// SECURITY TOOLING — FULLY LATERALUS

LATERALUS
PENTESTER

A complete penetration testing suite written entirely in Lateralus. Pipeline-native. Composable by design. Rolling updates every month.

► SUBSCRIBE — $25/MONTH SEE MODULES

◆ Works best on LateralusOS & NullSec Linux  ·  Also runs on any Linux/macOS

$25 / month
Rolling updates • Cancel anytime • All modules included
◇ WHAT IS LATERALUS PENTESTER?
_×

Lateralus Pentester is a full-featured, actively maintained penetration testing application written 100% in the Lateralus programming language. Every module — from host discovery and port scanning to service fingerprinting, vulnerability assessment, exploitation, and report generation — is a typed Lateralus pipeline stage that can be run standalone or chained with any other.

Because it runs on the Lateralus runtime, the entire toolchain benefits from the language's type system, error propagation operators (|?>), async streams (|~>), and parallel fan-out (|=>). Scan 1,000 hosts in parallel with three characters.

Subscribers receive rolling updates — new modules, new exploit templates, CVE integrations, and detection bypass techniques — pushed automatically every month. No version upgrades. No breaking changes. Just a growing toolset.

◇ MODULES
_×
◆ RECON

RECONNAISSANCE ENGINE

Passive and active reconnaissance pipelines. OSINT aggregation, DNS enumeration, subdomain discovery, WHOIS chains, ASN mapping, and certificate transparency log scanning. All composable stages.

◆ SCAN

NETWORK & SERVICE SCANNER

SYN/TCP/UDP port scanning with async fan-out across 1,000+ hosts simultaneously. Service banner grabbing, OS fingerprinting, HTTP header analysis, TLS certificate inspection, and version detection.

◆ VULN

VULNERABILITY ASSESSMENT

CVE database integration, misconfiguration detection, default credential testing, web vulnerability scanning (SQLi, XSS, SSRF, path traversal), and API security testing via typed pipeline probes.

◆ EXPLOIT

EXPLOITATION FRAMEWORK

Modular exploit templates written in Lateralus. Shellcode staging, payload generation, listener management, and session handling. Each exploit is a pipeline stage that accepts target context and returns a shell or structured error.

◆ POST

POST-EXPLOITATION

Privilege escalation path enumeration, credential harvesting, persistence mechanisms, lateral movement mapping, and network pivoting. All stages produce structured output for audit trails.

◆ REPORT

REPORT GENERATOR

Automated engagement reports in Markdown, HTML, PDF, and JSON. Pipeline output maps directly to report sections. Every finding is typed, timestamped, and cross-referenced to CVE/CVSS scores automatically.

◆ EVASION

EVASION & STEALTH

Traffic fragmentation, timing jitter, decoy traffic injection, protocol obfuscation, and EDR bypass techniques. Evasion parameters are pipeline-composable — apply them to any scan or exploit stage.

◆ CLOUD

CLOUD ATTACK SURFACE

AWS/GCP/Azure misconfiguration auditing, IAM privilege escalation enumeration, S3/blob public access detection, metadata API exploitation, and container escape pipeline modules.

◆ CRYPTO

CRYPTOGRAPHIC ANALYSIS

TLS/SSL weakness detection, weak cipher enumeration, certificate chain validation, hash cracking pipeline integration, and Lateralus's native crypto engine for custom protocol analysis.

◇ LATERALUS PENTESTER — IN ACTION
_×

// Full recon-to-report engagement in ~20 lines of Lateralus:

import pentester.recon    as recon
import pentester.scan     as scan
import pentester.vuln     as vuln
import pentester.exploit  as exploit
import pentester.report   as report

// Define the engagement target
let target = "192.168.1.0/24"

// Full automated pipeline: recon -> scan -> vuln -> report
let findings = target
    |> recon.discover_hosts()           // passive + active host discovery
    |=> scan.port_scan(top_ports: 1000)  // parallel fan-out across all hosts
    |> scan.service_fingerprint()       // banner grab + version detection
    |?> vuln.assess(cve_db: "latest")    // vuln check, propagate errors safely
    |> vuln.check_misconfigs()          // default creds, open services

// Generate a full engagement report
findings
    |> report.generate(
        format: "pdf",
        title:  "Internal Network Assessment",
        author: "bad-antics",
    )
    |> report.write_to("./engagement-2026-04.pdf")

// Targeted exploitation with evasion:

import pentester.exploit  as exploit
import pentester.evasion  as evasion
import pentester.post     as post

let target_host = "10.0.0.5"
let vuln_service = { port: 8080, cve: "CVE-2024-21887" }

// Exploit with traffic evasion, then escalate
let session = vuln_service
    |> evasion.with_jitter(ms: 200)          // timing obfuscation
    |> evasion.fragment_packets(size: 8)      // evade IDS signature matching
    |?> exploit.run(target: target_host)      // attempt exploitation safely

// Post-exploitation pipeline on successful session
session
    |?> post.enumerate_privesc()              // find priv esc paths
    |?> post.dump_credentials()               // harvest hashes / tokens
    |> post.map_lateral_movement()            // graph reachable hosts
◇ PLATFORM COMPATIBILITY
_×

Lateralus Pentester runs anywhere the Lateralus runtime runs — but is purpose-built for security-focused platforms.

LATERALUS OS
OPTIMAL

Native Lateralus runtime. Full capability-based security model. Kernel-level network access without setuid wrappers. Recommended for dedicated engagement boxes.

NULLSEC LINUX
OPTIMAL

Pre-installed Lateralus runtime. 200+ security tools in the base system. Arch rolling base means every pentester package is always current. First-class support.

