TalonStrike
TalonStrike is Hawkra's AI-driven automated penetration testing tool. It launches containerized attack sessions against your target networks and assets, using an AI agent to intelligently select and execute attack techniques, discover vulnerabilities, and report findings -- all in real time. Each session runs in an isolated container with configurable safety controls and resource limits.
TalonStrike requires a Premium or Self-Hosted subscription and the EditAssets permission.
TalonStrike performs real attacks against real systems. Only use it against networks and assets you have explicit written authorization to test. Unauthorized penetration testing is illegal in most jurisdictions.
How It Works
TalonStrike creates an isolated Docker container pre-loaded with penetration testing tools. An AI agent inside the container analyzes your target environment, selects appropriate attack techniques, executes commands, and reports discovered vulnerabilities. You interact with the session through a chat interface and can monitor every command the agent runs in real time.
The AI agent operates within strict guardrails: it respects the attack techniques you enable, the command limits you set, and will request your explicit consent before performing high-risk operations.
Session Lifecycle
Every TalonStrike session follows a defined lifecycle:
Configuring --> Starting --> Running --> Completed
\--> Terminated (manual stop)
\--> Failed
| State | Description |
|---|---|
| Configuring | You are setting up the session -- selecting targets, enabling attack techniques, and adjusting configuration. You can modify settings freely in this state. |
| Starting | The container image is being pulled and the environment is being prepared. This happens automatically after you click Start. |
| Running | The AI agent is actively executing commands and testing targets. You can chat with the agent, approve consent requests, and monitor progress. |
| Paused | The session is temporarily paused. It can be resumed or stopped. |
| Completed | The agent finished its testing plan or reached the command limit. All findings are available for review. |
| Terminated | You manually stopped the session before the agent completed. |
| Failed | The session encountered an error during startup or execution. |
Only one TalonStrike session can be active per workspace at a time. You must wait for a session to reach a terminal state (Completed, Terminated, or Failed) before starting a new one.
Target Selection
When creating a session, you must select:
- Target Network (required) -- The network whose CIDR range defines the scope of the penetration test.
- Target Assets (optional) -- Specific assets within that network to focus on. If omitted, the agent will scan the entire network range.
Attack Techniques
TalonStrike supports the following configurable attack techniques. Each can be individually enabled or disabled during session configuration:
| Technique | Default | Description |
|---|---|---|
| Brute Force Authentication | Enabled | Attempts common and generated credentials against login services (SSH, FTP, HTTP auth, etc.). Rate-limited between 1 and 500 attempts. |
| Remote Code Execution | Enabled | Tests for and exploits RCE vulnerabilities to gain initial access. |
| Privilege Escalation | Enabled | Attempts to escalate from low-privilege access to root or administrator. |
| Lateral Movement | Enabled | Uses compromised hosts as pivot points to reach other systems on the network. |
| Web Application Testing | Enabled | Probes web applications for common vulnerabilities (SQL injection, XSS, directory traversal, etc.). |
| Denial of Service | Disabled | Tests for DoS vulnerabilities. Disabled by default because it can disrupt services. Enable only when explicitly authorized. |
Configuration Options
TalonStrike provides granular control over session behavior:
General Settings
| Option | Default | Description |
|---|---|---|
| Auto-Import Vulnerabilities | Enabled | Automatically imports discovered vulnerabilities into your workspace's vulnerability inventory. |
| Auto-Run Exploits | Enabled | Allows the agent to automatically exploit discovered vulnerabilities (subject to consent for high-risk actions). |
| Internet Access | Enabled | Permits the container to access the internet (for downloading exploit tools, checking CVE databases, etc.). |
| Allow Port Scanning | Enabled | Permits the agent to run port scans against targets as part of reconnaissance. |
Limits and Thresholds
| Option | Default | Range | Description |
|---|---|---|---|
| Max Commands | 100 | Unlimited | Maximum number of commands the agent can execute before the session auto-completes. |
| Command Timeout | 600 seconds | -- | Maximum time a single command can run before it is killed. |
| Max Brute Force Attempts | 50 | 1--500 | Maximum number of authentication attempts per target service. |
| Max Exploit Attempts per Vulnerability | 5 | 1--50 | How many times the agent will attempt to exploit a single vulnerability before moving on. |
| Port Scan Range | Top 100 | Top 100 / Top 1000 / All | Scope of port scanning performed during reconnaissance. |
Testing Focus
Control the depth and breadth of the penetration test:
| Focus | Description |
|---|---|
| Recon Only | The agent performs reconnaissance and enumeration but does not attempt exploitation. |
| Vuln Scan Only | The agent discovers and reports vulnerabilities but does not exploit them. |
| Full Pentest | The agent performs complete penetration testing: reconnaissance, vulnerability discovery, exploitation, privilege escalation, and lateral movement. (Default) |
Real-Time Interaction
While a session is running, you can:
Chat with the Agent
Send messages to guide the agent's behavior. For example, you might ask it to focus on a specific service, skip a host, or try a particular technique. Messages are limited to 10,000 characters.
Monitor Commands
Every command the agent executes is logged with its output. You can view the full command log in real time, including exit codes and the agent's reasoning for each action.
Consent Requests
Before performing potentially disruptive or high-risk operations, the agent will send a consent request describing what it wants to do and why. You can approve or deny each request. The agent will wait for your response before proceeding.
Reviewing Findings
As the agent discovers vulnerabilities, it reports them as findings with:
- Title and description
- Severity rating and CVSS score
- Affected asset and port
- Proof of exploitation
- Recommended remediation steps
- CVE identifier (when applicable)
Importing Findings
Findings can be imported into your workspace as formal vulnerability records. If Auto-Import Vulnerabilities is enabled, this happens automatically. Otherwise, you can review each finding and import it manually from the session's findings list.
Workflow
- Navigate to your workspace and open TalonStrike.
- Click New Session to create a session.
- Select the target network and optionally narrow the scope to specific assets.
- Configure attack techniques -- enable or disable each one based on your authorization scope.
- Adjust limits and thresholds as needed (command limits, brute force caps, etc.).
- Select a testing focus (Recon Only, Vuln Scan Only, or Full Pentest).
- Click Start to launch the session.
- Monitor the session in real time: watch commands, chat with the agent, respond to consent requests.
- When the session completes (or you stop it), review the findings.
- Import findings into your vulnerability inventory for tracking and remediation.
Start with a Recon Only session to understand your attack surface before running a full pentest. This gives you visibility into what the agent will target without any exploitation.
Set a reasonable Max Commands limit for your first session. You can always create additional sessions to continue testing. This prevents runaway sessions on large networks.
TalonStrike streams terminal output and chat messages over WebSocket. Keep the session page open to receive real-time updates. If you navigate away and return, the full command and message history is loaded from the server.