Rocheston ZelExploits

Rocheston ZelExploits is an AI-powered automated penetration testing platform built to run authorized offensive validation at enterprise scale.

Powered by AINA and executed through Zombiecop Docker runners, it simulates real testing workflows with live progress, evidence-first findings, MITRE ATT&CK coverage selection, and premium reporting—so teams can validate exposure fast, prove impact with defensible artifacts, and ship fixes with confidence.

AI-Orchestrated Offensive Engine

ZelExploits automates authorized offensive workflows using AINA to plan, execute safe checks, collect proof, and convert results into actionable remediation.

❝ Automated, evidence-first outcomes. ❞

Zombiecop Docker Execution Fabric

Every run is executed through Zombiecop runner profiles with controlled resources, isolated instances, and full lifecycle telemetry for enterprise-grade operations.

❝ Clean isolation. Predictable execution. Real control. ❞

Zombiecop Docker Execution Fabric splash

Per-User Data Isolation (True Multi-Tenant)

Each user only sees their own engagements, scans, findings, evidence, and settings—enforced at the database query layer with strict user scoping.

❝ Your data stays yours—always. ❞

Admin Command Center (Haja Mo Mode)

Admin-only controls unlock user management, runner governance, template management, audit views, and global defaults across the platform.

❝ Full control, zero blind spots. ❞

Rules of Engagement (ROE) Enforcement

Every scan is tied to an engagement that requires ROE acceptance and scope definition before anything can run.

❝ No ROE, no run. Simple. ❞

Scope Allowlist + Denylist Blocking

Targets are validated against allowlists and exclusions server-side to prevent accidental out-of-scope testing.

❝ Scope is law. The system enforces it. ❞

Tile-Based Premium UX (No Hidden Dropdowns)

Core choices are always visible as selectable boxes—scan types, runner selection, auth modes, MITRE coverage, schedules—one glance, one click.

❝ Everything important is visible instantly. ❞

Auto-Pentest One-Click Launch Console

A fast launch page bundles discovery, validation modules, evidence capture, and runner selection into a clean “press go” experience.

❝ One click to a full validation run. ❞

Full AI Testing Flagship Mode

End-to-end AINA-driven testing: plan → recon → validate → evidence → report, with strategy profiles and explainable outputs.

❝ From plan to report—fully guided. ❞

AI Agent Operations Command Center

Dispatch AINA tasks for triage, reporting, evidence bundling, compliance mapping, and operations—plus approvals and task history.

❝ AINA is your autonomous operator. ❞

Realtime Tasks Live Monitor

A dense operator console streams live events, shows progress, phases, runner logs, and gives pause/resume/stop control.

❝ Watch the mission unfold in real time. ❞

60–90 Second Run Simulation Console

Launch runs and watch realistic progress, phases, module lanes, and activity logs—then land directly into findings and evidence.

❝ A real run experience, every time. ❞

Findings Workbench With Bulk Triage

Power filters, saved views, bulk actions, inline status updates, assignments, accepted risk workflows, and retest scheduling.

❝ Triage at scale without losing precision. ❞

Confidence Scoring With Evidence Breakdown

Each finding carries a confidence score and evidence pack so teams can see what’s proven vs what needs review.

❝ Confidence is earned, not claimed. ❞

Evidence Vault With Hash Verification

Central evidence repository with previews, SHA256 hash verification, redaction preview, and export-ready organization.

❝ Proof you can trust and audit. ❞

Chain-of-Custody Timeline

Every evidence interaction—created, viewed, bundled, exported—is recorded for audit-grade defensibility.

❝ Evidence with a history trail. ❞

Evidence Bundle Builder

Create audit packs, developer packs, and executive packs by selecting evidence objects and exporting structured indexes.

❝ Build report-ready evidence in minutes. ❞

Attack Paths Chain Board

Visual chains show how findings connect into impact paths, with stage arrows and high-level risk narratives.

❝ See the chain. Break the chain. ❞

Attack Paths Graph View

Node-link diagrams allow deep exploration of entry points, pivots, and impact nodes without exposing harmful steps.

❝ Enterprise risk visualization, safely. ❞

Impact Score + Fix Cost Score

Every chain gets an impact score and fix-cost score so teams can prioritize the highest payoff remediations.

❝ Fix what matters most, first. ❞

Quick Win Breakpoints

ZelExploits highlights low-effort fixes that collapse high-impact chains to maximize remediation ROI.

❝ Small fix. Massive risk reduction. ❞

MITRE ATT&CK Coverage Selector

A dedicated MITRE page loads tactics and techniques from enterprise-attack.json and renders selectable boxes and profiles.

