Ready to find out what vulnerabilities are lurking in your application? This guide walks you through your first Hacker Bot scan in under 10 minutes.
Prerequisites
Before you start, you’ll need:
- A web application to test (staging environment recommended)
- Owner verification capability (DNS or file upload)
- About 10 minutes
Step 1: Create Your Account
Head to Hacker Bot and create your account. The Free Trial starts automatically—no credit card required.
Step 2: Add Your Target
A “target” is a domain or application you want to scan. From your dashboard:
- Click Add Target
- Enter your domain (e.g.,
staging.yourapp.com) - Choose a friendly name
Step 3: Verify Ownership
We need to confirm you own the target before scanning. Choose your verification method:
Option A: DNS Verification (Recommended)
Add a TXT record to your DNS:
Name: _hackerbot-verify
Type: TXT
Value: hb-verify-abc123xyz (your unique code)Option B: File Verification
Upload a verification file to your web root:
Location: https://yourapp.com/.well-known/hackerbot-verify.txt
Content: hb-verify-abc123xyzClick Verify once you’ve completed either method.
Step 4: Configure Your Scan
Scan Profile
Choose your scan intensity:
- Quick Scan: Fast reconnaissance, ideal for CI/CD
- Standard Scan: Balanced coverage and speed
- Deep Scan: Comprehensive testing (takes longer)
For your first scan, Standard is a great choice.
Authentication (Optional)
To test authenticated areas of your app, add credentials:
- Go to Settings > Authentication
- Choose your auth method (form login, headers, cookies)
- Provide test account credentials
This lets Hacker Bot discover vulnerabilities in protected areas.
Step 5: Run Your Scan
Click Start Scan and watch the magic happen.
During the scan, Hacker Bot will:
- Discover your attack surface (endpoints, forms, APIs)
- Test for common vulnerabilities
- Verify findings to reduce false positives
- Generate a detailed report
A standard scan typically takes 15-45 minutes depending on app size.
Step 6: Review Your Findings
Once complete, you’ll see findings categorized by severity:
- Critical: Fix immediately
- High: Fix this week
- Medium: Add to sprint
- Low: Track and address
- Info: Awareness items
For Each Finding
You’ll get:
- Description: What was found
- Location: Exact endpoint/parameter affected
- Evidence: Proof the vulnerability exists
- Remediation: How to fix it
- References: OWASP, CWE links for context
Step 7: Take Action
Export Your Report
Generate reports for:
- Your development team (technical details)
- Stakeholders (executive summary)
- Compliance (evidence pack)
Set Up Monitoring
Enable scheduled scans to catch new vulnerabilities:
- Weekly scans for active development
- Monthly scans for stable applications
Integrate with Your Workflow
Connect Hacker Bot to:
- GitHub Actions for PR scanning
- Slack for instant notifications
- Your ticketing system for automatic issue creation
Common First-Scan Findings
What most teams discover on their first scan:
- Missing security headers (easy wins)
- Information disclosure in error messages
- Outdated dependencies with known CVEs
- CORS misconfiguration
- Sensitive data in URLs
Don’t panic if you see a long list—prioritize by severity and tackle them systematically.
Next Steps
After your first scan:
- Fix critical and high findings before production
- Set up CI/CD integration for continuous scanning
- Add authenticated scanning for deeper coverage
- Schedule regular scans to catch regressions
Conclusion
You’ve completed your first security scan! The hardest part isn’t finding vulnerabilities—it’s maintaining the discipline to keep looking. With Hacker Bot running on a schedule, you’ll catch issues before attackers do.
Questions about your scan results? Reach out to our support team—we’re here to help.