From e5041d84de43f04d03cae0d7670feac680da985e Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 22 Jul 2024 06:59:54 +0530
Subject: [PATCH 001/211] Added addition of multiple nuclei templates closes
 #461

---
 web/reNgine/settings.py                       |  5 ++++
 .../templates/scanEngine/settings/tool.html   |  2 +-
 web/scanEngine/views.py                       | 29 ++++++++++---------
 3 files changed, 22 insertions(+), 14 deletions(-)

diff --git a/web/reNgine/settings.py b/web/reNgine/settings.py
index 0924a6391..f84b95401 100644
--- a/web/reNgine/settings.py
+++ b/web/reNgine/settings.py
@@ -306,3 +306,8 @@
         }
     },
 }
+
+'''
+File upload settings
+'''
+DATA_UPLOAD_MAX_NUMBER_FIELDS = None
\ No newline at end of file
diff --git a/web/scanEngine/templates/scanEngine/settings/tool.html b/web/scanEngine/templates/scanEngine/settings/tool.html
index 57dfc2fe4..0c50c530c 100644
--- a/web/scanEngine/templates/scanEngine/settings/tool.html
+++ b/web/scanEngine/templates/scanEngine/settings/tool.html
@@ -113,7 +113,7 @@ <h6 class="header-title">Currently available custom Nuclei templates</h6>
               {% csrf_token %}
               <div class="form-group mb-4 mt-3">
                 <label for="nucleiFileUpload" class="form-label">Upload Nuclei Template YAML</label>
-                <input type="file" class="form-control" name="nucleiFileUpload" id="nucleiFileUpload" accept=".yaml">
+                <input type="file" class="form-control" name="nucleiFileUpload[]" id="nucleiFileUpload" accept=".yaml,.yml" multiple>
               </div>
               <input type="submit" class="btn btn-primary mt-3 float-end" value="Upload">
             </form>
diff --git a/web/scanEngine/views.py b/web/scanEngine/views.py
index 21b9b4baf..bed9c8d63 100644
--- a/web/scanEngine/views.py
+++ b/web/scanEngine/views.py
@@ -197,8 +197,6 @@ def tool_specific_settings(request, slug):
     context = {}
     # check for incoming form requests
     if request.method == "POST":
-
-        print(request.FILES)
         if 'gfFileUpload' in request.FILES:
             gf_file = request.FILES['gfFileUpload']
             file_extension = gf_file.name.split('.')[len(gf_file.name.split('.'))-1]
@@ -214,18 +212,23 @@ def tool_specific_settings(request, slug):
                 messages.add_message(request, messages.INFO, f'Pattern {gf_file.name[:4]} successfully uploaded')
             return http.HttpResponseRedirect(reverse('tool_settings', kwargs={'slug': slug}))
 
-        elif 'nucleiFileUpload' in request.FILES:
-            nuclei_file = request.FILES['nucleiFileUpload']
-            file_extension = nuclei_file.name.split('.')[len(nuclei_file.name.split('.'))-1]
-            if file_extension != 'yaml':
+        elif 'nucleiFileUpload[]' in request.FILES:
+            nuclei_files = request.FILES.getlist('nucleiFileUpload[]')
+            upload_count = 0
+            for nuclei_file in nuclei_files:
+                original_filename = nuclei_file.name if isinstance(nuclei_file.name, str) else nuclei_file.name.decode('utf-8')
+                original_filename = re.sub(r'[\\/*?:"<>|]',"", original_filename)
+                file_extension = original_filename.split('.')[len(nuclei_file.name.split('.'))-1]
+                if file_extension in ['yaml', 'yml']:
+                    base_filename = os.path.splitext(original_filename)[0]
+                    file_path = '/root/nuclei-templates/' + base_filename + '.yaml'
+                    file = open(file_path, "w")
+                    file.write(nuclei_file.read().decode("utf-8"))
+                    file.close()
+                    upload_count += 1
+            if upload_count == 0:
                 messages.add_message(request, messages.ERROR, 'Invalid Nuclei Pattern, upload only *.yaml extension')
-            else:
-                filename = re.sub(r'[\\/*?:"<>|]',"", nuclei_file.name)
-                file_path = '/root/nuclei-templates/' + filename
-                file = open(file_path, "w")
-                file.write(nuclei_file.read().decode("utf-8"))
-                file.close()
-                messages.add_message(request, messages.INFO, f'Nuclei Pattern {nuclei_file.name[:-5]} successfully uploaded')
+            messages.add_message(request, messages.INFO, f'{upload_count} Nuclei Patterns successfully uploaded')
             return http.HttpResponseRedirect(reverse('tool_settings', kwargs={'slug': slug}))
 
         elif 'nuclei_config_text_area' in request.POST:

From 9ed067a13de5fda0616af5658d89e510fc68784d Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 22 Jul 2024 07:08:42 +0530
Subject: [PATCH 002/211] Add feat multiple gf pattern upload

---
 .../templates/scanEngine/settings/tool.html   |  2 +-
 web/scanEngine/views.py                       | 27 ++++++++++---------
 2 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/web/scanEngine/templates/scanEngine/settings/tool.html b/web/scanEngine/templates/scanEngine/settings/tool.html
index 57dfc2fe4..6d66df65d 100644
--- a/web/scanEngine/templates/scanEngine/settings/tool.html
+++ b/web/scanEngine/templates/scanEngine/settings/tool.html
@@ -39,7 +39,7 @@ <h4 class="header-title">Currently available GF patterns</h4>
           {% csrf_token %}
           <div class="mb-3 mb-xl-0">
             <label for="gfFileUpload" class="form-label">Upload GF Pattern JSON</label>
-            <input class="form-control" type="file" id="gfFileUpload" accept="application/JSON" name="gfFileUpload">
+            <input class="form-control" type="file" id="gfFileUpload" accept=".json" name="gfFileUpload[]" multiple>
           </div>
           <input type="submit" class="btn btn-primary mt-3 float-end" value="Upload">
         </form>
diff --git a/web/scanEngine/views.py b/web/scanEngine/views.py
index 21b9b4baf..1023d9b33 100644
--- a/web/scanEngine/views.py
+++ b/web/scanEngine/views.py
@@ -199,19 +199,22 @@ def tool_specific_settings(request, slug):
     if request.method == "POST":
 
         print(request.FILES)
-        if 'gfFileUpload' in request.FILES:
-            gf_file = request.FILES['gfFileUpload']
-            file_extension = gf_file.name.split('.')[len(gf_file.name.split('.'))-1]
-            if file_extension != 'json':
-                messages.add_message(request, messages.ERROR, 'Invalid GF Pattern, upload only *.json extension')
-            else:
+        if 'gfFileUpload[]' in request.FILES:
+            gf_files = request.FILES.getlist('gfFileUpload[]')
+            upload_count = 0
+            for gf_file in gf_files:
+                original_filename = gf_file.name if isinstance(gf_file.name, str) else gf_file.name.decode('utf-8')
                 # remove special chars from filename, that could possibly do directory traversal or XSS
-                filename = re.sub(r'[\\/*?:"<>|]',"", gf_file.name)
-                file_path = '/root/.gf/' + filename
-                file = open(file_path, "w")
-                file.write(gf_file.read().decode("utf-8"))
-                file.close()
-                messages.add_message(request, messages.INFO, f'Pattern {gf_file.name[:4]} successfully uploaded')
+                original_filename = re.sub(r'[\\/*?:"<>|]',"", original_filename)
+                file_extension = original_filename.split('.')[len(gf_file.name.split('.'))-1]
+                if file_extension == 'json':
+                    base_filename = os.path.splitext(original_filename)[0]
+                    file_path = '/root/.gf/' + base_filename + '.json'
+                    file = open(file_path, "w")
+                    file.write(gf_file.read().decode("utf-8"))
+                    file.close()
+                    upload_count += 1
+            messages.add_message(request, messages.INFO, f'{upload_count} GF files successfully uploaded')
             return http.HttpResponseRedirect(reverse('tool_settings', kwargs={'slug': slug}))
 
         elif 'nucleiFileUpload' in request.FILES:

From bbb0ed609c6190a191e6f652708b20401660a70f Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 22 Jul 2024 07:09:54 +0530
Subject: [PATCH 003/211] update text

---
 web/scanEngine/templates/scanEngine/settings/tool.html | 1 +
 1 file changed, 1 insertion(+)

diff --git a/web/scanEngine/templates/scanEngine/settings/tool.html b/web/scanEngine/templates/scanEngine/settings/tool.html
index 6d66df65d..5f884540c 100644
--- a/web/scanEngine/templates/scanEngine/settings/tool.html
+++ b/web/scanEngine/templates/scanEngine/settings/tool.html
@@ -39,6 +39,7 @@ <h4 class="header-title">Currently available GF patterns</h4>
           {% csrf_token %}
           <div class="mb-3 mb-xl-0">
             <label for="gfFileUpload" class="form-label">Upload GF Pattern JSON</label>
+            <small class="text-muted">(Multiple files can be uploaded.)</small>
             <input class="form-control" type="file" id="gfFileUpload" accept=".json" name="gfFileUpload[]" multiple>
           </div>
           <input type="submit" class="btn btn-primary mt-3 float-end" value="Upload">

From 15b857a20837a39ee46fe9b75f904b4353d74539 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 22 Jul 2024 07:10:25 +0530
Subject: [PATCH 004/211] update label

---
 web/scanEngine/templates/scanEngine/settings/tool.html | 1 +
 1 file changed, 1 insertion(+)

diff --git a/web/scanEngine/templates/scanEngine/settings/tool.html b/web/scanEngine/templates/scanEngine/settings/tool.html
index 0c50c530c..9500aa7d4 100644
--- a/web/scanEngine/templates/scanEngine/settings/tool.html
+++ b/web/scanEngine/templates/scanEngine/settings/tool.html
@@ -113,6 +113,7 @@ <h6 class="header-title">Currently available custom Nuclei templates</h6>
               {% csrf_token %}
               <div class="form-group mb-4 mt-3">
                 <label for="nucleiFileUpload" class="form-label">Upload Nuclei Template YAML</label>
+                <small class="text-muted">(Multiple files can be uploaded.)</small>
                 <input type="file" class="form-control" name="nucleiFileUpload[]" id="nucleiFileUpload" accept=".yaml,.yml" multiple>
               </div>
               <input type="submit" class="btn btn-primary mt-3 float-end" value="Upload">

From 9e80ccab5d70df1a6b75c2ae017cf9218f61f293 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 22 Jul 2024 08:34:01 +0530
Subject: [PATCH 005/211] added option to stop multiple scans

---
 web/api/views.py                              |  4 +-
 .../templates/startScan/history.html          | 38 +++++++++++++-
 web/startScan/urls.py                         |  4 ++
 web/startScan/views.py                        | 49 +++++++++++++++++--
 4 files changed, 87 insertions(+), 8 deletions(-)

diff --git a/web/api/views.py b/web/api/views.py
index b914ac4ad..f7ea1f664 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -789,7 +789,7 @@ def post(self, request):
 				create_scan_activity(
 					subscan.scan_history.id,
 					f'Subscan {subscan_id} aborted',
-					SUCCESS_TASK)
+					ABORTED_TASK)
 				response['status'] = True
 			except Exception as e:
 				logging.error(e)
@@ -805,7 +805,7 @@ def post(self, request):
 				create_scan_activity(
 					scan.id,
 					"Scan aborted",
-					SUCCESS_TASK)
+					ABORTED_TASK)
 				response['status'] = True
 			except Exception as e:
 				logging.error(e)
diff --git a/web/startScan/templates/startScan/history.html b/web/startScan/templates/startScan/history.html
index 3221c800b..06830940f 100644
--- a/web/startScan/templates/startScan/history.html
+++ b/web/startScan/templates/startScan/history.html
@@ -58,9 +58,12 @@ <h4 class="headline-title">Filters</h4>
               <a href="#" class="dropdown-ite text-primary float-end" id="resetFilters">Reset Filters</a>
             </div>
           </div>
+          {% if user|can:'initiate_scans_subscans' %}
           <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
-            <a class="btn btn-soft-danger float-end disabled ms-1" href="#" onclick="deleteMultipleScan()" id="delete_multiple_button">Delete Multiple Scans</a>
+            <a class="btn btn-soft-danger float-end disabled ms-1 mt-1" href="#" onclick="deleteMultipleScan()" id="delete_multiple_button">Delete Multiple Scans</a>
+            <a class="btn btn-soft-danger float-end disabled ms-1 mt-1" href="#" onclick="stopMultipleScan()" id="stop_multiple_button">Stop Multiple Scans</a>
           </div>
+          {% endif %}
         </div>
       </div>
     </div>
@@ -435,17 +438,21 @@ <h4 class="modal-title" id="myCenterModalLabel">Download Report</h4>
   function toggleMultipleTargetButton() {
     if (checkedCount() > 0) {
       $("#delete_multiple_button").removeClass("disabled");
+      $("#stop_multiple_button").removeClass("disabled");
     } else {
       $("#delete_multiple_button").addClass("disabled");
+      $("#stop_multiple_button").addClass("disabled");
     }
   }
 
   function mainCheckBoxSelected(checkbox) {
     if (checkbox.checked) {
       $("#delete_multiple_button").removeClass("disabled");
+      $("#stop_multiple_button").removeClass("disabled");
       $(".targets_checkbox").prop('checked', true);
     } else {
       $("#delete_multiple_button").addClass("disabled");
+      $("#stop_multiple_button").addClass("disabled");
       $(".targets_checkbox").prop('checked', false);
     }
   }
@@ -454,7 +461,7 @@ <h4 class="modal-title" id="myCenterModalLabel">Download Report</h4>
     if (!checkedCount()) {
       swal({
         title: '',
-        text: "Oops! No targets has been selected!",
+        text: "Oops! You haven't selected any scan to delete.",
         type: 'error',
         padding: '2em'
       })
@@ -477,6 +484,33 @@ <h4 class="modal-title" id="myCenterModalLabel">Download Report</h4>
     }
   }
 
