Most security tools lose you in the first half hour. You install, then you hit a wall of empty dashboards, missing dependencies, and a config screen that assumes you already know the product. Zypheron is built to get you to a result fast. Here is what the first thirty minutes should actually look like.
Minutes 0 to 5: confirm the install and sign in
Launch the app. On first start it probes your PATH and shows a dismissable banner if anything it expects is missing. You do not need every tool installed to begin. Install what you plan to use and ignore the rest for now. Authentication runs through a secure HTTPS deep link back to zypheron.net, so you sign in once in the browser and the desktop picks up the session. No long license-key dance.
Minutes 5 to 15: open a workspace and run one scan
Open the Network Map workspace and run a single nmap scan against a host or small subnet you own. As results stream in, the map fills with live host, port, and service topology, grouped by subnet, with a clear public-exposure boundary. This is the moment the product earns its keep: you are looking at your own environment rather than a tutorial dataset.
First-run tip: right-click any host for Open in terminal as $T or Add to scope. The terminal opens with the target already wired in, so you are operating right away instead of copy-pasting IP addresses between windows.
Minutes 15 to 25: ground the AI in what you found
Open the chat sidebar and reference real objects with @mentions: a host, a finding, a file. The copilot reasons about your actual workspace state instead of guessing from a blank prompt. Cloud chat uses your own Anthropic or OpenAI key, and local models run through Ollama for engagements where nothing should leave the machine. Ask it what to look at next on the host you just scanned.
Minutes 25 to 30: your first finding, and where it lives
Once at least one scan has run, the Next Actions panel populates. It is findings-gated on purpose, so the suggestions are tied to evidence rather than generic checklists. Everything you produce is written to encrypted local SQLite on your own disk. Close the app, reopen it, and the workspace is exactly where you left it. That is the foundation for a board-ready report later. No $50k pentest required.
Thirty minutes in, you have a live map, a grounded copilot, and a first finding on disk. The next step is turning that into a repeatable workflow. Read the recon-to-report walkthrough below.