Verify a target → run your first scan in five minutes.
1. Add a target
Go to /app/targets/new, enter your domain (e.g. acme.com).
2. Verify ownership
You'll be asked to add a DNS TXT record at _mara.<your-domain> or serve the token at /.well-known/mara-auth.txt. Click Verify now.
3. Start a scan
Go to /app/scans/new. Pick a profile (quick / standard / deep), check the legal authorization box, and start. The orchestrator dispatches recon → crawler → hypothesis → exploit → validator → reporter agents.
4. Read the report
Findings appear in /app/findings as the validator confirms them. A markdown + PDF report is generated automatically when the scan completes.