Uxarion

Documentation

Authorized security testing

Uxarion is built for scoped, authorized security testing only. Understand what is permitted, what is out of scope, and how to keep evidence collection safe.

Updated 2026-03-10

Why authorized security testing matters

Searchers often look for tools that can automate security testing. The first question should never be how much automation the tool has. The first question should be whether the target is explicitly in scope and whether the operator can prove that authorization exists.

Uxarion is designed around that constraint. The product assumes the operator needs a visible scope boundary before any AI pentesting workflow starts.

Scope and consent

Only test targets you own or have explicit written authorization to assess. You are responsible for confirming scope, timing windows, and allowed techniques before you start.

Before you launch a run, confirm:

  1. The exact domain, application, or API base URL that is approved.
  2. The program owner or team that granted permission.
  3. Any timing windows, rate limits, or technique restrictions.
  4. Which accounts, roles, or datasets are safe to use.

What is permitted

  • Validated, in-scope targets and subdomains
  • Low-impact enumeration and verification
  • Evidence collection and reporting
  • Reproducing already reported issues inside the approved scope
  • Retesting auth and routing behavior after approved deploy events

What is not permitted

  • Brute forcing, credential stuffing, or DoS-style testing
  • Expanding beyond the authorized scope
  • Testing personal data or accounts without permission
  • Treating a bug bounty platform listing as blanket authorization for every asset
  • Running aggressive workflows before the scope owner approves them

Safe evidence collection

Authorized testing is not only about where you are allowed to point the workflow. It is also about how you collect evidence.

Keep screenshots, request traces, and transcripts tied to the same run. Record which identity was used, which target was tested, and when the run happened. That makes internal review and bug bounty triage much easier later.

Your responsibility

Uxarion does not grant authorization on its own. Always follow program rules, legal requirements, and internal policies. If you are unsure, stop and confirm with the program owner.