TalonStrike
TalonStrike is Hawkra's AI-driven automated penetration testing tool. It launches containerized attack sessions against your target networks and assets, using an AI agent to intelligently select and execute attack techniques, discover vulnerabilities, and report findings -- all in real time. Each session runs in an isolated container with configurable safety controls and resource limits.
TalonStrike requires a Premium or Self-Hosted subscription and the EditAssets permission.
TalonStrike performs real attacks against real systems. Only use it against networks and assets you have explicit written authorization to test. Unauthorized penetration testing is illegal in most jurisdictions.
How It Works
TalonStrike creates an isolated Docker container pre-loaded with penetration testing tools. An AI agent analyzes targets, selects attack techniques, executes commands, and reports vulnerabilities via a real-time chat interface. The agent respects enabled techniques, command limits, and requires explicit consent for high-risk operations.
Session Lifecycle
Every TalonStrike session follows a defined lifecycle:
Configuring --> Starting --> Running --> Completed
\--> Terminated (manual stop)
\--> Failed
| State | Description |
|---|---|
| Configuring | You are setting up the session -- selecting targets, enabling attack techniques, and adjusting configuration. You can modify settings freely in this state. |
| Starting | The container image is being pulled and the environment is being prepared. This happens automatically after you click Start. |
| Running | The AI agent is actively executing commands and testing targets. You can chat with the agent, approve consent requests, and monitor progress. |
| Paused | The session is temporarily paused. It can be resumed or stopped. |
| Completed | The agent finished its testing plan or reached the command limit. All findings are available for review. |
| Terminated | You manually stopped the session before the agent completed. |
| Failed | The session encountered an error during startup or execution. |
Only one TalonStrike session can be active per workspace at a time. You must wait for a session to reach a terminal state (Completed, Terminated, or Failed) before starting a new one.
Target Selection
When creating a session, you must select:
- Target Network (required) -- The network whose CIDR range defines the scope of the penetration test.
- Target Assets (optional) -- Specific assets within that network to focus on. If omitted, the agent will scan the entire network range.
Attack Techniques
TalonStrike supports the following configurable attack techniques. Each can be individually enabled or disabled during session configuration:
| Technique | Default | Description |
|---|---|---|
| Brute Force Authentication | Enabled | Credential attacks against login services. Rate-limited 1-500 attempts. |
| Remote Code Execution | Enabled | Tests for and exploits RCE vulnerabilities. |
| Privilege Escalation | Enabled | Escalates from low-privilege to root/administrator. |
| Lateral Movement | Enabled | Pivots through compromised hosts to reach other systems. |
| Web Application Testing | Enabled | Probes web applications for common vulnerabilities. |
| Denial of Service | Disabled | Tests for DoS vulnerabilities. Enable only when explicitly authorized. |
Configuration Options
TalonStrike provides granular control over session behavior:
General Settings
| Option | Default |
|---|---|
| Auto-Import Vulnerabilities | Enabled |
| Auto-Run Exploits | Enabled |
| Internet Access | Enabled |
| Allow Port Scanning | Enabled |
Limits and Thresholds
| Option | Default | Range |
|---|---|---|
| Max Commands | 100 | Unlimited |
| Command Timeout | 600 seconds | -- |
| Max Brute Force Attempts | 50 | 1--500 |
| Max Exploit Attempts per Vulnerability | 5 | 1--50 |
| Port Scan Range | Top 100 | Top 100 / Top 1000 / All |
Testing Focus
Control the depth and breadth of the penetration test:
| Focus | Description |
|---|---|
| Recon Only | Reconnaissance and enumeration only, no exploitation. |
| Vuln Scan Only | Vulnerability discovery without exploitation. |
| Full Pentest | Complete pentest: recon, vuln discovery, exploitation, privesc, lateral movement. (Default) |
Real-Time Interaction
While a session is running, you can:
Chat with the Agent
Send messages to guide the agent's behavior. For example, you might ask it to focus on a specific service, skip a host, or try a particular technique. Messages are limited to 10,000 characters.
Monitor Commands
Every command the agent executes is logged with its output. You can view the full command log in real time, including exit codes and the agent's reasoning for each action.
Consent Requests
Before performing potentially disruptive or high-risk operations, the agent will send a consent request describing what it wants to do and why. You can approve or deny each request. The agent will wait for your response before proceeding.
Reviewing Findings
As the agent discovers vulnerabilities, it reports them as findings with:
- Title and description
- Severity rating and CVSS score
- Affected asset and port
- Proof of exploitation
- Recommended remediation steps
- CVE identifier (when applicable)
Importing Findings
Findings can be imported into your workspace as formal vulnerability records. If Auto-Import Vulnerabilities is enabled, this happens automatically. Otherwise, you can review each finding and import it manually from the session's findings list.
Workflow
- Create a new session and select the target network (optionally narrow to specific assets).
- Configure attack techniques, limits, and testing focus.
- Click Start and monitor in real time -- watch commands, chat with the agent, respond to consent requests.
- Review findings when the session completes or is stopped.
- Import findings into your vulnerability inventory for tracking and remediation.