Skip to main content
RaSEC
Sign inStart hunting

Documentation

Get from signup to PoC in five steps.

Everything you need to run your first overnight hunt, understand findings, and export report-ready PoCs.

Start for free →FAQ

📖 In this guide

01Create your account
02Define your hunt scope
03Launch your hunt
04Review findings
05Export your PoC report

Quick start

Five steps to your first PoC

Create your account

Sign up at rasec.app/signup. The free tier is fully functional — no credit card required. You get one concurrent hunt session, surface-level findings, and 30-day data retention.

Define your hunt scope

Before launching, set your scope. Paste the program's in-scope domains and CIDR ranges. RaSEC Hunt gates every agent action against this boundary mathematically before execution.

# Example scope configuration
in_scope:
  - "*.example.com"
  - "api.example.com"
  - "10.0.0.0/8"  # internal range if permitted
out_of_scope:
  - "support.example.com"
  - "status.example.com"

Launch your hunt

Hit "Start Hunt". The agent begins recon: subdomain enumeration, endpoint discovery, JavaScript analysis, and coordinated vulnerability testing. All visible in the real-time mission log.

Review findings

Every finding has an explicit state: Pending (AI heuristic flagged), Validated (deterministic reproduction passed), or Rejected (false positive). Pro and Elite tiers include the curl command for manual verification.

# Finding lifecycle
Pending    → AI heuristic detected an anomaly
Validated  → Deterministic reproduction confirmed
Rejected   → False positive (agent discarded)

# You only act on: Validated

Export your PoC report

Select the validated finding and click "Generate PoC". The report formats itself to your chosen template: HackerOne, Bugcrowd, Intigriti, or custom. Copy the output and submit.

Common questions

Quick answers

What does "scope-safe" mean exactly?

Every agent action (DNS lookup, HTTP request, payload test) is checked against your defined scope before execution. If the target is out of scope, the action is blocked at the gate, not after the fact.

How does deterministic reproduction work?

When the AI flags a potential vulnerability, it runs a second, independent reproduction attempt with a non-AI approach. If that also confirms the bug, the finding is marked Validated. If not, it is Rejected. You only see confirmed findings.

Can I steer the agent during a hunt?

Yes — co-pilot mode (Pro and Elite) lets you intervene at any point. Redirect the agent to a specific endpoint, pause a module, or change priority mid-hunt. Full keyboard control.

What does the free tier actually find?

Surface-level issues: missing security headers, misconfigured CORS, exposed debug endpoints, directory listing, and open redirect indicators. Serious bugs (IDOR, auth bypass) require Pro.

Does RaSEC Hunt use my hunt data for training?

No. We do not train on hunt data. We do not log raw HTTP scan traffic. Free tier data is auto-purged after 30 days. Pro includes no-log mode. Elite supports Local Proxy Mode (zero cloud scan traffic).

Full FAQ →Contact support
RaSEC Platform

Ready to run your first hunt?

Free tier, no credit card
PoC in your inbox by morning
Full scope enforcement
Start for free →All features
No credit cardCancel anytimeFree forever tier