the.com/gray box
you get the manual and the crime scene, but not the murder weapon.
means a testing or analysis approach where you know some internal structure of a system (docs, architecture, some code) but not everything, unlike pure black-box (nothing) or white-box (everything).
from grew out of software QA in the 1990s-2000s as testers realized real-world access is rarely all-or-nothing; borrowed the black-box/white-box binary and split the difference.
security testingcommon for penetration tests with partial credentials given
not a colormetaphor for partial knowledge, not literal grayscale
database accesstesters often get schema but not source code