A deep dive into PreBreach's 5-phase scan pipeline — from reconnaissance to AI-powered vulnerability analysis and reporting.

How PreBreach Works

PreBreach runs a fully automated 5-phase security assessment pipeline that combines traditional penetration testing tools with AI-powered analysis. Every scan follows the same rigorous methodology used by professional security auditors, enhanced with 8 specialized AI agents for deeper insight and fewer false positives.

The 5-Phase Scan Pipeline

Each scan progresses through five sequential phases. The entire pipeline typically completes in 30-60 minutes.

Phase 1: Reconnaissance

The first phase maps your application's attack surface by discovering all publicly accessible assets and identifying the technologies in use.

What happens during recon:

Subdomain Discovery — Enumerates subdomains using passive DNS data, certificate transparency logs, and brute-force resolution to build a complete map of your domain's footprint
Technology Fingerprinting — Identifies your web framework (Next.js, Nuxt, SvelteKit, etc.), hosting provider (Vercel, Netlify, AWS), backend services (Supabase, Firebase, PocketBase), and client-side libraries
Port Scanning — Scans for open ports and running services across discovered hosts to identify unexpected entry points
Endpoint Enumeration — Crawls your application to discover API routes, authentication endpoints, admin panels, and other potentially sensitive paths

The recon phase establishes a comprehensive inventory of what needs to be tested in subsequent phases.

Phase 2: Scanning

With the attack surface mapped, PreBreach runs targeted vulnerability scans using both general-purpose and custom detection templates.

What happens during scanning:

Nuclei Template Scanning — Runs thousands of community-maintained Nuclei vulnerability templates to detect known CVEs, misconfigurations, and common weaknesses
24 Custom Templates for Modern Stacks — Purpose-built detection templates targeting vulnerabilities specific to:
- Next.js — Server Action exposure, middleware bypass, ISR cache poisoning, _next/data leaks
- Supabase — Row Level Security (RLS) bypass, exposed service role keys, unprotected PostgREST endpoints
- Firebase — Firestore rules misconfiguration, exposed API keys with excessive permissions, insecure Cloud Functions
- Vercel — Environment variable leaks, serverless function misconfigurations, preview deployment exposure
SSL/TLS Analysis — Evaluates certificate validity, protocol versions, cipher suite strength, and HSTS configuration
Header & Configuration Checks — Inspects security headers (CSP, X-Frame-Options, CORS), cookie attributes, and server configuration

Phase 3: AI Analysis

This is where PreBreach diverges from traditional scanners. Raw scan results are analyzed by 8 specialized AI agents, each powered by Claude Opus and focused on a specific security domain.

The 8 AI Agents:

Agent	Specialization
Recon Analyst	Evaluates attack surface breadth and identifies high-value targets from recon data
Vulnerability Assessor	Analyzes raw vulnerability scan output for severity, exploitability, and real-world impact
Web App Security Expert	Assesses application-layer risks including authentication, session management, and input validation
API Security Analyst	Reviews API endpoints for broken access control, injection, and data exposure
Infrastructure Reviewer	Examines server configuration, network exposure, and hosting-level vulnerabilities
Cryptography Analyst	Evaluates encryption implementation, key management, and TLS configuration
Compliance Mapper	Maps findings to OWASP Top 10 categories and industry security standards
Report Synthesizer	Aggregates all agent findings into a coherent, prioritized security assessment

Each agent receives the relevant subset of scan data and produces structured findings with severity ratings, evidence, and remediation recommendations.

Phase 4: Validation

AI-generated findings go through a multi-step validation process to ensure accuracy and eliminate false positives.

What happens during validation:

Multi-Model Consensus — Findings from Claude Opus are cross-checked using GPT as an independent validator. Only findings confirmed by both models are included in the final report
Proof-of-Concept Execution — Where safe to do so, PreBreach generates and executes proof-of-concept (PoC) requests to confirm exploitability. PoC evidence is included in the report
Screenshot Capture — Visual evidence is captured for UI-visible vulnerabilities such as exposed admin panels, information disclosure on error pages, and directory listings
Confidence Scoring — Each finding receives a confidence score based on the strength of evidence, model agreement, and PoC results. Low-confidence findings are flagged for manual review

This validation layer is critical. Traditional scanners are notorious for false positives. PreBreach's multi-model consensus approach typically reduces false positives by over 80% compared to raw scanner output.

