Pwnkemon docs
Pwnkemon is an autonomous penetration-testing platform. Verify a target, pick a scan tier, and an agent composes thirteen tool primitives — port discovery, banner grabbing, NSE scripts, CVE lookups, HTTP probing, TLS analysis — into a coherent assessment that ships in minutes.
These docs cover the dashboard, the REST API, and the model the agent uses to test your infrastructure. The fastest way in is the getting started guide.
Where to go next
Getting started
Sign in, verify your first target, run your first scan in about ten minutes.
Scan tiers
Quick, Standard and Deep tiers — what each one does and when to use it.
Target verification
How to prove ownership of a domain or IP via DNS TXT or HTTP file challenge.
Reports & exports
Markdown, HTML, PDF and CSV — which formats are available on which plans.
API reference
REST endpoints, auth, request/response shapes for programmatic access.
Webhooks
Receive scan completion events with the full report payload.
What Pwnkemon is not
Pwnkemon is not a replacement for human pentest consultants on engagements that require novel exploit research or red-team tradecraft. It is a replacement for the routine quarterly scan, the SOC 2 evidence pack, and the "we should check if we have any new exposures on prod" week.
Pwnkemon will only scan targets you have proven ownership of via DNS or HTTP verification. Unauthorised scanning is illegal — this is a feature, not a bug.
Status & support
Service status, support contacts and known issues live on the security & privacy page. For billing or account questions, sign in to the dashboard and contact us via the in-app channel.