ptarrant/SneakyScope
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
f639ad093462198d2633243185ba9fcb119ae9c3
SneakyScope/docs/roadmap.md
Phillip Tarrant 3a24b392f2 feat: on-demand external script analysis + code viewer; refactor form analysis to rule engine 
- API: add `POST /api/analyze_script` (app/blueprints/api.py)
  - Fetch one external script to artifacts, run rules, return findings + snippet
  - Uses new ExternalScriptFetcher (results_path aware) and job UUID
  - Returns: { ok, final_url, status_code, bytes, truncated, sha256, artifact_path, findings[], snippet, snippet_len }
  - TODO: document in openapi/openapi.yaml

- Fetcher: update `app/utils/external_fetch.py`
  - Constructed with `results_path` (UUID dir); writes to `<results_path>/scripts/fetched/<index>.js`
  - Loads settings via `get_settings()`, logs via std logging

- UI (results.html):
  - Move “Analyze external script” action into **Content Snippet** column for external rows
  - Clicking replaces button with `<details>` snippet, shows rule matches, and adds “open in viewer” link
  - Robust fetch handler (checks JSON, shows errors); builds viewer URL from absolute artifact path

- Viewer:
  - New route: `GET /view/artifact/<run_uuid>/<path:filename>` (app/blueprints/ui.py)
  - New template: Monaco-based read-only code viewer (viewer.html)
  - Removes SRI on loader to avoid integrity block; loads file via `raw_url` and detects language by extension

- Forms:
  - Refactor `analyze_forms` to mirror scripts analysis:
    - Uses rule engine (`category == "form"`) across regex/function rules
    - Emits rows only when matches exist
    - Includes `content_snippet`, `action`, `method`, `inputs`, `rules`
  - Replace legacy plumbing (`flagged`, `flag_reasons`, `status`) in output
  - Normalize form function rules to canonical returns `(bool, Optional[str])`:
    - `form_action_missing`
    - `form_http_on_https_page`
    - `form_submits_to_different_host`
    - Add minor hardening (lowercasing hosts, no-op actions, clearer reasons)

- CSS: add `.forms-table` to mirror `.scripts-table` (5 columns)
  - Fixed table layout, widths per column, chip/snippet styling, responsive tweaks

- Misc:
  - Fix “working outside app context” issue by avoiding `current_app` at import time (left storage logic inside routes)
  - Add “View Source” link to open page source in viewer

Refs:
- Roadmap: mark “Source code viewer” done; keep TODO to add `/api/analyze_script` to OpenAPI
2025-08-21 15:32:24 -05:00

2.0 KiB
Raw Blame History

SneakyScope — Roadmap (Updated 8-21-25)

Priority 1 Core Analysis / Stability

  • SSL/TLS intelligence: for HTTPS targets, pull certificate details from crt.sh (filtering expired); if a subdomain, also resolve the root domain to capture any wildcard certificates; probe the endpoint to enumerate supported TLS versions/ciphers and flag weak/legacy protocols.

Priority 2 API Layer

  • API endpoints: /screenshot, /source, /analyse.
  • OpenAPI: add POST /api/analyze_script (request/response schemas, examples) to openapi/openapi.yaml; serve at /api/openapi.yaml.
  • Docs UI: Swagger UI or Redoc at /docs.
  • (Nice-to-have) API JSON error consistency: handlers for 400/403/404/405/500 that always return JSON.

Priority 3 UI / UX

  • Front page/input handling: auto-prepend http:///https:///www. for bare domains.
  • Rules Lab (WYSIWYG tester): paste a rule, validate/compile, run against sample text; lightweight nav entry.

Priority 4 Artifact Management & Ops

  • Retention/cleanup policy for old artifacts (age/size thresholds).
  • Make periodic maintenance scripts for storage; cleanup options set in settings.yaml.
  • Results caching UX: add “Re-run analysis” vs. “Load from cache” controls in the results UI.

Priority 5 Extras / Integrations

  • Bulk URL analysis (batch/queue).
  • Optional: analyst verdict tags and export (CSV/JSON).
  • Domain reputation (local feeds): build and refresh a consolidated domain/URL reputation store from URLHaus database dump and OpenPhish community dataset (scheduled pulls with dedup/normalize).
  • Threat intel connectors (settings-driven): add settings.yaml entries for VirusTotal and ThreatFox API keys (plus future providers); when present, enrich lookups and merge results into the unified reputation checks during analysis.

Backlog / Far-Off Plans

  • Server profile scan: run a lightweight nmap service/banner scan on common web/alt ports (80, 443, 8000, 8080, 8443, etc.) and SSH; combine with server headers to infer stack (e.g., IIS vs. Linux/*nix).
Reference in New Issue View Git Blame Copy Permalink