If there is a regression, it should not get hidden, and there is some back end work needed to accomplish this.

Potentially, the following could happen:

• We find a critical vuln on site A
• DIsclose it, note it is fixed
• Vulnerability resurfaces on a later date
• But it is still hidden because it is "disclosed".

"Hide disclosed" should probably explicitly ignore certain disclosure statuss.

Potentially, mulitple groups will be accessing the dashboard.

It should be obvious what is and what is not in CR, as well as where they are.

The dashboard should highlight all of the major areas of the app and make it plain what it does and does not do.

If we add a major feature, it should be on the dashboard prominently.

The "default" page should drop to a dashboard that has summary info including

• Most recent scan date
• Breakdown of open tickets and counts (critical high medium low)
• Other disclosure status (false positive, disclosed, etc)
• Link between disclosure and resolved (time to resolve, open tickets, blah blah blah)
• Probably contact info for issues

On each major page, there should be an "export to..." button that exports the general collection to e.g. CSV or JSON

On the main dashboard, a "export (ALL) data" option should be present that provides a .zip of each host/disclosure/findings major dataset.

When I look at a particular finding, there is a "last seen" field in the UI. This should a) work, and b) give insight into how many times this hit has appeared.

The app needs a section for disclosures to keep track of:

• What has or has not been reported on
• What has been remediated
• Where additional report/disclosure information is found (e.g. the ticket)
• False positives / or otherwise ignored findings.
• Inconclusive findings / where it is not known if an exploit is possible or not
• Timeline for disclosure, remediation, regression
• regression e.g. when a finding re-appears after disclosure
• The host(s) involved
• The specific finding being disclosed or otherwise discussed

The disclosure section should be able to create the "Disclosure Template" and pre-fill host information as much as possible.

Ideally, the disclosure section can create a new "disclosure ticket" from a finding, and pre-populate as much information as possible.

Disclosures should exist in a separate "disclosures" page, but also fill in data directly into the "findings" page such that an issue with related disclosure(s) shows e.g. a badge next to the severity or somewhere in the finding row.

The findings page should have a "hide disclosed" filter.

(VERY) roughly drawn out, I think we should have an option to directly create a disclosure from a row and fill in as much as possible.

Red teamers need a UI in the app to run ad-hoc scans.

A end user should be able to:

Launch a nuclei scan from the GUI while specifying the following:

• Severity ( low med info high)
• Host(s)
• Rate limit options
• Debug on/off
• Interact.sh options

The UI ideally will launch the nuclei process in the background and "tee" the output into a live window.

Ideally, when a nuclei scan is finished, the output should be directly consumable by the app in e.g. the mounted data directory.

Here is a (VERY ROUGH) concept

We need to test what does and does not work in the host input with nuclei as a red teamer may be specifying CIDR ranges, single IPs, domain names, etc.

The output "a scan" should have the minimum data attached to it:

• The host
• Text output
• JSON or other structured findings data
• The start and end time
• exit code
• The initiator
• The version of the tool and plugins

There is potential for disaster here, and a solution for this should have one or more of:

• A disclaimer for the 'foot gun' that we are providing
• Limitations on the host range or number hosts that can be scanned at once
• Activity log of who did what, when and logging of each individual scan and user who initiated.
• Potentially, host whitelisting to avoid accidental out of scope scanning.

We're not really sure how multiple scans will show up in nuclearpond.

In findings views, multiple findings for the same host and template id should be grouped and summarized under the "last seen / found when" section of the finding details.

A finding that was picked up on a scan 10 different times, should still only show up as one row in the "findings" view.

Findings should be keyed on:

• host
• template id

And differentiated by timestamp

There is almost always a list of in-scope targets before operations begin.

The application should provide a method for ingestion and management of in-scope hosts.

A /hosts page should exist where we can view information about each host, related organization, and historical findings.

Scans such as from #2 should be restricted to targets declared in-scope, and findings and disclosures should also be related to the host record.

A host record should have at least:

• a endpoint (hostname)
• an organization

Hosts should be able to be bulk-imported from e.g. CSV with options for single-record editing as well as bulk import/export/purging.