Everything you need to run PhantomYerra.

🚀

First Launch

Activate your license, configure AI, and run your first scan — zero to operational in minutes.

Get started →

▶

Quick-Start Guide

A guided walkthrough of your first end-to-end pentest with evidence capture and reports.

Walk me through →

⚡

Scan Modes

Understand Automated AI, Semi-Automated, and Manual modes — and when to use each.

Compare modes →

🎯

Mission Control Wizard

Configure scope, authentication, and engagement type through the guided wizard.

Open wizard docs →

🏠

Home Screen Tour

Every element of the PhantomYerra home screen and what it does.

Tour the UI →

🌐

Web Applications

SQLi, XSS, CSRF, SSRF, SSTI, XXE, request smuggling, cache poisoning + full OWASP Top 10 coverage.

Web playbook →

🔌

API / GraphQL

BOLA, BFLA, mass assignment, rate-limit bypass, OpenAPI fuzzing, GraphQL introspection abuse.

API playbook →

🔗

Network / Infrastructure

Nmap, service enum, SMB/Kerberos attacks, SNMP, DNS recon, TLS analysis.

Network playbook →

☁

Cloud Security

AWS/Azure/GCP IAM privilege escalation, S3 takeover, IMDS SSRF, misconfig drift.

Cloud playbook →

📱

Mobile (Android / iOS)

APK static + dynamic analysis, DEX bytecode, intent fuzzing, WebView bridge abuse.

Mobile playbook →

🔧

Firmware / IoT

Binwalk extraction, signature detection, UART/JTAG probing, insecure update mechanisms.

Firmware playbook →

🚗

Automotive / ICS-SCADA

CAN bus injection, Modbus/DNP3/BACnet abuse, PLC logic injection, HMI auth bypass.

OT playbook →

🔍

SAST · DAST · SBOM

Interprocedural taint, symbolic execution, coverage-guided fuzzing, CycloneDX generation.

SAST/DAST →

📦

SCA / Reachability

Dependency CVE mapping, reachability analysis, supply-chain scan.

SCA playbook →

⚙

Reverse Engineering

PE/ELF/Mach-O analysis, .NET decompilation, symbolic execution, AI-assisted deobfuscation.

RE playbook →

🤖

AI / LLM Security

Prompt injection, jailbreak testing, RAG poisoning, model inversion, OWASP LLM Top 10 2025.

AI/LLM playbook →

⚙

DevOps / CI/CD

Secret scanning, pipeline injection, IaC misconfig, container scanning, OWASP CI/CD Top 10.

DevOps playbook →

♾

Adaptive Attack Loop

The 8-level feedback loop that rewrites payloads based on target response — WAF-aware, context-aware.

Read →

🕳

Zero-Day Workflow

11-engine zero-day suite — taint flow, race conditions, crypto oracles, deserialization gadgets.

Read →

🎯

Exploitation Gate

How findings are validated before they reach the report — no unconfirmed claims, ever.

Read →

🧠

Business Logic Testing

Price tampering, race conditions, workflow bypass, IDOR / BOLA / BFLA — where scanners miss.

Read →

👥

Multi-Role IDOR

Test object-level authorization across every user role automatically.

Read →

📋

Full Attack Methodology

The complete PhantomYerra methodology — from recon to reporting, with evidence chain.

Read →

🤖

Ask PhantomYerra (AI Pentester)

The AI pentester assistant — natural-language scope configuration + live scope expansion.

Read →

🔑

AI Provider Setup

Configure Anthropic / OpenAI / Google / Groq / Together / Azure Copilot / Ollama / LM Studio.

Set up AI →

📄

Reports & Evidence

Generate PDF / DOCX / HTML / JSON / SARIF reports with RFC 3161-sealed evidence chain.

Read →

🔌

Integrations

Jira, ServiceNow, Slack, Teams, GitHub, GitLab, Azure DevOps — bi-directional ticketing.

Read →

🛡

Enterprise RBAC

Super-admin, pentest lead, tester, reviewer, client — role-based access control.

Read →

🔒

Air-Gapped Mode

Zero external calls, local Ollama / LM Studio for classified and sensitive environments.

Read →

🏠

Local-Only Scanning

Restrict scans to internal / RFC1918 targets only — enforced at license level.

Read →

⏸

Pause & Resume

Interrupt long-running scans, resume where you left off — state survives crashes.

Read →

⌨

CLI Reference

Full command-line reference for headless scanning, CI/CD automation, scripted runs.

Read →

📜

License Activation

Activate your license, manage seats, view module entitlements, understand quotas.

Read →

🧰

Toolkit Overview

All in-app manual tools — when to use each, how they integrate with the scan flow.

Read →

🎯

Interceptor

Live-edit requests, modify headers, tamper with bodies, observe responses in real time.

Read →

🔁

Repeater

Replay requests with tweaks. Your hypothesis-testing workspace.

Read →

💥

Intruder

Payload-set attacks — BOLA enumeration, login brute, fuzz lists against chosen positions.

Read →

🎭

Red-Team Intel Feeds

Live threat intel from CISA KEV, MITRE ATT&CK, EPSS, 15+ vendor feeds.

Read →

🧩

SDK Overview

Extend PhantomYerra — custom scanners, payloads, report templates.

SDK home →

🔨

Build a Custom Scanner

Author a new scanner that plugs into the orchestrator + reports.

Read →

📐

Custom Report Template

Brand the PDF / DOCX output with your own template.

Read →

✨

What's New in PhantomYerra

Full version history — new capabilities, fixes, performance improvements. Updated with every release.

View release notes →

📜

Version History (marketing)

Timeline of every public release on the marketing site.

Open timeline →