+  function stopMultipleScan() {
+    if (!checkedCount()) {
+      swal({
+        title: '',
+        text: "Oops! You haven't selected any scans to stop.",
+        type: 'error',
+        padding: '2em'
+      })
+    } else {
+      // atleast one target is selected
+      swal.queue([{
+        title: 'Are you sure you want to stop ' + checkedCount() + ' Scans?',
+        text: "This action is irreversible.\nThis will stop all the selected scans if they are running.",
+        type: 'warning',
+        showCancelButton: true,
+        confirmButtonText: 'Delete',
+        padding: '2em',
+        showLoaderOnConfirm: true,
+        preConfirm: function() {
+          deleteForm = document.getElementById("scan_history_form");
+          deleteForm.action = "../stop/multiple";
+          deleteForm.submit();
+        }
+      }])
+    }
+  }
+
   // select option listener for report_type_select
   var report_type = document.getElementById("report_type_select");
   report_type.addEventListener("change", function() {
diff --git a/web/startScan/urls.py b/web/startScan/urls.py
index 31054f069..7ff6a57d0 100644
--- a/web/startScan/urls.py
+++ b/web/startScan/urls.py
@@ -106,4 +106,8 @@
         '<slug:slug>/delete/multiple',
         views.delete_scans,
         name='delete_multiple_scans'),
+    path(
+        '<slug:slug>/stop/multiple',
+        views.stop_scans,
+        name='stop_multiple_scans'),
 ]
diff --git a/web/startScan/views.py b/web/startScan/views.py
index ac08da282..6d2a16ece 100644
--- a/web/startScan/views.py
+++ b/web/startScan/views.py
@@ -462,11 +462,13 @@ def delete_scan(request, id):
 def stop_scan(request, id):
     if request.method == "POST":
         scan = get_object_or_404(ScanHistory, id=id)
-        scan.scan_status = ABORTED_TASK
-        scan.save()
         try:
             for task_id in scan.celery_ids:
                 app.control.revoke(task_id, terminate=True, signal='SIGKILL')
+            
+            # after celery task is stopped, update the scan status
+            scan.scan_status = ABORTED_TASK
+            scan.save()
             tasks = (
                 ScanActivity.objects
                 .filter(scan_of=scan)
@@ -474,10 +476,11 @@ def stop_scan(request, id):
                 .order_by('-pk')
             )
             for task in tasks:
+                app.control.revoke(task.celery_id, terminate=True, signal='SIGKILL')
                 task.status = ABORTED_TASK
                 task.time = timezone.now()
                 task.save()
-            create_scan_activity(scan.id, "Scan aborted", SUCCESS_TASK)
+            create_scan_activity(scan.id, "Scan aborted", ABORTED_TASK)
             response = {'status': True}
             messages.add_message(
                 request,
@@ -496,6 +499,44 @@ def stop_scan(request, id):
     return scan_history(request)
 
 
+@has_permission_decorator(PERM_INITATE_SCANS_SUBSCANS, redirect_url=FOUR_OH_FOUR_URL)
+def stop_scans(request, slug):
+    if request.method == "POST":
+        for key, value in request.POST.items():
+            if key == 'scan_history_table_length' or key == 'csrfmiddlewaretoken':
+                continue
+            scan = get_object_or_404(ScanHistory, id=value)
+            try:
+                for task_id in scan.celery_ids:
+                    app.control.revoke(task_id, terminate=True, signal='SIGKILL')
+                tasks = (
+                    ScanActivity.objects
+                    .filter(scan_of=scan)
+                    .filter(status=RUNNING_TASK)
+                    .order_by('-pk')
+                )
+                for task in tasks:
+                    app.control.revoke(task.celery_id, terminate=True, signal='SIGKILL')
+                    task.status = ABORTED_TASK
+                    task.time = timezone.now()
+                    task.save()
+                create_scan_activity(scan.id, "Scan aborted", ABORTED_TASK)
+                messages.add_message(
+                    request,
+                    messages.INFO,
+                    'Multiple scans successfully stopped!'
+                )
+            except Exception as e:
+                logger.error(e)
+                messages.add_message(
+                    request,
+                    messages.ERROR,
+                    f'Scans failed to stop ! Error: {str(e)}'
+                )
+    return HttpResponseRedirect(reverse('scan_history', kwargs={'slug': slug}))
+
+
+
 @has_permission_decorator(PERM_INITATE_SCANS_SUBSCANS, redirect_url=FOUR_OH_FOUR_URL)
 def schedule_scan(request, host_id, slug):
     domain = Domain.objects.get(id=host_id)
@@ -825,7 +866,7 @@ def delete_scans(request, slug):
         messages.add_message(
             request,
             messages.INFO,
-            'All Scans deleted!')
+            'Multiple scans successfully deleted!')
     return HttpResponseRedirect(reverse('scan_history', kwargs={'slug': slug}))
 
 

From 364e1594bdea791c84b3535df1f6bb3d203d881e Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 22 Jul 2024 09:17:07 +0530
Subject: [PATCH 006/211] update logger

---
 web/api/views.py        | 6 ++++--
 web/reNgine/settings.py | 5 +++++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/web/api/views.py b/web/api/views.py
index f7ea1f664..7a9b8885e 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -792,12 +792,14 @@ def post(self, request):
 					ABORTED_TASK)
 				response['status'] = True
 			except Exception as e:
-				logging.error(e)
+				logger.error(e)
 				response = {'status': False, 'message': str(e)}
 		elif scan_id:
 			try:
+				logger.info(f'Aborting scan History')
 				scan = get_object_or_404(ScanHistory, id=scan_id)
 				task_ids = scan.celery_ids
+				logger.info(f"Setting scan {scan} status to ABORTED_TASK")
 				scan.scan_status = ABORTED_TASK
 				scan.stop_scan_date = timezone.now()
 				scan.aborted_by = request.user
@@ -808,7 +810,7 @@ def post(self, request):
 					ABORTED_TASK)
 				response['status'] = True
 			except Exception as e:
-				logging.error(e)
+				logger.error(e)
 				response = {'status': False, 'message': str(e)}
 
 		logger.warning(f'Revoking tasks {task_ids}')
diff --git a/web/reNgine/settings.py b/web/reNgine/settings.py
index 0924a6391..c6b77e9ab 100644
--- a/web/reNgine/settings.py
+++ b/web/reNgine/settings.py
@@ -303,6 +303,11 @@
             'handlers': ['task'],
             'level': 'DEBUG' if DEBUG else 'INFO',
             'propagate': False
+        },
+        'api.views': {
+            'handlers': ['console'],
+            'level': 'DEBUG' if DEBUG else 'INFO',
+            'propagate': False
         }
     },
 }

From 7c4239d8a1ae44b46a3c9a5bd1ae22355c9adaf9 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 22 Jul 2024 09:45:24 +0530
Subject: [PATCH 007/211] Modified StopScan ApiView to accept multiple scan ids

---
 web/api/views.py                              | 112 +++++++++++-------
 .../templates/startScan/history.html          |  64 ++++++++--
 2 files changed, 124 insertions(+), 52 deletions(-)

diff --git a/web/api/views.py b/web/api/views.py
index 7a9b8885e..b1b102c21 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -772,65 +772,89 @@ class StopScan(APIView):
 	def post(self, request):
 		req = self.request
 		data = req.data
-		scan_id = data.get('scan_id')
-		subscan_id = data.get('subscan_id')
-		response = {}
-		task_ids = []
-		scan = None
-		subscan = None
-		if subscan_id:
-			try:
-				subscan = get_object_or_404(SubScan, id=subscan_id)
-				scan = subscan.scan_history
-				task_ids = subscan.celery_ids
-				subscan.status = ABORTED_TASK
-				subscan.stop_scan_date = timezone.now()
-				subscan.save()
-				create_scan_activity(
-					subscan.scan_history.id,
-					f'Subscan {subscan_id} aborted',
-					ABORTED_TASK)
-				response['status'] = True
-			except Exception as e:
-				logger.error(e)
-				response = {'status': False, 'message': str(e)}
-		elif scan_id:
+		scan_ids = data.get('scan_ids', [])
+		subscan_ids = data.get('subscan_ids', [])
+
+		scan_ids = [int(id) for id in scan_ids]
+		subscan_ids = [int(id) for id in subscan_ids]
+
+
+		def abort_scan(scan):
+			response = {}
+			logger.info(f'Aborting scan History')
 			try:
-				logger.info(f'Aborting scan History')
-				scan = get_object_or_404(ScanHistory, id=scan_id)
-				task_ids = scan.celery_ids
 				logger.info(f"Setting scan {scan} status to ABORTED_TASK")
+				task_ids = scan.celery_ids
 				scan.scan_status = ABORTED_TASK
 				scan.stop_scan_date = timezone.now()
 				scan.aborted_by = request.user
 				scan.save()
+				for task_id in task_ids:
+					app.control.revoke(task_id, terminate=True, signal='SIGKILL')
+
+				tasks = (
+					ScanActivity.objects
+					.filter(scan_of=scan)
+					.filter(status=RUNNING_TASK)
+					.order_by('-pk')
+				)
+				for task in tasks:
+					task.status = ABORTED_TASK
+					task.time = timezone.now()
+					task.save()
+
 				create_scan_activity(
 					scan.id,
 					"Scan aborted",
-					ABORTED_TASK)
+					ABORTED_TASK
+				)
 				response['status'] = True
 			except Exception as e:
 				logger.error(e)
 				response = {'status': False, 'message': str(e)}
 
-		logger.warning(f'Revoking tasks {task_ids}')
-		for task_id in task_ids:
-			app.control.revoke(task_id, terminate=True, signal='SIGKILL')
+			return response
 
