Skip to content
GitLab
Closed
Issue created by Administrator@rootContributor

New WebUI based on Rails

Created by: Zapotek

The current WebUI is an exercise which has outlived its purpose, it's messy and buggy and ugly.

A new WebUI needs to be created from scratch, on Rails.

It should include:

  • Reporting
    • Export -- Same as the old one, should allow exporting of scan results in all available report formats.
    • Trends -- Show (in)security trends for targeted webapps over time.
  • Settings
    • Global -- The global settings template and the basis for each scan i.e. the defaults.
    • Profiles -- Based off the Global and tailored to suite whatever audit needs the user has.
    • Last minute -- After the user has selected a Profile (or just goes with the Globals) he should be allowed to make last minute changes which will only apply to the scan he's about to start.
  • Scan types (Landing page)
    • Quick scan -- No need for a Dispatcher, just spawn an Instance on the local machine and perform a point-to-point scan. For extra coolness, allow spawning of multiple Instances in a grid-like master->slaves configuration for higher performance.
    • Remote -- Connect to a Dispatcher and do the usual stuff.
    • Grid -- Enabled when multiple Dispatchers have been linked to form a Grid.
      • Load balanced -- Just like Remote but the system will choose the Dispatcher with the least workload, automatically.
      • High-performance -- Will perform a scan using multiple Instances from different Dispatchers and utilize distributed crawling and audit algorithms.
      • Health -- A screen showing node workloads and a graph of all nodes would be cool.
  • UX
    • Scan progress monitoring
      • Show a dynamic tree of the website structure on the left and details of each issue on the right.
      • Keep the current status message presentation but buffer it to make it smoother.
      • Keep the runtime stats.
      • Add a separate messages box for error messages.
      • Option to switch to a dynamic summary report mode, like a fancy AJAX version of the CLI's Ctrl+C screen.
    • General
      • Use some scroll-follow real-estate from the top of the screen to provide progress info on all running scans on all WebUI pages so as to keep the user up to date with what's going on while he's browsing around the interface.

Please reply to add/request/discuss features.