From e3b647521e5a5728e8ac3a00dc3558894a1e0d41 Mon Sep 17 00:00:00 2001 From: Phillip Tarrant Date: Thu, 20 Nov 2025 08:41:02 -0600 Subject: [PATCH 1/7] Fix scan output file paths and improve notification system - Save JSON/HTML/ZIP paths to database when scans complete - Remove orphaned scan-config-id reference causing JS errors - Add showAlert function to scan_detail.html and scans.html - Increase notification z-index to 9999 for modal visibility - Replace inline alert creation with consistent toast notifications --- app/web/jobs/scan_job.py | 4 +-- app/web/services/scan_service.py | 12 ++++++++- app/web/templates/base.html | 2 +- app/web/templates/scan_detail.html | 22 ++++++++++++++-- app/web/templates/scans.html | 42 +++++++++++++++++------------- 5 files changed, 58 insertions(+), 24 deletions(-) diff --git a/app/web/jobs/scan_job.py b/app/web/jobs/scan_job.py index ace3f8c..d7fcb72 100644 --- a/app/web/jobs/scan_job.py +++ b/app/web/jobs/scan_job.py @@ -77,12 +77,12 @@ def execute_scan(scan_id: int, config_id: int, db_url: str = None): # Generate output files (JSON, HTML, ZIP) logger.info(f"Scan {scan_id}: Generating output files...") - scanner.generate_outputs(report, timestamp) + output_paths = scanner.generate_outputs(report, timestamp) # Save results to database logger.info(f"Scan {scan_id}: Saving results to database...") scan_service = ScanService(session) - scan_service._save_scan_to_db(report, scan_id, status='completed') + scan_service._save_scan_to_db(report, scan_id, status='completed', output_paths=output_paths) # Evaluate alert rules logger.info(f"Scan {scan_id}: Evaluating alert rules...") diff --git a/app/web/services/scan_service.py b/app/web/services/scan_service.py index 7caedf6..4564986 100644 --- a/app/web/services/scan_service.py +++ b/app/web/services/scan_service.py @@ -308,7 +308,7 @@ class ScanService: return count def _save_scan_to_db(self, report: Dict[str, Any], scan_id: int, - status: str = 'completed') -> None: + status: str = 'completed', output_paths: Dict = None) -> None: """ Save scan results to database. @@ -319,6 +319,7 @@ class ScanService: report: Scan report dictionary from scanner scan_id: Scan ID to update status: Final scan status (completed or failed) + output_paths: Dictionary with paths to generated files {'json': Path, 'html': Path, 'zip': Path} """ scan = self.db.query(Scan).filter(Scan.id == scan_id).first() if not scan: @@ -329,6 +330,15 @@ class ScanService: scan.duration = report.get('scan_duration') scan.completed_at = datetime.utcnow() + # Save output file paths + if output_paths: + if 'json' in output_paths: + scan.json_path = str(output_paths['json']) + if 'html' in output_paths: + scan.html_path = str(output_paths['html']) + if 'zip' in output_paths: + scan.zip_path = str(output_paths['zip']) + # Map report data to database models self._map_report_to_models(report, scan) diff --git a/app/web/templates/base.html b/app/web/templates/base.html index b811060..606a6d6 100644 --- a/app/web/templates/base.html +++ b/app/web/templates/base.html @@ -108,7 +108,7 @@ -
+
{% block scripts %}{% endblock %} diff --git a/app/web/templates/scan_detail.html b/app/web/templates/scan_detail.html index 2111203..926a9ca 100644 --- a/app/web/templates/scan_detail.html +++ b/app/web/templates/scan_detail.html @@ -162,6 +162,25 @@ let scanData = null; let historyChart = null; // Store chart instance to prevent duplicates + // Show alert notification + function showAlert(type, message) { + const container = document.getElementById('notification-container'); + const notification = document.createElement('div'); + notification.className = `alert alert-${type} alert-dismissible fade show mb-2`; + + notification.innerHTML = ` + ${message} + + `; + + container.appendChild(notification); + + // Auto-dismiss after 5 seconds + setTimeout(() => { + notification.remove(); + }, 5000); + } + // Load scan on page load document.addEventListener('DOMContentLoaded', function() { loadScan().then(() => { @@ -218,7 +237,6 @@ document.getElementById('scan-timestamp').textContent = new Date(scan.timestamp).toLocaleString(); document.getElementById('scan-duration').textContent = scan.duration ? `${scan.duration.toFixed(1)}s` : '-'; document.getElementById('scan-triggered-by').textContent = scan.triggered_by || 'manual'; - document.getElementById('scan-config-id').textContent = scan.config_id || '-'; // Status badge let statusBadge = ''; @@ -439,7 +457,7 @@ window.location.href = '{{ url_for("main.scans") }}'; } catch (error) { console.error('Error deleting scan:', error); - alert(`Failed to delete scan: ${error.message}`); + showAlert('danger', `Failed to delete scan: ${error.message}`); // Re-enable button on error deleteBtn.disabled = false; diff --git a/app/web/templates/scans.html b/app/web/templates/scans.html index d15705b..3e5ac3b 100644 --- a/app/web/templates/scans.html +++ b/app/web/templates/scans.html @@ -151,6 +151,25 @@ let statusFilter = ''; let totalCount = 0; + // Show alert notification + function showAlert(type, message) { + const container = document.getElementById('notification-container'); + const notification = document.createElement('div'); + notification.className = `alert