LuminaNew Target
Back to Launchpad

Detailed Platform Overview

Autonomous vulnerability scanning for websites and repositories.

Launch autonomous security scans across web targets and repositories using specialized agents. Lumina coordinates recon, exploit simulation, dependency analysis, and report synthesis in one high-trust workflow.

AI-powered agent pipeline

Target Modes

URL + Repo

Specialist Agents

10

Live Telemetry

SSE

Report Output

Markdown

Scan Command Center

Auto-detecting target type
Example targets

Tip: Website URL scans are usually faster. GitHub repository full scans typically take about 5-7 minutes (large repos may take longer).

Guided Workflow

From target input to report delivery

A clear operational path keeps scans explainable and demo-friendly from kickoff to findings export.

1. Enter Target

Provide a URL, GitHub repository, or local mounted repository path.

2. Agent Planning

Lumina fingerprints the target and composes an adaptive scan plan.

3. Live Execution

Specialist agents run tools in parallel and stream activity in real time.

4. Actionable Findings

Severity-grouped findings and attack-chain context arrive in a structured report.

Mission Console Preview

6 events
planner#001

[planner] fingerprint complete: target type=repository, languages=Python, TypeScript

planner#002

[planner] execution plan selected: static -> deps_py -> deps_js -> secrets -> report

tool#003

[static] semgrep running against source tree

discovery#004

[discovery] potential SQL injection sink identified in auth service

discovery#005

[deps_py] pip-audit found 1 high-severity advisory

synthesis#006

[synthesis] final report queued with MITRE-aligned attack chain

Stream active

Agent Modules

Planner

running

LLM + fingerprint

Recon

queued

httpx · nmap · whatweb

SQLi

queued

sqlmap

XSS

queued

dalfox

Static

idle

semgrep · bandit

Secrets

idle

trufflehog

Attack Chain

idle

MITRE inference

Report

idle

LLM synthesis

Findings Output

criticalstructured finding

SQL injection path in login endpoint

sqlmap detected injectable parameter in `/api/login` with stacked query behavior.

highstructured finding

Hardcoded credential discovered

trufflehog flagged exposed token pattern in `config/settings.py`.

mediumstructured finding

Outdated dependency with known CVE

pip-audit identified vulnerable package version in lockfile.