-		# Abort running tasks
-		tasks = (
-			ScanActivity.objects
-			.filter(scan_of=scan)
-			.filter(status=RUNNING_TASK)
-			.order_by('-pk')
-		)
-		if tasks.exists():
-			for task in tasks:
-				if subscan_id and task.id not in subscan.celery_ids:
-					continue
-				task.status = ABORTED_TASK
-				task.time = timezone.now()
-				task.save()
+		def abort_subscan(subscan):
+			response = {}
+			logger.info(f'Aborting subscan')
+			try:
+				logger.info(f"Setting scan {subscan} status to ABORTED_TASK")
+				task_ids = subscan.celery_ids
+
+				for task_id in task_ids:
+					app.control.revoke(task_id, terminate=True, signal='SIGKILL')
+
+				subscan.status = ABORTED_TASK
+				subscan.stop_scan_date = timezone.now()
+				subscan.save()
+				create_scan_activity(
+					subscan.scan_history.id,
+					f'Subscan aborted',
+					ABORTED_TASK
+				)
+				response['status'] = True
+			except Exception as e:
+				logger.error(e)
+				response = {'status': False, 'message': str(e)}
+
+			return response
+
+		for scan_id in scan_ids:
+			try:
+				scan = ScanHistory.objects.get(id=scan_id)
+				response = abort_scan(scan)
+			except Exception as e:
+				logger.error(e)
+				response = {'status': False, 'message': str(e)}
+			
+		for subscan_id in subscan_ids:
+			try:
+				subscan = SubScan.objects.get(id=subscan_id)
+				response = abort_subscan(subscan)
+			except Exception as e:
+				logger.error(e)
+				response = {'status': False, 'message': str(e)}
 
 		return Response(response)
 
diff --git a/web/startScan/templates/startScan/history.html b/web/startScan/templates/startScan/history.html
index 06830940f..ff9bfba1f 100644
--- a/web/startScan/templates/startScan/history.html
+++ b/web/startScan/templates/startScan/history.html
@@ -494,20 +494,68 @@ <h4 class="modal-title" id="myCenterModalLabel">Download Report</h4>
       })
     } else {
       // atleast one target is selected
-      swal.queue([{
+      Swal.fire({
         title: 'Are you sure you want to stop ' + checkedCount() + ' Scans?',
         text: "This action is irreversible.\nThis will stop all the selected scans if they are running.",
-        type: 'warning',
+        icon: 'warning',
         showCancelButton: true,
-        confirmButtonText: 'Delete',
-        padding: '2em',
+        confirmButtonColor: '#d33',
+        cancelButtonColor: '#3085d6',
+        confirmButtonText: 'Stop',
+        cancelButtonText: 'Cancel',
         showLoaderOnConfirm: true,
         preConfirm: function() {
-          deleteForm = document.getElementById("scan_history_form");
-          deleteForm.action = "../stop/multiple";
-          deleteForm.submit();
+          var selected_scan_ids = [];
+          $('.targets_checkbox:checked').each(function() {
+            selected_scan_ids.push($(this).val());
+          });
+          data = {
+            'scan_ids': selected_scan_ids
+          }
+          fetch('/api/action/stop/scan/', {
+            method: 'POST',
+            headers: {
+              'Content-Type': 'application/json',
+              'X-CSRFToken': getCookie('csrftoken')
+            },
+            body: JSON.stringify(data)
+          }).then(function(response) {
+            if (response.ok) {
+              return response.json();
+            }
+            throw new Error('Network response was not ok.');
+          }).then(function(data) {
+            if (data['status']) {
+              Swal.fire({
+                title: 'Success',
+                text: data['message'],
+                icon: 'success',
+                showConfirmButton: false,
+                timer: 1500
+              });
+              setTimeout(function() {
+                location.reload();
+              }, 1500);
+            } else {
+              Swal.fire({
+                title: 'Error',
+                text: data['message'],
+                icon: 'error',
+                showConfirmButton: false,
+                timer: 1500
+              });
+            }
+          }).catch(function(error) {
+            Swal.fire({
+              title: 'Error',
+              text: 'An error occurred while stopping the scans',
+              icon: 'error',
+              showConfirmButton: false,
+              timer: 1500
+            });
+          });
         }
-      }])
+      });
     }
   }
 

From c2b1c10ae2c7c428880c5e0e9b1500e52166ab71 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 22 Jul 2024 09:49:00 +0530
Subject: [PATCH 008/211] modify abort scan

---
 web/api/views.py            |  1 +
 web/static/custom/custom.js | 28 ++++++++++++++++------------
 2 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/web/api/views.py b/web/api/views.py
index b1b102c21..5b0af63ec 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -778,6 +778,7 @@ def post(self, request):
 		scan_ids = [int(id) for id in scan_ids]
 		subscan_ids = [int(id) for id in subscan_ids]
 
+		response = {'status': False}
 
 		def abort_scan(scan):
 			response = {}
diff --git a/web/static/custom/custom.js b/web/static/custom/custom.js
index 1755b0508..a0ae9694f 100644
--- a/web/static/custom/custom.js
+++ b/web/static/custom/custom.js
@@ -830,10 +830,10 @@ function stop_scan(scan_id=null, subscan_id=null, reload_scan_bar=true, reload_l
 	const stopAPI = "/api/action/stop/scan/";
 
 	if (scan_id) {
-		var data = {'scan_id': scan_id}
+		var data = {'scan_ids': [scan_id]}
 	}
 	else if (subscan_id) {
-		var data = {'subscan_id': subscan_id}
+		var data = {'subscan_ids': [subscan_id]}
 	}
 	swal.queue([{
 		title: 'Are you sure you want to stop this scan?',
@@ -857,17 +857,21 @@ function stop_scan(scan_id=null, subscan_id=null, reload_scan_bar=true, reload_l
 			}).then(function(data) {
 				// TODO Look for better way
 				if (data.status) {
-					Snackbar.show({
-						text: 'Scan Successfully Aborted.',
-						pos: 'top-right',
-						duration: 1500
+					Swal.fire({
+						title: 'Success',
+						text: data['message'],
+						icon: 'success',
+						showConfirmButton: false,
+						timer: 1500
 					});
-					if (reload_scan_bar) {
-						getScanStatusSidebar();
-					}
-					if (reload_location) {
-						window.location.reload();
-					}
+					setTimeout(function() {
+						if (reload_scan_bar) {
+							getScanStatusSidebar();
+						}
+						if (reload_location) {
+							window.location.reload();
+						}
+					}, 1500);
 				} else {
 					Snackbar.show({
 						text: 'Oops! Could not abort the scan. ' + data.message,

From 75502308fb80d39dde41c1a5d7ae7a0d7aedea16 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 22 Jul 2024 09:57:28 +0530
Subject: [PATCH 009/211] added feature to stop multiple subscans

---
 .../templates/startScan/subscan_history.html  | 84 ++++++++++++++++++-
 1 file changed, 83 insertions(+), 1 deletion(-)

diff --git a/web/startScan/templates/startScan/subscan_history.html b/web/startScan/templates/startScan/subscan_history.html
index add9e21bd..4b4f1c82e 100644
--- a/web/startScan/templates/startScan/subscan_history.html
+++ b/web/startScan/templates/startScan/subscan_history.html
@@ -58,9 +58,10 @@ <h4 class="headline-title">Filters</h4>
               <a href="#" class="dropdown-ite text-primary float-end" id="resetFilters">Reset Filters</a>
             </div>
           </div>
-          {% if user|can:'modify_scan_results' %}
+          {% if user|can:'initiate_scans_subscans' %}
           <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
             <a class="btn btn-soft-danger float-end disabled ms-1" href="#" onclick="deleteMultipleSubScan()" id="delete_multiple_button">Delete Multiple SubScans</a>
+            <a class="btn btn-soft-danger float-end disabled ms-1" href="#" onclick="stopMultipleSubScan()" id="stop_multiple_button">Stop Multiple SubScans</a>
           </div>
           {% endif %}
         </div>
@@ -353,17 +354,21 @@ <h4 class="headline-title">Filters</h4>
   function toggleMultipleTargetButton() {
     if (checkedCount() > 0) {
       $("#delete_multiple_button").removeClass("disabled");
+      $("#stop_multiple_button").removeClass("disabled");
     } else {
       $("#delete_multiple_button").addClass("disabled");
+      $("#stop_multiple_button").addClass("disabled");
     }
   }
 
   function mainCheckBoxSelected(checkbox) {
     if (checkbox.checked) {
       $("#delete_multiple_button").removeClass("disabled");
+      $("#stop_multiple_button").removeClass("disabled");
       $(".targets_checkbox").prop('checked', true);
     } else {
       $("#delete_multiple_button").addClass("disabled");
+      $("#stop_multiple_button").addClass("disabled");
       $(".targets_checkbox").prop('checked', false);
     }
   }
@@ -423,5 +428,82 @@ <h4 class="headline-title">Filters</h4>
       }])
     }
   }
+
+
+  function stopMultipleSubScan() {
+    if (!checkedCount()) {
+      swal({
+        title: '',
+        text: "Oops! You haven't selected any subscans to stop.",
+        type: 'error',
+        padding: '2em'
+      })
+    } else {
+      // atleast one target is selected
+      Swal.fire({
+        title: 'Are you sure you want to stop ' + checkedCount() + ' SubScans?',
+        text: "This action is irreversible.\nThis will stop all the selected subscans if they are running.",
+        icon: 'warning',
+        showCancelButton: true,
+        confirmButtonColor: '#d33',
+        cancelButtonColor: '#3085d6',
+        confirmButtonText: 'Stop',
+        cancelButtonText: 'Cancel',
+        showLoaderOnConfirm: true,
+        preConfirm: function() {
+          var selected_subscan_ids = [];
+          $('.targets_checkbox:checked').each(function() {
+            selected_subscan_ids.push($(this).val());
+          });
+          data = {
+            'subscan_ids': selected_subscan_ids
+          }
+          fetch('/api/action/stop/scan/', {
+            method: 'POST',
+            headers: {
+              'Content-Type': 'application/json',
+              'X-CSRFToken': getCookie('csrftoken')
+            },
+            body: JSON.stringify(data)
+          }).then(function(response) {
+            if (response.ok) {
+              return response.json();
+            }
+            throw new Error('Network response was not ok.');
+          }).then(function(data) {
+            if (data['status']) {
+              Swal.fire({
+                title: 'Success',
+                text: data['message'],
+                icon: 'success',
+                showConfirmButton: false,
+                timer: 1500
+              });
+              setTimeout(function() {
+                location.reload();
+              }, 1500);
+            } else {
+              Swal.fire({
+                title: 'Error',
+                text: data['message'],
+                icon: 'error',
+                showConfirmButton: false,
+                timer: 1500
+              });
+            }
+          }).catch(function(error) {
+            Swal.fire({
+              title: 'Error',
+              text: 'An error occurred while stopping the subscans',
+              icon: 'error',
+              showConfirmButton: false,
+              timer: 1500
+            });
+          });
+        }
+      });
+    }
+  }
+
   </script>
   {% endblock page_level_script %}

From ded8c16785fe55156caf1c5f0eb4d126dbf8926d Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 22 Jul 2024 10:00:32 +0530
Subject: [PATCH 010/211] fix issue on aborting scans that are already success
 or aborted

---
 web/api/views.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/web/api/views.py b/web/api/views.py
index 5b0af63ec..6e7f8e529 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -844,6 +844,9 @@ def abort_subscan(subscan):
 		for scan_id in scan_ids:
 			try:
 				scan = ScanHistory.objects.get(id=scan_id)
+				# if scan is already successful or aborted then do nothing
+				if scan.scan_status == SUCCESS_TASK or scan.scan_status == ABORTED_TASK:
+					continue
 				response = abort_scan(scan)
 			except Exception as e:
 				logger.error(e)
@@ -852,6 +855,8 @@ def abort_subscan(subscan):
 		for subscan_id in subscan_ids:
 			try:
 				subscan = SubScan.objects.get(id=subscan_id)
+				if subscan.scan_status == SUCCESS_TASK or subscan.scan_status == ABORTED_TASK:
+					continue
 				response = abort_subscan(subscan)
 			except Exception as e:
 				logger.error(e)

From 3ceeb1125ed7b4ce78d7cd9f7f8f73ab47890553 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 26 Jul 2024 10:35:53 +0530
Subject: [PATCH 011/211] Hide API keys in vault

---
 .../templates/scanEngine/settings/api.html         | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/web/scanEngine/templates/scanEngine/settings/api.html b/web/scanEngine/templates/scanEngine/settings/api.html
index 150e912a0..a98a9306b 100644
--- a/web/scanEngine/templates/scanEngine/settings/api.html
+++ b/web/scanEngine/templates/scanEngine/settings/api.html
@@ -29,21 +29,31 @@
               <div class="mb-3">
                 <label for="key_openai" class="form-label">OpenAI</label>
                 <p class="text-muted">OpenAI keys will be used to generate vulnerability description, remediation, impact and vulnerability report writing using GPT.</p>
+                <div class="input-group input-group-merge">
                 {% if openai_key %}
-                  <input class="form-control" type="text" id="key_openai" name="key_openai" placeholder="Enter OpenAI Key" value="{{openai_key}}">
+                  <input class="form-control" type="password" id="key_openai" name="key_openai" placeholder="Enter OpenAI Key" value="{{openai_key}}">
                 {% else %}
                   <input class="form-control" type="text" id="key_openai" name="key_openai" placeholder="Enter OpenAI Key">
                 {% endif %}
+                  <div class="input-group-text" data-password="false">
+                    <span class="password-eye"></span>
+                  </div>
+                </div>
                 <span class="text-muted float-end">This is optional but recommended.</span>
               </div>
               <div class="mb-3">
                 <label for="key_netlas" class="form-label">Netlas</label>
                 <p class="text-muted">Netlas keys will be used to get whois information and other OSINT related data.</p>
+                <div class="input-group input-group-merge">
                 {% if netlas_key %}
-                  <input class="form-control" type="text" id="key_netlas" name="key_netlas" placeholder="Enter Netlas Key" value="{{netlas_key}}">
+                  <input class="form-control" type="password" id="key_netlas" name="key_netlas" placeholder="Enter Netlas Key" value="{{netlas_key}}">
                 {% else %}
                   <input class="form-control" type="text" id="key_netlas" name="key_netlas" placeholder="Enter Netlas Key">
                 {% endif %}
+                  <div class="input-group-text" data-password="false">
+                    <span class="password-eye"></span>
+                  </div>
+                </div>
                 <span class="text-muted float-end">This is optional</span>
               </div>
               <div class="mb-0">