alert-${type} alert-dismissible fade show mb-2`; + + notification.innerHTML = ` + ${message} + + `; + + container.appendChild(notification); + + // Auto-dismiss after 5 seconds + setTimeout(() => { + notification.remove(); + }, 5000); + } + // Load initial data when page loads document.addEventListener('DOMContentLoaded', function() { loadScans(); @@ -456,15 +475,7 @@ bootstrap.Modal.getInstance(document.getElementById('triggerScanModal')).hide(); // Show success message - const alertDiv = document.createElement('div'); - alertDiv.className = 'alert alert-success alert-dismissible fade show mt-3'; - alertDiv.innerHTML = ` - Scan triggered successfully! (ID: ${data.scan_id}) - - `; - // Insert at the beginning of container-fluid - const container = document.querySelector('.container-fluid'); - container.insertBefore(alertDiv, container.firstChild); + showAlert('success', `Scan triggered successfully! (ID: ${data.scan_id})`); // Refresh scans loadScans(); @@ -490,23 +501,18 @@ }); if (!response.ok) { - throw new Error('Failed to delete scan'); + const data = await response.json(); + throw new Error(data.message || 'Failed to delete scan'); } // Show success message - const alertDiv = document.createElement('div'); - alertDiv.className = 'alert alert-success alert-dismissible fade show mt-3'; - alertDiv.innerHTML = ` - Scan ${scanId} deleted successfully. - - `; - document.querySelector('.container-fluid').insertBefore(alertDiv, document.querySelector('.row')); + showAlert('success', `Scan ${scanId} deleted successfully.`); // Refresh scans loadScans(); } catch (error) { console.error('Error deleting scan:', error); - alert('Failed to delete scan. Please try again.'); + showAlert('danger', `Failed to delete scan: ${error.message}`); } } From 9804f9c032c7ee0e3a1943cc5a528b27833f8a42 Mon Sep 17 00:00:00 2001 From: Phillip Tarrant Date: Thu, 20 Nov 2025 09:32:28 -0600 Subject: [PATCH 2/7] Add route to serve scan output files Output files (JSON, HTML, ZIP) are stored outside the static directory, so download links in scan_detail.html were broken. This adds a /output/ route that serves files from the output directory using send_from_directory for secure file access. Route requires authentication. --- app/web/routes/main.py | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/app/web/routes/main.py b/app/web/routes/main.py index ac15a97..583fdc5 100644 --- a/app/web/routes/main.py +++ b/app/web/routes/main.py @@ -5,8 +5,9 @@ Provides dashboard and scan viewing pages. """ import logging +import os -from flask import Blueprint, current_app, redirect, render_template, url_for +from flask import Blueprint, current_app, redirect, render_template, send_from_directory, url_for from web.auth.decorators import login_required @@ -244,3 +245,19 @@ def alert_rules(): 'alert_rules.html', rules=rules ) + + +@bp.route('/output/') +@login_required +def serve_output_file(filename): + """ + Serve output files (JSON, HTML, ZIP) from the output directory. + + Args: + filename: Name of the file to serve + + Returns: + The requested file + """ + output_dir = os.environ.get('OUTPUT_DIR', '/app/output') + return send_from_directory(output_dir, filename) From cc3758f92dbde8d6f47b15136a746c1aab27a6fd Mon Sep 17 00:00:00 2001 From: Phillip Tarrant Date: Thu, 20 Nov 2025 09:35:13 -0600 Subject: [PATCH 3/7] Add acknowledge all alerts feature Add POST /api/alerts/acknowledge-all endpoint to bulk acknowledge all unacknowledged alerts. Add "Ack All" button to alerts page header with confirmation dialog for quick dismissal of all pending alerts. --- app/web/api/alerts.py | 41 +++++++++++++++++++++++++++++++++++ app/web/templates/alerts.html | 40 +++++++++++++++++++++++++++++++--- 2 files changed, 78 insertions(+), 3 deletions(-) diff --git a/app/web/api/alerts.py b/app/web/api/alerts.py index 8315dae..18446d2 100644 --- a/app/web/api/alerts.py +++ b/app/web/api/alerts.py @@ -146,6 +146,47 @@ def acknowledge_alert(alert_id): }), 400 +@bp.route('/acknowledge-all', methods=['POST']) +@api_auth_required +def acknowledge_all_alerts(): + """ + Acknowledge all unacknowledged alerts. + + Returns: + JSON response with count of acknowledged alerts + """ + acknowledged_by = request.json.get('acknowledged_by', 'api') if request.json else 'api' + + try: + # Get all unacknowledged alerts + unacked_alerts = current_app.db_session.query(Alert).filter( + Alert.acknowledged == False + ).all() + + count = 0 + for alert in unacked_alerts: + alert.acknowledged = True + alert.acknowledged_at = datetime.now(timezone.utc) + alert.acknowledged_by = acknowledged_by + count += 1 + + current_app.db_session.commit() + + return jsonify({ + 'status': 'success', + 'message': f'Acknowledged {count} alerts', + 'count': count, + 'acknowledged_by': acknowledged_by + }) + + except Exception as e: + current_app.db_session.rollback() + return jsonify({ + 'status': 'error', + 'message': f'Failed to acknowledge alerts: {str(e)}' + }), 500 + + @bp.route('/rules', methods=['GET']) @api_auth_required def list_alert_rules(): diff --git a/app/web/templates/alerts.html b/app/web/templates/alerts.html index 4d71640..b6fe6ab 100644 --- a/app/web/templates/alerts.html +++ b/app/web/templates/alerts.html @@ -6,9 +6,14 @@

