Quick start
Sign up, create your workspace, verify a target, run your first scan in under five minutes.
Brektra runs autonomous pentests against AI applications, web and API surfaces, cloud accounts, and Active Directory. This page gets you from zero to a confirmed exploit in five minutes.
1. Create your workspace
Sign up with email or GitHub. The first account you create lands you in a personal workspace on the Free plan. Free covers 3 lifetime scans against AI app surfaces. You can upgrade anytime from Settings → Billing.
2. Add a target
Open Targets, click Add target, and enter the domain you
want to test (app.example.com). Brektra issues a TXT record for you
to add to the domain's DNS. Once the record is live, the target moves
to verified.
3. Run your first scan
From the verified target, click Run scan. Pick the surfaces you want covered (AI by default), pick Safe Mode for non-destructive payloads, and start. The Scan detail page shows the kill chain in real time: recon, attack attempts, exploit confirmations, and proof artifacts.
4. Read the replay
Every confirmed exploit produces a replay. Open the replay tab on any scan to walk the kill chain step-by-step, inspect requests and responses, and grab a shareable signed link for your team or auditor.
5. Ship a patch
If your repo is connected via the GitHub App (Settings → GitHub), each finding has a Generate Patch button. Brektra opens a pull request with the remediation. After merge, the original exploit is re-tested automatically and the finding flips to patched or bypassed.
What next
- Domain verification covers DNS edge cases.
- Reading a replay explains the inspector.
- CI/CD integration wires Brektra into pull request gates.