From 928af18ef6e7bca40c5f0b1429a48a9e46a5989f Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 26 Jul 2024 11:25:20 +0530
Subject: [PATCH 012/211] hide hackerone api key

---
 web/scanEngine/admin.py                                     | 1 +
 web/scanEngine/forms.py                                     | 6 ++++--
 web/scanEngine/templates/scanEngine/settings/hackerone.html | 5 +++++
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/web/scanEngine/admin.py b/web/scanEngine/admin.py
index b2f2e0c10..edca16621 100644
--- a/web/scanEngine/admin.py
+++ b/web/scanEngine/admin.py
@@ -9,3 +9,4 @@
 admin.site.register(Notification)
 admin.site.register(VulnerabilityReportSetting)
 admin.site.register(InstalledExternalTool)
+admin.site.register(Hackerone)
\ No newline at end of file
diff --git a/web/scanEngine/forms.py b/web/scanEngine/forms.py
index 4eddf0d92..3f6431b54 100644
--- a/web/scanEngine/forms.py
+++ b/web/scanEngine/forms.py
@@ -399,12 +399,14 @@ class Meta:
 
     api_key = forms.CharField(
         required=True,
-        widget=forms.TextInput(
+        widget=forms.PasswordInput(
             attrs={
                 "class": "form-control form-control-lg",
                 "id": "api_key",
                 "placeholder": "Hackerone API Token",
-            }))
+            },
+            render_value=True
+        ))
 
     send_critical = forms.BooleanField(
         required=False,
diff --git a/web/scanEngine/templates/scanEngine/settings/hackerone.html b/web/scanEngine/templates/scanEngine/settings/hackerone.html
index 1cbd18142..bb1288042 100644
--- a/web/scanEngine/templates/scanEngine/settings/hackerone.html
+++ b/web/scanEngine/templates/scanEngine/settings/hackerone.html
@@ -47,7 +47,12 @@ <h4 class="header-title">Hackerone Automatic Vulnerability Report Settings</h4>
             </div>
             <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
               <label for="hackerone_api_token" class="form-label">Generate your <a href="https://hackerone.com/settings/api_token/edit" target="_blank">API Token from here <i class="fe-external-link"></i></a></label>
+              <div class="input-group input-group-merge">
               {{form.api_key}}
+                <div class="input-group-text" data-password="false">
+                  <span class="password-eye"></span>
+                </div>
+              </div>
             </div>
           </div>
           <a class="btn btn-primary float-end mt-3" href="javascript:test_hackerone()" role="button">

From d11adc29db9463754e6b8a984a944fcaf46ed5eb Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sun, 28 Jul 2024 07:03:00 +0530
Subject: [PATCH 013/211] fix slack url hide

---
 web/scanEngine/forms.py                       | 32 ++++++++++++-------
 .../scanEngine/settings/notification.html     | 19 +++++++----
 2 files changed, 33 insertions(+), 18 deletions(-)

diff --git a/web/scanEngine/forms.py b/web/scanEngine/forms.py
index 3f6431b54..dd8151e9e 100644
--- a/web/scanEngine/forms.py
+++ b/web/scanEngine/forms.py
@@ -176,12 +176,14 @@ class Meta:
 
     slack_hook_url = forms.CharField(
         required=False,
-        widget=forms.TextInput(
+        widget=forms.PasswordInput(
             attrs={
-                "class": "form-control",
+                "class": "form-control h-100",
                 "id": "slack_hook_url",
                 "placeholder": "https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX",
-            }))
+            },
+            render_value=True
+        ))
 
     send_to_lark = forms.BooleanField(
         required=False,
@@ -193,12 +195,14 @@ class Meta:
 
     lark_hook_url = forms.CharField(
         required=False,
-        widget=forms.TextInput(
+        widget=forms.PasswordInput(
             attrs={
                 "class": "form-control",
                 "id": "lark_hook_url",
                 "placeholder": "https://open.larksuite.com/open-apis/bot/v2/hook/XXXXXXXXXXXXXXXXXXXXXXXX",
-            }))
+            },
+            render_value=True
+        ))
 
     send_to_discord = forms.BooleanField(
         required=False,
@@ -210,12 +214,14 @@ class Meta:
 
     discord_hook_url = forms.CharField(
         required=False,
-        widget=forms.TextInput(
+        widget=forms.PasswordInput(
             attrs={
                 "class": "form-control",
                 "id": "discord_hook_url",
                 "placeholder": "https://discord.com/api/webhooks/000000000000000000/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
-            }))
+            },
+            render_value=True
+        ))
 
     send_to_telegram = forms.BooleanField(
         required=False,
@@ -227,21 +233,25 @@ class Meta:
 
     telegram_bot_token = forms.CharField(
         required=False,
-        widget=forms.TextInput(
+        widget=forms.PasswordInput(
             attrs={
                 "class": "form-control",
                 "id": "telegram_bot_token",
                 "placeholder": "Bot Token",
-            }))
+            },
+            render_value=True
+        ))
 
     telegram_bot_chat_id = forms.CharField(
         required=False,
-        widget=forms.TextInput(
+        widget=forms.PasswordInput(
             attrs={
                 "class": "form-control",
                 "id": "telegram_bot_chat_id",
                 "placeholder": "Bot Chat ID",
-            }))
+            },
+            render_value=True
+        ))
 
     send_scan_status_notif = forms.BooleanField(
         required=False,
diff --git a/web/scanEngine/templates/scanEngine/settings/notification.html b/web/scanEngine/templates/scanEngine/settings/notification.html
index cffc23511..6f02519e4 100644
--- a/web/scanEngine/templates/scanEngine/settings/notification.html
+++ b/web/scanEngine/templates/scanEngine/settings/notification.html
@@ -31,19 +31,24 @@ <h4 class="header-title">Send Notifications to: </h4>
           <div class="row">
             <label for="slack_url" class="col-xl-2 col-sm-3 col-sm-2 col-form-label">Slack</label>
             <div class="col-xl-10 col-lg-9 col-sm-10">
-              <div class="input-group mb-4">
+              <div class="input-group mb-4 align-items-stretch">
                 <div class="input-group-prepend">
-                  <span class="input-group-text" style="height: 100%">
+                  <div class="input-group-text h-100 d-flex align-items-center">
                     <div class="form-check form-switch">
-                      {{form.send_to_slack}}
+                      {{ form.send_to_slack }}
                     </div>
-                  </span>
+                  </div>
+                </div>
+                <div class="flex-grow-1 position-relative">
+                  {{ form.slack_hook_url }}
+                  <div class="position-absolute top-50 end-0 translate-middle-y pe-2" style="cursor: pointer;" data-password="false">
+                    <span class="password-eye"></span>
+                  </div>
                 </div>
-                {{form.slack_hook_url}}
                 <div class="input-group-append">
-                  <span class="input-group-text" id="basic-addon2">
+                  <div class="input-group-text h-100 d-flex align-items-center">
                     <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-slack"><path d="M14.5 10c-.83 0-1.5-.67-1.5-1.5v-5c0-.83.67-1.5 1.5-1.5s1.5.67 1.5 1.5v5c0 .83-.67 1.5-1.5 1.5z"></path><path d="M20.5 10H19V8.5c0-.83.67-1.5 1.5-1.5s1.5.67 1.5 1.5-.67 1.5-1.5 1.5z"></path><path d="M9.5 14c.83 0 1.5.67 1.5 1.5v5c0 .83-.67 1.5-1.5 1.5S8 21.33 8 20.5v-5c0-.83.67-1.5 1.5-1.5z"></path><path d="M3.5 14H5v1.5c0 .83-.67 1.5-1.5 1.5S2 16.33 2 15.5 2.67 14 3.5 14z"></path><path d="M14 14.5c0-.83.67-1.5 1.5-1.5h5c.83 0 1.5.67 1.5 1.5s-.67 1.5-1.5 1.5h-5c-.83 0-1.5-.67-1.5-1.5z"></path><path d="M15.5 19H14v1.5c0 .83.67 1.5 1.5 1.5s1.5-.67 1.5-1.5-.67-1.5-1.5-1.5z"></path><path d="M10 9.5C10 8.67 9.33 8 8.5 8h-5C2.67 8 2 8.67 2 9.5S2.67 11 3.5 11h5c.83 0 1.5-.67 1.5-1.5z"></path><path d="M8.5 5H10V3.5C10 2.67 9.33 2 8.5 2S7 2.67 7 3.5 7.67 5 8.5 5z"></path></svg>
-                  </span>
+                  </div>
                 </div>
               </div>
             </div>

From d13d694149e5f69ee0e6f02926fbc53ce8891b56 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sun, 28 Jul 2024 07:05:30 +0530
Subject: [PATCH 014/211] added hide icon for lark

---
 web/scanEngine/forms.py                       |  4 ++--
 .../scanEngine/settings/notification.html     | 19 ++++++++++++-------
 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/web/scanEngine/forms.py b/web/scanEngine/forms.py
index dd8151e9e..0f3e0d411 100644
--- a/web/scanEngine/forms.py
+++ b/web/scanEngine/forms.py
@@ -197,7 +197,7 @@ class Meta:
         required=False,
         widget=forms.PasswordInput(
             attrs={
-                "class": "form-control",
+                "class": "form-control h-100",
                 "id": "lark_hook_url",
                 "placeholder": "https://open.larksuite.com/open-apis/bot/v2/hook/XXXXXXXXXXXXXXXXXXXXXXXX",
             },
@@ -216,7 +216,7 @@ class Meta:
         required=False,
         widget=forms.PasswordInput(
             attrs={
-                "class": "form-control",
+                "class": "form-control h-100",
                 "id": "discord_hook_url",
                 "placeholder": "https://discord.com/api/webhooks/000000000000000000/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
             },
diff --git a/web/scanEngine/templates/scanEngine/settings/notification.html b/web/scanEngine/templates/scanEngine/settings/notification.html
index 6f02519e4..6be78ef68 100644
--- a/web/scanEngine/templates/scanEngine/settings/notification.html
+++ b/web/scanEngine/templates/scanEngine/settings/notification.html
@@ -59,19 +59,24 @@ <h4 class="header-title">Send Notifications to: </h4>
           <div class="row mt-3">
             <label for="slack_url" class="col-xl-2 col-sm-3 col-sm-2 col-form-label">Lark</label>
             <div class="col-xl-10 col-lg-9 col-sm-10">
-              <div class="input-group mb-4">
+              <div class="input-group mb-4 align-items-stretch">
                 <div class="input-group-prepend">
-                  <span class="input-group-text" style="height: 100%">
+                  <div class="input-group-text h-100 d-flex align-items-center">
                     <div class="form-check form-switch">
-                      {{form.send_to_lark}}
+                      {{ form.send_to_lark }}
                     </div>
-                  </span>
+                  </div>
+                </div>
+                <div class="flex-grow-1 position-relative">
+                  {{ form.lark_hook_url }}
+                  <div class="position-absolute top-50 end-0 translate-middle-y pe-2" style="cursor: pointer;" data-password="false">
+                    <span class="password-eye"></span>
+                  </div>
                 </div>
-                {{form.lark_hook_url}}
                 <div class="input-group-append">
-                  <span class="input-group-text" id="basic-addon2">
+                  <div class="input-group-text h-100 d-flex align-items-center">
                     <svg xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://www.w3.org/2000/svg" width="24px" height="24px" fill="none"><path fill="#646A73" d="M7.844 4.564c.865.697 1.905 1.704 2.75 2.912.143.191.314.48.381.592l.028.047a7.34 7.34 0 0 0-.768 1.083l-.226-.412C8.545 6.276 5.75 4.564 5.614 4.481a.708.708 0 0 1-.005-.003l-.555-.329-.089-.07a.416.416 0 0 1 .255-.738l.35-.008h6.664c.132.005.265.03.392.076.145.054.264.145.381.257.112.12.227.247.336.374.519.562 1.104 1.407 1.104 1.407-.478.16-1.124.612-1.124.612a4.222 4.222 0 0 0-.29-.45 17.215 17.215 0 0 0-.865-1.045H7.844z"/><path fill="#646A73" d="M15.902 6.255a4.517 4.517 0 0 1 3.367.598c.206.14.656.529.201 1.027-1.416 1.391-1.829 2.688-2.192 3.833-.232.727-.45 1.414-.888 2.02-1.51 2.09-3.429 3.334-5.697 3.695-.468.074-.944.11-1.417.11-3.299 0-6.249-1.697-7.292-2.37h.003l-.135-.09c-.445-.315-.509-.603-.519-.824V5.88a.405.405 0 0 1 .69-.265l.401.491c4.235 5.168 7.605 6.72 9.688 7.109 1.872.353 3.027-.138 3.352-.308.278-.426.445-.953.636-1.555l.006-.018c.338-1.062.748-2.35 1.935-3.73a3.276 3.276 0 0 0-1.9-.14c-1.468.328-2.836 1.633-4.075 3.869-.112.2-.206.381-.285.56-.602-.09-1.111-.542-1.111-.542a7.52 7.52 0 0 1 .287-.56c1.432-2.604 3.096-4.135 4.945-4.535zM2.564 14.073c.954.621 4.451 2.694 7.943 2.137 1.3-.206 2.47-.763 3.497-1.658-2.31.21-6.297-.628-11.44-6.39v5.911z"/></svg>
-                  </span>
+                  </div>
                 </div>
               </div>
             </div>

From 11aad079f9856a51159b7abe4f1b849f69b687c1 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sun, 28 Jul 2024 07:07:59 +0530
Subject: [PATCH 015/211] hide icon for discord

---
 .../scanEngine/settings/notification.html     | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/web/scanEngine/templates/scanEngine/settings/notification.html b/web/scanEngine/templates/scanEngine/settings/notification.html
index 6be78ef68..7410c9936 100644
--- a/web/scanEngine/templates/scanEngine/settings/notification.html
+++ b/web/scanEngine/templates/scanEngine/settings/notification.html
@@ -87,19 +87,24 @@ <h4 class="header-title">Send Notifications to: </h4>
           <div class="row mt-3">
             <label for="slack_url" class="col-xl-2 col-sm-3 col-sm-2 col-form-label">Discord<br>(Recommended)</label>
             <div class="col-xl-10 col-lg-9 col-sm-10">
-              <div class="input-group mb-4">
+              <div class="input-group mb-4 align-items-stretch">
                 <div class="input-group-prepend">
-                  <span class="input-group-text" style="height: 100%">
+                  <div class="input-group-text h-100 d-flex align-items-center">
                     <div class="form-check form-switch">
-                      {{form.send_to_discord}}
+                      {{ form.send_to_discord }}
                     </div>
-                  </span>
+                  </div>
+                </div>
+                <div class="flex-grow-1 position-relative">
+                  {{ form.discord_hook_url }}
+                  <div class="position-absolute top-50 end-0 translate-middle-y pe-2" style="cursor: pointer;" data-password="false">
+                    <span class="password-eye"></span>
+                  </div>
                 </div>
-                {{form.discord_hook_url}}
                 <div class="input-group-append">
-                  <span class="input-group-text" id="basic-addon2">
+                  <div class="input-group-text h-100 d-flex align-items-center">
                     <svg fill="#000000" xmlns="http://www.w3.org/2000/svg"  viewBox="0 0 47 47" width="24px" height="24px" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M 18.90625 7 C 18.90625 7 12.539063 7.4375 8.375 10.78125 C 8.355469 10.789063 8.332031 10.800781 8.3125 10.8125 C 7.589844 11.480469 7.046875 12.515625 6.375 14 C 5.703125 15.484375 4.992188 17.394531 4.34375 19.53125 C 3.050781 23.808594 2 29.058594 2 34 C 1.996094 34.175781 2.039063 34.347656 2.125 34.5 C 3.585938 37.066406 6.273438 38.617188 8.78125 39.59375 C 11.289063 40.570313 13.605469 40.960938 14.78125 41 C 15.113281 41.011719 15.429688 40.859375 15.625 40.59375 L 18.0625 37.21875 C 20.027344 37.683594 22.332031 38 25 38 C 27.667969 38 29.972656 37.683594 31.9375 37.21875 L 34.375 40.59375 C 34.570313 40.859375 34.886719 41.011719 35.21875 41 C 36.394531 40.960938 38.710938 40.570313 41.21875 39.59375 C 43.726563 38.617188 46.414063 37.066406 47.875 34.5 C 47.960938 34.347656 48.003906 34.175781 48 34 C 48 29.058594 46.949219 23.808594 45.65625 19.53125 C 45.007813 17.394531 44.296875 15.484375 43.625 14 C 42.953125 12.515625 42.410156 11.480469 41.6875 10.8125 C 41.667969 10.800781 41.644531 10.789063 41.625 10.78125 C 37.460938 7.4375 31.09375 7 31.09375 7 C 31.019531 6.992188 30.949219 6.992188 30.875 7 C 30.527344 7.046875 30.234375 7.273438 30.09375 7.59375 C 30.09375 7.59375 29.753906 8.339844 29.53125 9.40625 C 27.582031 9.09375 25.941406 9 25 9 C 24.058594 9 22.417969 9.09375 20.46875 9.40625 C 20.246094 8.339844 19.90625 7.59375 19.90625 7.59375 C 19.734375 7.203125 19.332031 6.964844 18.90625 7 Z M 18.28125 9.15625 C 18.355469 9.359375 18.40625 9.550781 18.46875 9.78125 C 16.214844 10.304688 13.746094 11.160156 11.4375 12.59375 C 11.074219 12.746094 10.835938 13.097656 10.824219 13.492188 C 10.816406 13.882813 11.039063 14.246094 11.390625 14.417969 C 11.746094 14.585938 12.167969 14.535156 12.46875 14.28125 C 17.101563 11.410156 22.996094 11 25 11 C 27.003906 11 32.898438 11.410156 37.53125 14.28125 C 37.832031 14.535156 38.253906 14.585938 38.609375 14.417969 C 38.960938 14.246094 39.183594 13.882813 39.175781 13.492188 C 39.164063 13.097656 38.925781 12.746094 38.5625 12.59375 C 36.253906 11.160156 33.785156 10.304688 31.53125 9.78125 C 31.59375 9.550781 31.644531 9.359375 31.71875 9.15625 C 32.859375 9.296875 37.292969 9.894531 40.3125 12.28125 C 40.507813 12.460938 41.1875 13.460938 41.8125 14.84375 C 42.4375 16.226563 43.09375 18.027344 43.71875 20.09375 C 44.9375 24.125 45.921875 29.097656 45.96875 33.65625 C 44.832031 35.496094 42.699219 36.863281 40.5 37.71875 C 38.5 38.496094 36.632813 38.84375 35.65625 38.9375 L 33.96875 36.65625 C 34.828125 36.378906 35.601563 36.078125 36.28125 35.78125 C 38.804688 34.671875 40.15625 33.5 40.15625 33.5 C 40.570313 33.128906 40.605469 32.492188 40.234375 32.078125 C 39.863281 31.664063 39.226563 31.628906 38.8125 32 C 38.8125 32 37.765625 32.957031 35.46875 33.96875 C 34.625 34.339844 33.601563 34.707031 32.4375 35.03125 C 32.167969 35 31.898438 35.078125 31.6875 35.25 C 29.824219 35.703125 27.609375 36 25 36 C 22.371094 36 20.152344 35.675781 18.28125 35.21875 C 18.070313 35.078125 17.8125 35.019531 17.5625 35.0625 C 16.394531 34.738281 15.378906 34.339844 14.53125 33.96875 C 12.234375 32.957031 11.1875 32 11.1875 32 C 10.960938 31.789063 10.648438 31.699219 10.34375 31.75 C 9.957031 31.808594 9.636719 32.085938 9.53125 32.464844 C 9.421875 32.839844 9.546875 33.246094 9.84375 33.5 C 9.84375 33.5 11.195313 34.671875 13.71875 35.78125 C 14.398438 36.078125 15.171875 36.378906 16.03125 36.65625 L 14.34375 38.9375 C 13.367188 38.84375 11.5 38.496094 9.5 37.71875 C 7.300781 36.863281 5.167969 35.496094 4.03125 33.65625 C 4.078125 29.097656 5.0625 24.125 6.28125 20.09375 C 6.90625 18.027344 7.5625 16.226563 8.1875 14.84375 C 8.8125 13.460938 9.492188 12.460938 9.6875 12.28125 C 12.707031 9.894531 17.140625 9.296875 18.28125 9.15625 Z M 18.5 21 C 15.949219 21 14 23.316406 14 26 C 14 28.683594 15.949219 31 18.5 31 C 21.050781 31 23 28.683594 23 26 C 23 23.316406 21.050781 21 18.5 21 Z M 31.5 21 C 28.949219 21 27 23.316406 27 26 C 27 28.683594 28.949219 31 31.5 31 C 34.050781 31 36 28.683594 36 26 C 36 23.316406 34.050781 21 31.5 21 Z M 18.5 23 C 19.816406 23 21 24.265625 21 26 C 21 27.734375 19.816406 29 18.5 29 C 17.183594 29 16 27.734375 16 26 C 16 24.265625 17.183594 23 18.5 23 Z M 31.5 23 C 32.816406 23 34 24.265625 34 26 C 34 27.734375 32.816406 29 31.5 29 C 30.183594 29 29 27.734375 29 26 C 29 24.265625 30.183594 23 31.5 23 Z"/></svg>
-                  </span>
+                  </div>
                 </div>
               </div>
             </div>

From cbc71167e8b31525199d8e11903a9bdb2a886751 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sun, 28 Jul 2024 07:13:21 +0530
Subject: [PATCH 016/211] fix telegram input box hide icon

---
 web/scanEngine/forms.py                       |  4 +--
 .../scanEngine/settings/notification.html     | 34 +++++++++++++------
 2 files changed, 25 insertions(+), 13 deletions(-)

