Set campaign max price, external reference

[bzekanovic]

Would be great to see some of the improvements below in order to improve user experience.

1. Toggling features on and off isn't working as intended since users have to click outside of the toggle to get the feature enabled. You can replicate this by creating a new campaign and within new campaign page click on the toggle to enable advance mode.
2. It would be great if selecting wordlist follows the same UI as rules. This will keep consistency between different configs.
3. Having pagination within Events section would be nice feature.
4. Being able to filter within Events section from admin side in order to report against usage of NPK per user and spending.
5. Being able to set campaign max price directly from Admin settings.
6. Ability to provide custom external reference within NPK campaign. This will allow consultants to tag campaign with either project name or project ID. This can be then used to report against usage per project or even integrate NPK with other systems.

Thanks and let me know if you have any questions.

[bzekanovic]

Maybe even ability to require external reference ID within campaign from admin settings.

[c6fc]

Thanks.

1 has been a long-standing and bizarre behavior. I'll try to resolve that before the next release.
For 2, are you hoping to see the same selector element? Right now they are intentionally different due to wordlists being single-select and rules being multi-select.
3 and 4 might be relatively easy since it's all displayed by AngularJS anyway.
5 is much harder than one might think, since that value is hard-coded into files and functions during deployment, and the front-end has no ability to modify any of these things. I've been slowly removing hard-coded values though in favor of values pulled from APIs or DynamoDB, so I'll see what potential there is for this.
6 I was thinking about adding an optional campaign name field to the campaign wizard. I originally left this out because it was a requirement that none of the data in NPK be traceable back to a customer, but since Coalfire doesn't get a say anymore, this would be a nice add.

[bzekanovic]

1. Thank you for the quick fix.
2. I think users are expecting NPK to allow them to select multiple wordlists by utilizing ctrl / click function and causes confusion since output actually does include second wordlist in the job. Maybe having same UI as you do with rules and then you can disable selection if one wordlist is selected or expand the feature later on to allow something like https://hashcat.net/wiki/doku.php?id=combinator_attack.
   3-4. Thank you!
3. Sounds good and this one is no big deal as changing this via terraform is not hard.
4. Awesome!

When do you plan to release the next version?

Thanks,

[c6fc]

2 is a good callout. I remember adding logic to the controller that discards any after the first, but I can see how that would lead to confusion when you see multiple selected in the UI. I'll see about getting a proper fix and possibly enabling combinator attacks. I have a long-term idea about adding a CLI utility that allows for arbitrary campaigns, basically allowing you to run any attack in NPK the same way you'd run it locally, but that's a ways out.

As for timelines, my goal is to get v3 shipped before EOY. The regions branch already contains most of the features I want to include, but there's a lot of regressions to test and some polish needed.

[bzekanovic]

Let me know when you are ready for new version to be tested.

[c6fc]

1, 3, and 4 are addressed in the dev merge b22985e - give it a shot when you get a chance, and let me know if you have any feedback

[bzekanovic]

Do you have list of improvements you made in v2.5?

[c6fc]

I don't for 2.5, but that's pretty old anyway.

v3 has support for per-region quotas, allows regions outside the US, has large file upload support, has support for p4d and g4 instance families, and allows you to select a region other than us-west-2 as your primary. It also self-hosts by default, deploys entirely with NPM (opening support for Mac), and now has a published container image on DockerHub to help with deployment.

[bzekanovic]

Do you still plan to implement something regarding 1 and 6 above?