Alert History

- - Manage Alert Rules - +
+ + + Manage Alert Rules + +
@@ -265,5 +270,34 @@ function acknowledgeAlert(alertId) { alert('Failed to acknowledge alert'); }); } + +function acknowledgeAllAlerts() { + if (!confirm('Acknowledge all unacknowledged alerts?')) { + return; + } + + fetch('/api/alerts/acknowledge-all', { + method: 'POST', + headers: { + 'Content-Type': 'application/json', + 'X-API-Key': localStorage.getItem('api_key') || '' + }, + body: JSON.stringify({ + acknowledged_by: 'web_user' + }) + }) + .then(response => response.json()) + .then(data => { + if (data.status === 'success') { + location.reload(); + } else { + alert('Failed to acknowledge alerts: ' + (data.message || 'Unknown error')); + } + }) + .catch(error => { + console.error('Error:', error); + alert('Failed to acknowledge alerts'); + }); +} {% endblock %} \ No newline at end of file From 12d5aff7a5b41ca52c424cf0498011c4673aa887 Mon Sep 17 00:00:00 2001 From: Phillip Tarrant Date: Thu, 20 Nov 2025 09:59:35 -0600 Subject: [PATCH 4/7] Add help page with user documentation Create comprehensive help page covering: - Getting started workflow - Sites and IP management - Scan configuration - Running scans manually - Scheduling automated scans - Scan comparisons - Alerts and alert rules - Webhook configuration Add Help link with icon to navigation bar. --- app/web/routes/main.py | 12 ++ app/web/templates/base.html | 6 + app/web/templates/help.html | 375 ++++++++++++++++++++++++++++++++++++ 3 files changed, 393 insertions(+) create mode 100644 app/web/templates/help.html diff --git a/app/web/routes/main.py b/app/web/routes/main.py index 583fdc5..8c5f366 100644 --- a/app/web/routes/main.py +++ b/app/web/routes/main.py @@ -247,6 +247,18 @@ def alert_rules(): ) +@bp.route('/help') +@login_required +def help(): + """ + Help page - explains how to use the application. + + Returns: + Rendered help template + """ + return render_template('help.html') + + @bp.route('/output/') @login_required def serve_output_file(filename): diff --git a/app/web/templates/base.html b/app/web/templates/base.html index 606a6d6..8496d07 100644 --- a/app/web/templates/base.html +++ b/app/web/templates/base.html @@ -77,6 +77,12 @@
    +
  • + + Help + +
  • Logout
    • diff --git a/app/web/templates/help.html b/app/web/templates/help.html new file mode 100644 index 0000000..2d6d807 --- /dev/null +++ b/app/web/templates/help.html @@ -0,0 +1,375 @@ +{% extends "base.html" %} + +{% block title %}Help - SneakyScanner{% endblock %} + +{% block content %} +
    +
    +

