pre-recon

Pre-Recon — Architectural Baseline

Statically analyze the target source at codePath. No network calls.

Stack: languages, frameworks, server, ORM/data stores.
Routes/entrypoints: how HTTP routes are declared and where handlers live.
AuthN/AuthZ model: login mechanism, session/token handling, role checks.
Trust boundaries: user input sources, external services, file/DB access.
Notable risk areas: raw queries, template rendering, URL fetching, file paths, deserialization, shell calls — with file:line references.

End with a "Leads for Recon" bullet list: concrete endpoints/params to probe. Write the file to pentest-workspace/<run-id>/01-pre-recon.md.

Statically analyze the target source at codePath. No network calls.

Stack: languages, frameworks, server, ORM/data stores.
Routes/entrypoints: how HTTP routes are declared and where handlers live.
AuthN/AuthZ model: login mechanism, session/token handling, role checks.
Trust boundaries: user input sources, external services, file/DB access.
Notable risk areas: raw queries, template rendering, URL fetching, file paths, deserialization, shell calls — with file:line references.

End with a "Leads for Recon" bullet list: concrete endpoints/params to probe. Write the file to pentest-workspace/<run-id>/01-pre-recon.md.