Skip to content

Instantly share code, notes, and snippets.

@ygjb

ygjb/gist:3129586

Created July 17, 2012 14:10
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ygjb/3129586 to your computer and use it in GitHub Desktop.
Save ygjb/3129586 to your computer and use it in GitHub Desktop.
Download ZIP
WIP Spec
Raw
gistfile1.md

Basic Requirements

Authentication

  • use BrowserID Authentication

Access Controls

  • group membership
  • group membership assignment via email address (e.g. mozilla.com, mozilla.org)
  • permissions are assigned to groups
  • base permissions ** run scan ** view my results ** view my group results ** view all results ** system admin (configure server, add groups) ** group admin (configure groups, add user to group)

Task Manager

  • Query plugin list to identify tasks available
  • Provide a list of available tasks
  • Allow user to configure a task to run: ** once ** periodically ** with defined start and end times (time/date) or duration (hours/days)
  • provide a list of currently running tasks the user has visibility into
  • for tasks the user has control of, options to stop, suspend, query, and resume tasks (default view should query running tasks for status)

Task Engine

  • provide restful service to manage the status of tasks
  • maintains references to configured plugins to provide configurations and access factories to spawn instances
  • provide a mechanism for running tasks to raise alerts

Plugins

  • Singleton that is a factory for plugin instances
  • support a configuration method to get for a JSON[or xml :(] blob that describes configuration settings and options
  • support for a spawn method that accepts a configuration and target specifier to create a new task
  • support for an analyze method that can accept a result object and discover artefacts

Plugin Instance

  • support querying for status
  • support querying for state options (canSuspend, canResume)
  • support for terminating the task
  • finished tasks can be queried for a result set (includes result messages, a blob containing the tools native report format, and a list of identified artefacts)

== Basic Specs {needs work} ==

Artefacts

  • objects discovered during the scan
  • can represent vulnerabilities, new hosts, new targets, etc

Result Format ''' result { messages : { { TIMESTAMP, TYPE, LEVEL, CLASS, MESSSAGE}, ... } results : { BASE64_BLOB } artefacts : { { ARTEFACTS }, ... } } '''

Core Plugins

  • Skipfish
  • Garmr
  • ZAP Proxy
@matthewdfuller
Copy link

Very basic wireframes for the web interface - http://imgur.com/a/1cRqB#0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment