• Create the python module
• Create the RoR API call
• Create the associated UI

Among the results found via spidering, it would be great to have a list of all the comments found in the source code files (CSS, Javascript and HTML)

https://vuex.vuejs.org/en/
Extract the logic from the components and put it in a store module (namespaced).

A module similar to Burpsuite Intruder, where you'd put give as input :

• A raw request
• The SQL injectable parameter with a the SQL injection already in place
• A charset to test against
• The true/false expected response

For example :

Raw request : 
GET /?blind_param='+AND+(IF('X'='$INJECT$', SLEEP(5),''))+%23 HTTP/1.
Host: some_host

Parameter to inject : $INJECT$
Charset : [A-Za-z0-9]
True response : response_time > 5
False response : response_time < 5

When installing something via Yarn, a new error message pops up when running bundle exec foreman start -f Procfile.dev.

Error message :

17:33:35 webpack-watcher.1 | ERROR in ./~/css-loader!./~/vue-loader/lib/style-rewriter.js?{"id":"data-v-0da0dd94","scoped":false,"hasInlineConfig":false}!./~/sass-loader/lib/loader.js!./~/vue-loader/lib/selector.js?type=styles&index=0!./app/javascript/packs/App.vue
17:33:35 webpack-watcher.1 | Module build failed: Error: Node Sass does not yet support your current environment: OS X 64-bit with Unsupported runtime (57)

This seems to be a common issue, as explained here : sass/node-sass#1918

If you come across this issue, the quick fix is to run npm rebuild node-sass.

Aka bootstrap as components.
https://bootstrap-vue.github.io/

Custom path bruteforcer: common files/dir found in CTF challenges.

TODO :

• Create a python module
• Create the RoR API call
• Create associated UI

A module where people can add notes/files for a given project.

Maybe an integration with slack(?)

The concept of "Project" is confusing. We should change it to "Challenge" and add the concept of "CTF".

CTF has multiple Challenge(s).
A Challenge belongs to a CTF.

Thinking ahead, to prevent users from spamming the run button and create a lot of processes, we will need a mechanism to prevent modules from being run multiple times simultaneously.

When refreshing a page loaded via VueJs, Rails routes gets called first and shits everwhere.

Create the spider view for the project UI. It will probably closely resemble the dirb view.

Hosting my XSS payloads on my VPS is a mess. I have multiple issues :

• Filename conventions for my HTML/JS files are meaningless
• Commenting old payloads to try new ones is messy
• Creating new HTML/JS files for new payloads becomes messy too...

I'm thinking of a graphical interface for managing XSS payloads. There would be two models :

• Resources
• Slides

Each slide is a response that you want the XSS victim to receive. Each connection by the victim triggers the new slide :)
You would create static resources such as external JS files and add them to your slides.

Example :
If an XSS bot visits our malicious website 3 times, but we'd only like to serve a malicious payload on the first and last connection, we would create 3 slides, and setting the appropriate payload on slide 1 and slide 3.

The project view for a given module should look something like this :

Jail challenges are quite popular during CTFs. For those challenges, it helps to have the complete list of functions, then removing what isn't available.

For example :

• Given a SQL injection challenge where we cannot use the characters _"'shjkajl. We want to list all functions/keywords that we can use.

To prevent people from working on the same challenge at the same time, we could create a system for assigning players to specific challenges. This way other players know who is working on what.

We could also set a status based on the timezone of the user. So when viewing the status of a specific challenge, we'd see who is working on what + who is awake and ready to help.

Upon discovering a git repository, the tool should extract it, checkout the latest version, and archive it for later use.

• Create a python module
  • Extract the git repository using https://github.com/internetwache/GitTools
  • Run git checkout to get the latest version
  • Package it in a zip file for later use
• Create an RoR API call
• Create the associated UI

With the addition of users to the application, a public log showing user actions would be great.

This way, everyone knows what each user is doing (running a module, adding a note, etc)

Backend and frontend.

Users should see the scan results of other users.

• Store script results in a database on a per-project basis
• Fetch script results via websocket