Security/Projects/Minion
< Security
Minion is a security testing framework built by Mozilla to bridge the gap between developers and security testers. To do so, it enables developers to scan their projects using a friendly interface.
NOTE - this project is at a very early stage in its development.
- Source code: https://github.com/ygjb/minion - public
- Task management: https://trello.com/b/DlVPzGaS - currently private, contact one of the Minion developers to get access
Developers:
- Psiinon
- TBA
Initial Diagram
Components
Web Interface
- Log in using Persona (BrowserID) (can be restricted by domain for use on central server by organizations)
- Menu -> New Scan, Running Scans, Completed Scans
- Future: Group Scans (member of groups, permissions, see other scans by group members/project)
- New Scan
- Basic: URL, Port
- Advanced: Login information, technologies used (customize scan such as SQLmap for SQL)
- Future: Scan type based on plugin (web app, client code, etc)
Task Engine
- Instance started when user clicks start scan
- Collects provided information
- Starts scan based on provided information
- Launches tools (Minions) and awaits responses
Minions (Scanners)
- Receive kickoff from task engine
- Scan target
- Send results back to task engine in necessary format (JSON)
Target
- Site hosted by developer
- Can be hosted or running locally