First-Time Setup

Before you open the Adapter

Two things must be done in the Web Console before the Adapter can run attacks:

1. Register your target URL

Go to Settings → Allowlist and submit the domain or URL of the system you want to test.

AIM reviews the request and approves it — this step is required before any attack can be launched against the target. Allowlist approvals typically take 1 business day.

2. Create an API key

Go to Settings → API Keys → New Key.

• Give it a descriptive name (e.g. adapter-prod)
• Copy the key immediately — it is shown only once
• Store it somewhere safe (password manager, secrets vault)

The key starts with stk_. Keep it confidential — anyone with this key can run attacks against your approved targets.

Log in to the Adapter

Open the Adapter app. On the login screen:

1. Enter your API Key (stk_...)
2. Check the Server URL — it should be https://api.stinger.ai (the default). Change it only if you're using a custom deployment.
3. Click Sign In

On success, the Adapter loads your projects and targets automatically.

Manage browser sessions

The Sessions tab in the Adapter stores browser session cookies for targets that require login.

To add a session for a target that requires authentication:

1. Go to the Sessions tab
2. Click New Session for your target
3. A browser window opens — log in to the target site as you normally would
4. Close the browser window when logged in — the Adapter captures the session cookies

The session is stored locally on your machine and reused for all future attacks against that target until it expires.

Next step

You're ready to run your first attack. See Running an Attack.