Skip to main content
Explore Agent is a read-only reconnaissance specialist that runs as a sub-agent of the Planner. It gathers everything needed to build an accurate execution plan without touching the target actively.

What it does

  • Active recon: runs subfinder, httpx, nmap, naabu, whois, dig, and curl inside the sandbox to map the target
  • Web intelligence: searches the web, retrieves content, and performs deep research on the target and its technology stack
  • Code search: queries GitHub and grep.app for relevant code, configurations, and vulnerability patterns
  • Integration reads: reads existing tasks, issues, deployments, schedules, and codemaps to avoid duplicating prior work
  • SSH inventory: checks available SSH connections relevant to the target
  • HackerOne access: reads HackerOne reports for context when working in a bug bounty or VDP workflow

How it fits in

Explore Agent runs in parallel (up to three instances simultaneously) during the Planner’s intelligence-gathering phase. It is strictly read-only during planning: it collects and surfaces information but does not exploit, modify, or report findings. Its output shapes the execution plan that testing agents follow.