NullSquare
NullSquare documentation

Run real offensive security work — autonomously, inside boundaries your team controls.

Welcome. These docs walk you through every part of using NullSquare: setting up your organization, defining the environments the agent may assess, launching your first discovery run, prioritizing what comes back, and turning routine assessments into continuous coverage. New users should start with the Welcome tour, then the quickstart.

Welcome to NullSquare

A ten-minute tour of how the platform is organized, what the agent does, and what your team owns.

Quickstart: your first assessment

Stand up a scope, authorize a target, and run a discovery assessment end-to-end.

Scopes, targets, and rules of engagement

Set up the authorization boundary every assessment runs inside.

Runners and private networks

Deploy a private runner and assess internal subnets, VPN-only apps, and internal hosts.

The operating loop

Every successful program on NullSquare follows the same rhythm. Your first assessment should be discovery — once the agent has mapped your attack surface, every later run becomes more precise. This is the loop the docs are organized around.

  1. 1

    Define a scope

    Name the environment, authorize its targets, and write the rules of engagement the agent will operate inside.

  2. 2

    Run discovery first

    Let the agent map reachable hosts, services, endpoints, technologies, and authentication surfaces before deep testing.

  3. 3

    Add context and prioritize

    Promote the assets that matter, fill in business criticality and data sensitivity, add credentials and repositories where needed.

  4. 4

    Run targeted assessments

    Ask the agent to test specific workflows or assets with the right mode (gray-box, white-box, private-runner).

  5. 5

    Triage, retest, automate

    Validate findings, request retests after remediation, and schedule recurring assessments to keep coverage continuous.

Popular guides

The questions new customers most often ask, answered in one page each.

Internal network pentesting

Deploy a private runner, add CIDR targets, and assess internal subnets end-to-end.

Testing modes

Choose black-box, gray-box, or white-box based on what context you give the agent.

Core concepts

The full vocabulary: scopes, runs, assets, findings, evidence, runners, credits, plans.

Organization setup

Roles, integrations, compliance frameworks, credits, and subscription plan management.

Browse all docs

Everything else, grouped by where it fits in the journey — start, setup, assess, operate, and admin reference.

Start

Platform model, first-run workflow, and product vocabulary.

3

Setup

Organization setup, scopes, testing modes, runners, and authorization boundaries.

4

Assess

Assessment runs, prioritization, automations, and assistant workflows.

4

Operate

Assets, findings, reports, integrations, and compliance evidence.

5

Admin and reference

Billing, security, troubleshooting, status labels, providers, and roles.

4