interactive demo

See Fimil find a real bug — and ship the fix.

Watch the autonomous pentest agent attack a staging app, replay each exploit to confirm it, and open a fix PR — then walk the real app your team triages from. The pentest agent is in beta and is sharpest on APIs and server-rendered apps.

Start free Book a live demo

fimil pentest

fimil pentest --target https://staging.acme.dev

scope: staging.acme.dev, *.api.acme.dev · kill switch armed

discovery 142 routes · OpenAPI spec ingested

mfa login TOTP accepted · session established

testing IDOR on /api/v1/orders/{id} with session pair

candidate foreign record readable from session B

validator replay 2/2 OK → CONFIRMED

IDOR /api/v1/orders — PoC + curl repro exported

advisory fix PR opened → acme/api#214

15 attack vectors — every finding replay-validated before it’s reported

Deduped across the pentest agent + 15 open-source scanners

PoC + curl reproduction on every confirmed finding

Pay per confirmed finding · SOC 2 / PCI control mapping

the product

A real walkthrough — no signup.

The actual Fimil app: scan results deduped and ranked, the pentest agent’s live attempt feed, and a confirmed finding turned into a fix PR.

app.fimil.dev

Fimil dashboard with severity and category breakdowns and a 30-day trend

app.fimil.dev/findings

Findings list with severity, EPSS, reachability, dedup chips, and filters

app.fimil.dev/findings

Finding triage detail with code location, remediation, and evidence tabs

app.fimil.dev/pentest/runs

Pentest run detail with a live attempt feed and confirmed findings

github.com/acme/api/pull/214

A fix pull request opened by Fimil with the proof and remediation

1 / 5

Your whole security posture, one view

Findings from the pentest agent and 15 open-source scanners roll up into one dashboard — severity, trend, and category at a glance.

Point it at your staging environment.

Set a scope, let the agent prove what it finds. Usage-based — you pay per confirmed finding.

Start free Book a live demo