diff --git a/web/scanEngine/forms.py b/web/scanEngine/forms.py
index 0f3e0d411..e55744621 100644
--- a/web/scanEngine/forms.py
+++ b/web/scanEngine/forms.py
@@ -235,7 +235,7 @@ class Meta:
         required=False,
         widget=forms.PasswordInput(
             attrs={
-                "class": "form-control",
+                "class": "form-control h-100",
                 "id": "telegram_bot_token",
                 "placeholder": "Bot Token",
             },
@@ -246,7 +246,7 @@ class Meta:
         required=False,
         widget=forms.PasswordInput(
             attrs={
-                "class": "form-control",
+                "class": "form-control h-100",
                 "id": "telegram_bot_chat_id",
                 "placeholder": "Bot Chat ID",
             },
diff --git a/web/scanEngine/templates/scanEngine/settings/notification.html b/web/scanEngine/templates/scanEngine/settings/notification.html
index 7410c9936..d5b9aa4b5 100644
--- a/web/scanEngine/templates/scanEngine/settings/notification.html
+++ b/web/scanEngine/templates/scanEngine/settings/notification.html
@@ -57,7 +57,7 @@ <h4 class="header-title">Send Notifications to: </h4>
             </div>
           </div>
           <div class="row mt-3">
-            <label for="slack_url" class="col-xl-2 col-sm-3 col-sm-2 col-form-label">Lark</label>
+            <label for="lark_url" class="col-xl-2 col-sm-3 col-sm-2 col-form-label">Lark</label>
             <div class="col-xl-10 col-lg-9 col-sm-10">
               <div class="input-group mb-4 align-items-stretch">
                 <div class="input-group-prepend">
@@ -85,7 +85,7 @@ <h4 class="header-title">Send Notifications to: </h4>
             </div>
           </div>
           <div class="row mt-3">
-            <label for="slack_url" class="col-xl-2 col-sm-3 col-sm-2 col-form-label">Discord<br>(Recommended)</label>
+            <label for="discord_url" class="col-xl-2 col-sm-3 col-sm-2 col-form-label">Discord<br>(Recommended)</label>
             <div class="col-xl-10 col-lg-9 col-sm-10">
               <div class="input-group mb-4 align-items-stretch">
                 <div class="input-group-prepend">
@@ -113,24 +113,36 @@ <h4 class="header-title">Send Notifications to: </h4>
             </div>
           </div>
           <div class="row mt-3">
-            <label for="slack_url" class="col-xl-2 col-sm-3 col-sm-2 col-form-label">Telegram</label>
+            <label for="telegram_url" class="col-xl-2 col-sm-3 col-sm-2 col-form-label">Telegram</label>
             <div class="col-xl-10 col-lg-9 col-sm-10">
-              <div class="input-group mb-4">
+              <div class="input-group mb-4 align-items-stretch">
                 <div class="input-group-prepend">
-                  <span class="input-group-text" style="height: 100%">
+                  <div class="input-group-text h-100 d-flex align-items-center">
                     <div class="form-check form-switch">
-                      {{form.send_to_telegram}}
+                      {{ form.send_to_telegram }}
+                    </div>
+                  </div>
+                </div>
+                <div class="flex-grow-1 d-flex">
+                  <div class="position-relative flex-grow-1">
+                    {{ form.telegram_bot_token }}
+                    <div class="position-absolute top-50 end-0 translate-middle-y pe-2" style="cursor: pointer;" data-password="false">
+                      <span class="password-eye"></span>
                     </div>
-                  </span>
+                  </div>
+                  <div class="position-relative flex-grow-1">
+                    {{ form.telegram_bot_chat_id }}
+                    <div class="position-absolute top-50 end-0 translate-middle-y pe-2" style="cursor: pointer;" data-password="false">
+                      <span class="password-eye"></span>
+                    </div>
+                  </div>
                 </div>
-                {{form.telegram_bot_token}}
-                {{form.telegram_bot_chat_id}}
                 <div class="input-group-append">
-                  <span class="input-group-text" id="basic-addon2">
+                  <div class="input-group-text h-100 d-flex align-items-center">
                     <svg fill="#000000" xmlns="http://www.w3.org/2000/svg"  viewBox="0 0 47 47" width="24px" height="24px" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
                       <path d="M 44.376953 5.9863281 C 43.889905 6.0076957 43.415817 6.1432497 42.988281 6.3144531 C 42.565113 6.4845113 40.128883 7.5243408 36.53125 9.0625 C 32.933617 10.600659 28.256963 12.603668 23.621094 14.589844 C 14.349356 18.562196 5.2382813 22.470703 5.2382812 22.470703 L 5.3046875 22.445312 C 5.3046875 22.445312 4.7547875 22.629122 4.1972656 23.017578 C 3.9185047 23.211806 3.6186028 23.462555 3.3730469 23.828125 C 3.127491 24.193695 2.9479735 24.711788 3.015625 25.259766 C 3.2532479 27.184511 5.2480469 27.730469 5.2480469 27.730469 L 5.2558594 27.734375 L 14.158203 30.78125 C 14.385177 31.538434 16.858319 39.792923 17.402344 41.541016 C 17.702797 42.507484 17.984013 43.064995 18.277344 43.445312 C 18.424133 43.635633 18.577962 43.782915 18.748047 43.890625 C 18.815627 43.933415 18.8867 43.965525 18.957031 43.994141 C 18.958531 43.994806 18.959437 43.99348 18.960938 43.994141 C 18.969579 43.997952 18.977708 43.998295 18.986328 44.001953 L 18.962891 43.996094 C 18.979231 44.002694 18.995359 44.013801 19.011719 44.019531 C 19.043456 44.030655 19.062905 44.030268 19.103516 44.039062 C 20.123059 44.395042 20.966797 43.734375 20.966797 43.734375 L 21.001953 43.707031 L 26.470703 38.634766 L 35.345703 45.554688 L 35.457031 45.605469 C 37.010484 46.295216 38.415349 45.910403 39.193359 45.277344 C 39.97137 44.644284 40.277344 43.828125 40.277344 43.828125 L 40.310547 43.742188 L 46.832031 9.7519531 C 46.998903 8.9915162 47.022612 8.334202 46.865234 7.7402344 C 46.707857 7.1462668 46.325492 6.6299361 45.845703 6.34375 C 45.365914 6.0575639 44.864001 5.9649605 44.376953 5.9863281 z M 44.429688 8.0195312 C 44.627491 8.0103707 44.774102 8.032983 44.820312 8.0605469 C 44.866523 8.0881109 44.887272 8.0844829 44.931641 8.2519531 C 44.976011 8.419423 45.000036 8.7721605 44.878906 9.3242188 L 44.875 9.3359375 L 38.390625 43.128906 C 38.375275 43.162926 38.240151 43.475531 37.931641 43.726562 C 37.616914 43.982653 37.266874 44.182554 36.337891 43.792969 L 26.632812 36.224609 L 26.359375 36.009766 L 26.353516 36.015625 L 23.451172 33.837891 L 39.761719 14.648438 A 1.0001 1.0001 0 0 0 38.974609 13 A 1.0001 1.0001 0 0 0 38.445312 13.167969 L 14.84375 28.902344 L 5.9277344 25.849609 C 5.9277344 25.849609 5.0423771 25.356927 5 25.013672 C 4.99765 24.994652 4.9871961 25.011869 5.0332031 24.943359 C 5.0792101 24.874869 5.1948546 24.759225 5.3398438 24.658203 C 5.6298218 24.456159 5.9609375 24.333984 5.9609375 24.333984 L 5.9941406 24.322266 L 6.0273438 24.308594 C 6.0273438 24.308594 15.138894 20.399882 24.410156 16.427734 C 29.045787 14.44166 33.721617 12.440122 37.318359 10.902344 C 40.914175 9.3649615 43.512419 8.2583658 43.732422 8.1699219 C 43.982886 8.0696253 44.231884 8.0286918 44.429688 8.0195312 z M 33.613281 18.792969 L 21.244141 33.345703 L 21.238281 33.351562 A 1.0001 1.0001 0 0 0 21.183594 33.423828 A 1.0001 1.0001 0 0 0 21.128906 33.507812 A 1.0001 1.0001 0 0 0 20.998047 33.892578 A 1.0001 1.0001 0 0 0 20.998047 33.900391 L 19.386719 41.146484 C 19.35993 41.068197 19.341173 41.039555 19.3125 40.947266 L 19.3125 40.945312 C 18.800713 39.30085 16.467362 31.5161 16.144531 30.439453 L 33.613281 18.792969 z M 22.640625 35.730469 L 24.863281 37.398438 L 21.597656 40.425781 L 22.640625 35.730469 z"/>
                     </svg>
-                  </span>
+                  </div>
                 </div>
               </div>
             </div>

From b64692030e2bc0e46df96432e9c0c693b6849909 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sun, 28 Jul 2024 07:20:11 +0530
Subject: [PATCH 017/211] use new eye icon inside input box for api

---
 web/scanEngine/templates/scanEngine/settings/api.html | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/web/scanEngine/templates/scanEngine/settings/api.html b/web/scanEngine/templates/scanEngine/settings/api.html
index a98a9306b..9f57f1a6d 100644
--- a/web/scanEngine/templates/scanEngine/settings/api.html
+++ b/web/scanEngine/templates/scanEngine/settings/api.html
@@ -29,13 +29,13 @@
               <div class="mb-3">
                 <label for="key_openai" class="form-label">OpenAI</label>
                 <p class="text-muted">OpenAI keys will be used to generate vulnerability description, remediation, impact and vulnerability report writing using GPT.</p>
-                <div class="input-group input-group-merge">
+                <div class="flex-grow-1 position-relative">
                 {% if openai_key %}
                   <input class="form-control" type="password" id="key_openai" name="key_openai" placeholder="Enter OpenAI Key" value="{{openai_key}}">
                 {% else %}
                   <input class="form-control" type="text" id="key_openai" name="key_openai" placeholder="Enter OpenAI Key">
                 {% endif %}
-                  <div class="input-group-text" data-password="false">
+                  <div class="position-absolute top-50 end-0 translate-middle-y pe-2" style="cursor: pointer;" data-password="false">
                     <span class="password-eye"></span>
                   </div>
                 </div>
@@ -44,13 +44,13 @@
               <div class="mb-3">
                 <label for="key_netlas" class="form-label">Netlas</label>
                 <p class="text-muted">Netlas keys will be used to get whois information and other OSINT related data.</p>
-                <div class="input-group input-group-merge">
+                <div class="flex-grow-1 position-relative">
                 {% if netlas_key %}
                   <input class="form-control" type="password" id="key_netlas" name="key_netlas" placeholder="Enter Netlas Key" value="{{netlas_key}}">
                 {% else %}
                   <input class="form-control" type="text" id="key_netlas" name="key_netlas" placeholder="Enter Netlas Key">
                 {% endif %}
-                  <div class="input-group-text" data-password="false">
+                  <div class="position-absolute top-50 end-0 translate-middle-y pe-2" style="cursor: pointer;" data-password="false">
                     <span class="password-eye"></span>
                   </div>
                 </div>

From 2e04e2ec1c9147afb6ffa63ff51a722d7a104d8f Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sun, 28 Jul 2024 07:23:15 +0530
Subject: [PATCH 018/211] hackerone hide icon fix

---
 .../templates/scanEngine/settings/hackerone.html     | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/web/scanEngine/templates/scanEngine/settings/hackerone.html b/web/scanEngine/templates/scanEngine/settings/hackerone.html
index bb1288042..eec049813 100644
--- a/web/scanEngine/templates/scanEngine/settings/hackerone.html
+++ b/web/scanEngine/templates/scanEngine/settings/hackerone.html
@@ -43,15 +43,15 @@ <h4 class="header-title">Hackerone Automatic Vulnerability Report Settings</h4>
           <div class="row">
             <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
               <label for="hackerone_username"  class="form-label">Your Hackerone Username (Not email)</label>
-              {{form.username}}
+              {{ form.username }}
             </div>
             <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
               <label for="hackerone_api_token" class="form-label">Generate your <a href="https://hackerone.com/settings/api_token/edit" target="_blank">API Token from here <i class="fe-external-link"></i></a></label>
-              <div class="input-group input-group-merge">
-              {{form.api_key}}
-                <div class="input-group-text" data-password="false">
-                  <span class="password-eye"></span>
-                </div>
+              <div class="flex-grow-1 position-relative">
+              {{ form.api_key }}
+              <div class="position-absolute top-50 end-0 translate-middle-y pe-2" style="cursor: pointer;" data-password="false">
+                <span class="password-eye"></span>
+              </div>
               </div>
             </div>
           </div>

From 340dfedc8b66fbb1771e0032e9bae52d6d5ce1b9 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 31 Jul 2024 19:19:16 +0530
Subject: [PATCH 019/211] introduce github action for auto verion and changelog

---
 .github/workflows/auto-release.yml | 60 ++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 .github/workflows/auto-release.yml

diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml
new file mode 100644
index 000000000..7c068aa2c
--- /dev/null
+++ b/.github/workflows/auto-release.yml
@@ -0,0 +1,60 @@
+name: Update Version and Changelog and Readme
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  update-version-and-changelog:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Get latest release info
+        id: get_release
+        uses: actions/github-script@v6
+        with:
+          script: |
+            const release = await github.rest.repos.getLatestRelease({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+            });
+            core.setOutput('tag_name', release.data.tag_name);
+            core.setOutput('body', release.data.body);
+
+      - name: Update version file
+        run: echo ${{ steps.get_release.outputs.tag_name }} > web/.version
+
+      - name: Update CHANGELOG.md
+        run: |
+          echo "# Changelog" > CHANGELOG.md.new
+          echo "" >> CHANGELOG.md.new
+          echo "## ${{ steps.get_release.outputs.tag_name }}" >> CHANGELOG.md.new
+          echo "" >> CHANGELOG.md.new
+          echo "${{ steps.get_release.outputs.body }}" >> CHANGELOG.md.new
+          echo "" >> CHANGELOG.md.new
+          if [ -f CHANGELOG.md ]; then
+            sed '1,2d' CHANGELOG.md >> CHANGELOG.md.new
+          fi
+          mv CHANGELOG.md.new CHANGELOG.md
+
+      - name: Update README.md
+        run: |
+          sed -i 's|https://img.shields.io/badge/version-.*-informational|https://img.shields.io/badge/version-${{ steps.get_release.outputs.tag_name }}-informational|g' README.md
+
+      - name: Commit and push changes
+        run: |
+          git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git config --local user.name "github-actions[bot]"
+          git add web/.version CHANGELOG.md README.md
+          if git diff --staged --quiet; then
+            echo "No changes to commit"
+          else
+            git commit -m "reNgine release: ${{ steps.get_release.outputs.tag_name }} :rocket:"
+            git push origin HEAD:${{ github.event.repository.default_branch }}
+          fi

From e1e8b47f23e3e31077fe3f098ace1b2572e23b2b Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 31 Jul 2024 19:19:46 +0530
Subject: [PATCH 020/211] remove hardcoded version to use context processor

