# Takumi Pentesting {#takumi-pentesting}

**Takumi Pentesting** is the core capability of Takumi byGMO. It autonomously performs application security assessments and proposes fixes for the issues it discovers.

Key capabilities:

- **[Whitebox Assessment](/docs/t/assessment/features/whitebox-assessment.md)** — Source-code-aware assessment that understands repository structure, business logic, and specifications.
- **[Blackbox Assessment](/docs/t/assessment/features/blackbox-assessment.md)** — URL-based assessment that crawls the target and tests for vulnerabilities without source-code access.
- **[Periodic Assessment](/docs/t/assessment/features/periodic-assessment.md)** — Recurring assessments scheduled against a repository's default branch.
- **[Auto-Triage](/docs/t/assessment/features/auto-triage.md)** — Automatic triaging of Dependabot PRs to surface only those that actually need attention.
- **[Autofix](/docs/t/assessment/features/autofix.md)** — Generates fix PRs for findings discovered during assessments.

If you are new here, start with **[Quickstart](/docs/t/assessment/quickstart.md)**. Each sub-section covers:

- **[Features](/docs/t/assessment/features/index.md)**: The full feature list
- **[Pricing & Billing](/docs/t/assessment/billing/index.md)**: How credits are consumed and billed
- **[Architecture](/docs/t/assessment/architecture/index.md)**: How whitebox and blackbox assessments are implemented
- **[References](/docs/t/assessment/references/index.md)**: Severity definitions and source IP addresses