Quick Start

This guide walks you through running your first pentest using the API. You can also start pentests from the dashboard.

Prerequisites

  • A TurboPentest account (sign up)
  • A domain you own or are authorized to test
  • At least one pentest credit

Step 1: Create an API key

Go to Dashboard > API Keys and click Create Key. Give it a name and copy the key - you will only see it once.

# Save your API key
export TURBOPENTEST_API_KEY="tp_your_key_here"

Step 2: Verify your domain

Add a DNS TXT record to prove you own the domain:

# Get your verification token
curl -s -H "X-API-Key: $TURBOPENTEST_API_KEY" \
  -X POST https://turbopentest.com/api/domains \
  -H "Content-Type: application/json" \
  -d '{"url": "https://example.com"}'

Response:

{
  "domain": "example.com",
  "token": "abc123...",
  "txtRecord": "turbopentest-verify=abc123..."
}

Add the TXT record to your DNS, then verify:

curl -s -H "X-API-Key: $TURBOPENTEST_API_KEY" \
  -X POST https://turbopentest.com/api/domains/verify \
  -H "Content-Type: application/json" \
  -d '{"domain": "example.com"}'

Step 3: Start a pentest

curl -s -H "X-API-Key: $TURBOPENTEST_API_KEY" \
  -X POST https://turbopentest.com/api/pentests \
  -H "Content-Type: application/json" \
  -d '{"targetUrl": "https://example.com"}'

Response:

{
  "id": "scan_abc123",
  "targetUrl": "https://example.com",
  "status": "queued"
}

Step 4: Check results

Poll the pentest status until it completes (typically under 2 hours):

curl -s -H "X-API-Key: $TURBOPENTEST_API_KEY" \
  https://turbopentest.com/api/pentests/scan_abc123

When status is "complete", the findings array contains all discovered vulnerabilities.

Step 5: Download the report

curl -s -H "X-API-Key: $TURBOPENTEST_API_KEY" \
  https://turbopentest.com/api/pentests/scan_abc123/report \
  -o pentest-report.pdf

Next steps

Previous

Introduction

Next

Core Concepts

On this page