Skip to content

Commit b4234ee

Browse files
committed
docs: add ROADMAP.md with production roadmap
1 parent b5dcd68 commit b4234ee

1 file changed

Lines changed: 100 additions & 0 deletions

File tree

ROADMAP.md

Lines changed: 100 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,100 @@
1+
# BugFinder Production Roadmap
2+
3+
## Phase Completed ✓
4+
- [x] TLS verification enabled (was `verify=False` everywhere)
5+
- [x] Secret redaction in evidence
6+
- [x] All 63 mypy strict mode errors resolved
7+
- [x] CI enforces type checking
8+
- [x] Race condition fixed in rate limiter
9+
- [x] Scope bypass fixed (no-hostname URLs)
10+
- [x] Finding ID collisions fixed across 6 agents
11+
- [x] Shannon entropy optimized O(256n) → O(n)
12+
- [x] Database indexes on all FKs
13+
- [x] Dockerfile: non-root user, healthcheck
14+
- [x] HTTP retry + structured logging
15+
- [x] Prompt injection + stored XSS sanitized
16+
- [x] 95 tests (up from 52)
17+
18+
## Phase 1 — Foundation for Automation
19+
- [x] Create ROADMAP.md
20+
- [x] Wire `ScopeEnforcer` into shared HTTP client
21+
- [x] Add shared HTTP client helper to `BaseAgent`
22+
- [x] Initialize structured logging at startup
23+
- [x] Unify scan execution (delete duplicate `_async_scan`, use `ScanOrchestrator`)
24+
- [ ] Implement `bf report` command
25+
26+
## Phase 2 — Complete the Agent Layer
27+
- [ ] `web.crawler`: full recursive crawl with Playwright
28+
- [ ] `web.sqli`: POST, blind time-based, OOB detection
29+
- [ ] `web.xss`: stored + DOM XSS with headless browser
30+
- [ ] `recon.dns`: MX/NS/TXT/CNAME + passive subdomain enumeration
31+
- [ ] `recon.subdomain`: crt.sh + DNS brute-force
32+
- [ ] `web.auth`: login detection, credential testing, JWT analysis
33+
- [ ] `web.ssrf`: collaborator-based detection
34+
- [ ] `web.lfi`: path traversal testing
35+
- [ ] `api.fuzz`: parameter fuzzing + method discovery
36+
- [ ] `api.auth`: auth bypass, token manipulation
37+
- [ ] `infra.port`: TCP port scanning
38+
- [ ] `verification`: re-test findings, AI false-positive analysis
39+
40+
## Phase 3 — Rich Reporting & AI Explanations
41+
- [ ] HTML report generator
42+
- [ ] JSON report generator
43+
- [ ] Wire AI explainer into findings
44+
- [ ] AI executive summary narrative
45+
- [ ] Remediation guidance per finding
46+
- [ ] PDF report via weasyprint
47+
48+
## Phase 4 — Real-Time TUI Dashboard
49+
- [ ] `ScanProgressScreen` with live progress
50+
- [ ] `FindingsScreen` with filterable list
51+
- [ ] `FindingDetailScreen` with AI explanation
52+
- [ ] `AssetInventoryScreen`
53+
- [ ] Wire `ScanOrchestrator` → TUI via callback
54+
- [ ] `ScanHistoryScreen`
55+
- [ ] `ConfigScreen`
56+
- [ ] Replace stub `action_scan`
57+
58+
## Phase 5 — Automation & Integration
59+
- [ ] Scan scheduling (`bf schedule --every 24h`)
60+
- [ ] Webhook notifications (Slack, Discord)
61+
- [ ] GitHub Issues integration
62+
- [ ] Email reports
63+
- [ ] CI/CD mode (`bf ci --exit-on-finding`)
64+
- [ ] Batch target scanning (`--targets-file`)
65+
66+
## Phase 6 — AI/LLM Vulnerability Agents
67+
- [x] Add `TargetType.LLM`
68+
- [ ] `ai.prompt_injection` agent
69+
- [ ] `ai.sensitive_disclosure` agent
70+
- [ ] `ai.denial_of_service` agent
71+
- [ ] `ai.excessive_agency` agent
72+
- [ ] `ai.output_handling` agent
73+
- [ ] `ai.model_theft` agent
74+
- [ ] `ai.plugin_scan` agent
75+
- [ ] LLM target detection + planner rules
76+
77+
## Phase 7 — AI-Enhanced Bug Finding
78+
- [ ] AI payload selection for XSS (context-aware)
79+
- [ ] AI DB detection + tailored SQLi payloads
80+
- [ ] AI path discovery for crawler
81+
- [ ] AI API fuzzing from OpenAPI specs
82+
- [ ] AI false-positive classification for secrets
83+
- [ ] AI finding correlation + attack chains
84+
85+
## Phase 8 — Zero-Config Experience
86+
- [ ] `bf init` setup wizard
87+
- [ ] Auto-detect API key locations
88+
- [ ] Graceful degradation without AI
89+
- [ ] Plain-English error messages
90+
- [ ] Target auto-categorization (14+ types)
91+
92+
## Phase 9 — Production Hardening
93+
- [ ] Parallel agent execution
94+
- [ ] Scan pause/resume
95+
- [ ] Adaptive planning (results → planner feedback loop)
96+
- [ ] WAF detection + evasion
97+
- [ ] OOB callback server
98+
- [ ] Finding de-duplication
99+
- [ ] PoC generation
100+
- [ ] Scan diffing (`bf diff`)

0 commit comments

Comments
 (0)