• Tools
  • Features
  • Resources

Introduction

Getting Started
What is Auto-Offensive?Core ConceptsInstall the CLIRun your first scanView resultsNext steps

Platform Features

Scanning
AI Analysis
Code Scanning (SAST)
Reports
Dashboard & Analytics

Developer Reference

REST API
CLI Reference
CI/CD Integration
Tool Tactics
⌘K

On this page

What is Auto-Offensive?Core ConceptsInstall the CLIRun your first scanView resultsNext steps
About 5 minutes

Getting Started

Welcome to Auto-Offensive — the automated offensive security platform. This guide walks you through the core concepts, installs the CLI, and runs your first scan.

What is Auto-Offensive?

Auto-Offensive is a platform that automates the entire offensive security workflow — from reconnaissance to vulnerability scanning, secret detection, and AI-driven analysis. It runs industry-standard tools like subfinder, httpx, naabu, nuclei, gitleaks, and gobuster in sandboxed containers and unifies the results in a single UI.

You interact with the platform through three interfaces:

Web Dashboard
Visual UI for scans, findings, AI analysis, and reports
CLI (aof)
Standalone Go binary for terminal and CI/CD use
REST API
Programmatic access for automation and integrations
Remote execution
Tools don't run on your machine. Everything executes in Docker + gVisor sandboxed containers on the backend. You don't need to install subfinder, nuclei, or any other tool locally.

Core Concepts

Before you start, get familiar with these 7 key terms:

Project
A workspace that groups targets, scans, and findings (e.g., acme-web-app)
Target
What you scan — a domain, IP, URL, or CIDR range
Scan / Job
One execution identified by a unique job_id
Step
One tool running inside a pipeline
Finding
A deduplicated result with severity
Pipeline
Unix-style tool chaining (subfinder | httpx | nuclei)
API Key
A project-scoped credential for automation and CI/CD
Scan Mode
Basic, Medium, or Advanced — defines how the scan executes

Typical workflow: Create a Project → add Targets → submit a Scan → Steps execute → produce Findings → use AI Analysis or Reports.

1. Create an Account

Go to the website to create your account.

Signing up via UI

  1. Navigate to the Sign Up page.
  2. Enter your email and password.
  3. Click the 'Create Account' button.
  4. Check your email to verify your account.

2. Run your first scan

Create a project and submit a scan through the Web Dashboard:

How to use via UI

  1. Click the 'New Project' button at the top right.
  2. Enter your Project name and click save.
  3. Go into the Project and click 'New Scan'.
  4. Enter a Target (e.g., example.com).
  5. Select Basic Mode and click Start Scan.
Automated process
The system will automatically chain the tools. You just need to wait and watch the progress on the screen.

3. View results

After the scan completes, you can view the list of all findings:

Viewing findings via UI

  1. Go to the 'Findings' or 'Issues' tab on the Scan results page.
  2. You will see a table showing the Severity, Host, and details.
  3. You can click on each issue to see the remediation and additional AI Analysis.

Next steps

Now you know the basics. Explore further:

Scanning

Three scan modes

Learn Basic, Medium, and Advanced pipeline scans

AI

AI Analysis

Get analysis and next-step suggestions from Claude AI

Reports

Generate Reports

Export findings as PDF, DOCX, XLSX, or JSON

CI/CD

CI/CD Integration

Automate scans in GitHub Actions, GitLab CI, Jenkins

Common gotchas
  • Forgetting to escape the pipe — use | not \|
  • Daily scan quota — free tier is limited to 3 scans/day
Previous
Documentation hub
Next
Scanning