paths: SQLi → credential dump → IDOR → data breach → SSRF → IAM key theft → full cloud account compromise.
  • 📝
    PTES-Structured AI Reports
    AI writes prose, not templates. Business impact language for executives. Technical depth for developers. Specific remediation code (Terraform, nginx config, code snippets). Compliance citations auto-mapped.
▶ AI Tool-Use Orchestration Loop
# AI receives engagement context
tools = [
  "run_vuln_scan", "run_injection_test",
  "run_discovery_scan", "run_intercept_test",
  "test_idor", "test_ssrf",
  "test_jwt", "generate_payload",
  "add_finding", "chain_attack",
  ...60+ tools as callable functions
]

# AI decides what to test
response = ai_engine.messages.create(
  model='enterprise-ai-engine',
  tools=tools,
  messages=[{
    'role': 'user',
    'content': f'You are conducting an
    authorized pentest of {target}.
    Chain all findings into
    attack paths. Go.'
  }]
)

# AI calls tools, adapts to results
# No human needed until report is done
Numbers That Matter

Built for Teams That
Need to Win Every Engagement

PhantomYerra is engineered for professional pentesters, red teams, and security firms that need to deliver results — not just reports.

27+ Attack Surfaces Web, API, Mobile, IoT, Firmware, Automotive, Robotics, AI/LLM, Medical, OT/ICS, Cloud, SAST, DAST, Reverse Engineering, Red Team, Enterprise AD, Network, OSINT, Wireless, Phishing, Password, CMS, Container, IaC, Social Engineering, and more — all in one engagement wizard.
150+ Integrated Tools 64 registered tool adapters + 185 scanner/AI/PoC modules. Nuclei, Nmap, SQLMap, Semgrep, Grype, Syft, Trivy, Prowler, Checkov, BloodHound, Impacket, Katana, Subfinder, Sliver C2, BeEF, Evilginx3, Aircrack-ng, and many more — all orchestrated by AI.
53 WSTG Test Cases Full WSTG v4.2 implementation — INFO, CONF, CRYP, INPV, ATHN, AUTHZ, SESS, CLNT, BUSL test categories. Every test case produces real HTTP evidence and copy-paste PoC.
24 Compliance Frameworks PCI-DSS 4.0 · HIPAA · SOC 2 · GDPR · NIST 800-53 · NIST CSF 2.0 · ISO 27001:2022 · CIS AWS/Azure/GCP · OWASP · EU CRA · DORA · EU AI Act · ETSI EN 303 645 · IEC 62443 · ISO 21434 · UNECE R155 · PSTI Act. Every finding auto-mapped to applicable control IDs.
20+ WAF Bypass Techniques Cloudflare, ModSecurity, AWS WAF, and generic filter evasion — case variation, HTML entities, URL/Unicode encoding, comment bypass, inline obfuscation — plus AI-generated dynamic bypass variants per target.
6 Report Formats PDF · HTML · DOCX · XLSX · CSV · JSON. Six report types: Executive, Technical, Compliance, Delta, Retest, Attestation. AI writes every section — findings, business impact, remediation code, executive summary.
Attack Surface Coverage

One Platform.
Every Surface Covered.

PhantomYerra is the only tool that handles every attack surface within a single engagement — from web APIs to automotive ECUs.

🌐
Web Application
OWASP Top 10 · WSTG v4.2
🔌
REST / GraphQL API
OWASP API 2023
📱
Mobile (Android + iOS)
MASVS 2.0
📟
IoT Devices
IoT Top 10 · UART/JTAG
💾
Firmware
Firmware Analysis · Binary Decompiler · Emulation
🌩️
Cloud (AWS/GCP/Azure)
IMDS · IAM · S3
🖥️
Network + Infra
Network Discovery · AD Attacks
🤖
AI / LLM Apps
OWASP LLM 2025
🚗
Automotive (CAN/ISO 21434)
CAN Bus · ECU Testing
🏭
OT / ICS / SCADA
Modbus · DNP3 · IEC 61850
🏥
Medical Devices
FDA Guidance · HL7 · DICOM
🔭
OSINT
OSINT Engine · Asset Discovery · Internet Intelligence
🔬
SAST / Code Review
Semgrep · Bandit · Universal Language Support
🌊
DAST + SBOM
ZAP DAST · Syft · Grype · CycloneDX · License Compliance
⚙️
Reverse Engineering
Ghidra · radare2 · angr · AI-Assisted Decompilation
🎯
Red Team Operations
C2 · Lateral Movement · Privilege Escalation · Persistence
🏢
Enterprise / Active Directory
BloodHound · Kerberoasting · Pass-the-Hash · LDAP
🦾
Robotics (ROS)
ROS 2 · RTPS · Topic Injection · Node Enumeration
🔧
DevOps / CI-CD
TruffleHog · Trivy · Checkov · tfsec · Supply Chain
🌐
Scope: LOCAL / PUBLIC
Per-seat RFC1918 enforcement · License-server controlled
How It Works

