fable spawned
Main agent creates Fable, a browser sub-agent, and gives it one narrow task: open the authorized target, attempt the login flow, inspect the network panel, and identify the exact request that carries credentials.
KimuxAgent
Agentic Penetration Testing
An agent harness built around how pentesters reason, test, and prove. Kimux keeps context, and evidence connected from first hypothesis to final finding.
KimuxScenario 01
user
We have written authorization to test https://portal.***.com. Focus only on the login flow: find the credential POST request, then safely validate whether any login parameters are SQL injectable without dumping data. Keep browser work and sqlmap work in isolated sub-agents and return reproducible evidence.
Kimux orchestration timeline
Browser agent
fable -> main
Fable returns the login endpoint, method, request body shape, CSRF field, redirect behavior, and the cookie names required to replay the request without dragging page exploration into the main agent context.
bandit spawned
Main agent acts on Fable's result and spawns Bandit, a terminal sub-agent, with a bounded sqlmap job: use the discovered POST endpoint, include the captured form fields, preserve the session cookie, and test only the scoped login parameters.
bandit -> main
Bandit reports back that the username parameter is injectable, includes the confirmed technique, DBMS fingerprint, minimal payload, and proof output, then exits so the scanner logs do not pollute the orchestrator conversation.
main decision
Main agent reviews the browser evidence and sqlmap proof together, writes the exploitation method in human language, adds impact and reproduction notes, and hands the final finding to the pentester for validation.
Built For Penetration Testing
Persistent Pentest Memory
Every conversation gets a notebook that survives long sessions, and context summarization. The main agent, terminal workers, and browser workers can save targets, credentials, endpoints, scan results, tech stacks, confirmed vulnerabilities, auth details, network findings, and other evidence so critical context stays available from recon to final report.
Clean Swarm Delegation
The main agent stays focused on strategy, scope, attack paths, and next decisions while browser and terminal workers handle scans, web navigation, DOM inspection, and network log analysis, and other noisy execution work. Workers report back through shared context and the notebook, keeping noisy execution out of the main agent's way.
Observable, Configurable Runs
Run Kimux Agent lean or fully loaded. Enable browser and terminal workers, skills, todo tracking, and notebook memory per task. Kimux shows the orchestration timeline, shared context, tool usage, commands, browser actions, and decision rationale, giving pentesters a clear audit trail of what each agent did, what it found, and why the test moved that way.
Capabilities
Swarm orchestration
The main agent coordinates specialized workers, delegates noisy tasks, and keeps the pentest moving with clean strategic focus.
Browser control
Kimux can drive a browser session, inspect the DOM and storage, read console output, capture network requests and responses, and run JavaScript in the page context.
Terminal control
Kimux can operate the command line through shell sessions, run CLI tools and scripts, inspect command output and exit codes, manage long-running processes, and preserve relevant terminal evidence.
Notebook
A shared pentest memory that stores targets, credentials, recon, endpoints, vulnerabilities, payloads, and key findings across the conversation.
Read, create, edit, and search files
The agent can inspect, modify, create, and search project files directly inside the workspace.
Defining and managing tasks
The agent can break work into trackable tasks, manage progress, and stay organized through complex pentest workflows.
Ready to run agentic penetration testing with clean, scoped orchestration?