❝ Turn ATT&CK into a selectable coverage plan. ❞

MITRE Profiles + Run Integration

Users can save coverage profiles and apply them as a tile option in scan launch pages for consistent reporting.

❝ Consistent coverage across every run. ❞

Scheduler & Automation With Charts

Recurring schedules with tile-based creation, next-run preview, run history, and dashboards for success/fail trends.

❝ Automate validations like a real platform. ❞

Run History and “Run Now” Controls

Schedules show past executions, success rates, and allow immediate runs with full event streams.

❝ Control automation without losing visibility. ❞

Reports Studio Template Gallery

A large template catalog covers executive, technical, audit, evidence, operations, and digest-style reports.

❝ Every audience gets the right report. ❞

Branding Factory (Logo, Titles, Watermarks)

Per-user branding profiles include logo upload, title formats, footer text, watermark controls, and cover page settings.

❝ Your reports look enterprise-grade by default. ❞

Live Report Preview and Versioning

Preview reports in-app, edit drafts, lock final versions, and regenerate updated versions with changelogs.

❝ Report lifecycle built in. ❞

Multi-Format Exports (HTML/PDF/JSON)

Export reports and indexes in multiple formats with audit logging and evidence citations.

❝ Export cleanly. Share confidently. ❞

AINA Chat With Threads and Context Linking

AINA chat supports threads, pinned conversations, quick prompts, and linking to engagements/scans/findings/evidence.

❝ Ask once. Get structured answers. ❞

Plan Builder (Safe Validation Plans)

AINA converts scope and objectives into a structured validation plan checklist and can turn plans into tasks.

❝ Plans that turn into action. ❞

Findings Explainer (CISO/Dev/Auditor Modes)

AINA rewrites the same issue for different audiences while referencing evidence IDs for defensible clarity.

❝ Same truth, perfect language for each team. ❞

Triage Copilot With Approval Workflow

AINA proposes status/assignment changes, then shows a confirmation modal before applying updates.

❝ AI suggestions, human control. ❞

Compliance Mapper (RCF + Summaries)

Generate control-mapping tables and evidence outlines that align findings to compliance requirements.

❝ Compliance becomes a byproduct of proof. ❞

Sandboxes Marketplace (120+ Templates)

A massive library of validation labs across Web/API/Cloud/K8s/Identity/Forensics/AI Security with featured templates and search.

❝ Infinite practice environments, instantly searchable. ❞

Sandbox Instances With Start/Stop/Pause

Users launch instances, manage status, configure connection settings, and view activity timelines.

❝ Sandbox operations like a cloud platform. ❞

In-App Terminal and Screen Viewer (Simulated)

Connect to sandbox instances via a built-in terminal UI with session management and transcript export.

❝ The environment opens inside the app. ❞

Task Library: Tools + Skills + Tasks

A full catalog system for building safe playbooks: tools, skills, tasks, favorites, approvals, and versioning.

❝ Build reusable workflows like software. ❞

Rocheston Tools Catalog (500+ Scale)

A scalable catalog for hundreds of Rocheston tools with import, search, filtering, and task attachment.

❝ A massive arsenal—organized and usable. ❞

Screenshots

Technical Specifications

Enterprise-Grade Multi-Tenant Architecture

Per-user data isolation across every module using strict user_id scoping in SQLite. Admin can manage all data with audit-logged “View As User” capability.

Secure Authentication + Session Hardening

Password hashing (password_hash), secure sessions (httpOnly, SameSite), CSRF protection on all state-changing actions, and login rate limiting with lockout tracking.

Built-In Two-Factor Authentication (TOTP)

Users can enable TOTP 2FA with QR provisioning and backup codes. Admin can force 2FA globally or per-user.

Encrypted Secrets Vault (libsodium)

All sensitive secrets are encrypted at rest using libsodium and an APP_SECRET stored outside public/: OpenAI keys, TOTP secrets, backup codes, and runner environment secrets.

Engagement & ROE Enforcement Engine

Every run is tied to an Engagement with ROE acceptance, version hash, and timestamp. Runs are blocked if ROE is not accepted or targets are out of scope.

Scope Allowlist & Exclusions With Server-Side Blocking

Scope Builder enforces allowlist/denylist and prevents out-of-scope targets from launching—validated server-side, not only in UI.

Zombiecop Docker Runner Profiles (Admin-Controlled)

Admin can create multiple Zombiecop runner profiles with image name, volumes, ports, env vars, resource limits, concurrency caps, and enable/disable controls. Users select runners via visible tiles.