Phase 5: Reporting

Validated findings are compiled into a professional security report ready for technical teams, management, and compliance stakeholders.

What the report includes:

Security Grade (A-F) — An overall letter grade reflecting your application's security posture, calculated from the aggregate severity and count of validated findings
CVSS v4.0 Scoring — Each vulnerability is scored using the latest Common Vulnerability Scoring System (v4.0), providing standardized severity metrics
Executive Summary — A high-level overview suitable for non-technical stakeholders, summarizing risk level and key recommendations
Detailed Findings — Each vulnerability includes:
- Description and technical explanation
- OWASP Top 10 category mapping
- Evidence and proof-of-concept details
- Step-by-step remediation guidance
- CVSS v4.0 vector string and score
Technology Profile — Summary of detected technologies, frameworks, and services
Remediation Roadmap — Prioritized list of fixes ordered by severity and effort

Report formats available:

Format	Best For
PDF	Sharing with stakeholders, compliance archives, printed reports
HTML	Interactive viewing in the browser with collapsible sections and navigation
JSON	Integration with CI/CD pipelines, ticketing systems, and custom tooling

Why This Approach Works

Traditional vulnerability scanners produce raw output that requires expert interpretation. Penetration testers are thorough but expensive and slow. PreBreach bridges that gap:

Automated expertise — AI agents replicate the analytical process of experienced penetration testers
Modern stack awareness — Custom templates catch vulnerabilities that generic scanners miss in Next.js, Supabase, Firebase, and Vercel applications
Validated results — Multi-model consensus and PoC execution mean you can trust the findings without spending hours triaging false positives
Fast turnaround — A complete assessment in 30-60 minutes rather than days or weeks

What's Next

Run Your First Scan

Follow the step-by-step guide to set up and execute your first security assessment.

Understanding Reports

Learn how to interpret security grades, CVSS scores, and prioritize remediation.

How PreBreach Works

The 5-Phase Scan Pipeline

Each scan progresses through five sequential phases. The entire pipeline typically completes in 30-60 minutes.

Phase 1: Reconnaissance

The first phase maps your application's attack surface by discovering all publicly accessible assets and identifying the technologies in use.

What happens during recon:

Subdomain Discovery — Enumerates subdomains using passive DNS data, certificate transparency logs, and brute-force resolution to build a complete map of your domain's footprint
Technology Fingerprinting — Identifies your web framework (Next.js, Nuxt, SvelteKit, etc.), hosting provider (Vercel, Netlify, AWS), backend services (Supabase, Firebase, PocketBase), and client-side libraries
Port Scanning — Scans for open ports and running services across discovered hosts to identify unexpected entry points
Endpoint Enumeration — Crawls your application to discover API routes, authentication endpoints, admin panels, and other potentially sensitive paths

The recon phase establishes a comprehensive inventory of what needs to be tested in subsequent phases.

Phase 2: Scanning

With the attack surface mapped, PreBreach runs targeted vulnerability scans using both general-purpose and custom detection templates.

What happens during scanning:

Nuclei Template Scanning — Runs thousands of community-maintained Nuclei vulnerability templates to detect known CVEs, misconfigurations, and common weaknesses
24 Custom Templates for Modern Stacks — Purpose-built detection templates targeting vulnerabilities specific to:
- Next.js — Server Action exposure, middleware bypass, ISR cache poisoning, _next/data leaks
- Supabase — Row Level Security (RLS) bypass, exposed service role keys, unprotected PostgREST endpoints
- Firebase — Firestore rules misconfiguration, exposed API keys with excessive permissions, insecure Cloud Functions
- Vercel — Environment variable leaks, serverless function misconfigurations, preview deployment exposure
SSL/TLS Analysis — Evaluates certificate validity, protocol versions, cipher suite strength, and HSTS configuration
Header & Configuration Checks — Inspects security headers (CSP, X-Frame-Options, CORS), cookie attributes, and server configuration

Phase 3: AI Analysis

This is where PreBreach diverges from traditional scanners. Raw scan results are analyzed by 8 specialized AI agents, each powered by Claude Opus and focused on a specific security domain.

