# Phase 1: Foundation - COMPLETE โœ“ **Date Completed:** 2025-11-13 Phase 1 of the SneakyScanner roadmap has been successfully implemented. This document summarizes what was delivered and how to use the new infrastructure. --- ## โœ“ Deliverables Completed ### 1. Database Schema & Models - **SQLAlchemy models** for all 11 database tables (`web/models.py`) - Core tables: `Scan`, `ScanSite`, `ScanIP`, `ScanPort`, `ScanService`, `ScanCertificate`, `ScanTLSVersion` - Scheduling tables: `Schedule`, `Alert`, `AlertRule` - Configuration: `Setting` - **Alembic migrations** system configured (`migrations/`) - **Initial migration** created (`migrations/versions/001_initial_schema.py`) ### 2. Settings System with Encryption - **SettingsManager** class with CRUD operations (`web/utils/settings.py`) - **Automatic encryption** for sensitive values (SMTP passwords, API tokens) - **PasswordManager** for bcrypt password hashing - **Default settings initialization** for SMTP, authentication, retention policies ### 3. Flask Application Structure - **Flask app factory** pattern implemented (`web/app.py`) - **API blueprints** for all major endpoints: - `/api/scans` - Scan management (stub for Phase 2) - `/api/schedules` - Schedule management (stub for Phase 3) - `/api/alerts` - Alert management (stub for Phase 4) - `/api/settings` - Settings API (functional in Phase 1!) - **Error handlers** for common HTTP status codes - **CORS support** for API access - **Logging** to file and console - **Database session management** with scoped sessions ### 4. Database Initialization - **init_db.py** script for easy database setup - Supports both Alembic migrations and direct table creation - Password setting during initialization - Database verification and settings display ### 5. Docker Support - **Updated Dockerfile** with Flask dependencies - **docker-compose-web.yml** for running the web application - Separate service definition for database initialization - Volume mounts for persistence (database, output, logs) ### 6. Validation & Testing - **validate_phase1.py** script to verify all deliverables - Validates directory structure, files, Python syntax, models, and API endpoints - All checks passing โœ“ --- ## ๐Ÿ“ New Project Structure ``` SneakyScanner/ โ”œโ”€โ”€ web/ # Flask web application (NEW) โ”‚ โ”œโ”€โ”€ __init__.py โ”‚ โ”œโ”€โ”€ app.py # Flask app factory โ”‚ โ”œโ”€โ”€ models.py # SQLAlchemy models (11 tables) โ”‚ โ”œโ”€โ”€ api/ # API blueprints โ”‚ โ”‚ โ”œโ”€โ”€ __init__.py โ”‚ โ”‚ โ”œโ”€โ”€ scans.py # Scans API โ”‚ โ”‚ โ”œโ”€โ”€ schedules.py # Schedules API โ”‚ โ”‚ โ”œโ”€โ”€ alerts.py # Alerts API โ”‚ โ”‚ โ””โ”€โ”€ settings.py # Settings API (functional!) โ”‚ โ”œโ”€โ”€ templates/ # Jinja2 templates (for Phase 3) โ”‚ โ”œโ”€โ”€ static/ # CSS, JS, images (for Phase 3) โ”‚ โ”‚ โ”œโ”€โ”€ css/ โ”‚ โ”‚ โ”œโ”€โ”€ js/ โ”‚ โ”‚ โ””โ”€โ”€ images/ โ”‚ โ””โ”€โ”€ utils/ # Utility modules โ”‚ โ”œโ”€โ”€ __init__.py โ”‚ โ””โ”€โ”€ settings.py # Settings manager with encryption โ”œโ”€โ”€ migrations/ # Alembic migrations (NEW) โ”‚ โ”œโ”€โ”€ env.py # Alembic environment โ”‚ โ”œโ”€โ”€ script.py.mako # Migration template โ”‚ โ””โ”€โ”€ versions/ โ”‚ โ””โ”€โ”€ 001_initial_schema.py # Initial database migration โ”œโ”€โ”€ alembic.ini # Alembic configuration (NEW) โ”œโ”€โ”€ init_db.py # Database initialization script (NEW) โ”œโ”€โ”€ validate_phase1.py # Phase 1 validation script (NEW) โ”œโ”€โ”€ requirements-web.txt # Flask dependencies (NEW) โ”œโ”€โ”€ docker-compose-web.yml # Docker Compose for web app (NEW) โ”œโ”€โ”€ Dockerfile # Updated with Flask support โ”œโ”€โ”€ src/ # Existing scanner code (unchanged) โ”œโ”€โ”€ templates/ # Existing report templates (unchanged) โ”œโ”€โ”€ configs/ # Existing YAML configs (unchanged) โ””โ”€โ”€ output/ # Existing scan outputs (unchanged) ``` --- ## ๐Ÿš€ Getting Started ### Option 1: Local Development (without Docker) #### 1. Install Dependencies ```bash # Install