Runner Instances + Lifecycle Telemetry

Each run creates a runner instance record with lifecycle status, logs, health indicators, and operational events visible in Sandboxes and Realtime Task monitors.

Safe Terminal Agent With Command Allowlists

Terminal sessions attach to runner instances and execute only admin-allowlisted safe templates. Full transcripts are stored and exportable, with every command audit logged.

Real-Time Run Simulation Console (60–90s Live Runs)

Auto-Pentest and Full AI Testing launches show a premium run console with progress bar, phase labels, module lane progress, live activity logs, pause/resume/stop, and completion actions linking to Findings/Evidence/Reports.

Real-Time Tasks Monitoring Console

A dense operator console shows running/queued/completed/failed tasks, streaming events, filters by phase/severity, runner logs split view, and control actions (pause/resume/stop/throttle).

Findings Workbench With Confidence Scoring

Advanced triage workbench with filters, saved views, bulk actions, inline status edits, confidence bars, evidence counts, and a multi-tab right drawer for full finding details.

Evidence Vault With Chain-of-Custody

Central evidence repository with preview pane, hash verification (SHA256), redaction preview, bundle builder, export options, and custody timeline for every access/export action.

Attack Paths With Diagram Modes

Attack Path Analysis supports Chain Board and Graph View diagrams, impact score + fix cost scoring, quick-win breakpoints, remediation checklist, heatmaps, and AINA chain analysis (safe narrative only).

Sandboxes Marketplace With 120+ Templates

Catalog of 120+ sandbox templates with categories, difficulty, featured items, filters, launch wizard, per-user instances, start/stop/pause/resume/restart, configuration, and connect viewer (simulated streaming by default).

Task Library With Tools + Skills + 500+ Rocheston Tools

Powerful catalog with Tools, Skills, Tasks, versioning/approval, task builder wizard, favorites/recently used, bulk import, and a scalable Rocheston Tools catalog seeded for 500+ items.

AINA Intelligence Control Center (OpenAI Connected)

Tabbed AI suite: Chat threads, Plan Builder, Findings Explainer, Triage Copilot, Report Writer, Compliance Mapper. Structured outputs only (no raw JSON) with per-user storage and usage analytics.

Model Selection + Connection Testing (Per User)

Users store OpenAI key securely, select models, test connection/latency, configure token limits and temperature, and view usage by feature with guardrail budgets.

MITRE ATT&CK Coverage Module (Enterprise)

Dedicated MITRE page loads tactics + all techniques/sub-techniques from local enterprise-attack.json and renders selectable tactic/technique boxes, profiles, export/import, and run integration tiles.

Scheduler & Automation With Charts

Recurring schedules with tile-based creation, next-run preview, run history, templates, KPI dashboards, and Chart.js analytics for success/fail trends and frequency mix.

Reports Studio With Branding Factory

Template gallery across Executive/Technical/Audit/Ops reports with per-user branding: logo upload, title formats, footer text, watermark, cover page, export defaults, and versioned report lifecycle.

Multi-Format Exports + Evidence Citations

Exports include HTML/PDF/JSON where supported. Reports include evidence citations (IDs, timestamps, hashes) and optional MITRE coverage summaries and attack path summaries.

Notifications, Alerts, and Activity Feed Everywhere

Toast alerts, notification inbox, and a full activity feed with filters. Every major action generates activity and admin-level audit records.

Audit Logs and Governance Controls

Append-only audit logging for sensitive operations: scope changes, approvals, exports, runner changes, user management, and “View As User” events.

Global Search Across the Entire Platform

Top-bar global search queries engagements, targets, scans, findings, reports, evidence, tools, tasks, and sandboxes with grouped results and direct navigation.

Modular MVC-Style Codebase

Clean directory structure with controllers, models, services, middleware, reusable UI components, and install/seed tooling designed for rapid extension.

Demo Data Seeding for Instant “Enterprise Feel”

Heavy seeded dataset across every module (engagements, scans, findings, evidence, reports, sandboxes, tools/tasks) so the UI is never empty and dashboards are immediately impressive.

Production Readiness & Maintainability Controls

System health views, worker heartbeat, logs viewer, feature flags, backup/export of SQLite, and admin tools to remove demo content when going live.

Frequently Asked Questions

What is Rocheston ZelExploits?

Rocheston ZelExploits is an AI-powered automated penetration testing platform for authorized offensive validation. It runs structured testing workflows, collects evidence, assigns confidence scores, and produces professional reports so teams can prove real risk and prioritize fixes fast.

Is ZelExploits a manual pentesting tool or fully automated?

ZelExploits supports both. It can run automated workflows (Auto-Pentest, Full AI Testing) and also supports operator-driven workflows via tasks, approvals, and a safe terminal model.

