Your First Pentest Walkthrough - apviso [APVISO](/)Product Resources Developers Company [Pricing](/#pricing)[Partners](/partners)[Enterprise](/enterprise) [Login](/login)[Start free pentest](/register?intent=free-local-pentest) [Login](/login)[Start free](/register?intent=free-local-pentest) [Home](/)[Knowledge Base](/docs)Your First Pentest WalkthroughGetting StartedYour First Pentest Walkthrough ============================== A detailed, step-by-step guide covering exactly what to expect at every stage of your first APVISO pentest. Before You Begin ---------------- Make sure you have: - An active APVISO account. - A configured self-hosted runner for the environment you want to test. - Approval from your organization to test the domain, IP address, internal hostname, or local URL you are adding. Step 1 — Add the Target ----------------------- Go to **Targets → Add Target** and enter your target (e.g., `staging.example.com` or `http://localhost:3000`). Choose the correct visibility. Step 2 — Configure and Start ---------------------------- Click **Start Pentest** on the target detail page. Choose your pentest package: - **Demo / First Check** — controlled demo or eligible first check. - **Quick Check** / **Launch Review** / **Full Pentest** / **Compliance Evidence** — progressively deeper analysis with longer runtime and broader scope. If your target requires login, configure the runner-local auth file with `APVISO_TARGET_AUTH_CONFIG_FILE` before starting. Click **Confirm** to enqueue the pentest for your runner. Step 3 — Watch the Pentest Live ------------------------------- The pentest moves through several statuses: `pending_runner → assigned → running → completed`. During the `running` phase you will see a live feed of agent messages: - The recon agent reports discovered subdomains, open ports, and technologies. - The pentester agent logs each test it performs and any vulnerabilities it confirms. - The lead agent occasionally posts strategy updates. Findings appear in the **Findings** panel as they are confirmed. Step 4 — Review Findings ------------------------ Each finding includes: - **Severity** — Critical, High, Medium, Low, or Informational. - **Description** — what the vulnerability is and why it matters. - **Evidence** — HTTP request/response pairs, screenshots, or proof-of-concept payloads. - **Remediation** — concrete steps to fix the issue. - **CWE / CVE** — standard references for further research. Step 5 — Download the Report ---------------------------- When the pentest finishes, a Markdown report is generated automatically. Navigate to **Reports** to view it or download a formatted PDF. Step 6 — Retest After Fixing ---------------------------- After you remediate findings, select the ones you have fixed and click **Retest**. APVISO will run a targeted retest to verify the fixes and update finding statuses accordingly. ### Related Articles [Quick Start Guide Get up and running with APVISO in under ten minutes — from sign-up to your first vulnerability report.](/docs/quick-start-guide)[Deprecated Target Verification Historical note for DNS, file, and meta-tag ownership verification.](/docs/target-verification)[Starting a Pentest How to initiate a pentest, choose a pentest package, and understand what each package means for depth and runtime.](/docs/starting-a-scan)[Understanding Pentest Statuses What each pentest status means and what actions are available at each stage.](/docs/scan-statuses) [Back to Knowledge Base](/docs) [APVISO](/)Autonomous AI-powered penetration testing for modern web applications. Subscribe [](https://github.com/apviso)[](https://x.com/Apviso_com)[](https://www.linkedin.com/company/apviso/) [![Featured on Good AI Tools](https://goodaitools.com/assets/images/badge.png)](https://goodaitools.com/ai/apviso) Product - [Features](/#features) - [Pricing](/pricing) - [Integrations](/integrations) - [Benchmarks](/#compare) - [Affiliate Program](/affiliate) - [Partners](/partners) - [Enterprise](/enterprise) Resources - [Blog](/blog) - [Use Cases](/use-cases) - [Glossary](/glossary) - [Comparisons](/comparisons) - [Alternatives](/alternatives) - [Compliance](/compliance) - [Vulnerabilities](/vulnerabilities) - [Industries](/industries) - [OWASP APTS](/trust/apts) Developers - [Knowledge Base](/docs) - [API Reference](/docs/api) - [MCP Server](/docs/mcp) Company - [About](/about) - [Contact](/contact) - [Status](https://status.apviso.com) - [Privacy Policy](/legal/privacy) - [Terms of Service](/legal/terms) © 2026 APVISO. All rights reserved.