| Activity | Android app screen (activity) tied to APK analysis and navigation flows. |
| ADOBJ | Generic Active Directory object with DN/GUID, privileges, and ACEs for attack-path mapping. |
| AnonymousLogin | Credential pair representing anonymous or guest access where it was accepted. |
| APKFile | Android package (APK) used as the root target for mobile analysis. |
| Application | Logical application asset in attack-surface modeling (distinct app identity in ASM). |
| ASN | Autonomous System Number associated with discovered network infrastructure. |
| BrowserSession | Captured browser state: cookies, storage, auth metadata, and recorded browser actions. |
| Certificate | TLS/X.509 material: CN, SANs, validity, and related serving endpoints. |
| CertificateAuthority | Enterprise AD CS certificate authority configuration (web enrollment, permissions, exposure). |
| CertificateTemplate | AD CS certificate template definition (EKUs, enrollment flags, and misconfiguration context). |
| CloudResource | Exposed cloud endpoint or object (URL, access level, provider, scan metadata). |
| Delegation | Kerberos delegation relationship or finding (constrained/unconstrained style trust abuse surface). |
| Device | External asset or host fingerprint: OS, addresses, hostname, CPE, and discovery context. |
| Disk | Storage volume or mount surfaced during internal assessment for further file-level inspection. |
| Domain | DNS domain or subdomain: scope anchor with optional paths, DX/DNS metadata, and crawl settings. |
| DomainEscalation | Cross-domain or trust abuse scenario (trust direction/type, success, affected domains). |
| Employee | Person record from OSINT (name, role, contact, location, linked socials). |
| File | File artifact (path/type/content or URL-flag) tracked with a deduplication key. |
| Generic | Catch-all node wrapping a single scalar value when no specialized type applies. |
| GithubAccount | GitHub profile/account node for social/OSINT correlation. |
| Goal | High-level testing goal for crawling/automation (domain, APK, session, or parent linkage). |
| GraphQLSchema | Introspected GraphQL schema tied to a web URL for API security testing. |
| Group | Security group (membership, tiering, privileges, ACL/control edges) in the internal model. |
| GPO | Group Policy Object (paths, affected objects, control/abuse-relevant metadata). |
| Host | Internal assessment host: hostname/IP, OS, DC flags, delegation, and compromise state. |
| InternalSubnet | Subnet or network segment used in external/ASM-style internal network modeling. |
| IPAddress | Single IP asset with liveness, ports, services, CPE, and sighting timestamps. |
| IPRange | CIDR or ranged network block with geo/hosting/asn context (lightweight non-Entity helper type in code). |
| LinkedinAccount | LinkedIn profile/account node for OSINT. |
| MailServer | MX host record (address and priority) for a domain’s mail infrastructure. |
| MediumAccount | Medium profile/account node for OSINT. |
| Memory | Short- or long-term agent memory blob linked to a parent entity for context retention. |
| NetworkHost | Network-visible host abstraction in ASM (host-level discovery complementing IP/Device). |
| PasswordFiles | Recovered credential material from files (username, hash, cracked password when available). |
| Secret | Normalized credential or sensitive artifact (identifiers + typed secrets + metadata). |
| Service | Network service on an IP (name, port, protocol, banner) driving follow-on checks. |
| ServiceName | Kerberos service principal / SPN-style record with delegation-related attributes. |
| Session | Interactive session identifier with user binding and active/inactive state. |
| S3Bucket | Object storage bucket with permissions, ownership, and enumeration summary. |
| SMB | SMB relationship or SMB-oriented finding distinct from a named share (SMBShare). |
| SMBShare | Discovered SMB share name with assessed access level. |
| SocialAccount | Platform-agnostic social profile (username, URL, stats, verification, enrichments). |
| Subnet | Internal engagement subnet (CIDR/name/gateway/DHCP context) for host discovery. |
| Technology | Stack or product fingerprint (e.g. framework/CMS) on an asset. |
| TestCase | Structured security test definition (ideas, indicators, CWE, severity, execution traces). |
| TestCaseSet | Batch container of test cases with category and optional downstream tester dispatch. |
| TGS | Kerberos service ticket (TGS) material with SPN, user, and expiry metadata. |
| TGT | Kerberos Ticket-Granting Ticket for a user/realm with expiry and encrypted payload. |
| Trajectory | Ordered list of actions (browser/API/mobile) summarizing a user flow for replay and deduped testing. |
| TwitterAccount | Twitter/X profile/account node for OSINT. |
| User | Domain or internal user with sam/name, membership, session/privilege edges, and compromise flag. |
| Vulnerability | Reported finding with target, CWE/CVE, CVSS, narrative, references, and verification state. |
| WebApplication | Web app surface (URL, title, tech, behaviors) grouping pages and behaviors. |
| WebPage | Concrete URL (dynamic-parameter pattern, content, screenshots) as the unit of web testing. |
| WebPageGroup | Deduplicated cluster of related WebPage records processed as a single batch. |
| WhoisData | Registrar/WHOIS fields for a domain (lifecycle, registrant hints, name servers, status). |
| Wordlist | Wordlist file path used for cracking or spraying workflows. |
