Skip to content

DEEP_SCAN.md

Latest commit

 

History

History
68 lines (47 loc) · 1.41 KB

DEEP_SCAN.md

File metadata and controls

68 lines (47 loc) · 1.41 KB

Deep Scan

deep-scan is the CLI's interactive browser audit mode.

It is designed for situations where a static build or simple URL scan is not enough because the interesting security evidence appears only after using the app.

If you prefer a guided flow, run:

frontguard start

Then choose Deep active scan.

Flow

frontguard deep-scan http://localhost:3000 --copy
  1. Frontguard opens a browser.
  2. You use the app normally.
  3. You trigger the flows you care about.
  4. You return to the terminal.
  5. You press Enter.
  6. Frontguard analyzes captured traffic.

What It Captures

  • Request URL
  • HTTP method
  • Request body
  • Response status
  • Text/JSON/XML/HTML response bodies
  • Response headers

What It Does Not Do

  • No brute force
  • No fuzzing
  • No automatic clicking
  • No form submission by itself
  • No replay
  • No mutation unless you manually cause it by using the app

Browser Requirements

Frontguard first tries Playwright's bundled Chromium.

If it is unavailable, it tries:

  • System Chrome
  • Microsoft Edge

If no browser is available:

npx playwright install chromium

Recommended Use

For best results:

  • Log in only if you own or are authorized to test the app.
  • Exercise important flows such as dashboard load, billing, team invites, settings, and logout.
  • Prefer test/staging environments for flows that mutate data.
  • Export a copy-friendly report for review.