What makes ZelExploits “AI-powered”?

AINA powers planning, triage, summarization, confidence review, report writing, and compliance mapping. AI is used to explain results, connect evidence, and produce actionable remediation guidance in structured outputs.

Does ZelExploits run real attacks?

ZelExploits is designed for authorized testing and safe validation. It focuses on proof, controls verification, and evidence-backed findings rather than destructive behavior. Guardrails, scope enforcement, and approval gates help prevent unsafe actions.

How does ZelExploits ensure testing stays in scope?

Every run belongs to an Engagement with accepted Rules of Engagement (ROE) and an allowlist/denylist. The platform validates targets server-side and blocks anything outside scope automatically.

What are Engagements and ROE?

An Engagement is the container for an authorized test: environment, owners, scope, targets, schedule, and reporting. ROE acceptance is required before launching runs and is recorded with timestamps for audit.

What is Auto-Pentest?

Auto-Pentest is a one-click workflow that bundles discovery, validation modules, evidence capture, and reporting steps into a fast launch experience. It’s built for speed and repeatability.

What is Full AI Testing?

Full AI Testing is the flagship mode where AINA drives end-to-end execution: plan → recon → validate → evidence → report. Users choose strategy profiles (Balanced, Stealth, Evidence Heavy, Rapid) and guardrails.

What is the AI Agent page used for?

AI Agent is an operations command center to dispatch AINA tasks like triage, evidence bundling, report drafting, compliance mapping, and operational checks, with approvals and task history.

How does ZelExploits show progress during a run?

Runs launch into a live console that simulates real testing phases with a progress bar, current activity, module lane progress, and a streaming event log. When complete, it links directly to Findings and Evidence.

What are Findings in ZelExploits?

Findings are structured issues discovered during runs. Each finding includes severity, confidence score, status workflow, evidence pack, remediation guidance, ownership assignment, and retest tracking.

What is a confidence score?

A confidence score (0–100) indicates how strongly a finding is supported by evidence and validation signals. It helps teams separate “confirmed” issues from “needs review” candidates.

What is the Findings Workbench?

The Findings Workbench is a powerful triage interface with advanced filters, saved views, bulk actions, assignments, inline status updates, accepted risk workflows, and retest scheduling.

What is the Evidence Vault?

Evidence Vault is the system of record for proof. It stores screenshots, logs, tool outputs, terminal transcripts, AI notes, and exports—linked to scans and findings.

Does ZelExploits support chain-of-custody for evidence?

Yes. Evidence can include hash verification and a custody timeline (created, viewed, bundled, exported) so reports remain defensible and audit-ready.

What are Evidence Bundles?

Evidence Bundles are curated packages of evidence objects for audits, executive reviews, developer handoffs, or compliance—exportable as structured indexes and report attachments.

What are Attack Paths?

Attack Paths visualize how multiple findings combine into higher impact risk chains. ZelExploits shows chain diagrams and graph views to help teams prioritize the best “break-the-chain” fixes.

Does Attack Paths reveal harmful exploitation steps?

No. Attack Paths are safe, high-level risk narratives focused on prioritization and remediation planning, not step-by-step attack instructions.

What is Zombiecop in ZelExploits?

Zombiecop is the Docker execution fabric. Admin configures multiple runner profiles, and users select which runner to use for runs. Each run creates a runner instance with status and logs.

Can users choose different Docker runners per run?

Yes. If admin defines multiple Zombiecop runner profiles, users can select them as visible tiles during scan launch.

What is the Terminal Agent?

Terminal Agent provides session-based terminal access linked to runner instances, designed around safe operation and auditing. It stores transcripts and supports allowlisted command templates.

How does the platform prevent unsafe terminal use?

By default, terminal execution is restricted to admin-allowlisted safe templates and all commands are audit logged. Optional operator modes can require 2FA and approvals, depending on admin policy.

What are Sandboxes in ZelExploits?

Sandboxes are isolated training and validation environments. Users can browse a catalog of 120+ templates, launch instances, configure connection details, and manage lifecycle states.

Can I search and filter sandbox templates?

Yes. Sandboxes support powerful search, category filters, difficulty, environment type, featured templates, and “recently used” shortcuts.

What is the Task Library?

Task Library is where Tools, Skills, and Tasks live. It allows building reusable playbooks for automated validation, evidence capture, triage, and reporting.

What are Rocheston Tools?

Rocheston Tools is a large-scale catalog (500+ entries) for organizing internal tools, skills, and workflows, making it easy to build tasks and run consistent operations.

Does ZelExploits support MITRE ATT&CK?