    Help & Documentation

    +

    Learn how to use SneakyScanner to manage your network scanning operations.

    +
    +
    + + +
    +
    +
    +
    +
    Quick Navigation
    +
    +
    +
    +
    + Getting Started +
    +
    + Sites +
    +
    + Scan Configs +
    +
    + Running Scans +
    +
    + Scheduling +
    +
    + Comparisons +
    +
    + Alerts +
    +
    + Webhooks +
    +
    +
    +
    +
    +
    + + +
    +
    +
    +
    +
    Getting Started
    +
    +
    +

    SneakyScanner helps you perform network vulnerability scans and track changes over time. Here's the typical workflow:

    + +
    + Basic Workflow: +
      +
    1. Create a Site - Define a logical grouping for your targets
      2. +
    2. Add IPs - Add IP addresses or ranges to your site
      3. +
    3. Create a Scan Config - Configure how scans should run using your site
      4. +
    4. Run a Scan - Execute scans manually or on a schedule
      5. +
    5. Review Results - Analyze findings and compare scans over time
      6. +
    +
    +
    +
    +
    +
    + + +
    +
    +
    +
    +
    Creating Sites & Adding IPs
    +
    +
    +
    What is a Site?
    +

    A Site is a logical grouping of IP addresses that you want to scan together. For example, you might create separate sites for "Production Servers", "Development Environment", or "Office Network".

    + +
    Creating a Site
    +
      +
    1. Navigate to Configs → Sites in the navigation menu
      2. +
    2. Click the Create Site button
      3. +
    3. Enter a descriptive name for your site
      4. +
    4. Optionally add a description to help identify the site's purpose
      5. +
    5. Click Create to save the site
      6. +
    + +
    Adding IP Addresses
    +

    After creating a site, you need to add the IP addresses you want to scan:

    +
      +
    1. Find your site in the Sites list
      2. +
    2. Click the Manage IPs button (or the site name)
      3. +
    3. Click Add IP
      4. +
    4. Enter the IP address or CIDR range (e.g., 192.168.1.1 or 192.168.1.0/24)
      5. +
    5. Click Add to save
      6. +
    + +
    + Note: You can add individual IPs or CIDR notation ranges. Large ranges will result in longer scan times. +
    +
    +
    +
    +
    + + +
    +
    +
    +
    +
    Creating Scan Configurations
    +
    +
    +
    What is a Scan Config?
    +

    A Scan Configuration defines how a scan should be performed. It links to a Site and specifies scanning parameters like ports to scan, timing options, and other settings.

    + +
    Creating a Scan Config
    +
      +
    1. Navigate to Configs → Scan Configs in the navigation menu
      2. +
    2. Click the Create Config button
      3. +
    3. Enter a name for the configuration
      4. +
    4. Select the Site to associate with this config
      5. +
    5. Configure scan parameters: +
        +
      • Ports - Specify ports to scan (e.g., 22,80,443 or 1-1000)
        • +
      • Timing - Set scan speed/aggressiveness
        • +
      • Additional Options - Configure other nmap parameters as needed
        • +
      +
      6. +
    6. Click Create to save the configuration
      7. +
    + +
    + Tip: Create different configs for different purposes - a quick config for daily checks and a thorough config for weekly deep scans. +
    +
    +
    +
    +
    + + +
    +
    +
    +
    +
    Running Scans
    +
    +
    +
    Starting a Manual Scan
    +
      +
    1. Navigate to Scans in the navigation menu
      2. +
    2. Click the New Scan button
      3. +
    3. Select the Scan Config you want to use
      4. +
    4. Click Start Scan
      5. +
    + +
    Monitoring Scan Progress
    +

    While a scan is running:

    +
      +
    • The scan will appear in the Scans list with a Running status
      • +
    • You can view live progress by clicking on the scan
      • +
    • The Dashboard also shows active scans
      • +
    + +
    Viewing Scan Results
    +
      +
    1. Once complete, click on a scan in the Scans list
      2. +
    2. View discovered hosts, open ports, and services
      3. +
    3. Export results or compare with previous scans
      4. +
    +
    +
    +
    +
    + + +
    +
    +
    +
    +
    Scheduling Scans
    +
    +
    +
    Why Schedule Scans?
    +

    Scheduled scans allow you to automatically run scans at regular intervals, ensuring continuous monitoring of your network without manual intervention.