LINUX (ANY)
SUPPORTED

Install the Lateralus runtime, install Lateralus Pentester. Works on Debian, Ubuntu, Fedora, Arch, and any modern Linux distribution. Some modules require root or CAP_NET_RAW.

MACOS
SUPPORTED

Full support via the Lateralus macOS runtime. Low-level network modules require disabling SIP for raw socket access. Good for development and light scanning.

◇ SUBSCRIPTION
_×
// LATERALUS PENTESTER
$25
per month • billed monthly
  • All 9 current modules (Recon, Scan, Vuln, Exploit, Post, Report, Evasion, Cloud, Crypto)
  • Rolling monthly updates — new modules, new exploits, CVE integrations
  • Subscriber-only pre-release builds with cutting-edge modules
  • Access to the private pentester module registry
  • Community Discord channel for subscribers
  • Priority issue reports and module requests
  • Works on LateralusOS, NullSec Linux, any Linux, macOS
  • Cancel anytime, no lock-in
► SUBSCRIBE NOW

After payment you receive your subscriber token and registry credentials via email from wizard@lateralus.dev

◇ ROLLING UPDATES — WHAT THIS MEANS
_×

Penetration testing tooling ages faster than almost any other software. CVEs drop daily. New attack surfaces emerge. Detection bypass techniques go stale as EDR vendors update signatures. A static tool is a dying tool. Lateralus Pentester is a rolling subscription because it has to be.

  • MONTHLY MODULE DROPS Every month, at least one new module or major module expansion ships to subscribers. New attack surface coverage, new protocol support, new automation targets.
  • WEEKLY CVE INTEGRATIONS The vulnerability assessment module pulls from a curated CVE feed. High-severity CVEs with public PoC are integrated within 72 hours of disclosure.
  • EVASION SIGNATURE UPDATES The evasion module is updated continuously as EDR/IDS vendors publish new detection signatures. Subscribers always have current bypass techniques.
  • LATERALUS LANGUAGE ALIGNMENT As the Lateralus language evolves, pentester modules are updated to use new pipeline operators, type system features, and performance improvements. You get the language and the tools together.
  • NO BREAKING CHANGES POLICY Existing pipeline compositions continue to work. New functionality is additive. If a module signature changes, the old form stays available for one full release cycle.
◇ WHY WRITE A PENTESTER IN LATERALUS?
_×

PIPELINES = ATTACK CHAINS

A penetration test is a sequence of stages. Lateralus pipelines are literally designed for this. Every module is a function. Every attack chain is a pipeline. Composition is free.

ERROR PROPAGATION IS BUILT IN

The |?> operator propagates errors through the pipeline automatically. A failed port scan doesn't crash your exploit chain — it short-circuits cleanly to a structured error.

TRUE PARALLELISM WITH |=>

Fan-out scanning with |=> distributes work across all CPU cores. Scanning 1,000 hosts in parallel is three characters, not a thread pool and a lock.

TYPE-SAFE FINDINGS

Every module returns typed structs. A CVE finding always has a score, description, and affected service. The report generator can trust the schema. No more "undefined key in dict" crashes at 2am.

REPRODUCIBLE ENGAGEMENTS

Save your pipeline as a .ltl file. Re-run the identical engagement in 6 months. Version control your attack chains. The entire engagement is a typed, auditable program.

ZERO DEPENDENCY HELL

The Lateralus runtime handles all native I/O. No Python virtualenv chaos. No gem version conflicts. No npm audit nightmares. Install the runtime, install the tool, run it.

◇ FAQ
_×
DO I NEED TO KNOW LATERALUS TO USE THIS?
No. Lateralus Pentester ships with a CLI wrapper that exposes every module as a command-line tool. You can use it entirely without writing a single line of Lateralus. That said, if you know Lateralus, you can compose custom pipelines, write automation scripts, and integrate with your own tooling in a way that no CLI wrapper can match.
DO I NEED LATERALUS OS OR NULLSEC LINUX?
No, but those platforms give you the best experience. LateralusOS has native capability-based network access. NullSec Linux has the runtime pre-installed with all dependencies. On standard Linux, you install the Lateralus runtime (one command) and then install Lateralus Pentester. It works fine. Some raw socket modules need CAP_NET_RAW or root on standard Linux.
WHAT DOES ROLLING UPDATES MEAN EXACTLY?
Your subscriber token gives you access to the private Lateralus package registry. When new modules ship, you run ltl pkg update pentester and you have the latest version within seconds. No re-subscribe. No re-download links in email. Just a single package manager command.
IS THIS LEGAL TO USE?
Lateralus Pentester is designed for authorized penetration testing, security research, and CTF use. It is your responsibility to obtain proper authorization before testing any system you do not own. Use it lawfully.
CAN I USE THIS FOR CTFS / PRACTICE ENVIRONMENTS?
Yes — CTF, HackTheBox, TryHackMe, local lab environments are all ideal use cases. Subscribers have reported the recon and exploit modules working out of the box on common CTF target configurations. The structured output also makes flag-finding pipelines trivial to write.
HOW DO I CANCEL?
Cancel at any time from your subscriber portal or by emailing wizard@lateralus.dev. No cancellation fees. Your access continues until the end of the current billing period.

READY TO TEST WITH PIPELINES?

Join the growing community of pentesters writing their engagements in Lateralus. $25/month. Cancel anytime. Rolling updates forever.

► SUBSCRIBE — $25/MONTH GET NULLSEC LINUX FIRST

Questions? wizard@lateralus.dev

See also: Announcing Lateralus PentesterProduct Overview (PDF)Technical Architecture (PDF)