Red-team AI for authorized engagements

LLM assistant scoped to your verified targets. Recon, vulnerability analysis, exploitation guidance, write-up generation. Built for pentesters and bug bounty hunters.

Get API key Read docs

How it works

  1. Sign up, get a free CTF-mode API key
  2. Add a target scope (domain, IP range, bug bounty program URL)
  3. Verify scope via DNS TXT, public bug bounty program, or corporate SSO
  4. Make API calls scoped to that target. Out-of-scope queries are refused and logged.

Quick start

Sign up

curl -X POST https://spidergpt.io/api/v1/signup \
  -H "Content-Type: application/json" \
  -d '{"email":"you@example.com"}'

Add and verify a scope

curl -X POST https://spidergpt.io/api/v1/scopes \
  -H "Authorization: Bearer YOUR_KEY" \
  -d '{"target":"example.com", "method":"dns_txt"}'

# Then add the returned TXT record to example.com's DNS
curl -X POST https://spidergpt.io/api/v1/scopes/verify \
  -H "Authorization: Bearer YOUR_KEY" \
  -d '{"target":"example.com"}'

Chat (scoped)

curl -X POST https://spidergpt.io/api/v1/chat \
  -H "Authorization: Bearer YOUR_KEY" \
  -d '{"target":"example.com","prompt":"Analyze the headers from this response..."}'

Pricing

CTF

$19/mo
  • 200 prompts/mo
  • Sandbox labs only
  • HackTheBox / TryHackMe

Hunter

$49/mo
  • 1,000 prompts/mo
  • 3 verified scopes
  • Audit log

Pro

$149/mo
  • 10,000 prompts/mo
  • Unlimited scopes
  • Exportable reports

Team

$399/mo
  • 50,000 prompts/mo
  • 5 seats, SSO
  • Admin dashboard

Authorization, not bypass

SpiderGPT will refuse anything outside your verified scope. Every query is logged with the customer ID and scope. Use is governed by our Terms: authorized engagements only, no targeting of third parties, no malware distribution. Violators are banned and logs preserved per applicable law.