Getting Started

Your First Pentest Walkthrough

A detailed, step-by-step guide covering exactly what to expect at every stage of your first APVISO pentest.

Before You Begin

Make sure you have:

  • An active APVISO account.
  • A configured self-hosted runner for the environment you want to test.
  • Approval from your organization to test the domain, IP address, internal hostname, or local URL you are adding.

Step 1 — Add the Target

Go to Targets → Add Target and enter your target (e.g., staging.example.com or http://localhost:3000). Choose the correct visibility.

Step 2 — Configure and Start

Click Start Pentest on the target detail page. Choose your pentest package:

  • Demo / First Check — controlled demo or eligible first check.
  • Quick Check / Launch Review / Full Pentest / Compliance Evidence — progressively deeper analysis with longer runtime and broader scope.

If your target requires login, configure the runner-local auth file with APVISO_TARGET_AUTH_CONFIG_FILE before starting. Click Confirm to enqueue the pentest for your runner.

Step 3 — Watch the Pentest Live

The pentest moves through several statuses: pending_runner → assigned → running → completed. During the running phase you will see a live feed of agent messages:

  • The recon agent reports discovered subdomains, open ports, and technologies.
  • The pentester agent logs each test it performs and any vulnerabilities it confirms.
  • The lead agent occasionally posts strategy updates.

Findings appear in the Findings panel as they are confirmed.

Step 4 — Review Findings

Each finding includes:

  • Severity — Critical, High, Medium, Low, or Informational.
  • Description — what the vulnerability is and why it matters.
  • Evidence — HTTP request/response pairs, screenshots, or proof-of-concept payloads.
  • Remediation — concrete steps to fix the issue.
  • CWE / CVE — standard references for further research.

Step 5 — Download the Report

When the pentest finishes, a Markdown report is generated automatically. Navigate to Reports to view it or download a formatted PDF.

Step 6 — Retest After Fixing

After you remediate findings, select the ones you have fixed and click Retest. APVISO will run a targeted retest to verify the fixes and update finding statuses accordingly.

Back to Knowledge Base