ZeroPanic User Guide
Everything you need to know β from getting started to running advanced penetration testing assessments.
What is ZeroPanic?
ZeroPanic is a cybersecurity platform built for everyone β whether you're a security professional running penetration tests, a developer reviewing your own code, or someone who simply wants to know if their passwords have been compromised and keep their accounts safe. You do not need a technical background to use ZeroPanic. The tools are powerful enough for experts and clear enough for anyone.
Ask any security question in plain English. Upload suspicious files, emails, or code and get a clear explanation of what's going on β no technical jargon required.
For security professionals β runs real scanning tools against your authorised targets and writes a full assessment report automatically.
A secure place to store your passwords, PINs, and API keys. Tells you how strong each one is and whether it has appeared in a known data breach.
Alerts you if your email address shows up in a data breach β so you know to change your password before someone uses it against you.
ZeroPanic is designed with privacy at its core. We do not serve ads, we do not sell your data, and scan results from the Pentest Agent are never stored beyond your active session. Whatever you do here stays here.
Creating Your Account
Getting started takes less than two minutes. All you need is an email address and a password.
Visit the sign-up page and enter your email address and a strong password. Passwords are hashed using Argon2 β we never store them in plain text.
Verify your email by clicking the confirmation link sent to your inbox.
Enable Two-Factor Authentication (2FA) from Settings β Security. We support TOTP apps (Google Authenticator, Authy, and any compatible app). Strongly recommended.
You're in. Your account starts on the Free tier β 10 AI assistant questions per month and full access to the Encryption Tool. No credit card required.
Free vs Pro
ZeroPanic offers two tiers. Free gives you access to the core features to get started. Pro unlocks the full platform.
| Feature | Free | Pro |
|---|---|---|
| AI Chat Assistant | 10 credits/month | Unlimited |
| File upload & analysis | Free | Pro |
| Reasoning Mode | Free | Pro |
| Web Search Mode | Free | Pro |
| Saved chat history | β | Pro |
| Auto-save chats | β | Pro |
| Pentest Agent | β | Pro |
| Password Vault | β | Pro |
| Breach Monitoring | β | Pro |
| Encryption Tool | Free | Pro |
| 2FA Security | Free | Pro |
Upgrade from the Billing page at any time. Cancel any time β your Pro access continues until the end of the current billing period with no early termination fee.
Starting a Chat
The AI Chat Assistant is where most people start. Ask it anything security-related β from "what is a strong password?" to complex code reviews. You do not need to know technical terminology. Ask the way you would ask a knowledgeable friend and it will meet you where you are.
Navigate to AI Assistant from the top navigation bar.
Click "New Chat" to open a fresh conversation. Each chat maintains its own history β the AI remembers everything said within the same window.
Type your question and press
Enterto send, orShift+Enterfor a new line.Receive a formatted response with headers, code blocks, and bullet points for clarity.
What you can ask
- Answer everyday security questions β "is this email safe?", "what should I do if I was hacked?"
- Explain any security concept β from basic to advanced, in plain English
- Review code for vulnerabilities (paste or upload)
- Analyse log files, config files, and network captures
- Identify phishing emails β paste headers and body
- Get step-by-step hardening guides for any system or service
- Research CVEs, malware families, and attack techniques
- Generate security policies, incident response templates, and checklists
Uploading Files
ZeroPanic supports file uploads for analysis. Attach logs, configs, code, PDFs, or images β the AI reads and analyses them in context of your question.
Supported file types
- Text & data:
.txt,.log,.csv,.md,.json,.xml,.yaml,.yml - Code:
.py,.js,.ts,.html,.css - Documents:
.pdf(text extracted automatically) - Images:
.png,.jpg,.jpeg,.gif,.webp - And more β the list above is representative. If your file type is text-based, it will generally be accepted even if not listed explicitly.
How to upload
Click the paperclip icon (π) in the chat input area.
Select your file. Up to 10 MB per upload. Multiple files can be attached before sending.
Type your question and send. The AI analyses the file(s) alongside your query.
Example use cases
- Upload
auth.logβ "Are there any brute-force attempts in this log?" - Upload
nginx.confβ "Review this for security misconfigurations." - Upload a screenshot of a suspicious email β "Is this a phishing attempt?"
- Upload source code β "Find SQL injection vulnerabilities in this file."
Reasoning Mode
Reasoning Mode enables the AI to think through complex problems step-by-step before producing a response. Ideal for difficult analytical tasks, multi-step security reviews, and questions requiring careful logical deduction.
How to enable
Click the π§ Reasoning pill in the top-right of any chat. It illuminates green when active. Responses will show a "Reasoning applied" tag confirming the mode was used. The thinking indicator shows "Reasoning deeplyβ¦".
Best used for
- In-depth vulnerability analysis of complex code
- Multi-step incident response planning
- Evaluating competing security architectures
- Interpreting ambiguous log data or network captures
- Security architecture review with trade-off analysis
Web Search Mode
Web Search Mode connects the AI to the live internet, enabling it to retrieve up-to-date information when answering your question. Particularly useful for recent CVEs, newly disclosed vulnerabilities, current threat intelligence, and any topic that changes rapidly.
How to enable
Click the π Web Search pill in the top-right of any chat. It illuminates green when active. The thinking indicator shows "π Surfing the webβ¦" while live results are retrieved.
Best used for
- Looking up a CVE published recently
- Checking if a specific software version has known exploits
- Researching a malware family or threat actor in the news
- Getting current patch status for a vulnerability
- Finding the latest hardening guidance for a specific technology
Saving Chats
Chats are not saved by default β this is intentional. Security conversations often contain sensitive data, and you should consciously decide what to keep.
Saving a chat manually (Pro)
Click the πΎ Save button in the top-right of any chat. Saved chats appear on the AI Assistant home page and remain accessible across sessions.
Auto-save (Pro only)
Enable auto-save in Settings β Account. When active, every chat is automatically saved after the first assistant reply β useful if you want a permanent history of all security consultations.
What Is the Pentest Agent?
The Pentest Agent is an autonomous AI that actively scans and assesses your authorised targets using real security tools running inside a secure, isolated environment. It executes actual tools against actual targets and produces a professional security assessment report.
Agent methodology
Passive Reconnaissance β discovers subdomains via publicly available certificate transparency logs. Completely passive β no traffic sent to the target.
Port & Service Discovery β Nmap identifies open ports, running services, and software versions.
Web Technology Fingerprinting β WhatWeb identifies the web framework, CMS, server software, and languages in use.
FTP Anonymous Check β if port 21 is open, checks for anonymous login access and writable directories.
Directory Enumeration β Gobuster with wordlists and file extensions chosen intelligently from the detected tech stack.
CVE & Exploit Research β SearchSploit cross-references discovered software versions against Exploit-DB. Read-only β no exploits are executed.
Assessment Report β the AI synthesises all findings into a structured report with risk levels and remediation recommendations.
Ephemeral by design
Agent sessions are ephemeral. Scan results and the final report exist only for the duration of your active session. Nothing is retained on our servers once the session ends. Download your report before closing.
Launching a Session
Open any chat and click the π€ Pentest Agent pill in the top-right.
Enter your target β a domain (
example.com), subdomain (app.example.com), or IP address. Subdomain enumeration is automatic for domain targets.Choose your scope if entering a subdomain. Select either "this host only" or "all of the parent domain" based on your authorisation.
Select a mode β Human-in-the-loop or Full Auto (see Section 13).
Confirm legal authorisation by ticking the required checkbox.
Click "π Launch Agent." The session begins immediately.
Scope & Authorisation
ZeroPanic enforces scope technically on every agent session. The agent will refuse to scan any target outside the scope you declared, regardless of what it discovers during reconnaissance.
| Target entered | Scope behaviour |
|---|---|
example.com (root domain) |
All subdomains automatically in scope β admin.example.com, api.example.com etc. are permitted. Owning the domain means owning its subdomains. |
ftp.example.com + "This host only" |
Only ftp.example.com is scanned. Discovered subdomains are noted in the report as out-of-scope but not actively scanned. |
ftp.example.com + "All of example.com" |
Scope expands to *.example.com β all subdomains including api.example.com are in scope. |
IP address (e.g. 192.168.1.1) |
Exact IP only. Subdomain enumeration is skipped β there are no subdomains on a bare IP. |
Tools & Methodology
| Tool | Phase | What it does |
|---|---|---|
| subdomain_enum π | Passive Recon | Queries publicly available certificate transparency logs, DNS-resolves each subdomain, categorises by risk priority (admin, dev, api, staging rank highest). |
| Nmap π | Port Scanning | Discovers open ports, identifies services and software versions. Scans top 1,000 ports by default using TCP connect scan. |
| WhatWeb π | Fingerprinting | Identifies web technologies: framework, CMS, server software, JavaScript libraries and versions. Drives file extension selection for Gobuster. |
| ftp_check π‘ | Service Check | Fires only when Nmap confirms port 21 open. Attempts anonymous FTP login, lists accessible directories, checks for write access. |
| Gobuster π | Enumeration | Brute-forces directories and file paths on web targets. File extensions are chosen from the detected tech stack β never generic. |
| SearchSploit π₯ | CVE Research | Searches Exploit-DB for known exploits matching exact software versions discovered. Read-only β no exploits executed. |
Intelligence-driven methodology
Every tool call is derived from what prior steps revealed. WhatWeb detects Django β Gobuster uses Python extensions, not PHP. Nmap finds port 21 β ftp_check fires. Subdomain enum finds admin.example.com β Nmap prioritises that host. Nmap finds Apache 2.4.49 β SearchSploit searches that exact string.
Human-in-the-Loop vs Full Auto Mode
π Human-in-the-Loop (HITL) β Recommended
The agent proposes each action, shows its reasoning, and waits for approval before executing. You can approve, skip, or modify the arguments before running. Best for beginners, learning, and assessments requiring fine-grained control.
β‘ Full Auto Mode
The agent runs the full assessment autonomously β executing tools, analysing results, deciding the next step β until the final report is written. Best for experienced users who want results quickly.
Interrupting a session
In either mode, click π¬ Interrupt & Instruct to send a mid-session directive. For example: "Focus on the admin subdomain" or "Skip gobuster and go straight to SearchSploit." The agent picks up the instruction on its next iteration.
Reading Results
Each step card shows three layers of information:
- π Reasoning β why the agent chose this tool and what it expected to find.
- Command & Args β the exact target, flags, and arguments passed to the tool.
- Raw Output β the actual output from the tool.
After raw output, a π§ Analysis interprets what was found and what it means for the assessment.
Step status indicators
| Status | Meaning |
|---|---|
| DONE | Step completed successfully. |
| ERROR | Step failed. Card auto-expands showing error details. Agent recovers and continues. |
| SKIPPED | Skipped by user (HITL) or automatically by the agent (e.g. scope violation). |
| RUNNING | Tool currently executing. |
| AWAITING | HITL mode β waiting for your approval to proceed. |
Downloading Reports
When the assessment is complete, the final report appears at the bottom of the agent panel. Three export options are available:
- π Copy β copies the full report as Markdown to your clipboard.
- β¬ .md β downloads as a Markdown file named
ZeroPanic_Report_[target]_[date].md. - π¨ PDF β opens the browser print dialog with A4 formatting. Use "Save as PDF" in your browser.
If you download before the scan finishes, you receive a clearly marked incomplete placeholder showing which steps have completed so far. Re-download once the session is complete.
Password Vault
The Vault is a Pro-only encrypted credential manager. All entries are encrypted with AES-256 before storage β we cannot read your contents. Beyond passwords, you can store PINs, API keys, access tokens, and any other sensitive credential you need to keep secure in one place.
- Encrypted storage: store passwords, PINs, API keys, access tokens, and any sensitive credential β all encrypted with AES-256
- Password strength analysis: every stored password scored and colour-coded by strength
- Breach checking: stored passwords are automatically checked against Have I Been Pwned using k-anonymity β PINs and API keys are not sent to breach databases
- Copy to clipboard: copy credentials with a single click
- Search and filter: quickly find entries across large vaults
Breach Monitoring
Breach Monitoring automatically checks your stored passwords against the Have I Been Pwned (HIBP) database on a regular schedule. You receive an email alert when a new breach is detected.
Privacy of breach checks
CyberSuite uses the k-anonymity method. Your email is hashed (SHA-1) and only the first 5 characters of that hash are transmitted to HIBP. The response contains all hashes beginning with those 5 characters β we check locally whether your full hash is among them. Your actual email address is never sent to any third party.
Encryption Tool
The Encryption Tool allows you to encrypt and decrypt text or files using AES-256 directly in your browser. Available to Free and Pro users.
- Text encryption: paste any text, provide a passphrase, receive ciphertext to share securely
- File encryption: encrypt files before sending over untrusted channels
- Client-side processing: encryption happens in your browser β plaintext never leaves your device
- Passphrase-based: your passphrase is never stored or transmitted
Account & Settings
Access Settings from the βοΈ Settings link in the navigation bar.
