Adding Pentest Targets - apviso [APVISO](/)Product Resources Developers Company [Pricing](/#pricing)[Partners](/partners)[Enterprise](/enterprise) [Login](/login)[Start free pentest](/register?intent=free-local-pentest) [Login](/login)[Start free](/register?intent=free-local-pentest) [Home](/)[Knowledge Base](/docs)Adding Pentest TargetsTargets & ScopeAdding Pentest Targets ====================== How to add a domain or IP address as a pentest target, including validation rules and what happens after creation. What Is a Target? ----------------- A target is the domain name, IP address, internal hostname, or local URL you want APVISO to test through your self-hosted runner. Adding a Target --------------- 1. Navigate to **Targets** in the left sidebar. 2. Click **Add Target**. 3. Enter the target (e.g., `app.example.com` or `http://localhost:3000`). 4. Choose the correct visibility for public, staging, private/internal, localhost, or partner-client scope. 5. Click **Save**. Validation Rules ---------------- APVISO enforces rules based on target visibility: - **Public targets** must not be internal or loopback addresses and must resolve to public IP addresses. - **Private/internal and localhost targets** are allowed for self-hosted runners that can reach those environments. - **Partner-client targets** require a partner plan and a partner client record. - **Duplicate check** — you cannot add the same target twice within your organization. What Happens After Adding ------------------------- The target is ready for self-hosted pentesting once an eligible runner can reach it. Authenticated pentesting credentials are configured on the runner host with `APVISO_TARGET_AUTH_CONFIG_FILE`; they are not entered in the APVISO dashboard. Editing and Removing Targets ---------------------------- Click a target to open its detail page. From there you can: - Review runner-local authentication setup guidance. - Adjust governance settings. - Delete the target if it has no pentest history. Target Limits ------------- Each self-hosted plan includes a maximum number of targets: - **Solo** — up to 3 targets. - **Launch** — up to 10 targets. - **Team** — up to 25 targets. - **Partner** and **Enterprise** — custom or unlimited target limits by agreement. If you reach your limit, remove an existing target or upgrade your plan to add more. ### Related Articles [Deprecated Target Verification Historical note for DNS, file, and meta-tag ownership verification.](/docs/target-verification)[Authenticated Pentesting Configure authentication so APVISO can test pages and API endpoints behind login — supporting bearer tokens, cookies, API keys, and more.](/docs/authenticated-scanning)[Subscription Plans Compare the APVISO subscription tiers — Solo, Launch, Team, Partner, and Enterprise — and understand what each includes.](/docs/subscription-plans) [Back to Knowledge Base](/docs) [APVISO](/)Autonomous AI-powered penetration testing for modern web applications. Subscribe [](https://github.com/apviso)[](https://x.com/Apviso_com)[](https://www.linkedin.com/company/apviso/) [![Featured on Good AI Tools](https://goodaitools.com/assets/images/badge.png)](https://goodaitools.com/ai/apviso) Product - [Features](/#features) - [Pricing](/pricing) - [Integrations](/integrations) - [Benchmarks](/#compare) - [Affiliate Program](/affiliate) - [Partners](/partners) - [Enterprise](/enterprise) Resources - [Blog](/blog) - [Use Cases](/use-cases) - [Glossary](/glossary) - [Comparisons](/comparisons) - [Alternatives](/alternatives) - [Compliance](/compliance) - [Vulnerabilities](/vulnerabilities) - [Industries](/industries) - [OWASP APTS](/trust/apts) Developers - [Knowledge Base](/docs) - [API Reference](/docs/api) - [MCP Server](/docs/mcp) Company - [About](/about) - [Contact](/contact) - [Status](https://status.apviso.com) - [Privacy Policy](/legal/privacy) - [Terms of Service](/legal/terms) © 2026 APVISO. All rights reserved.