Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

New WebUI based on Rails #210

Closed
Zapotek opened this Issue Jun 28, 2012 · 12 comments

Comments

Projects
None yet
4 participants
Owner

Zapotek commented Jun 28, 2012

The current WebUI is an exercise which has outlived its purpose, it's messy and buggy and ugly.

A new WebUI needs to be created from scratch, on Rails.

It should include:

  • Reporting
    • Export -- Same as the old one, should allow exporting of scan results in all available report formats.
    • Trends -- Show (in)security trends for targeted webapps over time.
  • Settings
    • Global -- The global settings template and the basis for each scan i.e. the defaults.
    • Profiles -- Based off the Global and tailored to suite whatever audit needs the user has.
    • Last minute -- After the user has selected a Profile (or just goes with the Globals) he should be allowed to make last minute changes which will only apply to the scan he's about to start.
  • Scan types (Landing page)
    • Quick scan -- No need for a Dispatcher, just spawn an Instance on the local machine and perform a point-to-point scan. For extra coolness, allow spawning of multiple Instances in a grid-like master->slaves configuration for higher performance.
    • Remote -- Connect to a Dispatcher and do the usual stuff.
    • Grid -- Enabled when multiple Dispatchers have been linked to form a Grid.
      • Load balanced -- Just like Remote but the system will choose the Dispatcher with the least workload, automatically.
      • High-performance -- Will perform a scan using multiple Instances from different Dispatchers and utilize distributed crawling and audit algorithms.
      • Health -- A screen showing node workloads and a graph of all nodes would be cool.
  • UX
    • Scan progress monitoring
      • Show a dynamic tree of the website structure on the left and details of each issue on the right.
      • Keep the current status message presentation but buffer it to make it smoother.
      • Keep the runtime stats.
      • Add a separate messages box for error messages.
      • Option to switch to a dynamic summary report mode, like a fancy AJAX version of the CLI's Ctrl+C screen.
    • General
      • Use some scroll-follow real-estate from the top of the screen to provide progress info on all running scans on all WebUI pages so as to keep the user up to date with what's going on while he's browsing around the interface.

Please reply to add/request/discuss features.

@Zapotek Zapotek was assigned Jun 28, 2012

abhisek commented Jun 29, 2012

How about reporting? Should have at least a summary report (perhaps with Google Charts API) and a comprehensive report.

Owner

Zapotek commented Jun 29, 2012

There's loads of report formats supported, including an HTML one which includes a summary and charts etc.
Or are you talking about having a dynamic summary report while monitoring a scan in progress? Because that'd be cool indeed -- matter of fact, I'll add it to the list now.

abhisek commented Jun 29, 2012

I was talking about a reporting feature in the Web UI itself. The Web UI can generate both dynamic report (scan in progress) along with a full report with nice eye candies (charts, html/css, js interactivity etc.) The scanner by itself should be not be burdened with reporting I think which should be kept separate perhaps in the Web UI.

Owner

Zapotek commented Jun 29, 2012

Yeah that already exists (unless you have something else in mind that I'm not getting) and will of course be kept, I'll explicitly add it to the list though.

abhisek commented Jun 29, 2012

Also in the long run I think some "Scan Management" related feature might help ie. The Web UI should have a database of its own where it stores the scan reports for each scan for a given URL so that it is possible to see historical data on the Web UI and see trends (bugs increasing or decreasing on a given URL over time based on multiple scan reports on the same URL).

Do you think it makes sense? or a over kill ?

Owner

Zapotek commented Jun 29, 2012

No no glad you mentioned it because I had forgotten about that.

DevNerd commented Jul 6, 2012

Will you be able to "fire up" custom scripted scans using the webinterface and use the grid to blast websites with scripted scans?

Owner

Zapotek commented Jul 6, 2012

Well...no not really, can't see how that'd be useful. You can script custom high-performance scans using the grid right now pretty much in the same way that you script normal RPC scans.

tbif commented Jul 7, 2012

Ability to view raw HTTP request/response headers, similar to skipfish's trace button.

Owner

Zapotek commented Jul 7, 2012

Already supported.

Owner

Zapotek commented Aug 12, 2012

Work on the WebUI has started: https://github.com/Arachni/arachni-ui-web
Closing this issue as the task list has been moved to: https://github.com/Arachni/arachni-ui-web/issues

@Zapotek Zapotek closed this Aug 12, 2012

@Zapotek Zapotek reopened this Sep 10, 2012

Owner

Zapotek commented Feb 8, 2013

Closing this issue since the WebUI is about to be included in the nightlies and thus replace the old one for v0.4.2.

@Zapotek Zapotek closed this Feb 8, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment