-
Notifications
You must be signed in to change notification settings - Fork 212
Project Update
As discussed in Future of Hashtopolis we have been working on a new API and a new UI. With this post we provide an update on the development of this.
We have working hard over the last few months to get a release candidate out there. After the previews we were running into a lot of problems with the new UI. To simplify the development we switched from a custom collection of angular components to a large angular component library: material. This improved the consistency of the code and design, however required us to rewrite all tables and forms. This is almost done.
With that you can see the new UI getting more and more stable, but simply put: it is just not ready yet.
You probably noticed that we are less active, that is simple because almost all of us have limited time available for the moment. This is caused by personal priorities being changed, the unlucky part is that that happend to almost all of us at the same time. So for the next few weeks/months there will be limited activity at the repo.
Because of the limited resources, it is very hard to give an estimate when the first release candidate of the new UI/API will be available. Don't expect it this Q, maybe Q2?
If you have some time available, contributions are very welcome for the new UI! Play around with it, if you find a bug, create a pull request fixing the bug!
As discussed in Future of Hashtopolis we have been working on a new API and a new UI. With this post we provide an update on the development of this.
Two weeks ago we have released version 0.14.0. 🥳
The new install method for Hashtopolis is Docker. Please refer to the wiki for the new install instructions: https://github.com/hashtopolis/server/wiki/Installation
And for upgrading please use https://github.com/hashtopolis/server/wiki/Migration-Update
Official docker images can now be found at: https://hub.docker.com/u/hashtopolis
The release 0.14.0 also comes with a technical preview (or 'beta') of the new API and the new UI! Use the new installation instructions to play around with it! We are looking forward to your feedback!
Please note that the new API/UI are not enabled by default. Simply because they are still only a technical preview. Please read the installation instruction on how to enable them.
The upcoming month will be devoted to finishing the new UI and API, but also implementing your feedback. So please drop by on the Discord Server!
The main features we are working on:
- Implementing all missing calls
- Implementing permissions
- Making everything as dynamic as possible
Our current planning is to release a release candidate by the end of Q3.
As discussed in Future of Hashtopolis we have been working on a new API and a new UI. With this post we provide an update on the development of this.
As you probably have seen, there has been a 0.13.1 release. It took us a bit more time to release a fix for the broken Windows agents. To reduce the chances of this occurring again, a simple test framework has been implemented into the agent repo.
Besides that there have been a couple of smaller bug fixes in the server code. Please check the release notes for more information on this.
The major part of our development time has been spent in the new API and new UI. Like discussed in the original post, we are expecting to release the first beta version by the end of April. This beta will provide most of the basic features that the original also had. Like creating hashlists, tasks, files and managing agents.
Some features have not yet been implemented, but please try this beta out. Fire-up the new UI and provide us with feedback.
Missing items:
- Permission checking, with the new api and new ui every user is admin by default. Thus use the beta only in testing environments for now.
- Helper functions. Some UI buttons/features have not been migrated yet, example: assign/unassign agent, resetting passwords or mask import.
- Notifications. The settings for notifications are not migrated yet.
With the switch to the new API and the new UI, we are also thinking about switching the default installation method. We are planning to use Docker as the default method. It would still be possible to run Hashtopolis directly on a server, however setting up the server requires more effort. Please provide us with some feedback on this new installation method (discord or #866).
The next quarter we'll be working on implementing everything that we have not yet migrated from the old UI to the new UI.
The focus of the next cycle will primarily be used to implement the permission framework and the helper functions.
Our goal is to deprecate the old UI at beginning of Q4 (thus around October 2023). Please try the new version out and provide us with feedback as soon as possible.
It has been some time since the last release of Hashtopolis, this was the version 0.12.0 release on February 18th 2020. Since then, a lot has happened, major contributions were made through all kinds of pull requests. No new release was created, but this is about to change and there is more to come.
In the upcoming weeks we are expecting to release a new version, version 0.13.0, which will contain some new features and bug fixes.
Originally, Hashtopolis was designed and created for small groups of password crackers, competing in competitions. Those are still part of the user group as for today, but more and more corporate users are using Hashtopolis; for example, pen-testing companies to assess the quality of passwords for their clients. This results in requests to mature the project.
With a small group we have been working on this, future proofing Hashtopolis. Currently, the code is a bit messy. The major change that has been on our to-do-list forever is the separation of the frontend and the backend. Inside the PHP code there is no real clear separation between these two parts. Some functionality is implemented both in the frontend and in the user-API or even worse; implemented at both places but slightly different.
Our idea is to completely remove the frontend code from the PHP core. We decided to implement a new frontend in Angular. This frontend code will be placed in a separate repository (link).
To support the new frontend, the backend will be accessible through a new version of the user-API. The functionality will be similar to the original API, but some features are missing in the old one which have to be added for the new frontend. The new version will be placed at a different endpoint and is not backwards compatible. Instead of implementing all API handling ourselves, we are also planning to use the Slim Framework for this.
With this new API a completely new authentication mechanism will also be used, relying on OAuth2. This will allow easier coupling with existing authentication providers instead of always using Hashtopolis users with password.
We already started to work on a PoC for the separation, which can be seen in Pull Request #845. We hope to have a real working version in Q1 next year, but all depends on the availability of the developers.
The next step after the separation is done, is to start working on rewriting the backend in Python. With Python we are planning to create a service-based backend instead of a call-based backend. This allows to cache some lookups to improve performance, calculate values and have a queue based task distribution system.
To summarize, what you can expect and when:
- a new release within the upcoming weeks
- a first workable PoC showcasing a new GUI and a new API together with a new authentication system, in Q1 2023.
With this post we hopefully give some insights into the future of Hashtopolis, but we are also hoping to get some feedback on the plans. Either in Pull Request #845 or on Discord.