2.2 KiB
2.2 KiB
Priority 1 – Core Functionality / Stability
Permissions / Storage Paths
- ✅
/dataand other mounted volumes setup handled bysandbox.sh - ✅ Downloads, screenshots, and HTML artifacts are written correctly (
safe_writeinio_helpers.py)
Priority 2 – Data Accuracy / Enrichment
WHOIS & GeoIP Enhancements
- ✅ Implemented Python-based WHOIS parsing with fallback to raw WHOIS text
- ✅ Default
"Possible Privacy"or"N/A"for missing WHOIS fields - ✅ GeoIP + ASN + ISP info displayed per IP in accordion tables
- ✅ Cache WHOIS and GeoIP results to reduce repeated queries
Suspicious Scripts & Forms
- Expand flagged script and form output with reasons for analysts
- Show each check and if it triggered flags (pass/fail for each check)
Add Suspicious BEC words
- ✅ Look for things like
"reset password" - ✅ Make configurable via a config file (yaml doc with rules)
Priority 3 – User Interface / UX
Front Page / Input Handling
- Automatically prepend
http://,https://, and/orwww.if a user only enters a domain
Result Templates / Cards
- load sourcecode for webpage in a code editor view or code block on page so that it's easier to read
- Update result cards with clear, analyst-friendly explanations
- Include flagged logic and reason lists for scripts and forms
- ✅ Display GeoIP results in accordion tables (✅ done)
Priority 4 – API Layer
API Endpoints
- Add
/screenshotendpoint - Add
/sourceendpoint - Add
/analyseendpoint
OpenAPI + Docs
- Create initial
openapi/openapi.yamlspec file - Serve spec at
/api/openapi.yaml - Wire up Swagger UI or Redoc at
/docsfor interactive API exploration
Priority 5 – Optional / Cleanup
Artifact Management
- Implement saving of results from a UUID as "results.json" so we don't rerun all the rules and just load from cache.
- Implement cleanup or retention policy for old artifacts
- Optional: Add periodic maintenance scripts for storage
Extra Features
- Placeholder for additional features (e.g., bulk URL analysis, alerting, integrations)