The 8 AI Agents:

Agent	Specialization
Recon Analyst	Evaluates attack surface breadth and identifies high-value targets from recon data
Vulnerability Assessor	Analyzes raw vulnerability scan output for severity, exploitability, and real-world impact
Web App Security Expert	Assesses application-layer risks including authentication, session management, and input validation
API Security Analyst	Reviews API endpoints for broken access control, injection, and data exposure
Infrastructure Reviewer	Examines server configuration, network exposure, and hosting-level vulnerabilities
Cryptography Analyst	Evaluates encryption implementation, key management, and TLS configuration
Compliance Mapper	Maps findings to OWASP Top 10 categories and industry security standards
Report Synthesizer	Aggregates all agent findings into a coherent, prioritized security assessment

Each agent receives the relevant subset of scan data and produces structured findings with severity ratings, evidence, and remediation recommendations.

Phase 4: Validation

AI-generated findings go through a multi-step validation process to ensure accuracy and eliminate false positives.

What happens during validation:

Multi-Model Consensus — Findings from Claude Opus are cross-checked using GPT as an independent validator. Only findings confirmed by both models are included in the final report
Proof-of-Concept Execution — Where safe to do so, PreBreach generates and executes proof-of-concept (PoC) requests to confirm exploitability. PoC evidence is included in the report
Screenshot Capture — Visual evidence is captured for UI-visible vulnerabilities such as exposed admin panels, information disclosure on error pages, and directory listings
Confidence Scoring — Each finding receives a confidence score based on the strength of evidence, model agreement, and PoC results. Low-confidence findings are flagged for manual review

Phase 5: Reporting

Validated findings are compiled into a professional security report ready for technical teams, management, and compliance stakeholders.

What the report includes:

Security Grade (A-F) — An overall letter grade reflecting your application's security posture, calculated from the aggregate severity and count of validated findings
CVSS v4.0 Scoring — Each vulnerability is scored using the latest Common Vulnerability Scoring System (v4.0), providing standardized severity metrics
Executive Summary — A high-level overview suitable for non-technical stakeholders, summarizing risk level and key recommendations
Detailed Findings — Each vulnerability includes:
- Description and technical explanation
- OWASP Top 10 category mapping
- Evidence and proof-of-concept details
- Step-by-step remediation guidance
- CVSS v4.0 vector string and score
Technology Profile — Summary of detected technologies, frameworks, and services
Remediation Roadmap — Prioritized list of fixes ordered by severity and effort

Report formats available:

Format	Best For
PDF	Sharing with stakeholders, compliance archives, printed reports
HTML	Interactive viewing in the browser with collapsible sections and navigation
JSON	Integration with CI/CD pipelines, ticketing systems, and custom tooling

Why This Approach Works

Traditional vulnerability scanners produce raw output that requires expert interpretation. Penetration testers are thorough but expensive and slow. PreBreach bridges that gap:

Automated expertise — AI agents replicate the analytical process of experienced penetration testers
Modern stack awareness — Custom templates catch vulnerabilities that generic scanners miss in Next.js, Supabase, Firebase, and Vercel applications
Validated results — Multi-model consensus and PoC execution mean you can trust the findings without spending hours triaging false positives
Fast turnaround — A complete assessment in 30-60 minutes rather than days or weeks

How It Works

How PreBreach Works

The 5-Phase Scan Pipeline

Phase 1: Reconnaissance

Phase 2: Scanning

Phase 3: AI Analysis

Phase 4: Validation

Phase 5: Reporting

Why This Approach Works

What's Next

Run Your First Scan

Understanding Reports

On this page

How It Works

How PreBreach Works

The 5-Phase Scan Pipeline

Phase 1: Reconnaissance

Phase 2: Scanning

Phase 3: AI Analysis

Phase 4: Validation

Phase 5: Reporting

Why This Approach Works

What's Next

Run Your First Scan

Understanding Reports

On this page