## Priority 1 – Core Functionality / Stability **Permissions / Storage Paths** * ✅ `/data` and other mounted volumes setup handled by `sandbox.sh` * ✅ Downloads, screenshots, and HTML artifacts are written correctly (`safe_write` in `io_helpers.py`) --- ## Priority 2 – Data Accuracy / Enrichment **WHOIS & GeoIP Enhancements** * ✅ Implemented Python-based WHOIS parsing with fallback to raw WHOIS text * ✅ Default `"Possible Privacy"` or `"N/A"` for missing WHOIS fields * ✅ GeoIP + ASN + ISP info displayed per IP in **accordion tables** * ✅ Cache WHOIS and GeoIP results to reduce repeated queries **Suspicious Scripts & Forms** * [ ] Expand flagged script and form output with reasons for analysts * [ ] Show each check and if it triggered flags (pass/fail for each check) **Add Suspicious BEC words** * ✅ Look for things like `"reset password"` * ✅ Make configurable via a config file (yaml doc with rules) --- ## Priority 3 – User Interface / UX **Front Page / Input Handling** * [ ] Automatically prepend `http://`, `https://`, and/or `www.` if a user only enters a domain **Result Templates / Cards** * [ ] load sourcecode for webpage in a code editor view or code block on page so that it's easier to read * [ ] Update result cards with clear, analyst-friendly explanations * [ ] Include flagged logic and reason lists for scripts and forms * ✅ Display GeoIP results in accordion tables (✅ done) --- ## Priority 4 – API Layer **API Endpoints** * [ ] Add `/screenshot` endpoint * [ ] Add `/source` endpoint * [ ] Add `/analyse` endpoint **OpenAPI + Docs** * [ ] Create initial `openapi/openapi.yaml` spec file * [ ] Serve spec at `/api/openapi.yaml` * [ ] Wire up Swagger UI or Redoc at `/docs` for interactive API exploration --- ## Priority 5 – Optional / Cleanup **Artifact Management** * [ ] Implement saving of results from a UUID as "results.json" so we don't rerun all the rules and just load from cache. * [ ] Implement cleanup or retention policy for old artifacts * [ ] Optional: Add periodic maintenance scripts for storage **Extra Features** * [ ] Placeholder for additional features (e.g., bulk URL analysis, alerting, integrations)