A cross-platform note-taking & target-tracking app for penetration testers built on ElectronJS.
We’re aiming to release a number of checklists with v0.3 release. Please send the request here to join in private-repo to collaborate with other researchers on its development. In meantime, you can download the below checklists to import in your libraries:
- OWASP-Testing-Checklist from @Ice3man543: Download (Inspired by @tanprathan work)
You can also download the code to generate this checklist whenever any updates are available in the original repository.
- OSCP Methodology from @InitRoot: The checklist aim to assist OSCP students with a baseline methodology for the labs and exam environments. (Coming Soon)
To Import: After downloading the .json file:
- Open SwiftnessX app
- Click on import/export button (right next to the Logo)
- Select Import and select the downloaded
.jsonfile
View Steps
To install yarn, please refer to this link.
> git clone https://github.com/ehrishirajsharma/swiftnessx.git //clone the repository
> sudo yarn //install dependencies within the repo folder
> sudo yarn dev //run the packageTo update just use git pull or if dependencies are updated than first install them by yarn
View Steps
To install npm, please refer to this link.
> sudo npm install electron -g --unsafe-perm=true --allow-root //install electron globally in system
> git clone https://github.com/ehrishirajsharma/swiftnessx.git //clone the repository
> sudo npm install --unsafe-perm=true --allow-root //install dependencies
> sudo npm run dev //run the packageTo update just use git pull or if dependencies are updated than first install them by npm install
🐛 Reporting a bug?
This is very early days of this project, therefore unexpected bugs, UI glitches and data-corruptions related issues may occur. I’d personally and strongly recommend to keep taking backups daily to not to loose any data if something bad happens.
Before reporting a bug or glitch, please confirm if it is not previously reported. Give most possible information about the issue: reproduction steps, OS/environments specifics and any possible suggestions to fix it.
You can use this link to create and file an issue.
🚨 Reporting a security vulnerability?
Swiftness project was initially started to combat my day-to-day personal issues related to managing findings and checklist and was never built in mind for cross-platform support. However, to fulfill the gap for other OS, I decided to switch the project to ElectronJS. With the better flexibility, it came with a drawback of having too much dependencies on 3rd party libraries, ultimately, more concerns related to its security.
What measures we’ve been taking:
View
- Kept the 3rd party dependencies lower, and built most of the modules from scratch.
- Tested injection related vulnerabilities.
- Regular check-up on 0-day vulnerabilities of the dependencies.
Where to report?
View
You can send an email to [email protected], please provide as much as possible information on reproducing and fixing the vulnerabilities. We’re already aware of a few security vulnerabilities and working on to fix it.
References related to Electron security
Please refer to the below guide on understanding the basics and security of Electron:
- https://electronjs.org/docs/tutorial/security
- https://www.blackhat.com/docs/us-17/thursday/us-17-Carettoni-Electronegativity-A-Study-Of-Electron-Security-wp.pdf
- https://www.youtube.com/watch?v=QSMbk2nLTBk
Also check the package.json to see this project dependencies.
We aim to release a major new update every 3 months, hoping to short this cycle however, testing and fixing the glitches for all the platforms take a bit time. Moreover, this project is maintained on weekends so you may see some slow replies on emails or issues.
- Dark Theme
- Support for Dropbox and Google Drive Sync
- Performance Refactors
- Reporting tools inspired by Frans Rosen (@fransr): https://github.com/fransr/template-generator
- Better Text Editor: Enhanced Table features, export options, highlighting customisations, etc
How to contribute?
You can contribute and keep this project alive by, finding bugs or security issues, suggesting new features, grammatical mistakes / document writing or by creating pull request for pending bugs or feature.
You can also contact me at Twitter (my DM is open), or write me an email to [email protected] to discuss anything related to the current goals, project’s future or any possible collaborations.
Special thanks to Tomas Baskys and Pankaj Prajapat for their huge contributions on this project. 👏
- @InitRoot
- @ehsahil
- @SolomonSklash