    + +
    Creating a Schedule
    +
      +
    1. Navigate to Schedules in the navigation menu
      2. +
    2. Click the Create Schedule button
      3. +
    3. Enter a name for the schedule
      4. +
    4. Select the Scan Config to use
      5. +
    5. Configure the schedule: +
        +
      • Frequency - How often to run (daily, weekly, monthly, custom cron)
        • +
      • Time - When to start the scan
        • +
      • Days - Which days to run (for weekly schedules)
        • +
      +
      6. +
    6. Enable/disable the schedule as needed
      7. +
    7. Click Create to save
      8. +
    + +
    Managing Schedules
    +
      +
    • Enable/Disable - Toggle schedules on or off without deleting them
      • +
    • Edit - Modify the schedule timing or associated config
      • +
    • Delete - Remove schedules you no longer need
      • +
    • View History - See past runs triggered by the schedule
      • +
    + +
    + Tip: Schedule comprehensive scans during off-peak hours to minimize network impact. +
    +
    +
    +
    +
    + + +
    +
    +
    +
    +
    Scan Comparisons
    +
    +
    +
    Why Compare Scans?
    +

    Comparing scans helps you identify changes in your network over time - new hosts, closed ports, new services, or potential security issues.

    + +
    Comparing Two Scans
    +
      +
    1. Navigate to Scans in the navigation menu
      2. +
    2. Find the scan you want to use as the baseline
      3. +
    3. Click on the scan to view its details
      4. +
    4. Click the Compare button
      5. +
    5. Select another scan to compare against
      6. +
    6. Review the comparison results
      7. +
    + +
    Understanding Comparison Results
    +

    The comparison view shows:

    +
      +
    • New - Hosts or ports that appear in the newer scan but not the older one
      • +
    • Removed - Hosts or ports that were in the older scan but not the newer one
      • +
    • Changed - Services or states that differ between scans
      • +
    • Unchanged - Items that remain the same
      • +
    + +
    + Security Note: Pay close attention to unexpected new open ports or services - these could indicate unauthorized changes or potential compromises. +
    +
    +
    +
    +
    + + +
    +
    +
    +
    +
    Alerts & Alert Rules
    +
    +
    +
    Understanding Alerts
    +

    Alerts notify you when scan results match certain conditions you define. This helps you stay informed about important changes without manually reviewing every scan.

    + +
    Viewing Alert History
    +
      +
    1. Navigate to Alerts → Alert History
      2. +
    2. View all triggered alerts with timestamps and details
      3. +
    3. Filter alerts by severity, date, or type
      4. +
    4. Click on an alert to see full details and the associated scan
      5. +
    + +
    Creating Alert Rules
    +
      +
    1. Navigate to Alerts → Alert Rules
      2. +
    2. Click Create Rule
      3. +
    3. Configure the rule: +
        +
      • Name - A descriptive name for the rule
        • +
      • Condition - What triggers the alert (e.g., new open port, new host, specific service detected)
        • +
      • Severity - How critical is this alert (Info, Warning, Critical)
        • +
      • Scope - Which sites or configs this rule applies to
        • +
      +
      4. +
    4. Enable the rule
      5. +
    5. Click Create to save
      6. +
    + +
    Common Alert Rule Examples
    +
      +
    • New Host Detected - Alert when a previously unknown host appears
      • +
    • New Open Port - Alert when a new port opens on any host
      • +
    • Critical Port Open - Alert for specific high-risk ports (e.g., 23/Telnet, 3389/RDP)
      • +
    • Service Change - Alert when a service version changes
      • +
    • Host Offline - Alert when an expected host stops responding
      • +
    + +
    + Tip: Start with a few important rules and refine them over time to avoid alert fatigue. +
    +
    +
    +
    +
    + + +
    +
    +
    +
    +
    Webhooks
    +
    +
    +
    What are Webhooks?
    +

    Webhooks allow SneakyScanner to send notifications to external services when events occur, such as scan completion or alert triggers. This enables integration with tools like Slack, Discord, Microsoft Teams, or custom systems.

