Point SUSA at a URL or APK and read the report. No scripts to write, nothing to record — it explores like a real user and tells you what broke.
Install the agent, point it at your app, and read the report. First live result in about 5 minutes.
Install susatest-agent from PyPI, then run a test against a web URL or an APK. SUSA does the rest — it explores the running app like a real user and writes the findings to a report. It never needs your source, repo, or secrets.
# 1 · install the agent $ pip install susatest-agent # 2 · point it at a web app … $ susatest-agent test https://app.com # … or an Android APK $ susatest-agent test app.apk → exploring autonomously · no script written → first live result in ~5 min · report ready
The same engine and the same report, wherever the app runs — our cloud, a local emulator, your own device, or a managed device lab.
Paste a URL and go. Runs on our cloud through residential proxies with country targeting and full browser stealth.
susatest-agent test https://app.com
No phone needed. SUSA boots a local Android emulator, installs your APK, and explores it over ADB.
susatest-agent test app.apk --emulator
Point SUSA at a phone or browser you own — your real IP and device fingerprint. Android via ADB, iPhone via USB (no Mac needed), or any local browser.
susatest-agent connect --web
Pass-through to BrowserStack, AWS Device Farm, or Sauce Labs for real Android & iOS devices on demand.
susatest-agent test app.apk --lab
Run SUSA on every release. It exits non-zero on failure and writes a re-runnable regression suite for you.
# run on every push — fail the build on a regression $ susatest-agent test https://staging.app.com --junit results.xml → functional · a11y · security · pentest · perf → JUnit written · Appium + Playwright suite generated → exit 1 on failure
SUSA exposes an MCP server — kick off a run and pull the report without leaving your editor.
Connect from Claude Code, Cursor, or any MCP-capable agent. Your agent can start a test, watch it run, and read back the findings — so you can go from bug to fix in one place.
Every run covers fourteen kinds of testing in parallel — driven by real persona exploration, not a script you wrote.
Every flow proved end-to-end with PASS/FAIL verdicts and repro steps.
WCAG audit — contrast, touch targets, focus order, screen-reader, text scaling.
OWASP Top 10 — secret leaks, insecure storage, debuggable builds, auth bypass.
Active exploitation via the Mole engine — SQLi, XSS, IDOR, JWT, BOLA, SSRF.
Capture endpoints, validate contracts, detect schema drift across builds.
Rapid tap, rotation, slow network, low memory, FPS and janky-frame monitoring.
Per-build pixel + structural diff so layout breaks are caught before users see them.
UX friction, dead buttons, navigation loops and abandonment paths.
Trace LLM calls; judge evals catch hallucination, drift and safety regressions.