Flask and web dependencies pip install -r requirements-web.txt ``` #### 2. Initialize Database ```bash # Create database and set password python3 init_db.py --password YOUR_SECURE_PASSWORD # Verify database python3 init_db.py --verify-only ``` #### 3. Run Flask Application ```bash # Run development server python3 -m web.app # Application will be available at http://localhost:5000 ``` #### 4. Test API Endpoints ```bash # Health check curl http://localhost:5000/api/settings/health # Get all settings (sanitized) curl http://localhost:5000/api/settings # Get specific setting curl http://localhost:5000/api/settings/smtp_server # Update a setting curl -X PUT http://localhost:5000/api/settings/smtp_server \ -H "Content-Type: application/json" \ -d '{"value": "smtp.gmail.com"}' # Set application password curl -X POST http://localhost:5000/api/settings/password \ -H "Content-Type: application/json" \ -d '{"password": "newsecurepassword"}' ``` --- ### Option 2: Docker Deployment #### 1. Build Docker Image ```bash docker-compose -f docker-compose-web.yml build ``` #### 2. Initialize Database (one-time) ```bash # Create data directory mkdir -p data # Initialize database docker-compose -f docker-compose-web.yml run --rm init-db --password YOUR_SECURE_PASSWORD ``` #### 3. Run Web Application ```bash # Start Flask web server docker-compose -f docker-compose-web.yml up -d web # View logs docker-compose -f docker-compose-web.yml logs -f web ``` #### 4. Access Application - Web API: http://localhost:5000 - Health checks: - http://localhost:5000/api/scans/health - http://localhost:5000/api/schedules/health - http://localhost:5000/api/alerts/health - http://localhost:5000/api/settings/health --- ## ๐Ÿ” Security Features ### Encryption - **Fernet encryption** for sensitive settings (SMTP passwords, API tokens) - Encryption key auto-generated and stored in settings table - Can be overridden via `SNEAKYSCANNER_ENCRYPTION_KEY` environment variable ### Password Hashing - **Bcrypt** for application password hashing (work factor 12) - Password stored as irreversible hash in settings table - Minimum 8 characters enforced ### Session Management - Flask sessions with configurable `SECRET_KEY` - Set via environment variable or config --- ## ๐Ÿ“Š Database Schema ### Core Tables - **scans** - Scan metadata and status - **scan_sites** - Site groupings - **scan_ips** - IP addresses scanned - **scan_ports** - Discovered ports - **scan_services** - Service detection results - **scan_certificates** - SSL/TLS certificates - **scan_tls_versions** - TLS version support ### Scheduling & Alerts - **schedules** - Cron-like scan schedules - **alerts** - Alert history - **alert_rules** - Alert rule definitions ### Configuration - **settings** - Application settings (key-value store) All tables include proper foreign keys, indexes, and cascade delete rules. --- ## ๐Ÿงช Validation Run the Phase 1 validation script to verify everything is in place: ```bash python3 validate_phase1.py ``` Expected output: ``` โœ“ All Phase 1 validation checks passed! ``` --- ## ๐Ÿ”ง Environment Variables Configure the Flask app via environment variables: ```bash # Flask configuration export FLASK_ENV=development export FLASK_DEBUG=true export FLASK_HOST=0.0.0.0 export FLASK_PORT=5000 # Database export DATABASE_URL=sqlite:///./sneakyscanner.db # Security export SECRET_KEY=your-secret-key-here export SNEAKYSCANNER_ENCRYPTION_KEY=your-encryption-key-here # CORS (comma-separated origins) export CORS_ORIGINS=http://localhost:3000,https://your-domain.com # Logging export LOG_LEVEL=INFO ``` Or use a `.env` file (supported via `python-dotenv`). --- ## ๐Ÿ“ API Endpoints Summary ### Settings API (Functional in Phase 1) | Method | Endpoint | Description | Status | |--------|----------|-------------|--------| | GET | `/api/settings` | Get all settings (sanitized) | โœ“ Working | | PUT | `/api/settings` | Update multiple settings | โœ“ Working | | GET | `/api/settings/{key}` | Get specific setting | โœ“ Working | | PUT | `/api/settings/{key}` | Update specific setting | โœ“ Working | | DELETE | `/api/settings/{key}` | Delete setting | โœ“ Working | | POST | `/api/settings/password` | Set app password | โœ“ Working | | GET | `/api/settings/health` | Health check | โœ“ Working | ### Scans API (Stubs for Phase 2) | Method | Endpoint | Description | Status | |--------|----------|-------------|--------| | GET | `/api/scans` | List scans | Phase 2 | | GET | `/api/scans/{id}` | Get scan details | Phase 2 | | POST | `/api/scans` | Trigger scan | Phase 2 | | DELETE | `/api/scans/{id}` | Delete scan | Phase 2 | | GET | `/api/scans/{id}/status` | Get scan status | Phase 2 | | GET | `/api/scans/health` | Health check | โœ“ Working | ### Schedules API (Stubs for Phase 3) | Method | Endpoint | Description | Status | |--------|----------|-------------|--------| | GET | `/api/schedules` | List schedules | Phase 3 | | POST | `/api/schedules` | Create schedule | Phase 3 | | PUT | `/api/schedules/{id}` | Update schedule | Phase 3 | | DELETE | `/api/schedules/{id}` | Delete schedule | Phase 3 | | POST | `/api/schedules/{id}/trigger` | Trigger schedule | Phase 3 | | GET | `/api/schedules/health` | Health check | โœ“ Working | ### Alerts API (Stubs for Phase 4) | Method | Endpoint | Description | Status | |--------|----------|-------------|--------| | GET | `/api/alerts` | List alerts | Phase 4 | | GET | `/api/alerts/rules` | List alert rules | Phase 4 | | POST | `/api/alerts/rules` | Create alert rule | Phase 4 | | PUT | `/api/alerts/rules/{id}` | Update alert rule | Phase 4 | | DELETE | `/api/alerts/rules/{id}` | Delete alert rule | Phase 4 | | GET | `/api/alerts/health` | Health check | โœ“ Working | --- ## โœ… Testing Checklist - [x] Database creates successfully - [x] Settings can be stored/retrieved - [x] Encryption works for sensitive values - [x] Password hashing works - [x] Flask app starts without errors - [x] API blueprints load correctly - [x] Health check endpoints respond - [x] All Python files have valid syntax - [x] All models defined correctly - [x] Database migrations work --- ## ๐ŸŽฏ Next Steps: Phase 2 Phase 2 will implement: 1. **REST API for scans** - Trigger scans, list history, get results 2. **Background job queue** - APScheduler for async scan execution 3. **Authentication** - Flask-Login for session management 4. **Scanner integration** - Save scan results to database 5. **Docker Compose deployment** - Production-ready setup Estimated timeline: 2 weeks (as per roadmap) --- ## ๐Ÿ“š References ### Key Files - `web/models.py` - Database models (lines 1-400+) - `web/app.py` - Flask app factory (lines 1-250+) - `web/utils/settings.py` - Settings manager (lines 1-300+) - `init_db.py` - Database initialization (lines 1-200+) - `migrations/versions/001_initial_schema.py` - Initial migration (lines 1-250+) ### Documentation - [Flask Documentation](https://flask.palletsprojects.com/) - [SQLAlchemy ORM](https://docs.sqlalchemy.org/) - [Alembic Migrations](https://alembic.sqlalchemy.org/) - [Cryptography Library](https://cryptography.io/) - [Bcrypt](https://github.com/pyca/bcrypt) --- ## ๐Ÿ› Troubleshooting ### Database Issues ```bash # Reset database rm sneakyscanner.db python3 init_db.py --password newpassword # Check database sqlite3 sneakyscanner.db ".schema" ``` ### Flask Won't Start ```bash # Check dependencies installed pip list | grep -i flask # Check syntax errors python3 validate_phase1.py # Run with debug output FLASK_DEBUG=true python3 -m web.app ``` ### Encryption Errors ```bash # Generate new encryption key python3 -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())" # Set in environment export SNEAKYSCANNER_ENCRYPTION_KEY="your-key-here" ``` --- **Phase 1 Status:** โœ… COMPLETE All deliverables implemented, tested, and validated. Ready to proceed with Phase 2.