h4ckbot
Documentation

h4ckbot Docs

Everything you need to use, configure, and self-host h4ckbot โ€” the AI assistant purpose-built for professional penetration testers.

โ–ถ

Quick Start

Create an account, set your spend cap, and run your first AI-assisted recon in under 5 minutes.

๐Ÿ”‘

Authentication

Email + password auth with httpOnly JWT cookies, CSRF protection, and session versioning.

๐Ÿณ

Self-Hosting

Run h4ckbot on your own infrastructure with Docker Compose.

๐Ÿง 

Model Overview

How the h4ckbot intelligence layer was built, what it knows, and where its knowledge comes from.

๐Ÿ›ก๏ธ

Guardrails

The layered technical and policy controls that prevent misuse at the model, platform, and API levels.

๐Ÿ”

Access Verification

Why we verify professional context, what is checked, and how your privacy is protected throughout.

What is h4ckbot?

h4ckbot is a self-hosted, full-stack AI assistant designed specifically for offensive security professionals. It wraps a large language model with a penetration-testing persona, usage controls, and a clean chat interface โ€” all running on infrastructure you control.

The backend is a FastAPI application backed by PostgreSQL and Redis, with Argon2id password hashing, httpOnly JWT sessions, and per-user spend caps. The frontend is a Next.js 15 App Router application with a dark-first design system.

Architecture at a glance

Browser
  โ””โ”€ Next.js (frontend)  :3000
       โ””โ”€ FastAPI (backend) :8000
            โ”œโ”€ PostgreSQL    :5432
            โ””โ”€ Redis         :6379

All components ship as Docker images and are orchestrated via Docker Compose. See the Self-Hosting guide for full setup instructions.