ptarrant/SneakyScope
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
469334d1377d10f96cbf789a6b72e08f797159d8
SneakyScope/docs/roadmap.md
Phillip Tarrant 469334d137 feat(ui): migrate to Tailwind (compiled) + Flowbite JS; new navbar/layout; Docker CSS build 
- Add multi-stage CSS build that compiles Tailwind into app/static/tw.css
- Add Tailwind config with dark tokens (bg/nav/card) and purge globs
- Add assets/input.css (@tailwind base/components/utilities + small utilities)
- Replace Tailwind CDN + REMOVE Flowbite CSS (keep Flowbite JS only)
- New base_tailwind.html (top navbar, responsive container, {%- block scripts -%})
- Port pages to Tailwind look/feel with wider content column:
  - index: single-column form + recent results, fullscreen spinner overlay, copy-UUID
  - result: sticky jump list, Tailwind tables/badges, Suspicious Scripts/Forms sections
  - viewer: Monaco-based code viewer in Tailwind card, actions (copy/wrap/raw)
  - ssl_tls macro: rewritten with Tailwind (details/summary for raw JSON)
- Dockerfile: add css-builder stage and copy built tw.css into /app/app/static
- Remove Flowbite stylesheet to avoid overrides; Flowbite JS loaded with defer

BREAKING CHANGE:
Legacy CSS classes/components (.card, .badge, etc.) are replaced by Tailwind utilities.
All templates now expect tw.css to be served from /static.
2025-08-22 10:36:10 -05:00

2.1 KiB
Raw Blame History

SneakyScope — Roadmap (Updated 8-21-25)

Priority 1 Core Analysis / Stability

  • why are the rules not finding anything now?
  • if cloudflare, we notate and badge it, along with a blurp that explains how cloudflare is both used for good and evil.
  • need a generalized "total score" for the site. something that is a quick 0/10 (guessing on the number), so new analyst don't have to think on the details.

Priority 2 UI / UX

  • Rules Lab (WYSIWYG tester): paste a rule, validate/compile, run against sample text; lightweight nav entry.
  • Build reusable util classes in tailwind and replace the long class strings. Classes to build: badge, badge-ok, badge-warn, badge-danger, chip, card.

Priority 3 API Layer

  • API endpoints: /screenshot, /source, /analyse.
  • OpenAPI: add POST /api/analyze_script (request/response schemas, examples) to openapi/openapi.yaml; serve at /api/openapi.yaml.
  • Docs UI: Swagger UI or Redoc at /docs.
  • (Nice-to-have) API JSON error consistency: handlers for 400/403/404/405/500 that always return JSON.

Priority 4 Artifact Management & Ops

  • Retention/cleanup policy for old artifacts (age/size thresholds).
  • Make periodic maintenance scripts for storage; cleanup options set in settings.yaml.
  • Results caching UX: add “Re-run analysis” vs. “Load from cache” controls in the results UI.

Priority 5 Extras / Integrations

  • Domain reputation (local feeds): build and refresh a consolidated domain/URL reputation store from URLHaus database dump and OpenPhish community dataset (scheduled pulls with dedup/normalize).
  • Threat intel connectors (settings-driven): add settings.yaml entries for VirusTotal and ThreatFox API keys (plus future providers); when present, enrich lookups and merge results into the unified reputation checks during analysis.

Backlog / Far-Off Plans

  • Server profile scan: run a lightweight nmap service/banner scan on common web/alt ports (80, 443, 8000, 8080, 8443, etc.) and SSH; combine with server headers to infer stack (e.g., IIS vs. Linux/*nix).

  • IP Lookups 0 if we are successful on domain replutation / ip reputation

Reference in New Issue View Git Blame Copy Permalink