diff --git a/docs/roadmap.md b/docs/roadmap.md
index 2ec1930..c3c0366 100644
--- a/docs/roadmap.md
+++ b/docs/roadmap.md
@@ -1,10 +1,11 @@
-# SneakyScope — Roadmap (Updated 8-20-25)
+# SneakyScope — Roadmap (Updated 8-21-25)
 
 ## Priority 1 – Core Analysis / Stability
 
 * Opt-in “fetch external scripts” mode (off by default): on submission, download external script content (size/time limits) and run rules on fetched content.
 * Remove remaining legacy form “flagged\_reasons” plumbing once all equivalent function rules are in place.
 * Unit tests: YAML compilation, function-rule adapters, and per-script/per-form rule cases.
+* SSL/TLS intelligence: for HTTPS targets, pull certificate details from crt.sh (filtering expired); if a subdomain, also resolve the root domain to capture any wildcard certificates; probe the endpoint to enumerate supported TLS versions/ciphers and flag weak/legacy protocols.
 
 ## Priority 2 – API Layer
 
@@ -28,5 +29,10 @@
 ## Priority 5 – Extras / Integrations
 
 * Bulk URL analysis (batch/queue).
-* Alerting & integrations (webhooks, Slack, email).
 * Optional: analyst verdict tags and export (CSV/JSON).
+* Domain reputation (local feeds): build and refresh a consolidated domain/URL reputation store from URLHaus database dump and OpenPhish community dataset (scheduled pulls with dedup/normalize).
+* Threat intel connectors (settings-driven): add `settings.yaml` entries for VirusTotal and ThreatFox API keys (plus future providers); when present, enrich lookups and merge results into the unified reputation checks during analysis.
+
+## Backlog / Far‑Off Plans
+
+* Server profile scan: run a lightweight nmap service/banner scan on common web/alt ports (80, 443, 8000, 8080, 8443, etc.) and SSH; combine with server headers to infer stack (e.g., IIS vs. Linux/\*nix).