Threat Model

The Threat Model appears on the assessment detail page once your pentest has started and the discovery phase is finished. This model provides a transparent, real-time view of how our agents perceive and test your application's security posture.

Prerequisites

Your code repositories must be linked in the pentest.

Recon Report

The Recon Report is a high-level summary of what was discovered during the initial discovery phase. It provides a readable overview of your application's attack surface, helping you understand the "attacker's view" before reviewing specific exploit attempts.

It gives you a quick view of the application's attack surface, including:

• Endpoints

• Technologies in use

• Authentication mechanisms

• Areas of interest for further testing

Use this report to identify and decommission unnecessary exposed assets or to verify that your intended security controls are visible to the scanner.

Attack Plan

The Attack Plan is a structured table of the specific attack vectors for your application. Each row represents a targeted test focused on a specific code snippet or a particular architectural vulnerability hypothesis.

Every entry shows:

• Starting assumption: what the agent is testing, plus the targeted file or endpoint

• Type: the vulnerability category being tested, such as injection or authentication bypass

• Agent: the specific attacker agent assigned to the task

• Status: the current state of the attack

  • Not Started - the agent has not begun yet

  • In Progress - the agent is actively running

  • Exploitable - the agent found an exploitable issue

  • No issues found - the agent completed without finding vulnerabilities

  • Stopped - the agent was cancelled