Project's roadmap

For transparency reasons, and to encourage contributions and collaborations, Raider will have a public roadmap with current goals, and link to Github issues where relevant. This roadmap might change the more experience we gain, but hey, as long as there’s progress it’s good!

Last updated: 29.09.2021

For now the goals are splitted into three categories: code, community, and documentation.

Code

  • Extend fuzzing module
    • Add new Python classes to deal with fuzzing common inputs, i.e. integers, chars, files, etc…
    • Make fuzzing faster by implementing threading (#19)
  • Add more Plugins
    • Parsers (JWT, protobuf, etc…)
    • En/Decoders (URL, Base64, etc…)
    • Hash (MD5, SHA1, etc…)
  • Add more Operations
    • Run a shell comand upon receiving a response
    • Print Diff with another request
  • Split Operations into groups
    • It should be modular with different types of Operations (maybe?)
    • Types that affect the authentication flow i.e. NextStage, Http, Grep, etc… vs types that don’t i.e. Print, Save, etc…
  • Improve logging
    • Add more logs where it makes sense, and sort them out properly in structured form
    • Print output in command line in a structured form
  • Improve debugging
    • Debug hylang code easier, with proper error messages
  • Add command line interface
    • Show and change existing project
    • Edit global settings
    • Edit project settings
    • Add new projects
      • Use the system editor to let the user edit hyfiles
    • Run a hyfile from the CLI
    • Add new users via CLI
  • Restructure the function to process inputs
    • Split it into smaller functions
  • Fix bugs
    • Evaluate POSTBody recursively (#21)
    • Make plugins work with empty names
    • Don’t send plugins when their value hasn’t been extracted
    • Update the user agent in the config file with the new version of raider on updates
  • Make Templates work
  • Make load_session work with authenticated fuzzing
  • Make Variable work with other arbitrary data besides username/password
  • Add tests
    • Find a way to do tests properly

Community

  • Collaborate with other projects
    • Integrate somehow into ZAProxy
    • If other projects are interested in collaborating, let us now
  • Build an active user base in the forum
  • Publish sample configurations for common apps/websites
  • Find contributors to the code and/or documentation.

Documentation

  • Finish documenting the latest version
    • Now it’s ~50% documented
    • Update all docstrings
    • Add examples to docstrings
    • Add the new pages in sphynx
  • Write tutorials
    • OWASP JuiceShop examples with Raider
    • Run bruteforce attacks
    • Demo fuzzing inputs