General FAQ
Common questions about Hawkra's features, capabilities, and platform details.
What browsers are supported?
Hawkra supports the latest versions of the following browsers:
- Google Chrome
- Mozilla Firefox
- Microsoft Edge
- Apple Safari
JavaScript must be enabled for all features to function correctly, including the built-in CyberChef toolkit.
Is there a mobile app?
There is no dedicated mobile application. However, the Hawkra web interface is fully responsive and works on tablets and mobile devices. You can access your dashboards, review vulnerabilities, and manage workspaces from any mobile browser.
Can I integrate with other security tools?
Yes. Hawkra supports importing scan results from a range of industry-standard security tools:
| Tool | Format | Tier |
|---|---|---|
| Nmap | XML | Free |
| Burp Suite | XML | Free |
| BloodHound | JSON | Free |
| Nessus | XML | Premium |
| OpenVAS | XML | Premium |
| OWASP ZAP | XML | Premium |
For exporting data, Hawkra supports CSV and TXT export formats for assets, vulnerabilities, and other workspace data.
Premium import formats (Nessus, OpenVAS, ZAP) are also available on self-hosted deployments, which include all premium features.
How is my data encrypted?
Hawkra uses AES-256-GCM envelope encryption to protect sensitive data at rest:
- Each workspace has its own Data Encryption Key (DEK) that encrypts workspace-specific sensitive fields.
- All DEKs are protected by a master encryption key that is configured via the
ENCRYPTION_MASTER_KEYenvironment variable. - Credentials, sensitive notes, and other confidential fields are always encrypted before being written to the database.
- The master key never leaves your server (in self-hosted deployments) and is never stored in the database.
This architecture ensures that even if an attacker gains access to the database, encrypted fields remain unreadable without the master key.
What compliance frameworks are supported?
Hawkra includes built-in support for the following compliance frameworks:
- PCI-DSS -- Payment Card Industry Data Security Standard
- HIPAA -- Health Insurance Portability and Accountability Act
- NIST -- National Institute of Standards and Technology Cybersecurity Framework
- CIS -- Center for Internet Security Controls
- SOC 2 -- Service Organization Control 2
- GDPR -- General Data Protection Regulation
- ISO 27001 -- Information Security Management System
Each framework provides control-level tracking where you can record implementation status, assign responsible team members, and attach evidence documentation.
Can multiple users work simultaneously?
Yes. Hawkra is designed for team collaboration:
- Real-time WebSocket chat allows team members to communicate within workspaces.
- Role-based access control (Owner, Admin, Member, Viewer) ensures appropriate permissions for each team member.
- Audit logging tracks all significant actions within a workspace for accountability.
- Multiple users can view and edit assets, vulnerabilities, and notes concurrently.
Where can I get support?
For questions, bug reports, or feature requests, contact the Hawkra team through hawkra.io/contact.
Is Hawkra open source?
No. Hawkra is a commercial product available under two deployment models:
- SaaS -- Cloud-hosted with tiered subscriptions (Free and Premium) managed through Stripe.
- Self-Hosted -- Deployed on your own infrastructure with a license key. All premium features are included.
Can I use Hawkra for client engagements?
Yes. Hawkra is well-suited for consulting and penetration testing firms working with multiple clients:
- Create separate workspaces for each client to ensure complete data isolation.
- Use the Report Builder to generate professional, client-facing deliverables with custom branding.
- Assign team members to specific workspaces based on their engagement roles.
- Audit logs provide a full trail of actions taken during an engagement.
What's the difference between SaaS and self-hosted?
| Aspect | SaaS | Self-Hosted |
|---|---|---|
| Hosting | Cloud-hosted by Hawkra | Your own infrastructure |
| Billing | Stripe subscriptions (Free / Premium) | One-time or recurring license |
| Data location | Hawkra cloud servers | Entirely on your servers |
| Features | Tier-dependent | All premium features included |
| AI | Cloud-based (Gemini) | Cloud or local LLM |
| Updates | Automatic | Manual (docker compose pull) |
| Setup | Instant (sign up and go) | Docker deployment required |
Choose SaaS for convenience and zero infrastructure management. Choose self-hosted for full data sovereignty, local AI, and environments where data must not leave your network.