Inspiration
As a web developer myself i understand the critical need to make sure client's data are as safe as possible. That's why it's a good thing to have an automated CVE scan tool that does the heavy lifting for us and reports in an eye-candy and informative way.
What it does
How we built it
I have chosen to use my Google VM Linux machine, where i have installed many open-source pen test libraries.
There's also an apache running serving as a GUI.
Utilizing Codeigniter PHP Framework, the front-end and the back-end is highly secure and snappy, while Bulma CSS takes care of it's simple, yet elegant looks.
Challenges we ran into
I have lost almost 10 hours to just find out why i wasn't able to SSH to my VM, rendering any real progress halted.
Some of the pentest tools are not able to perform even when they should. Others give different results and are therefore unreliable for real-life use. Some are promising.
Accomplishments that we're proud of
I have been able to circumvent Google's HIGHLY FORCED policy that didn't let me use my password to SSH to my machine. Even better, the only auth way of using SSH priv/pub keys was NOT WORKING AT ALL. Like, wtf google? I'm on a schedule here :D
What we learned
Codeigniter PHP Framework is really easy tu use, secure and BLAZING FAST to deploy and use. SSH key generation is not as straightforward as some tutorials make you believe it is.
What's next for mikhael-2
First i'm going to sleep. Next I will test the back-end tools further and create a bullet-proof solution that will be production-ready. User will be able to select scan depth and focus, which will use different combination of scanners. After that i will beautify the whole user experience and make sure it reports not only to html but to PDF as well.
Log in or sign up for Devpost to join the conversation.