Targets & Verification

Verifying Target Ownership

Step-by-step instructions for the three verification methods: DNS TXT record, file upload, and meta tag.

Why Verification Is Required

Ownership verification ensures you have legitimate authority over the target before APVISO performs any security testing. This protects third parties from unauthorized scanning and is a legal and ethical requirement for penetration testing platforms.

Method 1 — DNS TXT Record

This is the recommended method for most users.

  1. Open your target's detail page and click Verify.
  2. Select DNS TXT Record.
  3. Copy the unique verification value (e.g., apviso-verify=abc123def456).
  4. Log in to your DNS provider and add a TXT record on the target domain with the copied value.
  5. Return to APVISO and click Check Verification.

DNS propagation can take anywhere from a few seconds to 48 hours depending on your provider and TTL settings. Most providers propagate within 5 minutes.

Method 2 — File Upload

Ideal when you have direct access to the web server but not DNS.

  1. Select File Upload on the verification screen.
  2. Download the verification file or copy its contents.
  3. Upload the file to your web server at the exact path /.well-known/penterep-verify.txt.
  4. Confirm the file is accessible by visiting https://yourdomain.com/.well-known/penterep-verify.txt in a browser.
  5. Click Check Verification in APVISO.

The file must be served over HTTPS and return a 200 status code with the correct content.

Method 3 — Meta Tag

Useful for static sites or when you can edit HTML but lack server or DNS access.

  1. Select Meta Tag on the verification screen.
  2. Copy the provided <meta> tag.
  3. Paste it into the <head> section of your site's home page (/).
  4. Deploy the change.
  5. Click Check Verification.

APVISO fetches your home page and looks for the meta tag in the HTML response.

Verification Caching

Once a target is verified, the status is cached indefinitely. You do not need to keep the DNS record, file, or meta tag in place after verification succeeds. If you remove and re-add the same target, you will need to verify again.

Troubleshooting

  • DNS not propagated yet — wait a few minutes and retry. Use dig TXT yourdomain.com to confirm the record exists.
  • File returns 404 — double-check the path is exactly /.well-known/penterep-verify.txt and your server is not redirecting the request.
  • Meta tag not found — ensure the tag is in the <head> element, not the <body>, and that the page is publicly accessible without authentication.
Back to Knowledge Base