HTTP inspection found account, billing and admin-adjacent routes under the authorized origin.
artifact:000021 evidence:000008Autonomous pentesting with evidence that holds up.
Oryon explores authorized production environments like a real pentester. It maps attack surface, probes what matters, exploits valid weaknesses and closes every claim with reproducible technical evidence.
Public signals are not proof; compare user-owned resources against authenticated-only endpoints.
Controlled request replay shows one account can request another account resource.
artifact:000042 evidence:000013Equivalent probe blocked. Existing artifacts must be read instead of repeating the same endpoint.
artifact:000042Impact path is promising but needs final reproduction and proof-stage assessment before reporting.
evidence:000014 evidence:000018Built to act like a pentester, not a checklist.
The agent decides what to investigate next. The runtime enforces scope, captures evidence and stops weak claims from becoming reportable findings.
Start from authorization
The operator defines the target, constraints, credentials, callback rules and destructive-action limits in natural language.
Explore live attack surface
Oryon interacts with the approved environment, follows app behavior, tests APIs, compares sessions and keeps an operational notebook.
Exploit what is real
Promising signals are pushed to controlled exploitation, not left as scanner noise or theoretical risk.
Preserve technical evidence
Requests, responses, artifacts, sessions, tool outcomes and validation refs are attached to the run as durable proof.
Report only what holds
Findings must include reproduction, impact, security boundary and proof verifier approval before they become reportable.
A pentest engine with proof built into the loop.
Strategy stays autonomous, but execution is controlled. Every meaningful action passes through scope checks, tool contracts and evidence handling.
Scope enforcement
Rules of engagement, allowed origins, rate limits, credential provenance and destructive-action boundaries are enforced before tool execution.
Tool contracts
HTTP, bash, artifact, search and research actions are explicit, validated and stored with structured outcomes instead of hidden manual steps.
Proof-first reporting
A finding is not treated as confirmed until exploitation evidence, validation refs, impact and reproduction all survive the proof gate.
Real testing surface, bounded by authorization.
Oryon can interact with web apps, APIs, sessions, scripts, scanners and public research, while keeping target proof separate from research-only context.
Apps, APIs, forms and sessions
Inspect pages, submit forms, replay traffic, validate authentication and preserve exact request-response evidence.
Controlled scripts and tooling
Run bounded scanners, payload helpers, callbacks and non-HTTP probes with explicit risk profiles and policy preflight.
Memory, artifacts and proof debt
Keep findings, dead ends, sessions, claims and unresolved proof gaps visible until they are closed or ruled out.
Public intelligence without false proof
Use docs, advisories and external context to guide testing, while never treating public research as target exploit evidence.
What your team gets back.
A clear assessment based on what was actually tested, exploited, ruled out and left as proof debt.
Exploited and validated vulnerabilities with reproduction steps.
Evidence refs, artifacts, session context and technical impact.
Ruled-out branches and proof debt instead of vague unresolved noise.
Remediation direction that tells engineering what to fix first.
Quote-based scope aligned with the target, depth and environment risk.