Claude proposes each test step and you approve, edit, or skip — giving you full control while benefiting from AI-driven analysis and suggestions.
Best for: Senior pentesters who want AI assistance without full automation. Every tool invocation requires explicit human approval. Claude explains its reasoning before each step.
How Semi-Automated Mode Works
PhantomYerra operates as a propose-approve loop. Claude analyzes the current state of the engagement and proposes the next logical step. You review the proposal, optionally edit parameters, and approve or skip. Claude never runs a tool without your explicit approval.
The Propose → Review → Approve Loop
Claude proposes: "Run nmap SYN scan on 192.168.1.0/24 — reason: map live hosts before targeted testing"
You review: See the exact command that will run, estimated duration, and Claude's reasoning
You choose: Approve (run as-is) | Edit (modify parameters) | Skip (move to next proposal) | Stop
Result feeds back: Claude analyzes output and proposes the next action based on findings
When to Use Semi-Automated
Use Semi-Automated when:
✓ You want to learn which tools Claude selects and why
✓ Engagement requires documented human decision-making at each step
✓ Target is sensitive and you want to gate each action
✓ You want to inject manual findings alongside automated ones
✓ Client requires human oversight at every test step (regulated industries)
Prerequisites
Claude API key configured (used for proposals and analysis)
Authorization token from client
Target scope confirmed
Mission Control Wizard completed with "Semi-Automated" selected at Step 2
1
Launch Mission Control Wizard → Select Semi-Automated
From the Home Screen, select your attack surface. In Wizard Step 2 (Engagement Type), select Semi-Automated Mode. Complete the remaining wizard steps as normal.
2
Receive Claude's First Proposal
After the wizard, the Semi-Automated Dashboard opens. Claude's first proposal appears in the Action Queue panel:
Approve: Tool runs immediately. Output streams to the Results panel. Edit: Opens parameter editor. Change flags, wordlists, intensity, timeout, then approve. Skip: Logs the skipped action and moves to next proposal. Stop: Gracefully ends the engagement and saves all results so far.
4
Claude Analyzes Results and Proposes Next Step
After each tool run completes, Claude automatically analyzes the output and generates the next proposal. The proposal chain adapts based on what was found:
Result: 3 subdomains found — api.target.com, admin.target.com, dev.target.com
Proposal #2: "Found admin.target.com — test for default credentials"
Tool : nuclei -t http/default-logins/
Reason : Admin panel detected, high-value target for credential testing
Proposal #3: "Found dev.target.com (status 200, no auth) — test for exposed dev data"
Tool : nuclei -t http/exposures/ + ffuf directory brute-force
Reason : Dev subdomain accessible without authentication — likely misconfigured
5
Add Manual Findings Alongside AI Proposals
At any point, click + Add Manual Finding in the Findings panel to log a finding you discovered independently. Claude will incorporate it into the attack chain analysis.
6
Review Attack Chain and Generate Report
When complete (or when you click Stop), the Attack Chain panel shows how Claude linked all findings. Review, edit the narrative, then generate your report from Reports → Generate.
⏱️ Duration varies based on how quickly you approve steps. Typically 1.5–3× longer than fully automated mode. The proposal queue never moves without your approval.
Dashboard Controls Reference
Action Queue Panel
Approve : Run the proposed tool with current parameters
Edit : Open parameter editor before running
Skip : Log as skipped, advance to next proposal
Batch Mode : Approve all queued low-risk proposals at once
Stop : End engagement, save all results
Parameter Editor
When you click Edit on a proposal, the Parameter Editor opens with all tool flags pre-populated. Common edits:
🟢 Low : Passive only — no active probes sent to target
🟡 Medium : Active probes — traffic visible in target logs
🔴 High : Exploitation attempt — may trigger IDS/WAF alerts
⚫ Critical: Destructive potential — backup recommended first
Audit Trail
Every approval, edit, and skip is recorded in the engagement audit log with timestamp, username, and rationale. This log is included in the final report and satisfies engagement documentation requirements for regulated industries.
Common Issues
Check the AI Activity panel for errors. If Claude's API call failed, click Retry Proposal in the Action Queue. If Claude determines the engagement is complete (all surfaces tested), it will show a "Engagement Complete" status instead of new proposals.
Check the Platform Status bar — the relevant tool may not be installed or its binary path may be incorrect. Go to Settings → Tools, verify the tool shows as "Found", and click the tool name to see its binary path. Re-run the tool installer if needed.
Yes. Click Switch to Automated in the Scan Dashboard header. Claude will take over from the current state without re-running completed steps. You can switch back to Semi-Automated at any time.