Yes. ZelExploits includes a MITRE ATT&CK Coverage page where tactics and techniques are shown as selectable boxes. Users can save MITRE profiles and apply them to runs.

Where does the MITRE data come from?

The platform loads tactics and techniques from a local enterprise-attack.json file in the project root, ensuring complete coverage without needing internet access.

How does MITRE selection affect a run?

MITRE selection is stored in the run configuration so reporting can include a coverage summary. It also helps align validation scope and communicate outcomes in a standardized framework.

What reports can ZelExploits generate?

Reports Studio includes executive summaries, technical reports, developer fix packs, evidence packs, compliance packs, operational digests, and portfolio reports.

Can reports be branded?

Yes. Reports support branding profiles: logo upload, title formats, footer text, cover pages, accent colors, and watermarks like CONFIDENTIAL or DRAFT.

What export formats are supported?

Reports and evidence indexes can be exported as HTML, PDF, and structured JSON (where enabled), with audit logging of exports for governance.

Does ZelExploits support scheduling and automation?

Yes. Scheduler & Automation supports recurring runs, templates, run history, “run now,” and charts showing success/fail trends over time.

What is Realtime Tasks used for?

Realtime Tasks is a live monitoring console for running jobs, showing streaming event timelines, phases, runner logs, and operational controls.

How does ZelExploits handle notifications?

It includes toast alerts, a notifications inbox, and activity feeds. Users can configure notification rules for critical findings, failures, and report completion.

Does the platform include audit logs?

Yes. Sensitive actions like scope changes, exports, approvals, runner changes, and admin operations are recorded in append-only audit logs.

Is ZelExploits multi-user and enterprise-ready?

Yes. It supports multiple users, per-user settings, role-based admin controls, and strict data isolation so users never see each other’s data.

Is ZelExploits designed for compliance workflows?

Yes. It supports evidence bundling, chain-of-custody, audit logs, control mapping outputs, and compliance report templates to support audit readiness.

Can admin remove demo content for production?

Yes. Admin can remove seeded demo engagements, runs, findings, evidence, and reports to clean the system for real use.

Is ZelExploits part of the Zelfire suite?

Yes. ZelExploits is a dedicated module within the Rocheston Zelfire cybersecurity suite and is designed to integrate with the broader suite ecosystem.

How is ZelExploits different from traditional vulnerability scanners?

ZelExploits is built around validation and proof. It focuses on evidence-backed findings, confidence scoring, and remediation workflows rather than dumping raw scanner noise.

Who is ZelExploits for?

Security teams, engineering teams, and audit/compliance teams who need repeatable authorized validation, clear proof, fast triage, and professional reporting.

What environments can ZelExploits test?

It supports web, API, identity, cloud, network, container/K8s, and sandbox environments through runner profiles and modular workflows.

Can ZelExploits run authenticated testing?

Yes. It supports multiple authentication modes (cookie, bearer token, basic auth, custom headers) and applies them within the configured scope and guardrails.

How does ZelExploits reduce false positives?

Findings are tied to evidence packs and confidence scoring. Workflows support “needs evidence” states, retest verification, and evidence-first validation.

What is the difference between Findings, Evidence, and Reports?

Findings are the issues, Evidence is the proof, and Reports are the packaged outputs for executives, developers, and auditors—each linked together for traceability.

Can ZelExploits generate developer-ready remediation output?

Yes. It provides fix-first checklists, verification guidance, retest flows, and developer-focused report templates like Fix Packs.

Does ZelExploits support retesting after fixes?

Yes. Retest workflows verify closure, track history, and can generate retest verification reports.

Can we track progress over time?

Yes. Dashboards, charts, run history, and trend views show improvements, recurring issues, and remediation velocity.

Does ZelExploits support teams and ownership?

Yes. Findings can be assigned, tracked through statuses, commented on, and managed with bulk triage workflows.

What happens if a run is paused or stopped?

The platform records checkpoints and events, updates status, and keeps evidence and logs so nothing is lost.

How does ZelExploits handle secrets and sensitive data?

Secrets are encrypted at rest and redaction features help prevent sensitive values from appearing in exports and evidence.

Is there a way to standardize coverage across runs?

Yes. MITRE ATT&CK coverage profiles can be saved and applied to runs to keep coverage consistent and reportable.

Can ZelExploits be used for training?

Yes. Sandboxes provide controlled scenarios, and teams can practice validation workflows safely with full evidence and reporting.

Does ZelExploits support audit and compliance evidence?

Yes. Evidence bundling, chain-of-custody, audit logs, and compliance-style report templates support audit readiness.

Launch ZelExploits

Launch Now