Penetration testing strategy
A pragmatic playbook for running offensive security engagements against your own infrastructure using Meridian as the orchestration layer. This recipe covers scope definition, automated reconnaissance, and reporting workflows that scale from solo engineers to full red teams.
1. Define scope and rules of engagement
Before any traffic leaves your machine, codify the target surface. List in-scope domains, IP ranges, and SaaS tenants. Mark anything explicitly excluded, including shared third-party services, production payment rails, and any system you do not own. Capture timing windows, allowed payload classes, and the escalation channel for accidental impact.
Meridian persists this as a signed engagement manifest so every downstream agent inherits the same guardrails without manual re-prompting.
2. Automate recon with the model router
Recon is embarrassingly parallel. Fan out subdomain enumeration, port scans, and tech-stack fingerprinting through the Meridian router so cheap calls hit cheap models and only ambiguous results escalate to a reasoning model.
curl https://llm.getnimbus.net/v1/chat/completions \
-H "Authorization: Bearer $MERIDIAN_KEY" \
-H "Content-Type: application/json" \
-d '{
"model": "azure/model-router",
"messages": [
{"role":"system","content":"Recon triage agent."},
{"role":"user","content":"Classify exposure: $HOST"}
]
}'3. Triage findings and ship a report
Raw scanner output is noise. Pipe each candidate finding through a verification agent that re-checks the assertion, attaches reproduction steps, and ranks impact against CVSS. Discard anything without a working proof of concept. The surviving list becomes the executive summary.
Meridian writes the final report as versioned Markdown plus a JSON sidecar so your ticketing system and your auditors both consume the same source of truth.
Need the defensive counterpart? See the blue team detection recipe.