Loading…
Coastline Cyber Security
Autonomous penetration testing.
Driven by your prompt.
The same P1/P2 hunting methodology our analysts use by hand — running on demand against the targets you describe in plain English. Subdomain enumeration, attack-surface mapping, vulnerability discovery, board-ready reporting.
01
Testing
Black-box external recon, web app fuzzing, IDOR / auth bypass, SSRF — chained from one prompt.
02
Technical Security
Hooks into Burp Suite, ProjectDiscovery, custom path / header / JWT bypass tooling.
03
Consulting
Every engagement ships a Coastline-branded report with VRT-mapped findings and remediation.
Ready to get started?
Sign in with your Coastline account to launch your first autonomous engagement.
Sign-in error
Stuck? Reset auth state
Ready to run a pentest?
Paste a target URL or describe the scope in plain English.
We'll plan the engagement, let you review, and run it against
the target plus its associated SaaS/cloud footprint.
Credits remaining
Credits used
Engagements
1 credit = 1 full pentest engagement. If the agent needs more
runtime on a deep scope, you can top up with +1 credit to extend;
refund unsatisfactory engagements within 30 days.
·
✓ RoE signed (,
)
· consultant, client:
re-sign
⚠ Rules of Engagement unsigned —
sign now
30-day activity
engagements
Most recent engagements
Go to Engagements
to launch a new scan or review a specific engagement in detail.
Top up
Each credit buys one full pentest engagement. Credits never expire, and unsatisfactory runs are refundable for 30 days.
Production billing runs through Stripe. Dev grant is available
until STRIPE_SECRET_KEY is configured.
GitHub · beta
✓ connectedConnect a repo and Coastline will open a Pull Request with a concrete patch for every verified finding — straight to your review queue, no copy-paste from a DOCX.
· repo(s) authorised
Projects
No projects yet. Group recurring engagements (e.g. "Q1 external scan", "OWASP web app sweep") for cleaner tracking.
Members
Org-wide visibility. Add members to restrict.
Attack Surface
asset(s) of shown · clear filtersEverything the agent has ever discovered in your footprint, deduplicated across every engagement. A "new" asset appears for the first time in a scan; a re-confirmed asset was already on file. First-seen and last-seen timestamps drive the delta-pentest view.
No assets discovered yet. Run an engagement to populate the inventory.
| Type | Value | Seen | First | Last | Status |
|---|---|---|---|---|---|
| ● ○ |
New engagement
1 credit
· full engagement · top up with +1 credit if the agent needs
more runtime on a deep scope
Engagements
Team
Org name:
⚠ Raw invite — creates a stub user but does NOT send them an email. They must sign up themselves with this email address.
Team invite — coming soon
Email-based invites + SSO auto-provisioning are in development. Contact sales@coastlinecyber.com to onboard a team manually in the meantime.
API tokens
Use these for CI/CD integrations. Send as
Authorization: Bearer cstk_….
Tokens are only shown once on creation — store them securely.
New token — copy now, won't be shown again
No API tokens yet. Create one below to integrate Coastline with your CI/CD or scripted tooling.
+ New API token
Notifications
Notifications go to .
Profile
Your account identity. Email is managed by Auth0 — to change it, update your Auth0 profile and log back in.
Scheduled scans
Recurring engagements run automatically on the cadence you set. The next run fires shortly after the scheduled time.
No scheduled scans yet. Use the form below to set up a recurring engagement.
+ New scheduled scan
Ceiling — only actually-burned credits are charged, unused ones roll back.
Activity log
No activity yet — actions like job submissions, cancellations, finding triage will appear here for audit.
Engagement detail
Model
Credit usage
of 1 credit
Steps
/ tools
Duration
Findings
Last activity
Coverage
surface tested
assets discovered
tests attempted
findings
Assets discovered
:
Coverage by vuln class
| Vuln class | Tested | Vulnerable | Clean |
|---|---|---|---|
Discovered but not tested () — re-run with more budget to cover these
Loading coverage…
Remediation PRs
Opened by the agent against your GitHub repos. Review + merge like any dev PR.| Repo | PR | Title | Opened |
|---|---|---|---|
Tripwires planted
Honeytokens planted along discovered attack paths. Any hit on one of these between tests alerts you in real time.| Kind | Label | Planted where | Hits | Last hit |
|---|---|---|---|---|
Agent trajectory (ATIF)
thinking
Findings
No findings reported yet.
Refunded