If you’re a pentester, you already know the drill.

New target?
Cool! now it’s time to run tool, wait. Run other tool, wait again. Save results. Validate them. Move on. Repeat.

We were doing this every single time in my team, and honestly, it started to feel like we were spending more time setting up scans than actually analyzing them.

So I built a little tool to fix that. It’s called Pentest Orchestration, and it lets you run multiple tools with a single API call.

I noticed that our recon phase was full of small, repetitive steps especially in the beginning of every engagement.

We’d always start by looking for:

• Hidden directories (dirb)
• XSS vulnerabilities (dalfox)

Every time, same commands. So I figured, why not wrap that into something simple and reusable?

Now I just run:

curl -X POST http://localhost:41215/scan
-H “Authorization: Bearer kocak”
-H “Content-Type: application/json”
-d ‘{ “urls”: [ “https://kocak.com", “https://kocak2.com" ] }’