---
 docker-compose.dev.yml                       |  3 ---
 docker-compose.yml                           |  3 ---
 web/.version                                 |  1 +
 web/api/views.py                             |  5 +----
 web/art/reNgine.txt                          |  2 +-
 web/dashboard/templates/dashboard/index.html |  2 +-
 web/reNgine/context_processors.py            | 12 ++++++++++--
 web/reNgine/settings.py                      | 18 +++++++++++++++++-
 web/templates/base/_items/top_bar.html       |  8 ++++----
 web/templates/base/login.html                |  2 +-
 10 files changed, 36 insertions(+), 20 deletions(-)
 create mode 100644 web/.version

diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml
index f80e3d91b..3359cfb8f 100644
--- a/docker-compose.dev.yml
+++ b/docker-compose.dev.yml
@@ -94,9 +94,6 @@ services:
       - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
       - POSTGRES_PORT=${POSTGRES_PORT}
       - POSTGRES_HOST=${POSTGRES_HOST}
-      # THIS IS A MUST FOR CHECKING UPDATE, EVERYTIME A COMMIT IS MERGED INTO
-      # MASTER, UPDATE THIS!!! MAJOR.MINOR.PATCH https://semver.org/
-      - RENGINE_CURRENT_VERSION='2.1.2'
     volumes:
       - ./web:/usr/src/app
       - github_repos:/usr/src/github
diff --git a/docker-compose.yml b/docker-compose.yml
index e46db5430..6f40c5bd6 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -96,9 +96,6 @@ services:
       - POSTGRES_PORT=${POSTGRES_PORT}
       - POSTGRES_HOST=${POSTGRES_HOST}
       - DJANGO_SUPERUSER_PASSWORD=${DJANGO_SUPERUSER_PASSWORD}
-      # THIS IS A MUST FOR CHECKING UPDATE, EVERYTIME A COMMIT IS MERGED INTO
-      # MASTER, UPDATE THIS!!! MAJOR.MINOR.PATCH https://semver.org/
-      - RENGINE_CURRENT_VERSION='2.1.2'
     volumes:
       - ./web:/usr/src/app
       - github_repos:/usr/src/github
diff --git a/web/.version b/web/.version
new file mode 100644
index 000000000..cf2dc0bc4
--- /dev/null
+++ b/web/.version
@@ -0,0 +1 @@
+v2.2.0
\ No newline at end of file
diff --git a/web/api/views.py b/web/api/views.py
index e2c7805a0..1a75e37e4 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -890,10 +890,7 @@ def get(self, request):
 
 		# get current version_number
 		# remove quotes from current_version
-		current_version = ((os.environ['RENGINE_CURRENT_VERSION'
-							])[1:] if os.environ['RENGINE_CURRENT_VERSION'
-							][0] == 'v'
-							else os.environ['RENGINE_CURRENT_VERSION']).replace("'", "")
+		current_version = RENGINE_CURRENT_VERSION
 
 		# for consistency remove v from both if exists
 		latest_version = re.search(r'v(\d+\.)?(\d+\.)?(\*|\d+)',
diff --git a/web/art/reNgine.txt b/web/art/reNgine.txt
index cf0082bd3..a94a0ea1d 100644
--- a/web/art/reNgine.txt
+++ b/web/art/reNgine.txt
@@ -3,6 +3,6 @@
   _ __ ___|  \| | __ _ _ _ __   ___
  | '__/ _ \ . ` |/ _` | | '_ \ / _ \
  | | |  __/ |\  | (_| | | | | |  __/
- |_|  \___|_| \_|\__, |_|_| |_|\___| v2.1.1
+ |_|  \___|_| \_|\__, |_|_| |_|\___|
                   __/ |
                  |___/
diff --git a/web/dashboard/templates/dashboard/index.html b/web/dashboard/templates/dashboard/index.html
index 99276d2d2..394d1c560 100644
--- a/web/dashboard/templates/dashboard/index.html
+++ b/web/dashboard/templates/dashboard/index.html
@@ -17,7 +17,7 @@
 {% endblock custom_js_css_link %}
 
 {% block breadcrumb_title %}
-<span class="badge badge-soft-info">reNgine 2.1.2</span>
+<span class="badge badge-soft-info">reNgine {{ RENGINE_CURRENT_VERSION }}</span>
 {% endblock breadcrumb_title %}
 
 {% block main_content %}
diff --git a/web/reNgine/context_processors.py b/web/reNgine/context_processors.py
index 8fefeae09..cbf89af9b 100644
--- a/web/reNgine/context_processors.py
+++ b/web/reNgine/context_processors.py
@@ -1,6 +1,9 @@
-from dashboard.models import *
 import requests
 
+from dashboard.models import *
+from django.conf import settings
+
+
 def projects(request):
     projects = Project.objects.all()
     try:
@@ -17,4 +20,9 @@ def misc(request):
     externalIp = requests.get('https://checkip.amazonaws.com').text.strip()
     return {
         'external_ip': externalIp
-    }
\ No newline at end of file
+    }
+
+def version_context(request):
+    return {
+        'RENGINE_CURRENT_VERSION': settings.RENGINE_CURRENT_VERSION
+    }
diff --git a/web/reNgine/settings.py b/web/reNgine/settings.py
index 0924a6391..510c2516d 100644
--- a/web/reNgine/settings.py
+++ b/web/reNgine/settings.py
@@ -43,6 +43,21 @@
 ALLOWED_HOSTS = ['*']
 SECRET_KEY = first_run(SECRET_FILE, BASE_DIR)
 
+# Rengine version
+# reads current version from a file called .version
+VERSION_FILE = os.path.join(BASE_DIR, '.version')
+if os.path.exists(VERSION_FILE):
+    with open(VERSION_FILE, 'r') as f:
+        _version = f.read().strip()
+else:
+    _version = 'unknown'
+
+# removes v from _version if exists
+if _version.startswith('v'):
+    _version = _version[1:]
+
+RENGINE_CURRENT_VERSION = _version
+
 # Databases
 DATABASES = {
     'default': {
@@ -103,7 +118,8 @@
                 'django.contrib.auth.context_processors.auth',
                 'django.contrib.messages.context_processors.messages',
                 'reNgine.context_processors.projects',
-                'reNgine.context_processors.misc'
+                'reNgine.context_processors.misc',
+                'reNgine.context_processors.version_context'
             ],
     },
 }]
diff --git a/web/templates/base/_items/top_bar.html b/web/templates/base/_items/top_bar.html
index 9819958ae..8b3d3c074 100644
--- a/web/templates/base/_items/top_bar.html
+++ b/web/templates/base/_items/top_bar.html
@@ -170,18 +170,18 @@ <h6 class="text-overflow m-0">Welcome {{user.get_username}}!</h6>
     <div class="logo-box">
       <a href="{% url 'dashboardIndex' current_project.slug %}" class="logo logo-dark text-center">
         <span class="logo-sm">
-          <h3 class="text-logo vertical-center">reNgine&nbsp;<small>2.1.2</small></h3>
+          <h3 class="text-logo vertical-center">reNgine&nbsp;<small>{{RENGINE_CURRENT_VERSION}}</small></h3>
         </span>
         <span class="logo-lg">
-          <h3 class="text-logo vertical-center">reNgine&nbsp;<small>2.1.2</small></h3>
+          <h3 class="text-logo vertical-center">reNgine&nbsp;<small>{{RENGINE_CURRENT_VERSION}}</small></h3>
         </span>
       </a>
       <a href="{% url 'dashboardIndex' current_project.slug %}" class="logo logo-light text-center">
         <span class="logo-sm">
-          <h3 class="text-sm-logo vertical-center">reNgine&nbsp;<small>2.1.2</small></h3>
+          <h3 class="text-sm-logo vertical-center">reNgine&nbsp;<small>{{RENGINE_CURRENT_VERSION}}</small></h3>
         </span>
         <span class="logo-lg">
-          <h3 class="text-lg-logo vertical-center">reNgine&nbsp;<small>2.1.2</small></h3>
+          <h3 class="text-lg-logo vertical-center">reNgine&nbsp;<small>{{RENGINE_CURRENT_VERSION}}</small></h3>
         </span>
       </a>
     </div>
diff --git a/web/templates/base/login.html b/web/templates/base/login.html
index 1ce18a7ba..326f7d56a 100644
--- a/web/templates/base/login.html
+++ b/web/templates/base/login.html
@@ -58,7 +58,7 @@
                   </a>
                 </div>
                 <h3 class="">Login to reNgine</h3>
-                <p>Current release: v2.1.2</p>
+                <p>Current release: v{{ RENGINE_CURRENT_VERSION }}</p>
               </div>
               <div class="alert alert-primary" role="alert">
                 <a href="https://rengine.wiki" target="_blank">Learn how to create reNgine account.</a>

From 0063d90b38df8f8d9efd0e632aba4d3c7d88b996 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 23 Jul 2024 07:51:19 +0530
Subject: [PATCH 021/211] update readme

---
 README.md | 212 ++++++++++++++++++++++++++++++------------------------
 1 file changed, 120 insertions(+), 92 deletions(-)

diff --git a/README.md b/README.md
index 8bc302e7b..ee2e27261 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,11 @@
 <a href="https://rengine.wiki"><img src=".github/screenshots/banner.gif" alt=""/></a>
 </p>
 
-<p align="center"><a href="https://github.com/yogeshojha/rengine/releases" target="_blank"><img src="https://img.shields.io/badge/version-v2.1.1-informational?&logo=none" alt="reNgine Latest Version" /></a>&nbsp;<a href="https://www.gnu.org/licenses/gpl-3.0" target="_blank"><img src="https://img.shields.io/badge/License-GPLv3-red.svg?&logo=none" alt="License" /></a>&nbsp;<a href="#" target="_blank"><img src="https://img.shields.io/badge/first--timers--only-friendly-blue.svg?&logo=none" alt="" /></a>&nbsp;<a href="https://huntr.dev/bounties/disclose/?target=https%3A%2F%2Fgithub.com%2Fyogeshojha%2Frengine" target="_blank"><img src="https://cdn.huntr.dev/huntr_security_badge_mono.svg" alt="" /></a>&nbsp;</p>
+<p align="center">
+  <h1>reNgine: The Ultimate Web Reconnaissance & Vulnerability Scanner 🚀</h1>
+</p>
+
+<p align="center"><a href="https://github.com/yogeshojha/rengine/releases" target="_blank"><img src="https://img.shields.io/badge/version-v2.1.1-informational?&logo=none" alt="reNgine Latest Version" /></a>&nbsp;<a href="https://www.gnu.org/licenses/gpl-3.0" target="_blank"><img src="https://img.shields.io/badge/License-GPLv3-red.svg?&logo=none" alt="License" /></a>&nbsp;<a href="#" target="_blank"><img src="https://img.shields.io/badge/first--timers--only-friendly-blue.svg?&logo=none" alt="" /></a></p>
 
 <p align="center">
   <a href="https://www.youtube.com/watch?v=Xk_YH83IQgg" target="_blank"><img src="https://img.shields.io/badge/BlackHat--Arsenal--Asia-2023-blue.svg?logo=none" alt="" /></a>&nbsp;
@@ -30,10 +34,8 @@
 <h3>reNgine 2.1.0 is released!</h3>
 <p align="left">Unleash the power of LLM toolkit! Now you can use local LLM models to generate attack surface and vulnerability reports!, Checkout the release-notes!</p>
 
-<h3>reNgine 2.0-jasper<br>Redefining the future of reconnaissance!</h3>
-
 <h4>What is reNgine?</h4>
-<p align="left">reNgine is your go-to web application reconnaissance suite that's designed to simplify and streamline the reconnaissance process for security professionals, penetration testers, and bug bounty hunters. With its highly configurable engines, data correlation capabilities, continuous monitoring, database-backed reconnaissance data, and an intuitive user interface, reNgine redefines how you gather critical information about your target web applications.
+reNgine is your ultimate web application reconnaissance suite, designed to supercharge the recon process for security pros, pentesters, and bug bounty hunters. It is go-to web application reconnaissance suite that's designed to simplify and streamline the reconnaissance process for all the needs of security professionals, penetration testers, and bug bounty hunters. With its highly configurable engines, data correlation capabilities, continuous monitoring, database-backed reconnaissance data, and an intuitive user interface, reNgine redefines how you gather critical information about your target web applications.
 
 Traditional reconnaissance tools often fall short in terms of configurability and efficiency. reNgine addresses these shortcomings and emerges as an excellent alternative to existing commercial tools.
 
