Skip to main content
Assessments are fully autonomous penetration tests. Once you configure and start one, the platform runs the entire assessment end-to-end without any input from you. For directed, human-guided security work, see Tasks.

Start an Assessment

  1. Click New Assessment.
  2. Select target.
  3. Optionally select stored credentials.
  4. Configure scheduling (run now or set a recurring schedule).
  5. Select assessment method.
  6. Start assessment.

Assessment Methods

When creating an assessment, choose a method based on your needs:
  • Turbo — Optimized for efficiency. Good for frequent or daily use. Runs in approximately 2 hours.
  • Balanced — More thorough analysis at moderate speed. Good for weekly or bi-weekly use. Runs in approximately 3–5 hours.
  • Deep — Extremely thorough. Best for occasional use. Runs in approximately 6–8 hours.
Each method consumes a different number of credits depending on your plan.

Red-Team Assessment Use Cases

Use red-team assessments when you want MindFort to perform broad autonomous testing and produce findings with evidence.
Use CaseWhen to Run
First full target assessmentAfter onboarding a new web app or API target.
Authenticated coverageAfter adding stored credentials and login instructions.
Access-control testingWhen you need to test user, role, tenant, or account boundaries.
Dual-account testingWhen two stored credentials are available and you want to test IDOR, role bypass, or cross-user access.
Release validationBefore or after a major application release.
Recurring security coverageOn a daily, weekly, or monthly schedule for high-value targets.
Post-remediation validationAfter engineers fix critical or high findings and you want a fresh autonomous pass.
Assessments are the broad discovery workflow. Use Tasks for narrower follow-up investigations, and use Patching or MCP when you are ready to remediate.

Monitor Progress

In Assessments, track:
  • active and queued runs
  • scheduled runs
  • historical runs
Open an assessment to review progress and evidence entries as they populate. You can also list assessments from the public API or CLI. The public API supports cursor pagination and filters for target, assessment type, method, and status: 
curl "https://api.mindfort.app/v1/assessments?assessment_type=white-box&status=active&limit=25" \
  -H "Authorization: Bearer $MINDFORT_API_KEY"

mindfort assessment list --type white-box --status active --limit 25
Supported assessment type filters are black-box and white-box. White-box assessments include code assessment; black-box assessments do not. Supported status filters are active, completed, failed, and canceled.

Scheduling

You can create recurring schedules directly from the New Assessment modal. Frequency options include:
  • one-time
  • daily
  • weekly
  • monthly
Set target, optional credentials, frequency, date/time, and timezone when creating a schedule. In the Scheduled Assessments section on the Assessments page, you can review, pause, resume, and delete schedules.

Dual Credential Mode

For authenticated red-team assessments, enable Dual credential mode when you want MindFort to test access-control boundaries between two stored accounts. Dual credential mode uses:
  • a primary credential for the first account
  • a secondary credential for the alternate account
Use it to test issues such as IDOR, role bypass, and cross-user access. Add at least two stored credentials to the target before enabling dual credential mode.

Cancel a Running Assessment

  1. Open Assessments.
  2. Find the active run.
  3. Click cancel and confirm.
You can also cancel a running assessment from the public API: 
curl -X POST "https://api.mindfort.app/v1/assessments/${MINDFORT_ASSESSMENT_ID}/cancel" \
  -H "Authorization: Bearer $MINDFORT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{}'

Evidence

Open a completed assessment to view the Assessment Log. The log shows timestamped evidence rows with the endpoint and notes captured during the run. Assessment log entries older than 30 days are automatically cleared.