Security/Projects/Minion: Difference between revisions
< Security
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 13: | Line 13: | ||
==Initial Diagram== | ==Initial Diagram== | ||
[[File:Minon_diagram.png]] | [[File:Minon_diagram.png]] | ||
==Components== | |||
===Web Interface=== | |||
* Log in using Persona (BrowserID) (can be restricted by domain for use on central server by organizations) | |||
* Menu -> New Scan, Running Scans, Completed Scans | |||
** Future: Group Scans (member of groups, permissions, see other scans by group members/project) | |||
* New Scan | |||
** Basic: URL, Port | |||
** Advanced: Login information, technologies used (customize scan such as SQLmap for SQL) | |||
** Future: Scan type based on plugin (web app, client code, etc) | |||
===Task Engine=== | |||
* Instance started when user clicks start scan | |||
* Collects provided information | |||
* Starts scan based on provided information | |||
* Launches tools (Minions) and awaits responses | |||
===Minions (Scanners)=== | |||
* Receive kickoff from task engine | |||
* Scan target | |||
* Send results back to task engine in necessary format (JSON) | |||
===Target=== | |||
* Site hosted by developer | |||
* Can be hosted or running locally | |||
Revision as of 21:22, 29 August 2012
Minion is a security testing framework built by Mozilla to bridge the gap between developers and security testers. To do so, it enables developers to scan their projects using a friendly interface.
NOTE - this project is at a very early stage in its development.
- Source code: https://github.com/ygjb/minion - public
- Task management: https://trello.com/b/DlVPzGaS - currently private, contact one of the Minion developers to get access
Developers:
- Psiinon
- TBA
Initial Diagram
Components
Web Interface
- Log in using Persona (BrowserID) (can be restricted by domain for use on central server by organizations)
- Menu -> New Scan, Running Scans, Completed Scans
- Future: Group Scans (member of groups, permissions, see other scans by group members/project)
- New Scan
- Basic: URL, Port
- Advanced: Login information, technologies used (customize scan such as SQLmap for SQL)
- Future: Scan type based on plugin (web app, client code, etc)
Task Engine
- Instance started when user clicks start scan
- Collects provided information
- Starts scan based on provided information
- Launches tools (Minions) and awaits responses
Minions (Scanners)
- Receive kickoff from task engine
- Scan target
- Send results back to task engine in necessary format (JSON)
Target
- Site hosted by developer
- Can be hosted or running locally