Account tab
- Update your display name and email address
- Enable or disable auto-save for chats (Pro only)
- Change your password
Security tab
- Enable or disable Two-Factor Authentication (TOTP)
- View and manage active sessions
Billing & Subscriptions
Pro subscriptions are processed securely by our payment provider. ZeroPanic never handles your card details directly.
- Upgrade: visit the Billing page and select Pro. Instant access to all Pro features.
- Cancel: cancel any time from Billing. Pro access continues until period end β no early termination fee.
- Refunds: we do not offer refunds on processed payments except where required by consumer protection law. Contact us if you believe you were charged in error.
- Downgrade: vault data, saved chats, and breach monitoring history are preserved β inaccessible until resubscription, not deleted.
Legal & Ethical Use
ZeroPanic is a legitimate security tool designed for authorised use only. The following are strictly prohibited and may result in immediate account termination and referral to law enforcement:
- Scanning or testing systems you do not own or have not been authorised to test
- Using CyberSuite to facilitate any activity illegal in your jurisdiction
- Attempting to target critical infrastructure with the Pentest Agent
Security & Privacy
- Passwords: hashed with Argon2 (memory-hard, brute-force resistant)
- Vault data: AES-256 encrypted at rest β we cannot read your contents
- 2FA: TOTP-based, available to all users
- Sessions: HttpOnly, SameSite=Lax cookies; rotated on login to prevent fixation
- Agent sessions: ephemeral β scan data is never persisted beyond your active session
- Tool isolation: all scanning tools run in a secure, isolated environment with no access to application data or databases
- No advertising: we do not serve ads, no advertiser has any access to your data
- No training data: we do not permit AI providers to use your conversations for model training
For the full picture, read our Privacy Policy.
Frequently Asked Questions
Can I use the Pentest Agent on any website?
Only on systems you own or have been authorised to test. The legal confirmation step is mandatory β you are solely responsible for compliance.
Why does the agent only scan top 1,000 ports by default?
Scanning all 65,535 ports on a live internet target takes 30β60+ minutes and will consistently time out. Top 1,000 covers 99% of real-world services. For deeper coverage, use Interrupt & Instruct to specify a range like -p 1-10000.
My report shows an error step but still says "Complete." Is that normal?
Yes. Individual step errors are non-fatal. If gobuster encounters a catch-all redirect or a tool finds nothing, the agent recovers and continues. The report reflects what was actually discovered from all steps that succeeded.
Why does subdomain enumeration sometimes fail?
Subdomain enumeration queries publicly available certificate transparency logs. If the service is temporarily slow or unavailable, the step may fail. This is non-fatal β the agent scans the root domain directly. Try again in a few minutes if it happens consistently.
Can I use Reasoning Mode and Web Search at the same time?
Yes. Enable both pills simultaneously. Web Search retrieves current information; Reasoning Mode ensures it is analysed carefully. This combination gives the most thorough, up-to-date responses.
Where is my vault data stored?
Vault data is stored AES-256 encrypted on our servers. We cannot read your vault contents. The encryption key is derived from your passphrase, which we never store or transmit.
What happens to my data if I cancel Pro?
Your data is preserved. Vault entries, saved chats, and breach history remain on our servers β inaccessible until resubscription, not deleted. Full access restores immediately upon reactivating Pro.
I'm not a security expert. Is ZeroPanic still useful for me?
Absolutely β that's exactly who ZeroPanic is built for. You can ask the AI assistant questions in plain English, check whether your passwords have been leaked, store your credentials securely, and encrypt files without needing any technical knowledge. The Pentest Agent is the one feature designed for professionals with authorised targets to test β everything else is built for everyday use.
Why use ZeroPanic's vault instead of my phone's built-in password manager?
Built-in managers like Apple Keychain or Samsung Pass are tied to your device and ecosystem. Switch phones, get locked out, or need a password on a different device and you're often stuck. ZeroPanic's vault is web-based β it works from any browser, on any device, on any platform. Your credentials aren't trapped on one phone or one operating system. Log in from your laptop, a work computer, or any browser and everything is right there.
I found a security vulnerability in ZeroPanic. What should I do?
Please report it responsibly to info@cybersuite.com. We take all reports seriously, respond promptly, and appreciate responsible disclosure.
Can't find what you're looking for? We're here to help β send us a message and we'll get back to you as soon as possible.
βοΈ info@cybersuite.com