# EOC 2-32 Authenticated Crawl

Authenticated crawl captured on 2026-03-17 from `http://ghn2e53.local` using the provided credential and the device's client-side MD5 challenge-response login.

Local entry points:
- `site/cgi-bin/login-success.html`: authenticated frameset returned by `/cgi-bin/login`
- `site/cgi-bin/left.html`: left navigation frame
- `site/cgi-bin/info.html`: default main frame

Captured pages:
- `site/cgi-bin/info.html`
- `site/cgi-bin/wifinet.html`
- `site/cgi-bin/wifiradio.html`
- `site/cgi-bin/wifivap2g.html`
- `site/cgi-bin/wifivap5g.html`
- `site/cgi-bin/vlan.html`
- `site/cgi-bin/activechg.html`
- `site/cgi-bin/user.html`
- `site/cgi-bin/upload.html`
- `site/cgi-bin/wifi.html`

Captured shared assets:
- `site/all.css`
- `site/left.js`
- `site/MenuBg.gif`
- `site/Line.gif`
- `site/IMinus.gif`
- `site/IPlus.gif`

Notes:
- The working login flow was `GET /cgi-bin/index`, extract `Challenge`, then `POST /cgi-bin/login` with lowercase `LOGIN_RESPONSE=md5("admin" + password + challenge)`.
- The device appears to use self-posting forms on each config page rather than separate apply endpoints.
- `left.html` reports `OrgRunMode = 'hn'`, so the visible menu is the `Information`, `Network`, `Radio`, `2.4G VAP`, `5G VAP`, `VLAN`, `Active Changes`, `User`, and `Upgrade` set.
- `wifi.html` is also accessible, but it is not part of the visible menu in the current `hn` mode.
- `crawl-log.tsv` records each downloaded authenticated path.
- The mirrored files were rewritten to use local-relative URLs, so opening `site/index.html` from disk or from a simple static server should now work.