    + +
    Creating a Webhook
    +
      +
    1. Navigate to Alerts → Webhooks
      2. +
    2. Click Create Webhook
      3. +
    3. Configure the webhook: +
        +
      • Name - A descriptive name
        • +
      • URL - The endpoint to send notifications to
        • +
      • Events - Which events trigger this webhook
        • +
      • Secret - Optional secret for request signing
        • +
      +
      4. +
    4. Test the webhook to verify it works
      5. +
    5. Click Create to save
      6. +
    + +
    Webhook Events
    +
      +
    • Scan Started - When a scan begins
      • +
    • Scan Completed - When a scan finishes
      • +
    • Scan Failed - When a scan encounters an error
      • +
    • Alert Triggered - When an alert rule matches
      • +
    + +
    Integration Examples
    +
      +
    • Slack - Use a Slack Incoming Webhook URL
      • +
    • Discord - Use a Discord Webhook URL
      • +
    • Microsoft Teams - Use a Teams Incoming Webhook
      • +
    • Custom API - Send to your own endpoint for custom processing
      • +
    +
    +
    +
    +
    + + +
    +
    + + Back to Top + +
    +
    + +{% endblock %} From 8d8e53c903d73021047d59602de142729fa19788 Mon Sep 17 00:00:00 2001 From: Phillip Tarrant Date: Thu, 20 Nov 2025 10:07:24 -0600 Subject: [PATCH 5/7] Add screenshot viewing button to scan detail page Display screenshot button in port table when a service has a captured screenshot. Button opens screenshot in new tab with correct path including the screenshot directory. --- app/web/templates/scan_detail.html | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/app/web/templates/scan_detail.html b/app/web/templates/scan_detail.html index 926a9ca..041445e 100644 --- a/app/web/templates/scan_detail.html +++ b/app/web/templates/scan_detail.html @@ -331,6 +331,7 @@ Product Version Status + Screenshot @@ -344,10 +345,11 @@ const ports = ip.ports || []; if (ports.length === 0) { - portsContainer.innerHTML = 'No ports found'; + portsContainer.innerHTML = 'No ports found'; } else { ports.forEach(port => { const service = port.services && port.services.length > 0 ? port.services[0] : null; + const screenshotPath = service && service.screenshot_path ? service.screenshot_path : null; const row = document.createElement('tr'); row.classList.add('scan-row'); // Fix white row bug @@ -359,6 +361,7 @@ ${service ? service.product || '-' : '-'} ${service ? service.version || '-' : '-'} ${port.expected ? 'Expected' : 'Unexpected'} + ${screenshotPath ? `` : '-'} `; portsContainer.appendChild(row); }); From 73a3b958346ea81dc39d5ef847d84a6af40769dd Mon Sep 17 00:00:00 2001 From: Phillip Tarrant Date: Thu, 20 Nov 2025 10:38:02 -0600 Subject: [PATCH 6/7] Add certificate details modal and fix SSL/TLS data processing - Add certificate details modal to scan detail page with subject, issuer, validity dates, serial number, self-signed indicator, SANs, and TLS version support with expandable cipher suites - Fix bug where certificate data was not being saved to database due to incorrect path lookup (was checking http_info['certificate'] instead of http_info['ssl_tls']['certificate']) - Update requirements: add sslyze 6.0.0 and upgrade cryptography to >=42.0.0 to fix 'No module named cryptography.x509.verification' error --- app/requirements-web.txt | 5 +- app/web/services/scan_service.py | 14 ++- app/web/templates/scan_detail.html | 158 ++++++++++++++++++++++++++++- 3 files changed, 170 insertions(+), 7 deletions(-) diff --git a/app/requirements-web.txt b/app/requirements-web.txt index f2625f2..c20da59 100644 --- a/app/requirements-web.txt +++ b/app/requirements-web.txt @@ -12,7 +12,7 @@ alembic==1.13.0 # Authentication & Security Flask-Login==0.6.3 bcrypt==4.1.2 -cryptography==41.0.7 +cryptography>=42.0.0 # API & Serialization Flask-CORS==4.0.0 @@ -35,3 +35,6 @@ python-dotenv==1.0.0 # Development & Testing pytest==7.4.3 pytest-flask==1.3.0 + +# Cert Testing +sslyze==6.0.0 \ No newline at end of file diff --git