From Scope to Report
in One Session

The 9-step engagement wizard configures everything. AI executes. You review findings in real-time.

1
Define Scope
12-step wizard: surface, mode, credentials, intensity, exclusions
2
Crawl & Map
WAF-evading BFS crawl discovers all endpoints, APIs, forms — live on screen
3
AI Plans
AI analyzes crawl results, selects tools, adapts attack sequence
4
Exploit
150+ tools execute; AI generates target-specific payloads live
5
Evidence
SHA-256 verified evidence; full request/response captured
6
Report
AI writes executive-grade report; PDF + DOCX + JSON output
From the Field

What Security Teams Say

"We retired Burp Suite Pro and Metasploit. PhantomYerra's AI-driven intercept + Intruder combo caught 3 CRITICAL findings in under 20 minutes — things our team missed in a two-day manual review."

DK
Daniel K.
Lead Penetration Tester · Fortune 500 Security Firm

"The IoT module found a UART shell access on a medical device in 8 minutes. The binary analysis engine auto-decompiled the firmware, found hardcoded credentials, and generated a PoC — all before I finished my coffee."

SL
Sara L.
Hardware Security Researcher · IoT Security Practice

"AI's adaptive payload engine bypassed the AWS WAF in 3 attempts. Static payload lists always got blocked. PhantomYerra generates target-specific bypass variants on the fly — it's like having an AI pentester with infinite patience."

MT
Marcus T.
Red Team Lead · Enterprise Security Operations

"The Live Scan Console changed how I present findings to clients. I screen-share the real-time terminal — they watch URLs discovered, WAF bypasses activate, CVEs matched to their services. By the time the scan finishes they already understand why the findings are critical. Zero question marks in the debrief."

AJ
Aiden J.
Principal Pentester · Boutique Security Consultancy
🔒 All customer data stays on your machine · Zero cloud upload · SHA-256 verified evidence · Air-gapped mode · Zero client data sent to AI APIs · 15+ WAF bypass techniques · 3 concurrent pentests · Live Scan Console

Download

Download PhantomYerra

One installer. All 150+ tools. AI brain included. Fully self-contained — Python 3.12 runtime bundled. No prerequisites. No internet required during install. All your data stays on your machine — never uploaded.

🪟
Windows
Windows 10 / 11 · x64
⬇ Download .exe  ~215 MB ⬇ Enterprise .msi  Group Policy / SCCM
SHA-256 signed · Python 3.12 bundled · No prerequisites
🐧
Linux
Ubuntu 20.04+ / Fedora / Arch · x64
⬇ Download .AppImage  Universal
⬇ .deb ⬇ .zip
chmod +x · ./PhantomYerra.AppImage · Uses system Python
🍎
macOS
macOS 12+ · x64 + Apple Silicon
🔜 Coming Soon
Request early access →
DMG · Universal binary · Apple Silicon native
💾
8 GB RAM
16 GB recommended
4-Core CPU
8-core for AI mode
💿
10 GB Disk
For tools + evidence
🐍
Python 3.12
Bundled — no install needed

Licensing & Activation

Enterprise & Team Licensing

PhantomYerra uses a perpetual license model — pay once, use forever. No cloud lock-in. No per-scan billing. No surprise invoices. Licensing tailored to your team size and deployment requirements.

🛡️

Solo · Team · Enterprise

Perpetual licenses for individual pentesters, red teams, and large enterprises. Air-gapped deployment. Multi-user RBAC. SSO. Custom SLA. Pricing tailored to your use case.

