SwiftnessX v0.2
A cross-platform note-taking & target-tracking app for penetration testers built on ElectronJS.
Download
Contents
Checklists
We’re aiming to release a number of checklists with v0.3
release. Please send the request here to join in private-repo to collaborate with other researchers on its development. In meantime, you can download the below checklists to import in your libraries:
- OWASP-Testing-Checklist from @Ice3man543: Download (Inspired by @tanprathan work)
You can also download the code to generate this checklist whenever any updates are available in the original repository.
- OSCP Methodology from @InitRoot: The checklist aim to assist OSCP students with a baseline methodology for the labs and exam environments. (Coming Soon)
To Import: After downloading the .json
file:
- Open SwiftnessX app
- Click on import/export button (right next to the Logo)
- Select Import and select the downloaded
.json
file
Run from source
Using Yarn (Recommended)
View Steps
To install yarn, please refer to this link.
> git clone https://github.com/ehrishirajsharma/swiftnessx.git //clone the repository
> sudo yarn //install dependencies within the repo folder
> sudo yarn dev //run the package
To update just use git pull
or if dependencies are updated than first install them by yarn
Using Npm
View Steps
To install npm, please refer to this link.
> sudo npm install electron -g --unsafe-perm=true --allow-root //install electron globally in system
> git clone https://github.com/ehrishirajsharma/swiftnessx.git //clone the repository
> sudo npm install --unsafe-perm=true --allow-root //install dependencies
> sudo npm run dev //run the package
To update just use git pull
or if dependencies are updated than first install them by npm install
Report
This is very early days of this project, therefore unexpected bugs, UI glitches and data-corruptions related issues may occur. I’d personally and strongly recommend to keep taking backups daily to not to loose any data if something bad happens.
Before reporting a bug or glitch, please confirm if it is not previously reported. Give most possible information about the issue: reproduction steps, OS/environments specifics and any possible suggestions to fix it.
You can use this link to create and file an issue.
Swiftness project was initially started to combat my day-to-day personal issues related to managing findings and checklist and was never built in mind for cross-platform support. However, to fulfill the gap for other OS, I decided to switch the project to ElectronJS. With the better flexibility, it came with a drawback of having too much dependencies on 3rd party libraries, ultimately, more concerns related to its security.
What measures we’ve been taking:
View
- Kept the 3rd party dependencies lower, and built most of the modules from scratch.
- Tested injection related vulnerabilities.
- Regular check-up on 0-day vulnerabilities of the dependencies.
Where to report?
View
You can send an email to [email protected], please provide as much as possible information on reproducing and fixing the vulnerabilities. We’re already aware of a few security vulnerabilities and working on to fix it.
References related to Electron security
Please refer to the below guide on understanding the basics and security of Electron:
- https://electronjs.org/docs/tutorial/security
- https://www.blackhat.com/docs/us-17/thursday/us-17-Carettoni-Electronegativity-A-Study-Of-Electron-Security-wp.pdf
- https://www.youtube.com/watch?v=QSMbk2nLTBk
Also check the package.json to see this project dependencies.
Upcomings
We aim to release a major new update every 3 months, hoping to short this cycle however, testing and fixing the glitches for all the platforms take a bit time. Moreover, this project is maintained on weekends so you may see some slow replies on emails or issues.
- Dark Theme
- Support for Dropbox and Google Drive Sync
- Performance Refactors
- Reporting tools inspired by Frans Rosen (@fransr): https://github.com/fransr/template-generator
- Better Text Editor: Enhanced Table features, export options, highlighting customisations, etc
How to contribute?
You can contribute and keep this project alive by, finding bugs or security issues, suggesting new features, grammatical mistakes / document writing or by creating pull request for pending bugs or feature.
You can also contact me at Twitter (my DM is open), or write me an email to [email protected] to discuss anything related to the current goals, project’s future or any possible collaborations.
Credits
Special thanks to Tomas Baskys and Pankaj Prajapat for their huge contributions on this project.
- @InitRoot
- @ehsahil
- @SolomonSklash