| name | quickscan |
| description | Run a quick security scan on a target. Consults the Brain first, validates scope, runs passive recon + vuln scan in parallel. |
ALL agents dispatched by this command MUST use in the subagent dispatch tool call.
Run a quick security assessment on: $ARGUMENTS
Workflow:
- Brain:
uv run python3 ../../tools/brain.py brief $ARGUMENTS — check what we already know. Note exhausted areas.
- Scope:
uv run python3 ../../tools/scope_check.py $ARGUMENTS — if out of scope, STOP.
- Launch IN PARALLEL (skip areas the brain marks EXHAUSTED):
recon agent with passive-only depth, passing brain context about known subdomains/tech
config-auditor agent for headers, CSP, CORS, TLS, cookies
- Record results: for each new finding, run
uv run python3 ../../tools/brain.py record <target> <status> <technique> <details>
- Log session:
uv run python3 ../../tools/brain.py log "quickscan completed on $ARGUMENTS"
- Summarize: separate NEW findings from KNOWN, recommend next steps.
Top-Tier Quickscan Loop
Quickscan should answer "is there obvious money or obvious risk here in 30 minutes?"
- Spend the first five minutes on scope, policy headers, brain, and live host sanity.
- Spend the next ten on high-signal passive recon: JS routes, exposed APIs, auth flows, cloud/storage names, source maps, security headers, and known vendor panels.
- Spend ten on two targeted probes only: the best config/information leak candidate and the best auth/tenant-boundary candidate.
- Spend five on triage: new, known, killed, or needs full hunt.
Never report from quickscan alone unless the proof is already complete. Promote strong leads to /hunt, /validate, or /chain.