> ## Documentation Index
> Fetch the complete documentation index at: https://docs.codeant.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Black Box Testing

> Test your application from an external attacker's perspective with zero internal knowledge.

## Overview

Black box testing examines your application **without any knowledge of its internal systems** -
simulating an external attacker's perspective. CodeAnt's black-box pentest is **zero-traffic**: it
discovers your public internet surface through passive intelligence (certificate transparency logs,
DNS, and infrastructure fingerprinting) rather than sending active attack traffic, then reports the
exposure an outside adversary would find.

## Key Features

* **External attacker simulation:** No credentials, no source code - only what's reachable from the
  public internet.
* **Zero-traffic reconnaissance:** Passive intelligence gathering keeps the scan non-intrusive.
* **Domain-scoped:** Runs only against domains your organization owns and has verified.
* **Attack surface mapping:** Surfaces subdomains, exposed services, technologies, and cloud
  infrastructure.
* **Severity-ranked findings:** Each finding is classified critical / high / medium / low with
  reproduction detail and a live status.

## How It Works

<Steps>
  <Step title="Start a request">
    Open the **Pentesting** page and provide your contact details (name, email, organization), then
    choose **Black Box Testing** as the testing type.
  </Step>

  <Step title="Add and verify domains">
    Add each domain you want tested. Every domain must be verified so CodeAnt knows you have
    permission to scan it (see below). You can add specific areas of concern - for example
    authentication, data encryption, or API security - in the **Specific Security Concerns** field.
  </Step>

  <Step title="Submit and wait">
    Submit the request. The pentest runs in the background - usually a few hours, up to 48 hours.
    You can leave the page; the report will be waiting when you return.
  </Step>

  <Step title="Review the report">
    Open the completed report to walk through discovery, attack surface, infrastructure, and the
    detailed findings.
  </Step>
</Steps>

## Domain verification

Because a pentest targets live systems, CodeAnt only scans domains your organization has proven it
owns. Verify each domain using one of:

* **DNS record** - add the provided CNAME or TXT record to your DNS.
* **File hosting** - host the provided verification file on the domain.

Domains that match your login email address are **auto-verified**. Verifying an apex domain also
covers its subdomains.

## Reading the report

A completed black-box report is organized into sections:

| Section            | What it covers                                                                                                                           |
| ------------------ | ---------------------------------------------------------------------------------------------------------------------------------------- |
| **Discovery**      | Reconnaissance phases - certificate-transparency log mining, DNS resolution, and infrastructure fingerprinting - all gathered passively. |
| **Attack Surface** | Categorized, severity-ranked exposure discovered from the outside.                                                                       |
| **Infrastructure** | Detected technology stack and cloud providers.                                                                                           |
| **Email Security** | Your email security posture and grade.                                                                                                   |
| **Findings**       | Detailed vulnerabilities with severity, live status (open / reopened / fixed / unverified), reproduction steps, evidence, and impact.    |

After remediating, you can **reverify** findings to confirm the fix; CodeAnt tracks the verification
history for each one.

## Credits

<Note>
  Your **first pentest is free**. Additional runs cost **1 credit** each. In a locked report, critical
  and high findings have their evidence, targets, and impact hidden - spend **1 credit to unlock every
  locked finding permanently**. Medium and low findings are always visible.
</Note>

## When to use black box testing

Black box testing is the fastest way to answer *"what can an attacker find and reach with no inside
knowledge?"* - with no setup beyond verifying your domains. For deeper, source-aware coverage, pair
it with [White Box Testing (AI Exploitation)](/pentesting/white_box), or guide the scan with inside
context using the [Gray Box](/pentesting/gray_box) approach.
