Skip to main content

Documentation Index

Fetch the complete documentation index at: https://pentest-tools.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

The AI-enhanced authentication feature improves the reliability of automatic login form detection in the Website Scanner. AI helps complete logins on complex or dynamic pages where traditional detection methods struggle.

How it works

When you select Automatic Login Form authentication in the Website Scanner, the system uses a two-stage approach:
1

Traditional detection

The scanner first attempts to identify login form elements (username field, password field, submit button) using pattern-based selectors. This method works well for standard login forms.
2

AI-powered fallback

If traditional detection fails, an AI agent takes over. The agent analyzes the page structure and identifies the correct form elements, even on complex pages with iframes, dynamic loading, or non-standard layouts.

What AI handles

The AI component excels at scenarios that challenge traditional detection:

Dynamic forms

Login forms loaded via JavaScript or AJAX

Iframes

Login forms embedded in iframes

Non-standard layouts

Forms with unusual element structures or naming

Multi-step logins

Login flows spread across multiple screens

Reliability

AI-enhanced authentication improves login reliability on complex pages where selector-based detection fails. It is a fallback inside the Automatic Login Form flow, so you do not need to enable a separate setting.

Using AI authentication

Enabling automatic login form

1

Configure your scan

In the Website Scanner, add your target URL and configure scan options.
2

Enable authentication

Toggle Authentication to enable authenticated scanning.
3

Select Automatic Login Form

Choose Automatic Login Form as the authentication method.
4

Enter credentials

Provide the Login URL, Username, and Password for the application.
5

Verify authentication

Use Check authentication to confirm the login works before starting the scan.

Generated finding

When automatic authentication succeeds, the scan generates an informational finding:
Authentication complete: Automatic method.
Each authentication method generates its own confirmation message. For example, the Recorded method displays: “Authentication complete: Recorded method.”

When AI is used

The AI component activates only when needed:
  • Standard forms: Traditional detection handles most login forms without AI
  • Complex forms: AI activates automatically when traditional detection fails
  • Transparent operation: You don’t need to configure anything. The system chooses the best approach
The scan result shows the same “Authentication complete: Automatic method” message regardless of whether AI was used. Both approaches are part of the Automatic Login Form method.

Other authentication methods

AI-enhanced detection is specific to the Automatic Login Form method. Other authentication methods work differently:
MethodHow it worksUses AI
Automatic Login FormDetects and fills login form automaticallyYes (as fallback)
RecordedReplays recorded login steps from Chrome DevToolsNo
CookieUses session cookies from an existing loginNo
HeaderSends custom authentication headersNo
For details on all authentication methods, see Authenticated scanning.

AI data handling

Your authentication credentials are handled securely:
  • Azure OpenAI models: The AI agent uses Azure-hosted OpenAI models within our controlled infrastructure
  • Secure processing: Credentials are processed within our isolated infrastructure
  • No external training: Your data is not used to train any AI models
  • No retention: Authentication data is not logged or retained after the scan completes
For complete details, see our AI Data Policy.