Now Available

Sikoshi Red: authorized pen testing, orchestrated.

Sikoshi Red is a semi-automated penetration testing orchestrator that wraps real offensive tooling — nmap, nuclei, sqlmap, an Active Directory suite, Metasploit verification, hashcat, and more — inside a single FastAPI service shipped as a self-contained container. Every run is gated by a customer-signed authorization artifact, a deny-by-default allowlist, and a tamper-evident audit chain.

Available now for licensing to MSPs and consultancies, and used by Sikoshi Tech to run authorized penetration tests for small businesses.

Two ways to use Sikoshi Red

License the orchestrator, or hire us to run it.

  • License: deploy Sikoshi Red in your own consultancy or MSP, single-tenant per operator, tiered by engine surface.
  • Pen testing service: Sikoshi Tech runs an authorized, scoped engagement against your small business and delivers the report.

License Sikoshi Red

For MSPs, consultancies, and internal red teams

Deploy Sikoshi Red as a single-tenant container in your own environment. Provision operator users, register customers, upload signed authorizations, and run scoped engagements end to end — recon through report — without your customer data ever leaving the container.

  • • Self-contained container with the full offensive toolchain bundled
  • • Tiered licensing by engine family and exploitation depth
  • • Customer-deliverable HTML, PDF, and JSON reports
  • • Operator console, audit log verifier, and retest diffing built in

Small Business Pen Testing

Run by Sikoshi Tech using Sikoshi Red

If you are a small business that needs a real penetration test for compliance, a customer requirement, or general risk reduction, Sikoshi Tech will scope the engagement, get authorization on paper, run Sikoshi Red against the agreed allowlist, and deliver a report you can actually act on.

  • Written scope, target allowlist, and a signed authorization artifact before any engine runs
  • External attack surface and authenticated internal review (where in scope)
  • Customer-deliverable HTML, PDF, and JSON report with deduplicated findings
  • CVE, CWE, CISA-KEV, and EPSS context on every finding so triage maps to real risk
  • Retest run that diffs against the original engagement (resolved, new, degraded, improved, unchanged)
  • Fixed engagement scope — no surprise upsells, no scope creep mid-run

What Sikoshi Red does

Real offensive tooling, orchestrated under guardrails.

Sikoshi Red drives the canonical PTES phases — recon, scanning, vulnerability analysis, exploitation, and reporting — through engine families that are gated by license tier and the engagement's rules of engagement.

Recon

HTTP probing, crawling, content discovery, and subdomain enumeration with httpx, katana, ffuf, and subfinder.

Network and vulnerability

nmap (safe NSE only) and nuclei (safe template tags only) for service and vulnerability detection.

Web application

sqlmap and nikto for web-layer issue detection within the engagement allowlist.

Active Directory

Read-only inventory and enumeration: NetExec, BloodHound, Certipy, kerbrute, GetUserSPNs, and secretsdump.

Exploitation (gated)

searchsploit catalog lookup, Metasploit check-only verification, and offline hashcat password cracking.

Reporting

Self-contained HTML, PDF, and JSON deliverables with cross-engine deduplication, CVE/CWE/KEV/EPSS context, and retest diffing.

Safety model

Authorization-first. Deny by default. No destructive actions.

The safety model is enforced in engine source and covered by regression tests. The engagement's rules of engagement can only narrow what runs, never widen it.

Mandatory signed authorization

Every engagement requires a customer-signed authorization artifact on file. The orchestrator refuses to start any engine without it, and its SHA-256 is anchored in the audit chain.

Deny-by-default scope

Empty scope denies everything; there is no wildcard. Discovered hosts are dropped at aggregation if they fall outside the declared allowlist.

No destructive actions

No DoS, no persistence, no lateral movement. nmap and nuclei refuse intrusive, destructive, brute, and fuzz categories at the engine layer.

Active exploitation is gated

Confirming a vulnerability through exploit primitive execution (L3) requires explicit l3_authorized sign-off, the Enterprise tier, and a per-engine re-check.

Sanitized evidence

Engine output is control-byte stripped, length-bounded, and reduced to allowlisted fields. Raw credentials and raw exploit code are never stored.

Tamper-evident audit chain

Lifecycle events are written to a hash-chained log with a verifier endpoint. Single-tenant by design — engagement data never leaves the operator's container.

License tiers

Starter, Pro, and Enterprise.

Tier determines which engine families are available and whether L3 active-exploit verification can be enabled per engagement.

Starter

Recon, network, and web-application engine families for small environments and external attack-surface review. Standard reporting and retest diffing.

Pro

Adds the Active Directory engine family (read-only inventory and enumeration) and the full safe-tag detection surface across nmap and nuclei.

Enterprise

Unlocks L3 active-exploit verification (Metasploit check-only and exploit-primitive confirmation) under explicit per-engagement authorization. Includes the full engine surface.

Pricing is quoted per consultancy and operator count. Contact Sikoshi Tech for tier details and a licensing conversation.

Ready to license Sikoshi Red or schedule a pen test?

Reach out to discuss licensing tiers for your consultancy or to scope an authorized small business engagement.