a/app/web/services/scan_service.py b/app/web/services/scan_service.py index 4564986..2cc996e 100644 --- a/app/web/services/scan_service.py +++ b/app/web/services/scan_service.py @@ -449,9 +449,10 @@ class ScanService: # Process certificate and TLS info if present http_info = service_data.get('http_info', {}) - if http_info.get('certificate'): + ssl_tls = http_info.get('ssl_tls', {}) + if ssl_tls.get('certificate'): self._process_certificate( - http_info['certificate'], + ssl_tls, scan_obj.id, service.id ) @@ -489,16 +490,19 @@ class ScanService: return service return None - def _process_certificate(self, cert_data: Dict[str, Any], scan_id: int, + def _process_certificate(self, ssl_tls_data: Dict[str, Any], scan_id: int, service_id: int) -> None: """ Process certificate and TLS version data. Args: - cert_data: Certificate data dictionary + ssl_tls_data: SSL/TLS data dictionary containing 'certificate' and 'tls_versions' scan_id: Scan ID service_id: Service ID """ + # Extract certificate data from ssl_tls structure + cert_data = ssl_tls_data.get('certificate', {}) + # Create ScanCertificate record cert = ScanCertificate( scan_id=scan_id, @@ -516,7 +520,7 @@ class ScanService: self.db.flush() # Process TLS versions - tls_versions = cert_data.get('tls_versions', {}) + tls_versions = ssl_tls_data.get('tls_versions', {}) for version, version_data in tls_versions.items(): tls = ScanTLSVersion( scan_id=scan_id, diff --git a/app/web/templates/scan_detail.html b/app/web/templates/scan_detail.html index 041445e..a0e9096 100644 --- a/app/web/templates/scan_detail.html +++ b/app/web/templates/scan_detail.html @@ -154,6 +154,67 @@ + + + {% endblock %} {% block scripts %} @@ -332,6 +393,7 @@ Version Status Screenshot + Certificate @@ -345,11 +407,12 @@ const ports = ip.ports || []; if (ports.length === 0) { - portsContainer.innerHTML = 'No ports found'; + portsContainer.innerHTML = 'No ports found'; } else { ports.forEach(port => { const service = port.services && port.services.length > 0 ? port.services[0] : null; const screenshotPath = service && service.screenshot_path ? service.screenshot_path : null; + const certificate = service && service.certificates && service.certificates.length > 0 ? service.certificates[0] : null; const row = document.createElement('tr'); row.classList.add('scan-row'); // Fix white row bug @@ -362,6 +425,7 @@ ${service ? service.version || '-' : '-'} ${port.expected ? 'Expected' : 'Unexpected'} ${screenshotPath ? `` : '-'} + ${certificate ? `` : '-'} `; portsContainer.appendChild(row); }); @@ -614,5 +678,97 @@ console.error('Error loading historical chart:', error); } } + + // Show certificate details modal + function showCertificateModal(cert) { + // Populate modal fields + document.getElementById('cert-subject').textContent = cert.subject || '-'; + document.getElementById('cert-issuer').textContent = cert.issuer || '-'; + document.getElementById('cert-serial').textContent = cert.serial_number || '-'; + + // Format dates + document.getElementById('cert-valid-from').textContent = cert.not_valid_before + ? new Date(cert.not_valid_before).toLocaleString() + : '-'; + document.getElementById('cert-valid-until').textContent = cert.not_valid_after + ? new Date(cert.not_valid_after).toLocaleString() + : '-'; + + // Days until expiry with color coding + if (cert.days_until_expiry !== null && cert.days_until_expiry !== undefined) { + let badgeClass = 'badge-success'; + if (cert.days_until_expiry < 0) { + badgeClass = 'badge-danger'; + } else if (cert.days_until_expiry < 30) { + badgeClass = 'badge-warning'; + } + document.getElementById('cert-days-expiry').innerHTML = + `${cert.days_until_expiry} days`; + } else { + document.getElementById('cert-days-expiry').textContent = '-'; + } + + // Self-signed indicator + document.getElementById('cert-self-signed').innerHTML = cert.is_self_signed + ? 'Yes' + : 'No'; + + // SANs + if (cert.sans && cert.sans.length > 0) { + document.getElementById('cert-sans').innerHTML = cert.sans + .map(san => `${san}`) + .join(''); + } else { + document.getElementById('cert-sans').textContent = 'None'; + } + + // TLS versions + if (cert.tls_versions && cert.tls_versions.length > 0) { + let tlsHtml = '
