Helio is built around a scope-first hunting cycle. Every command feeds the next, and validation gates the report so weak findings never reach a program.
The core loop
/scope api.target.com # confirm the asset is in the program scope
/recon target.com # enumerate the attack surface
/surface target.com # rank what to hit first
/hunt target.com # hunt targeted vulnerability classes
/validate # kill weak findings before writing anything
/report # produce a submission-ready report
Between hunts, /remember logs winning findings and patterns to hunt memory, and /pickup resumes a target where you left off. For a hands-off run, /autopilot drives the whole loop with configurable checkpoints.
Rules
Helio’s rules are strict by design - they exist to protect your validity ratio and keep you inside the engagement:
- Read the full scope before touching any asset.
- Never hunt theoretical bugs - a finding must be reproducible.
- Run validation before reporting -
/triageor/validatefirst, always. - Kill weak findings fast - do not polish something that will be closed N/A.
- The 5-minute rule - no progress on a lead means move on.
Where things live
A hunt writes its recon output to recon/<target>/ and its findings and patterns to the pack’s hunt memory, all inside Helio’s isolated context. Nothing touches your normal agent’s directories.
See the command reference for what each step does in detail.