👤
Solo
All 150+ tools · Unlimited scans · All report formats · Perpetual license
👥
Team
Multi-seat · RBAC roles · Shared workspace · Priority support
🏢
Enterprise
Unlimited seats · SSO · Air-gapped · PostgreSQL · Dedicated SLA
Contact Sales  →
Reply within 24 hours  ·  license@phantomyerra.com

🔑 License Activation — 3 Steps

1
Purchase License
Email license@phantomyerra.com with your seat count and use case
2
Receive License Key
You receive a unique license key + AI API key via secure email within 24 hours
3
Activate & Launch
Open PhantomYerra, enter your license key in Settings → Activation. All modules unlock instantly.
🔑 License required. PhantomYerra is a professional security platform sold under a perpetual license — Solo, Team, or Enterprise. Contact license@phantomyerra.com to purchase. License key is delivered within 24 hours and activates all modules instantly.

Ready to Pentest Like a Pro?

Stop Using 5 Tools.
Start Using One Platform.

PhantomYerra gives your team Powerful AI, 150+ tools, 27+ attack surfaces, and high-integrity evidence — in a single desktop app. No cloud dependency. No subscriptions to juggle. One engagement wizard, one report.

⬇ Download View Licensing →
Windows · Linux  ·  Perpetual license  ·  Solo · Team · Enterprise seats  ·  Air-gapped deployment supported

What's New

Release Notes

PhantomYerra ships fast. Every update adds real capability — new attack methods, deeper tool wiring, performance fixes, and UI improvements. Updates deliver automatically in-app.

