TurboPentest for VS Code

Launch and manage AI-powered security pentests directly from Visual Studio Code.

TurboPentest is an agentic penetration testing platform that uses AI agents to autonomously discover vulnerabilities in your web applications. This extension brings the full experience into your editor.

Features

• Launch pentests — start a pentest against any target URL from the sidebar
• Real-time chat — send directives and guide the AI pentest agents as they work
• Live activity feed — watch agent coordination, findings, and scan progress in real time
• Findings tree — browse discovered vulnerabilities organized by severity (Critical, High, Medium, Low, Info)
• Inline diagnostics — see findings highlighted directly in your editor
• Focus modes — target specific areas: OWASP Top 10, Authentication, API Security, SQL Injection, LLM Security, Attack Surface
• Auto-connect — automatically detects pentests started from the web dashboard, schedules, or other tools
• Download reports — export findings as a PDF report

Getting Started

1. Install the extension from the VS Code Marketplace
2. Open the TurboPentest sidebar (shield icon in the activity bar)
3. Sign in with your API key — run TurboPentest: Set API Key from the Command Palette
4. Enter a target URL, select a credit tier, and launch your pentest
5. Chat with agents, monitor progress, and review findings as they come in

Requirements

• A TurboPentest account with available credits
• A verified domain to pentest against

Extension Settings

This extension contributes the following settings:

• turbopentest.baseUrl — Base URL for the TurboPentest API (default: https://turbopentest.com)
• turbopentest.autoAttachRepo — Automatically attach the current repository context to pentest sessions (default: true)
• turbopentest.showInlineDiagnostics — Show inline diagnostics for findings in the editor (default: true)

Commands

All commands are available via the Command Palette (Ctrl+Shift+P / Cmd+Shift+P) under the TurboPentest category:

• Set API Key — configure your TurboPentest API key
• Test Connection — verify your API key and check credit balance
• Launch Pentest — open the launch panel to start a new pentest
• Send Directive — send a message to guide the AI agents
• Focus: OWASP Top 10 — direct agents to test OWASP Top 10 categories
• Focus: Authentication — direct agents to test authentication flows
• Focus: API Security — direct agents to test API endpoints
• Focus: SQL Injection — direct agents to test for SQL injection
• Focus: LLM Security — direct agents to test LLM integrations
• Focus: Attack Surface — direct agents to map the attack surface
• View Findings — open the findings tree panel
• Download Report — export findings as a PDF
• Show Credits — display your current credit balance
• Refresh Findings — manually refresh the findings list
• Sign Out — remove your stored API key

Links

• TurboPentest Website
• Documentation
• GitHub
• Report an Issue