Articles
Go back to application
Articles
Go back to application
Platform Fundamentals
Getting Started
Account Management
User Management
AI Pentest
Getting started
Workspaces
Templates
Running a pentest from a templateWeb Application PentestNetwork External PentestNetwork Internal PentestAPI Security TestingOther TemplatesCreating a Blank Workspace
Configuration
Operations
Asset Management
Asset Basics
Assets Operations
Asset Customization
Vulnerability Management
Vulnerability Basics
Vulnerability Operations
Vulnerability Organization
Integrations & Connectors
Credential Management
Connector Setup
Synchronization
Scanning and Assesssment
Scanning Operations
Security Analysis
Workflow Configuration
Engagemet Management
Enagagement Basic
Enagagement Operations
Workbook
Pentesting as a Service
PTaaS Basics
Vulnerability Submission
Task Management
Task Basics
Task Automation
Reporting and Documentation
Reports
Documentation
Attack Surface Management
Strobes Attack Surface Management (ASM)

Other Templates

Strobes ships with templates beyond Web App, Network, and API. This article gives a quick overview of the remaining templates — what they're for, what input they need, and what credentials they typically use.

Choosing the right template

Templates are grouped by category in the wizard:

  • Assessments — point-in-time pentests (Web App, Network, API, Cloud Review, Code Review, Threat Model, AD, Hello World).
  • Continuous Programs — always-on monitoring (Attack Surface Monitoring, DevSecOps Pipeline).
  • Campaigns — time-boxed engagements (Red Team, Threat Hunting).

Pick the category that matches your goal, then drill into the specific template.

Code Review

Security-focused code review that ingests a Git repository, runs SAST scans, audits dependencies for CVEs, detects secrets, and performs a deep security review.

  • Required input: Repository URL (e.g., https://github.com/acme/webapp).
  • Common credentials: GitHub / GitLab / Bitbucket token.

Threat Model

Systematic threat modeling that scopes the system, maps data flows, and identifies threats using STRIDE, then models realistic attack scenarios.

  • Required input: Target URL or system description.
  • Common credentials: None.

Cloud Review

Cloud infrastructure security review that verifies credentials, enumerates resources, audits IAM permissions, and reviews storage and encryption settings.

  • Required input: Cloud account ID.
  • Common credentials: AWS read-only role / GCP / Azure.

Attack Surface Monitoring

Continuous external attack-surface discovery — enumerates subdomains, scans ports and services, fingerprints web technologies, and detects changes over time.

  • Required input: Root domain.
  • Common credentials: DNS provider, cloud account.

DevSecOps Pipeline

Continuous security scanning for CI/CD — connects to a repository, runs SAST and dependency scanning on every relevant change, and detects new findings as they're introduced.

  • Required input: Repository URL.
  • Common credentials: Git provider token.

Red Team

Time-boxed red-team / adversary-simulation engagement that performs OSINT recon, initial access, lateral movement, privilege escalation, and objective completion.

  • Required input: Target scope.
  • Common credentials: Variable, scenario-dependent.

Threat Hunting

Proactive, IOC-driven hunt across your environment — gathers threat intelligence, formulates hypotheses, and searches for indicators of compromise across cloud logs and audit trails.

  • Required input: Time range and targets.
  • Common credentials: AWS CloudTrail, GitHub audit logs.

Active Directory Pentest

Active Directory penetration test that uses a shell-based jump host. Scope and asset creation, domain recon, user / group / ACL enumeration, BloodHound-style path discovery.

  • Required input: Target IP / Range with shell access.
  • Common credentials: Domain user account.

Hello World

Quick demo or test workflow that skips the heavy phases. Use this template when you just want to see how a Strobes assessment looks end-to-end without consuming many AI credits.

  • Required input: Any URL.
  • Common credentials: None — demo only.

 

Was this article helpful?

Powered by Product Fruits