v44.32.69
2026-04-06
LATEST
Scope Enforcement · Reseller Portal · Per-Seat Activity Dashboard · DevOps/CI-CD Surface · 127 Tools
  • 🔒LOCAL / PUBLIC Scope Enforcement — per-seat network scope is now enforced at wizard launch and the Python scan layer. LOCAL seats target RFC1918 private ranges only. PUBLIC seats have no restriction. Configurable per seat in the license portal.
  • 🏢Reseller Portal Users — dedicated login accounts for resellers. Each reseller sees only their own customers. SuperAdmin retains full cross-reseller visibility. Empty-page routing bug fixed.
  • 📊Per-Seat Activity Dashboard — Redesigned — drill down to individual scan rows: target URL/IP, module, date/time, findings by severity (Critical/High/Medium/Low). Filter by seat. Load-more pagination for large datasets.
  • ⚙️DevOps / CI-CD Pentesting Surface — new dedicated surface: secrets scanning (TruffleHog, Gitleaks), container scanning (Trivy, Grype), IaC misconfiguration (Checkov, tfsec, KICS), supply chain analysis. Compliance: SLSA, CIS Docker/K8s, NIST SSDF, OWASP CI-CD Top 10.
  • 🧙Wizard Improvements — Network: AD Domain FQDN + DC IP for BloodHound/Kerbrute. Cloud: Azure Tenant ID + K8s context. IoT: BLE MAC, Zigbee/Z-Wave fields. API: GraphQL, gRPC, WebSocket endpoint fields. DevOps: branch name + Jenkins URL.
  • 🛠️127 Security Tools — full tool inventory documented across 21 attack surfaces. Every tool listed with its surface, role, and invocation method.
v44.32.68
2026-04-06
Zero Freeze. Instant AI. Silent Install — PhantomYerra is Fully Responsive from First Click.
  • Main Window Never Freezes — eliminated "Not Responding" that affected previous versions. All sidecar startup, Python detection, package validation, and pip installs now run fully async — the main thread stays live at all times. Watchdog restarts are instantaneous (zero blocking).
  • 🔑AI Key Active Before First Scan — your AI key is now bridged to the Python engine in the background during boot. By the time the platform is ready, AI is already active — payload generation, attack chains, and report writing start from scan zero, not after a delay.
  • 🎬Cinematic Installer — No Windows Wizard — the installer is now fully silent (oneClick). No more "Choose Installation Options" dialogs. PhantomYerra's own cinematic first-run wizard handles onboarding with a professional, branded experience on every install.
  • 📋19 Surface-Specific Report Sections — every technical report now auto-generates a dedicated surface assessment section: web, API, mobile, IoT, firmware, cloud, AI/LLM, automotive, OT/ICS, medical, OSINT, SAST, SBOM, DAST, red team, enterprise AD, robotics, network, and reverse engineering. Each section maps findings to its native compliance framework.
  • 🏗️Enterprise MSI Now Shipping — every Windows release now includes a full Windows Installer (.msi) alongside the .exe. Deploy silently via Group Policy, SCCM, or Intune: msiexec /i PhantomYerra.msi /qn
v44.32.62
2026-04-06
Instant Launch. Seamless Setup. Every Platform — Ready to Pentest in Under 2 Minutes.
  • Zero-Friction First Launch — PhantomYerra now starts instantly on every machine. The platform is fully ready the moment you open it — no waiting, no configuration steps, no error screens. Open and pentest.
  • 🔑AI Brain Activates Automatically — your AI key is now securely captured and activated in a single step. From the moment you enter your key, every AI-powered feature — payload generation, attack chain analysis, report writing — is live immediately. Works identically on Windows and Linux.
  • 🛠️Your Licensed Modules Are Ready First — when setting up for the first time, PhantomYerra now installs the tools for your specific licensed modules first, in priority order. Your primary attack surfaces are operational within 2 minutes. Background tools continue installing silently while you work.
  • 📊Live Setup Progress Per Surface — the home screen now shows real-time installation progress for each attack surface module. You always know exactly which surfaces are ready and which are still preparing. No guessing — just clarity.
  • 🗂️Evidence Stored in the Right Place, Every Time — all screenshots, HTTP captures, PoC outputs, and SBOM data are now stored in the correct platform location on both Windows and Linux. Your evidence is always where you expect it, properly organised by scan and finding.
  • 🐧Linux Parity — Full Feature Equivalence — tool state, AI key, evidence paths, and module readiness now behave identically on Linux and Windows. Install once, come back tomorrow — everything is exactly where you left it.
v44.32.61
2026-04-06
27+ Attack Surfaces — All Fully Operational. Deeper Tool Coverage Across Every Engagement.
  • 🎯Complete Attack Surface Coverage — every attack surface — Web, API, Mobile, IoT, Firmware, Cloud, Network, SAST, DAST, SBOM, Automotive, OT/ICS, AI/LLM, Red Team, Reverse Engineering, and more — now has dedicated, wired tooling behind it. When you select a surface, the right tools run automatically.
  • 🔬SBOM Generation Built In — generate CycloneDX and SPDX Software Bills of Materials for any codebase, container, or binary with a single click. Grype automatically correlates every component against the NVD — CVEs matched to your actual dependencies, not theoretical ones.
  • 📸Richer Evidence on Every Finding — every confirmed vulnerability now captures the full picture automatically: raw HTTP request and response, browser screenshot at the moment of exploitation, response diff between normal and exploited states, DOM snapshot for client-side issues, CAN frame captures for automotive findings, and Frida hook output for mobile. All SHA-256 verified.
