=Minion Overview=
__NOTOC__
<cite>
Minion is a security testing framework built by Mozilla to bridge the gap between developers and security testers. To do so, it enables developers to scan their projects using a friendly interface.
NOTE - this project is at a ''very'' early stage in its development.
==Links==
* Source code: https://github.com/ygjb/minion - public
* Task management: https://trello.com/b/DlVPzGaS - currently private, contact one of the Minion developers to get access
* Email list: http://groups.google.com/group/mozilla-minion-dev - public
Developers:
* [[User:Psiinon|Psiinon]]
* TBA
==Details==
** [[Security/Projects/Minion/Plugins | Plugins]]
* [[Security/Projects/Minion/ImplDetails | Implementation Details]]
==Links==
* Source code: https://github.com/ygjb/minion - public
* Task management: https://trello.com/b/DlVPzGaS - currently private, contact one of the Minion developers to get access
* Email list: http://groups.google.com/group/mozilla-minion-dev - public
Developers:
* [[User:Psiinon|Psiinon]]
* TBA
TODO - move everything below here into one of the sub pages...
==Components==
===Web Interface===
====Overview====
The Web UI is responsible for:
* Generating the web UI (not surprisingly)
* Authenticating and managing users and user sessions
====Notes====
* Log in using Persona (BrowserID) (can be restricted by domain for use on central server by organizations)
* Menu -> New Scan, Running Scans, Completed Scans
** Future: Group Scans (member of groups, permissions, see other scans by group members/project)
* New Scan
** Basic: URL, Port
** Advanced: Login information, technologies used (customize scan such as SQLmap for SQL)
** Future: Scan type based on plugin (web app, client code, etc)
It should maintain as little data in memory as possible - all data should be retrieved from the Task Engine (and/or db?). This will allow us to run multiple Web UI servers for one service.
====Questions====
* Should this also provide a REST based API, or will we rely on the one implemented by the Task Engine?
* Will it need access to the db or will it get all data from the Task Engine?
===Task Engine===
====Overview====
The task engine is responsible for:
* Managing Minions
* Persisting all info to the db
* Providing a REST API
====Notes====
* Instance started when user clicks start scan
* Collects provided information
* Starts scan based on provided information
* Launches tools (Minions) and awaits responses
It should persist all data to a db and maintain as little data in memory as possible. This will allow us to run multiple Task Engine servers for one service, with all of the synchronization happening via the db (which would probably be clustered).
===Minions (Scanners)===
