Quick Start Guide

Get your first security scan running in under 5 minutes.

Step 1: Sign Up

Create your Hacker Bot account to get started. No credit card required for the free trial.

Create Account

Step 2: Connect Your Repository

Link your GitHub repository to enable findings as Issues and CI/CD integration.

  1. Go to Settings → Integrations
  2. Click Connect GitHub
  3. Authorize Hacker Bot to access your repositories
  4. Select the repositories you want to scan

Step 3: Authorization Requirements

Before scanning, you must complete both technical verification and legal authorization.

⚠️ Legal Agreement Required

Every project and domain must have a signed authorization agreement with a verified legal contact before any scanning can begin.

  • A legal representative must sign our Authorization Agreement
  • Identity verification is performed via third-party services (ID verification)
  • If identity cannot be validated, we cannot perform security testing
  • This protects both parties and ensures compliance with applicable laws

Technical Verification

In addition to the legal agreement, you must prove domain ownership using one of these methods:

1 DNS TXT Record

Add a TXT record to your domain's DNS configuration:

hackerbot-verify=hb_xxxxxxxxxxxx

Your unique verification token is available in your dashboard after starting the authorization process.

2 Verification File

Place a verification file at one of these locations on your domain:

# Option A - Domain root
https://example.com/hacker-bot.txt
# Option B - Well-known directory
https://example.com/.well-known/hacker-bot.txt

The file must contain your unique verification token: hb_xxxxxxxxxxxx

Verification Timeline

  • • DNS records: May take up to 24-48 hours to propagate
  • • File verification: Immediate once file is accessible
  • • Legal agreement: 1-3 business days for identity verification

Step 4: Run Your First Scan

Once verified, you're ready to launch your first attack.

  1. Click New Scan from the dashboard
  2. Enter your target URL (e.g., https://app.example.com)
  3. Select a scan profile (Quick, Standard, or Deep)
  4. Click Start Attack

Step 5: Review Findings

As the scan runs, findings appear in real-time. Each finding includes:

  • Severity rating (Critical, High, Medium, Low)
  • Detailed description of the vulnerability
  • Proof of concept (where safe)
  • Step-by-step remediation guidance
  • References to CWE, OWASP, and other standards

🎉 You're Ready!

You've completed your first scan. Explore the docs to learn about authenticated scanning, CI/CD integration, and advanced features.

Project Setup