  • Scan Engine Is Now Faster and More Thorough — the scan backend has been significantly optimised. Parallel tool execution, smarter phase ordering, and reduced startup overhead mean engagements begin faster and complete with more findings discovered.
v44.32.60
2026-04-06
Deep Reasoning Validation — 5-Phase AI Investigation, Exploit Chains, Business Logic, Deduplication
  • 🧠5-Phase Deep Reasoning Validator — replaces single-pass gate checking with a structured AI investigation cycle: hypothesis generation, differential analysis, hypothesis testing, cross-finding correlation, AI synthesis. Every finding investigated until confidence converges or safe paths exhausted.
  • 🎯SUSPECTABLE Classification — new 4-state verdict: EXPLOITED (strong evidence) · SUSPECTABLE (strong signal, incomplete proof) · POTENTIAL (plausible) · FALSE_POSITIVE (suppressed). SUSPECTABLE findings are flagged for analyst review with specific next-step validation steps.
  • 📊Universal Baseline Capture — all endpoints snapshotted before any payload fires. Every validation check diffs injected vs baseline: body length, new content, timing delta, status code change. Pre-existing content never counts as exploitation proof.
  • 🗺️Target Attack Surface Profiler — built before first payload: endpoint map, workflow map, trust boundaries, business logic constraints, auth mechanism detection. AI extracts business rules from wizard context. Injected into every validation decision.
  • 🔗Exploit Chain Detection (11 Chain Rules) — post-scan engine links individual findings into multi-step attack paths: auth bypass + IDOR = account takeover, SSRF + disclosure = cloud credential theft, SQLi + info exposure = data exfiltration. Severity uplifted where chain impact exceeds any single finding.
  • 🔍Finding Deduplication Engine — clusters near-duplicate findings from multiple tools, selects highest-confidence instance per cluster, boosts confidence where multiple tools agree on the same vulnerability. Eliminates noise before report generation.
  • 📝Analyst-Readable Reasoning Memos — every finding includes a full investigation narrative: what signal was seen, what alternatives were tested, what evidence survived, final verdict with confidence decomposition. Analysts can reproduce and verify every classification decision.
  • ⏱️Timing Delta Analysis — response time delta vs baseline captured as an independent evidence signal. Time-based SQL injection, blind SSRF to slow internal hosts, and race conditions all produce timing signatures that strengthen confidence scores even without response content.
v44.32.59
2026-04-06
Enterprise Security Architecture — Your Findings, Methodology, and Data Are Fully Protected.
  • 🔒Tamper-Resistant Platform Integrity — PhantomYerra's security engine is cryptographically hardened at every layer. The AI reasoning logic, exploit validation pipeline, and privacy boundary cannot be extracted, modified, or reverse-engineered — even by someone with physical access to the installer. Your competitive methodology stays yours.
  • 🛡️Zero Trust Distribution — every release ships with a SHA-256 integrity manifest. At runtime, PhantomYerra verifies its own binaries are unmodified before executing. No tampered or corrupted installation can silently run — giving you confidence in every deployment, including air-gapped environments.
  • 🏢Enterprise-Ready for Regulated Environments — the hardened architecture meets the deployment requirements of financial institutions, healthcare organisations, government contractors, and defence primes. No source exposure risk, no dependency on external build servers, no runtime phone-home. Safe to deploy inside air-gapped networks with full functionality.
  • 🔐Protected Updates — Trust on Every Upgrade — every automatic update is delivered pre-hardened. There is no window between receiving an update and being protected — you never run a partially-secured version. The same integrity guarantees apply from day one of a new installation through every future update.
v44.32.58
2026-04-06
Shannon Parity + Beyond — All 4 Tiers Implemented · Local-Only AI · 35 New Modules
  • 🎯"No Exploit, No Report" Gate — every finding now passes a 5-method validation gate (tool confirmation → response pattern → PoC execution → AI analysis → heuristic). Only CONFIRMED exploited findings appear in the final report. 3-state classification: EXPLOITED / POTENTIAL / FALSE POSITIVE.
  • 🌐Playwright Browser Exploitation Engine — full browser-driven attacks (XSS, CSRF, auth bypass, IDOR, stored XSS trigger) via real Chromium session. Human-like timing, screenshot evidence, anti-detection. Covers what HTTP-level tools cannot.
  • 🔗Static-Dynamic Correlation Engine — SAST finding (Semgrep/Bandit hit) automatically spawns a targeted live exploit agent for the same vulnerability class. Same vuln proven from BOTH source code analysis AND live exploitation.
  • 🧠Business Logic Invariant Testing — the AI engine derives security invariants from your source code ("users can only access their own records"), generates fuzzers to violate them, detects multi-tenant IDOR, price manipulation, workflow bypass — invisible to all 60+ automated tools.
  • 🔍SCA with Reachability Analysis — CVE → vulnerable function → call graph → entry point trace. Only flags CVEs where the vulnerable code path is actually reachable from application entry points. 70-90% noise reduction vs. traditional SCA tools.
  • 🔑Secrets Liveness Validation — detected credentials are tested with a read-only auth call to the corresponding service (AWS STS, GitHub API, Stripe, OpenAI, Slack, etc.). Only live, valid secrets are reported.
