Your First Scan

From installation to your first confirmed finding: this guide walks you through every step of running a complete penetration test with PhantomYerra.

Prerequisites

    Before You Start
    PhantomYerra installed - Download from phantomyerra.com/downloads and run the installer
Valid license key - Single seat, team, or enterprise. Activate at first launch.
Written authorisation - You must have explicit permission to test the target. PhantomYerra requires an auth token before any active scan.
Target URL or IP - The application, API, or network range you are authorised to test.
Test credentials - At least one valid login for the target application (for authenticated scanning).

  

Legal reminder: Only scan systems you own or have explicit written permission to test. PhantomYerra's authorisation token requirement is a safeguard, not a substitute for legal written authorisation from the system owner.

Scan Flow Overview

Launch ──→ License Check ──→ Home Screen
↓
Scan Wizard ──→ Target + Scope ──→ Auth Setup ──→ Mode Select
↓
Scan Dashboard ──→ Live Activity Feed ──→ Findings Panel
↓
AI Analysis ──→ Attack Chain ──→ Report Generation ──→ Export

Step 1: Launch and Configure

First Launch - License Activation

On first launch, PhantomYerra shows the license activation screen. Enter your license key and click Activate. The app validates against the licensing server and downloads your module entitlements.

If you have an AI API key from your license tier, it is downloaded automatically - you do not need to configure it manually.

License Activation Screen Clean dark screen with PhantomYerra logo, license key input field, "Activate License" button, and machine fingerprint display. Below: link to "Continue in offline mode (72-hour grace period)".

Intelligence Loading Splash

After activation, the splash screen shows PhantomYerra loading its intelligence databases: CVE database (NVD + CISA KEV), ExploitDB, PoC library. On first launch this takes 30-90 seconds. Subsequent launches complete in under 2 seconds.

Home Screen

The home screen shows your recent projects, a New Scan button, and the Activity Feed showing the latest CVE intelligence updates. Click New Scan to start the Scan Wizard.

Step 2: The Scan Wizard

Workspace and Target

Give your scan a workspace name (e.g. "ClientCorp Q2 Assessment") and enter the target. PhantomYerra accepts:

URL - https://app.example.com
IP address - 192.168.1.0/24
Domain - example.com (with subdomain discovery)
API specification - OpenAPI/Swagger JSON or YAML URL
Mobile app: APK or IPA file upload
Source code directory, for SAST + SCA

Scope Definition

Define what is in scope. PhantomYerra enforces scope at the tool level - no scan tool will send requests outside the defined scope, regardless of what links it discovers. Add URL patterns, IP ranges, or domains to the allow list. Add explicit exclusions (e.g. /api/admin/delete-all) to prevent destructive actions.

Scan Wizard - Scope Configuration Two-column panel: In Scope (green) with URL patterns and IP ranges listed. Out of Scope (red) with explicit exclusions. Drag-and-drop reordering. "Add Pattern" button. Scope preview showing example matching URLs.

Engagement Type

Select the engagement type. This tells PhantomYerra which attack surfaces to focus on and sets the appropriate depth and aggressiveness level:

Web Application Pentest: DAST, injection, auth, business logic, IDOR
API Security Assessment: REST/GraphQL/gRPC, auth, fuzzing, BOLA
Network Pentest - Port scan, service exploitation, lateral movement
Mobile App Assessment: APK/IPA static + dynamic analysis
Source Code Review: SAST, SCA with reachability, secrets
Full Stack - All surfaces combined

Step 3: Authentication Setup

Select Authentication Method

PhantomYerra supports all common authentication patterns: Form login (username + password), Bearer token, API key (header or query param), Cookie-based, OAuth 2.0 (with PKCE), and custom header sequences.

Test the Login Sequence

Click Test Authentication - PhantomYerra performs a test login and confirms the session is valid. A green checkmark confirms authentication works. A failure shows the HTTP response for debugging.

Add Multiple Roles (Optional)

For IDOR and privilege escalation testing, add credential sets for each role. See the Multi-Role IDOR Testing guide for full details.

Step 4: Choose Scan Mode

RECOMMENDEDAutomated AI

Claude drives the entire engagement. Plans attack paths, adapts based on findings, chains vulnerabilities. Highest coverage, requires Claude API key or local Ollama.

Semi-Automated

PhantomYerra runs all tools automatically but pauses for human review at key decision points. You approve exploit attempts before they execute.

Manual

You control every tool individually. PhantomYerra provides the tools, payloads, and intelligence - you decide what to run and when. For experienced testers.

Step 5: Understanding the Scan Dashboard

The scan dashboard has five panels that update in real time during the scan:

Activity Feed - Live stream of every tool action, HTTP request sent, and finding discovered
Phase Progress - Visual pipeline showing completed, active, and pending phases
Findings Panel - All confirmed EXPLOITED findings, sorted by severity, updating live
Attack Surface Map - Visual graph of discovered endpoints, services, and their relationships
AI Brain Log - In Automated AI mode: Claude's reasoning, tool selections, and adaptations

Step 6: Reading Your First Report

Findings are Pre-Triaged

Every finding in the report is already classified as EXPLOITED, POTENTIAL, or FALSE POSITIVE. There is no manual triage phase - you review confirmed vulnerabilities directly.

Each Finding Has Full Evidence

Click any finding to open the detail drawer. You will see: raw HTTP request/response, extracted data, screenshot, PoC reproduction steps (copy-paste ready), business impact assessment, and specific remediation code where applicable.

Attack Chain Analysis

After the scan completes, the attack chain panel shows how individual findings chain together into full attack paths, from initial entry point through lateral movement to maximum impact.

Step 7: Exporting and Sharing

Export Options

PDF Report - Executive summary + full technical appendix with all evidence
JSON - Machine-readable findings for integration with JIRA, ServiceNow, or other tools
SARIF - For GitHub/GitLab Code Scanning integration
CSV - Spreadsheet-friendly findings list for stakeholders
Evidence Archive: ZIP of all screenshots, HTTP captures, and raw tool output

Navigate to Reports in the sidebar, select your scan, choose the format, and click Generate Report.