Audits

An audit is one offensive engagement against a target domain. You choose a mode, pick targets, and GigaOps takes over.

The three modes

Shallow

OWASP Top 10 + PoC only. ~30 min. No post-exploitation.

Deep

Full 10-phase attack chain. ~2 hrs. Includes post-exploitation.

Autonomous

Operator-defined mission brief. ~4 hrs. You write the scope.

How an engagement runs

1. You create the audit                  →  POST /api/workspaces/{id}/audits
2. WithGiga provisions a darkops sandbox →  hardened Ubuntu desktop with full toolkit
3. GigaOps loads its mission brief       →  determined by mode + your scope
4. The agent executes the attack chain   →  recon → enum → vuln scan → exploit → post-ex
5. Findings stream in continuously       →  appended to the audit every 5 seconds
6. Engagement completes                  →  PDF + asciinema + score generated
You can watch the entire engagement in real time from the dashboard, or wait for the completion notification (email or Slack).

What every audit produces

  • Findings — confirmed vulnerabilities with severity, evidence, and remediation. See Findings & Evidence.
  • Security score — letter grade A+ to F derived from finding weights. See Security Score.
  • PDF report — cover page, executive summary, per-finding pages with evidence and recommendations. See Reports & Recordings.
  • Asciinema recording — full terminal session replay of every command GigaOps ran.
  • Screenshots — automatic visual evidence captured at the moment of discovery.

Choosing a mode

If you want to…Use
Gate every release in CIShallow — fast enough to run on every PR
Replace a quarterly pentestDeep — full chain including post-exploitation
Simulate a specific threat actorAutonomous — write the brief like you’d brief a human
Verify a specific finding is remediatedShallow with a narrow target list
Run a red-team simulationAutonomous with assumed-breach scope

Audit statuses

StatusDescription
queuedSandbox provisioning in progress
runningGigaOps actively engaging the target
completedEngagement finished, report ready
failedRun encountered an unrecoverable error — partial findings preserved

Time budgets

Each mode has a default time budget that controls when GigaOps stops exploring and starts writing the report:
  • Shallow: 30 minutes
  • Deep: 2 hours
  • Autonomous: 4 hours
The agent’s final phase is always “write report” — even if interrupted, you’ll receive whatever findings were confirmed before the budget expired.

Authorization

WithGiga assumes every target you submit is authorized for full-scope offensive testing. You are responsible for ensuring written authorization before each engagement.