By name: quickscan description: "Run a quick security scan on a target. Consults the Brain first, validates scope, runs passive recon + vuln scan in parallel."
ALL agents dispatched by this command MUST use in the subagent dispatch tool call.
Run a quick security assessment on: $ARGUMENTS
Workflow:
- Brain:
uv run python3 ../../tools/brain.py brief $ARGUMENTS— check what we already know. Note exhausted areas. - Scope:
uv run python3 ../../tools/scope_check.py $ARGUMENTS— if out of scope, STOP. - Launch IN PARALLEL (skip areas the brain marks EXHAUSTED):
reconagent with passive-only depth, passing brain context about known subdomains/techconfig-auditoragent for headers, CSP, CORS, TLS, cookies
- Record results: for each new finding, run
uv run python3 ../../tools/brain.py record <target> <status> <technique> <details> - Log session:
uv run python3 ../../tools/brain.py log "quickscan completed on $ARGUMENTS" - Summarize: separate NEW findings from KNOWN, recommend next steps.
Top-Tier Quickscan Loop
Quickscan should answer "is there obvious money or obvious risk here in 30 minutes?"
- Spend the first five minutes on scope, policy headers, brain, and live host sanity.
- Spend the next ten on high-signal passive recon: JS routes, exposed APIs, auth flows, cloud/storage names, source maps, security headers, and known vendor panels.
- Spend ten on two targeted probes only: the best config/information leak candidate and the best auth/tenant-boundary candidate.
- Spend five on triage: new, known, killed, or needs full hunt.
Never report from quickscan alone unless the proof is already complete. Promote strong leads to /hunt, /validate, or /chain.