forked from hashview/hashview
-
Notifications
You must be signed in to change notification settings - Fork 0
/
TODO
172 lines (146 loc) · 5.37 KB
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
Analytics
- For All Customers
- Remove Total Accounts
- Remove RunTime
- For dropdown customer select, remove any customer that has no hashfile
- Set color scheme to look good
- Total Hashes Cracked vs uncracked
- Top 20 users per single hash/password
- All duplicates?
- Both Bar graphs should render widths dynamically
- Show users based on matching hashes
- show users based on matching cracked passwords
- Change to seperate json queries per portlet
- Show instacrack rate
- Top passwords across customers (would only be valid for 30 days :())
- Change download left/found list to be based on hashtype when user selects all hashfiles all customers
- Top X plaintext download dropdown menu
API
- support VERSION info being sent from agents to server
- Check if all hashes cracked upon agent check in, and if all are cracked, cancel task/job
- when syncing wordlists need to use random names, and not file names. otherwise new agents will will collide requests and the tmp directory file entry will be overwritten
Search
- Do we even let the user pick which type, or just run queries on both?
- Export Results
Wordlists
- Change wordlist path attribute in db to be relative to app install path
- does this affect the path returned by the API to agents?
- Dynamic wordlist based on usernames
Rules
- Edit
- Rules in browser
Login
- Should be a card style
Tasks
- add support for markov chains
- dynamic task with top X masks (isnt this the same thing as markov)
- Add support for Cewl
Jobs
- New job
- New Hashfile
- Unique sort or error on netntlmv1, netntlmv2 hashes that share the same username
- Notifications should come before task selection
- Notifications
- pre select email & hash notificaitons if previously set
- Check all / none hashes
- in table filter for user/hash
- Stop Job after X ammount of successfully cracked hashes
- Stop Job after X ammount of time warning and preset
- Stop Task after X ammont of time warnning and preset
- Prevent Editing of Job that is activly running
Scheduled Events
- Status (is running / died)
- Mark agent as inactive after a period of time
- send push notifications when agent is offline
Installation Instructions:
Installation files
- upgrade.sh
- export FLASK_APP=hashview.py
- flask db migrate
- flask db upgrade
- What do we do with previous wordlists/rules and dynamic wordlist?
Wiki Instructions
Notifications
- Include link with email/job notification
- Convert # of seconds to days/hours/minutes, etc.
- Maybe include percentage cracked?
Settings
- OPTIMIZE TABLE hashes;
- OPTIMIZE TABLE hashfile_hashes;
- Max runtime for jobs
- Max runtime for tasks
- Max timeout from agents
Add favicon
Code Cleanup
- taskgroups / hashfiles should probably be renamed to task_groups and hash_files, word_lists?
UI Clean UP
- Change dropdown alignment of jobs, tasks, manage (in templates/layout.html)
Form layout
- Adjust label\nfield to label field\n
- Task
- Customers
- Wordlists
- Task Lists
- Task Groups
- Rules
- Jobs
- Notifications
Users
- Add admin, or promote existing user to admin (if admin)
- Delete
- Remove all or migrate all
- wordlists
- jobs
- tasks
- hash_notifications
- Job_notifications
- Hashfiles
- Rules
- Task_groups
- Info
- Associated Jobs
- Associated Wordlists
- Associated Hash_notifications
- Associated Job_notifications
- Associated Hashfiles
- Associated Rules (We're going to run into a problem when an associated rule is used in a task assigned to a job thats not associated to this user)
- Associated Task_groups (same as above)
- Associated Tasks (same as above)
- Add last login date to track stale users
All
- change uri scheme to be consistent
- jobs/id/status
- jobs/delete/id
- agents/delete/id
- When all hashes are cracked, all active tasks should be killed
Standardize modals
- info
- jobs
- wordlists
- rules
- users
- delete
- jobs
- wordlists
- rules
- users
Hashfiles
- Dynamic Hashfiles based on hashtype (uncracked)
Home
- make home page multiple jobs collapsable or only see your jobs
Core
- Support for compressed wordlists
Agents
- Change agent manifest to json
- Check / validate hashcat versions before exeuction
- Move compressed download out of install folder
Utils
- Validate hash can be simplified. user:hash vs hash only, the hash_types code can be reused.
# Bugs
Cumlative crack time for all hashes will be inacurate as its value is dependent on existing hashfiles which get removed during retention period
Force lowercase on user submitted NTLM hashes
Prevent Job from being deleted when still running
# Before Release
Include upgrade instructions for agents
Documnent Invalid certificate error and how to fix them on wiki
Prevent adding of task to new job when assigning a task group and there's already a duplicate task.