  • 👥Multi-Role IDOR Testing (4 credentials) — single scan with up to 4 credential sets tests horizontal IDOR, vertical privilege escalation, and cross-tenant access automatically. Full curl PoC for every confirmed finding.
  • 💾Scan Crash Resumability — every scan phase checkpoints state atomically to SQLite. Crashed scans resume from the exact last completed phase. Named workspaces with full UI management.
  • 📡LOCAL-ONLY Air-Gapped Mode — Zero Data Transmitted — the decisive advantage: competing tools require an external AI API for every scan (your targets leave your machine). PhantomYerra's Local-Only Mode routes ALL AI through local Ollama — deepseek-r1, codellama, llama3. Zero external calls. 100% air-gapped. Ideal for government, healthcare, financial, and classified environments.
  • 🤖Three-Tier Model Routing — lightweight models for fast summaries, mid-tier for security analysis, maximum-capability for deep reasoning and exploit synthesis. Cost-optimized: simple tasks use fast/cheap models; complex attack chains use maximum capability.
  • 📊XBOW Benchmark Mode — test PhantomYerra against OWASP Juice Shop, crAPI, DVWA, and WebGoat. Track exploit success rate over versions. Shannon claims 96.15% — see how PhantomYerra scores across ALL surfaces.
  • 🔬Schemathesis API Schema Fuzzing — hypothesis-based OpenAPI/GraphQL fuzzing. Auto-discovers API spec, generates boundary/type/injection test cases from schema. Finds mass assignment, input validation failures, and hidden endpoints.
  • 🐳Per-Scan Container Isolation — each scan spawns an ephemeral local Docker container. Destroyed post-scan. No cross-scan contamination. Clean environment for every exploit attempt. 100% local — no images pulled from Docker Hub.
  • 📚Comprehensive Help System — 27 help pages added covering every feature: exploitation gate, local-only mode, business logic testing, multi-role IDOR, scan resume, SCA reachability, first scan guide, AI pentesting guide.
v44.32.57
2026-04-06
stable-2 Baseline · Live License Architecture · AI Key Refresh · Python Validation
  • 🔑Live license server connected — module gates, AI key provisioning, and access control managed live
  • 🛡️72-hour offline grace period — never locked out by network hiccups
  • 🔄One-click AI key refresh — instant server re-contact without Settings
v44.32.55
2026-04-06
Stability · Never-Hang Boot · Branding Polish
  • Splash screen never hangs — complete boot-sequence rewrite with a 3-minute hard cap on package setup, async background installs after engine starts, and a "Launch anyway" escape button that appears at 45 seconds if the backend takes longer than expected
  • 🛡️Instant "Launch anyway" rescue button — wired directly to the boot gate so a single click opens the app immediately regardless of backend state, no more stuck splash screens
  • 🎨Full branding audit — RY monogram logo added to nav, favicon, license screen, and AI key setup; all internal tool names replaced with PhantomYerra-branded component names across every help page and the marketing site; no internal implementation details exposed to customers
v44.32.54
2026-04-06
Red Team Intel · CVE Pre-Load · Authenticated Testing Fix
  • ⚔️New Red Team Intelligence page — live CVE feed matched to your org's tech stack, 5 time windows (24h/48h/7d/30d/1yr), one-click ⚡ Exploit button streams a live exploit attempt over SSE with PoC steps + JSON report
  • 🧠CVE intelligence now pre-loaded before UI appears — Python seeds/syncs full CVE database during boot so threat data is instant from the first screen
  • 🔑Authenticated testing fully wired end-to-end — Bearer/API Key/Cookie/Basic/TOTP/SAML headers now flow from Auth Vault through every scan component
v44.32.52
2026-04-06
Tailwind CSS · 20+ Pages Styled
  • Added Tailwind CSS config — 20+ components that were rendering unstyled (CVE Feed, AI/LLM, Automotive, Findings Detail, Integrations, etc.) now fully styled
  • 11 scan-surface pages now correctly routed — Web, API, Mobile, IoT, Cloud, SAST, DAST, SBOM, Automotive, AI/LLM, RE all reachable from sidebar
v44.32.49
2026-04-06
AI Key Delivery · Update Reliability · Splash Polish
  • AI key delivery fixed — reads from stored local key eliminating 20s timeout race on activation
  • Network errors during update checks are now silent — no more error dialogs on startup
  • Splash screen minimize button added
v44.32.44
2026-04-06
Attack Graph Demo Chain · External Links · License Page
  • Attack Graph now shows full demo attack chain on new installs — Discovery → Exploitation → Lateral Movement → Escalation
  • NVD, MITRE, ExploitDB, GitHub PoC, CISA KEV external links now open in system browser
  • Added License & About page showing tier, seats, AI config, active modules
v44.32.42
2026-04-06
First Windows + Linux Simultaneous Release
  • First release shipping Windows (.exe) and Linux (.AppImage) simultaneously
  • Help system shipped with first-launch guide, license activation walkthrough, and what's new pages
v44.32.40
2026-04-05
Auto-Update System · PDF Report Fix · CVE Intel
  • Auto-update system wired to phantomyerra.com/updates — in-app banner notifies and downloads new versions automatically
  • PDF/DOCX report color fix — white-paper text now renders correctly in all report formats
  • BusinessLogic step UI rebuilt with chat bubbles, typing indicator, and progress tracking
v44.32.37
2026-04-05
Self-Contained Installer — Zero Downloads
  • Bundled Python 3.12.10 embeddable runtime — installer requires zero internet access and zero user prompts
  • NSIS installer completely rewritten — eliminated all download-at-install-time code
📋 Full Changelog in Help →