# SneakyScanner Roadmap ## Vision & Goals SneakyScanner is a comprehensive **Flask web application** for infrastructure monitoring and security auditing. The primary interface is the web GUI, with a CLI API client planned for scripting and automation needs. ## Version 1.0.0 - Complete ✅ ### Phase 1: Foundation ✅ **Completed:** 2025-11-13 - Database schema with 11 tables (SQLAlchemy ORM, Alembic migrations) - Settings system with encryption (bcrypt, Fernet) - Flask app structure with API blueprints - Docker Compose deployment ### Phase 2: Flask Web App Core ✅ **Completed:** 2025-11-14 - REST API (8 endpoints for scans, settings) - Background job queue (APScheduler, 3 concurrent scans) - Session-based authentication (Flask-Login) - Web UI templates (dashboard, scan list/detail, login) - Comprehensive test suite (100 tests) ### Phase 3: Dashboard & Scheduling ✅ **Completed:** 2025-11-14 - Dashboard with summary stats and trend charts (Chart.js) - Scan detail pages with full results display - Scheduled scan management (cron expressions) - Download buttons for reports (JSON, HTML, ZIP) ### Phase 4: Config Creator ✅ **Completed:** 2025-11-17 - CIDR-based config creation UI - YAML editor with CodeMirror - Config management (list, view, edit, download, delete) - REST API for config operations (7 endpoints) ### Phase 5: Webhooks & Alerting ✅ **Completed:** 2025-11-19 - Alert Rule Engine (9 alert types: unexpected_port, cert_expiry, ping_failed, etc.) - Webhook notifications with retry logic - Multiple webhook URLs with independent filtering - Notification templates (Slack, Discord, PagerDuty support) - Alert deduplication --- ## Planned Features ### Version 1.1.0 - Communication & Automation #### CLI as API Client - CLI tool for scripting and automation via REST API - API token authentication (Bearer tokens) - Commands for scan management, schedules, alerts #### Email Notifications - SMTP integration with Flask-Mail - Jinja2 email templates (HTML + plain text) - Configurable recipients and rate limiting #### Site CSV Export/Import - Bulk site management via CSV files --- ### Version 1.2.0 - Reporting & Analysis #### Scan Comparison - Compare two scans API endpoint - Side-by-side comparison view with color-coded differences - Export comparison report to PDF/HTML #### Enhanced Reports - Sortable/filterable tables (DataTables.js) - PDF export (WeasyPrint) --- ### Version 1.3.0 - Visualization #### Timeline View - Visual scan history timeline - Filter by site/IP - Event annotations #### Advanced Charts - Port activity heatmap - Certificate expiration forecast --- ### Version 2.0.0 - Security Intelligence #### Vulnerability Detection - CVE database integration (NVD API) - Service version matching to known CVEs - CVSS severity scores --- ## Changelog | Date | Version | Changes | |------|---------|---------| | 2025-11-13 | 1.0.0-alpha | Phase 1 complete - Foundation | | 2025-11-14 | 1.0.0-beta | Phases 2-3 complete - Web App Core, Dashboard & Scheduling | | 2025-11-17 | 1.0.0-rc1 | Phase 4 complete - Config Creator | | 2025-11-19 | 1.0.0 | Phase 5 complete - Webhooks & Alerting | --- **Last Updated:** 2025-11-20