    '; + tlsHtml += ''; + + cert.tls_versions.forEach(tls => { + const statusBadge = tls.supported + ? 'Supported' + : 'Not Supported'; + + let ciphers = '-'; + if (tls.cipher_suites && tls.cipher_suites.length > 0) { + ciphers = `${tls.cipher_suites.length} cipher(s) + + `; + } + + tlsHtml += ``; + }); + + tlsHtml += '
    VersionStatusCipher Suites
    ${tls.tls_version}${statusBadge}${ciphers}
    '; + document.getElementById('cert-tls-versions').innerHTML = tlsHtml; + } else { + document.getElementById('cert-tls-versions').textContent = 'No TLS information available'; + } + + // Show modal + const modal = new bootstrap.Modal(document.getElementById('certificateModal')); + modal.show(); + } + + // Toggle cipher suites display + function toggleCiphers(btn, version) { + const cipherList = btn.nextElementSibling; + const icon = btn.querySelector('i'); + + if (cipherList.style.display === 'none') { + const ciphers = JSON.parse(btn.dataset.ciphers); + cipherList.innerHTML = ciphers.map(c => `
    ${c}
    `).join(''); + cipherList.style.display = 'block'; + icon.className = 'bi bi-chevron-up'; + } else { + cipherList.style.display = 'none'; + icon.className = 'bi bi-chevron-down'; + } + } {% endblock %} From 480065ed14794a09c5781401bba985b5510a6b2f Mon Sep 17 00:00:00 2001 From: Phillip Tarrant Date: Thu, 20 Nov 2025 11:33:12 -0600 Subject: [PATCH 7/7] Fix screenshot directory deletion and update SSL dependencies MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Save screenshot_dir to database when scans complete so the directory is properly cleaned up on scan deletion. Previously the field was never populated, causing screenshots to remain after deleting scans. Update sslyze to 6.2.0 and cryptography to 46.0.0 to fix certificate handling issues with negative serial numbers (RFC 5280 compliance). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- app/requirements-web.txt | 7 ++----- app/requirements.txt | 2 +- app/src/scanner.py | 2 ++ app/web/services/scan_service.py | 2 ++ 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/app/requirements-web.txt b/app/requirements-web.txt index c20da59..fc4ef9e 100644 --- a/app/requirements-web.txt +++ b/app/requirements-web.txt @@ -12,7 +12,7 @@ alembic==1.13.0 # Authentication & Security Flask-Login==0.6.3 bcrypt==4.1.2 -cryptography>=42.0.0 +cryptography>=46.0.0 # API & Serialization Flask-CORS==4.0.0 @@ -34,7 +34,4 @@ python-dotenv==1.0.0 # Development & Testing pytest==7.4.3 -pytest-flask==1.3.0 - -# Cert Testing -sslyze==6.0.0 \ No newline at end of file +pytest-flask==1.3.0 \ No newline at end of file diff --git a/app/requirements.txt b/app/requirements.txt index 5f19147..dbb9e6c 100644 --- a/app/requirements.txt +++ b/app/requirements.txt @@ -1,5 +1,5 @@ PyYAML==6.0.1 python-libnmap==0.7.3 -sslyze==6.0.0 +sslyze==6.2.0 playwright==1.40.0 Jinja2==3.1.2 diff --git a/app/src/scanner.py b/app/src/scanner.py index 69027f5..3964cb3 100644 --- a/app/src/scanner.py +++ b/app/src/scanner.py @@ -1054,6 +1054,8 @@ class SneakyScanner: # Preserve directory structure in ZIP arcname = f"{screenshot_dir.name}/{screenshot_file.name}" zipf.write(screenshot_file, arcname) + # Track screenshot directory for database storage + output_paths['screenshots'] = screenshot_dir output_paths['zip'] = zip_path print(f"ZIP archive saved to: {zip_path}", flush=True) diff --git a/app/web/services/scan_service.py b/app/web/services/scan_service.py index 2cc996e..9aea0b8 100644 --- a/app/web/services/scan_service.py +++ b/app/web/services/scan_service.py @@ -338,6 +338,8 @@ class ScanService: scan.html_path = str(output_paths['html']) if 'zip' in output_paths: scan.zip_path = str(output_paths['zip']) + if 'screenshots' in output_paths: + scan.screenshot_dir = str(output_paths['screenshots']) # Map report data to database models self._map_report_to_models(report, scan)