원클릭으로
sc-recon
Codebase discovery and architecture mapping for security analysis
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Codebase discovery and architecture mapping for security analysis
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Comprehensive AI-powered security scanning suite with 48 skills covering OWASP Top 10, 7 language-specific deep scanners (Go, TypeScript, Python, PHP, Rust, Java, C#), supply chain analysis, infrastructure-as-code scanning, and 3000+ checklist items. Use when you need to run a security audit, find vulnerabilities, scan a PR for security issues, or perform a penetration test on a codebase.
C#/.NET-specific security deep scan
Go-specific security deep scan
Java/Kotlin-specific security deep scan
PHP-specific security deep scan
Python-specific security deep scan
| name | sc-recon |
| description | Codebase discovery and architecture mapping for security analysis |
| license | MIT |
| metadata | {"author":"ersinkoc","category":"security","version":"1.0.0"} |
The reconnaissance skill is the foundation of the entire security-check pipeline. It maps the codebase architecture, identifies all technologies in use, traces data flow paths, and catalogs entry points and trust boundaries. Its output determines which subsequent skills are activated and provides critical context for accurate vulnerability detection.
First skill executed in Phase 1 of the pipeline. Runs before all other skills.
File: security-report/architecture.md
Identify all technologies by examining:
Languages:
.go, .ts, .tsx, .js, .jsx, .py, .php, .rs, .java, .kt, .cs, .rb, .swift, .c, .cppFrameworks:
gin, echo, fiber, chi, gorilla/mux, net/http in importspackage.json for react, next, express, fastify, nestjs, vue, angular, svelterequirements.txt/pyproject.toml for django, flask, fastapi, tornado, starlettecomposer.json for laravel/framework, symfony, wordpressCargo.toml for actix-web, axum, rocket, warp, tokiopom.xml/build.gradle for spring-boot, quarkus, micronaut, jakarta.csproj for Microsoft.AspNetCore, Blazor, MAUIBuild Tools & Package Managers:
package.json / pnpm-workspace.yaml / turbo.json → Node.js ecosystemgo.mod / go.sum → Go modulesCargo.toml / Cargo.lock → Rust/Cargorequirements.txt / pyproject.toml / Pipfile / poetry.lock → Pythoncomposer.json / composer.lock → PHP/Composerpom.xml / build.gradle / build.gradle.kts → Java/Maven/Gradle*.csproj / *.sln / nuget.config → .NETDatabases:
Determine the application type based on detected patterns:
| Type | Indicators |
|---|---|
| Web Application | HTML templates, static assets, frontend framework, server-side rendering |
| REST API | Route definitions, JSON response handlers, OpenAPI/Swagger spec |
| GraphQL API | Schema definitions (.graphql), resolvers, Apollo/Yoga config |
| gRPC Service | .proto files, gRPC server setup |
| CLI Tool | Argument parsers (cobra, click, yargs), main entry without HTTP server |
| Library/Package | Public API exports, no main entry, published package config |
| Microservice | Small scope, message queue consumers, service mesh config |
| Monolith | Large codebase, multiple domains, shared database |
| Serverless | Lambda handlers, serverless.yml, CloudFormation templates |
| Desktop App | Electron, Tauri, .NET MAUI, WPF references |
Catalog all entry points where external input enters the system:
HTTP Routes:
CLI Commands:
Message Consumers:
Scheduled Tasks:
WebSocket Endpoints:
File Watchers / Event Handlers:
Trace the path of user input through the system:
Source identification — where external data enters:
Processing identification — how data is transformed:
Sink identification — where data is consumed in security-sensitive operations:
Identify security control points:
Authentication:
Rate Limiting:
Input Validation:
CSRF Protection:
CORS Configuration:
Map all external service connections:
Determine the authentication model:
| Pattern | Indicators |
|---|---|
| Session-based | Session middleware, cookie config, session store |
| JWT | JWT library imports, token sign/verify calls |
| OAuth 2.0 | OAuth provider config, callback handlers, token exchange |
| API Key | Header/query param key extraction, key validation |
| mTLS | Certificate loading, TLS client auth config |
| Basic Auth | Base64 credential parsing, WWW-Authenticate header |
| SSO/SAML | SAML assertion processing, IdP configuration |
Document:
Identify security-sensitive files and paths:
Configuration files:
.env, .env.production, .env.localconfig.json, config.yaml, settings.py, application.propertiesappsettings.json, web.configSensitive paths:
/admin, /debug, /metrics, /health/.git, /.env, /backup/swagger, /graphql, /api-docs)Deployment files:
Dockerfile, docker-compose.ymlkubernetes/, k8s/, helm/terraform/, *.tf.github/workflows/, .gitlab-ci.ymlCatalog existing security measures:
Produce a definitive list of detected languages that determines which sc-lang-* skills run in Phase 2:
## Detected Languages
- Go (45% of codebase) → activates sc-lang-go
- TypeScript (35% of codebase) → activates sc-lang-typescript
- Python (20% of codebase, scripts/tools only) → activates sc-lang-python
The output file security-report/architecture.md must contain all 10 sections above with concrete findings specific to the scanned codebase. Each section should include file paths and line references where applicable.