@@ -44,13 +46,14 @@ reNgine was created to address the limitations of traditional reconnaissance too
 
 ![-----------------------------------------------------](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/aqua.png)
 
-### Documentation
+## Documentation
 
-You can find detailed documentation at [https://rengine.wiki](https://rengine.wiki)
+Detailed documentation available at [https://rengine.wiki](https://rengine.wiki) 
 
 ![-----------------------------------------------------](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/aqua.png)
 
-### Table of Contents
+
+## Table of Contents
 
 * [About reNgine](#about-rengine)
 * [Workflow](#workflow)
@@ -67,7 +70,7 @@ You can find detailed documentation at [https://rengine.wiki](https://rengine.wi
 
 ![-----------------------------------------------------](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/aqua.png)
 
-### About reNgine
+## About reNgine
 
 reNgine is not an ordinary reconnaissance suite; it's a game-changer! We've turbocharged the traditional workflow with groundbreaking features that is sure to ease your reconnaissance game. reNgine redefines the art of reconnaissance with highly configurable scan engines, recon data correlation, continuous monitoring, GPT powered Vulnerability Report, Project Management and role based access control etc.
 
@@ -99,13 +102,13 @@ reNgine is not an ordinary reconnaissance suite; it's a game-changer! We've turb
 
 ![-----------------------------------------------------](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/aqua.png)
 
-### Workflow
+## Workflow
 
 <img src="https://github.com/yogeshojha/rengine/assets/17223002/10c475b8-b4a8-440d-9126-77fe2038a386">
 
 ![-----------------------------------------------------](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/aqua.png)
 
-### Features
+## Features
 
 * Reconnaissance:
   * Subdomain Discovery
@@ -158,7 +161,7 @@ reNgine is not an ordinary reconnaissance suite; it's a game-changer! We've turb
 
 ![-----------------------------------------------------](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/aqua.png)
 
-### Scan Engine
+## Scan Engine
 
 ```yaml
 # Global vars for all tools
@@ -278,23 +281,25 @@ screenshot: {
 
 ![-----------------------------------------------------](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/aqua.png)
 
-### Quick Installation
+## Quick Installation
 
-**Note:** Only Ubuntu/VPS
+### Quick Setup for Ubuntu/VPS
 
-1. Clone this repo
+1. Clone the repository
 
     ```bash
     git clone https://github.com/yogeshojha/rengine && cd rengine
     ```
 
-1. Edit the `.env` file, **please make sure to change the password for postgresql `POSTGRES_PASSWORD`!**
+1. Configure the environment
 
     ```bash
     nano .env
     ```
 
-1. **Optional, only for non-interactive install**: In the `.env` file, **please make sure to change the super admin values!**
+    **Ensure you change the `POSTGRES_PASSWORD` for security.**
+
+1. (Optional) For non-interactive install, set admin credentials in `.env`
 
     ```bash
     DJANGO_SUPERUSER_USERNAME=yourUsername
@@ -303,13 +308,13 @@ screenshot: {
     ```
     If you need to carry out a non-interactive installation, you can setup the login, email and password of the web interface admin directly from the .env file (instead of manually setting them from prompts during the installation process). This option can be interesting for automated installation (via ansible, vagrant, etc.).
 
-    `DJANGO_SUPERUSER_USERNAME`: web interface admin username (used to login to the web interface).
+    * `DJANGO_SUPERUSER_USERNAME`: web interface admin username (used to login to the web interface).
 
-    `DJANGO_SUPERUSER_EMAIL`: web interface admin email.
+    * `DJANGO_SUPERUSER_EMAIL`: web interface admin email.
 
-    `DJANGO_SUPERUSER_PASSWORD`: web interface admin password (used to login to the web interface).
+    * `DJANGO_SUPERUSER_PASSWORD`: web interface admin password (used to login to the web interface).
 
-1. In the dotenv file, you may also modify the Scaling Configurations
+1. Adjust Celery worker scaling in `.env`
 
     ```bash
     MAX_CONCURRENCY=80
@@ -331,169 +336,192 @@ screenshot: {
     This is just an ideal value which developers have tested and tried out and works! But feel free to play around with the values.
     Maximum number of scans is determined by various factors, your network bandwidth, RAM, number of CPUs available. etc
 
-1. Run the installation script, Please keep an eye for any prompt, you will also be asked for username and password for reNgine.
+1. Run the installation script:
 
     ```bash
     sudo ./install.sh
     ```
 
-    Or for a non-interactive installation, use `-n` argument (make sure you've modified the `.env` file before launching the installation).
+    For non-interactive install: `sudo ./install.sh -n`
 
-    ```bash
-    sudo ./install.sh -n
-    ```
-
-    If `install.sh` does not have install permission, please change it, `chmod +x install.sh`
+    *Note: If needed, run `chmod +x install.sh` to grant execution permissions.*
 
 **reNgine can now be accessed from <https://127.0.0.1> or if you're on the VPS <https://your_vps_ip_address>**
 
 **Unless you are on development branch, please do not access reNgine via any ports**
 
-### Installation (Mac/Windows/Other)
+### Installation on Other Platforms
 
-Installation instructions can be found at [https://reNgine.wiki/install/detailed/](https://reNgine.wiki/install/detailed/)
+For Mac, Windows, or other systems, refer to our detailed installation guide [https://reNgine.wiki/install/detailed/](https://reNgine.wiki/install/detailed/)
 
-### Updating
+## Updating
 
-1. Updating is as simple as running the following command:
+1. To update reNgine, run:
 
     ```bash
     cd rengine &&  sudo ./update.sh
     ```
 
-    If `update.sh` does not have execution permissions, please change it, `sudo chmod +x update.sh`
+    If `update.sh` lacks execution permissions, use:
 
-    **NOTE:** if you're updating from 1.3.6, and you're getting a 'password authentication failed' error, consider uninstalling 1.3.6 first, then install 2.x.x as you'd normally do.
+    ```bash
+    sudo chmod +x update.sh
+    ```
 
-### Changelog
+## Changelog
 
-[Please find the latest release notes and changelog here.](https://rengine.wiki/changelog/)
+For the latest updates and changes, please check our [changelog.](https://rengine.wiki/changelog/)
 
 ![-----------------------------------------------------](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/aqua.png)  
 
-### Screenshots
+## Screenshots
 
-#### Scan Results
+### Scan Results
 
 ![](.github/screenshots/scan_results.gif)
 
-#### General Usage
+### General Usage
 
 <img src="https://user-images.githubusercontent.com/17223002/164993781-b6012995-522b-480a-a8bf-911193d35894.gif">
 
-#### Initiating Subscan
+### Initiating Subscan
 
 <img src="https://user-images.githubusercontent.com/17223002/164993749-1ad343d6-8ce7-43d6-aee7-b3add0321da7.gif">
 
-#### Recon Data filtering
+### Recon Data filtering
 
 <img src="https://user-images.githubusercontent.com/17223002/164993687-b63f3de8-e033-4ac0-808e-a2aa377d3cf8.gif">
 
-#### Report Generation
+### Report Generation
 
 <img src="https://user-images.githubusercontent.com/17223002/164993689-c796c6cd-eb61-43f4-800d-08aba9740088.gif">
 
-#### Toolbox
+### Toolbox
 
 <img src="https://user-images.githubusercontent.com/17223002/164993751-d687e88a-eb79-440f-9dc0-0ad006901620.gif">
 
-#### Adding Custom tool in Tools Arsenal
+### Adding Custom tool in Tools Arsenal
 
 <img src="https://user-images.githubusercontent.com/17223002/164993670-466f6459-9499-498b-a9bd-526476d735a7.gif">
 
 ![-----------------------------------------------------](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/aqua.png)
 
-### Contributing
+## Contributing
+
+We welcome contributions of all sizes! The open-source community thrives on collaboration, and your input is invaluable. Whether you're fixing a typo, improving UI, or adding new features, every contribution matters.
+
+How you can contribute:
+  * Code improvements
+  * Documentation updates
+  * Bug reports and fixes
+  * New feature suggestions and implementations
+  * UI/UX enhancements
 
-Contributions are what make the open-source community such an amazing place to learn, inspire and create. Every contribution you make is **greatly appreciated**. Your contributions can be as simple as fixing the indentation or UI, or as complex as adding new modules and features.
+To get started:
 
-See the [Contributing Guide](.github/CONTRIBUTING.md) to get started.
+  1. Check our [Contributing Guide](.github/CONTRIBUTING.md)
+  2. Pick an [open issue](https://github.com/yogeshojha/rengine/issues) or propose a new one
+  3. Fork the repository and create your branch
+  4. Make your changes and submit a pull request
 
-You can also [join our Discord channel #development](https://discord.gg/JuhHdHTtwd) for any development related questions.
+Remember, no contribution is too small. Your efforts help make reNgine better for everyone!
 
 ![-----------------------------------------------------](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/aqua.png)
 
-### Submitting issues
+## Submitting issues
 
-You can submit issues related to this project, but you should do it in a way that helps developers to resolve it as quickly as possible.
+When submitting issues, provide as much valuable information as possible to help developers resolve the problem quickly. Follow these steps to gather detailed debug information:
 
-For that, you need to add as much valuable information as possible.
+1. Enable Debug Mode:
+   - Edit `web/entrypoint.sh` in the project root
+   - Add `export DEBUG=1` at the top of the file:
+     ```bash
+     #!/bin/bash
 
-You can have this valuable information by following these steps:
+     export DEBUG=1
 
-- Go to the root of the git cloned project
-- Edit `web/entrypoint.sh` and add `export DEBUG=1` at the top
-This should give you this result
+     python3 manage.py migrate
+     python3 manage.py runserver 0.0.0.0:8000
 
-  ```python
-  #!/bin/bash
+     exec "$@"
+     ```
+   - Restart the web container: `docker-compose restart web`
 
-  export DEBUG=1
+2. View Debug Output:
+   - Run `make logs` to see the full stack trace
+   - Check the browser's developer console for XHR requests with 500 errors
 
-  python3 manage.py migrate
-  python3 manage.py runserver 0.0.0.0:8000
+3. Example Debug Output:
+    ```
+    web_1          |   File "/usr/local/lib/python3.10/dist-packages/celery/app/task.py", line 411, in __call__
+    web_1          |     return self.run(*args, **kwargs)
+    web_1          | TypeError: run_command() got an unexpected keyword argument 'echo'
+    ```
 
-  exec "$@"
-  ```
-- Restart the web container: `docker-compose restart web`
-- To deactivate, set **DEBUG** to **0** and restart the web container again
+4. Submit Your Issue:
+    - Include the full stack trace in your GitHub issue
+    - Describe the steps to reproduce the problem
+    - Mention any relevant system information
 
-Then, with **DEBUG** set to **1**, in the `make logs` output you could see the full stack trace to debug reNgine.
+5. Disable Debug Mode:
+    - Set `DEBUG=0` in `web/entrypoint.sh`
+    - Restart the web container
 
-Example with the tool arsenal version check API bug.
+By providing this detailed information, you significantly help developers identify and fix issues more efficiently.
 
-```
-web_1          |   File "/usr/local/lib/python3.10/dist-packages/celery/app/task.py", line 411, in __call__
-web_1          |     return self.run(*args, **kwargs)
-web_1          | TypeError: run_command() got an unexpected keyword argument 'echo'
-```
-Now you know the real error is `TypeError: run_command() got an unexpected keyword argument 'echo'`
+![-----------------------------------------------------](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/aqua.png)
 
-And you can post the full stack trace to your newly created issue to help developers to track the root cause of the bug and correct the bug easily
+## First-time Open Source contributors
 
-**Activating debug like this also give you the full stack trace in the browser** instead of an error 500 without any details.
-So don't forget to open the developer console and check for any XHR request with error 500.
-If there's any, check the response of this request to get your detailed error.
+reNgine is an open-source project that welcomes contributors of all experience levels, including beginners. If you've never contributed to open source before, we encourage you to start here!
 
-<img src="https://user-images.githubusercontent.com/1230954/276260955-ed1e1168-7c8f-43a3-b54d-b6285d52b771.png">
+* We're proud to support your first Pull Request (PR)
+* Check our [open issues](https://github.com/yogeshojha/rengine/issues) for starter-friendly tasks
+* Don't hesitate to ask questions in our community channels
 
-Happy issuing ;)
+Your contribution, no matter how small, is valuable to us.
 
 ![-----------------------------------------------------](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/aqua.png)
 
-### First-time Open Source contributors
+## reNgine Support
 
-Please note that reNgine is beginner-friendly. If you have never done open-source before, we encourage you to do so. **We will be happy and proud of your first PR ever.**
+Before seeking support:
 
-You can start by resolving any [open issues](https://github.com/yogeshojha/rengine/issues).
+* Please carefully read the README and documentation at [rengine.wiki](https://rengine.wiki).
+* Most common questions and issues are addressed there.
 
-![-----------------------------------------------------](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/aqua.png)
+If you still need assistance:
+
+* Do not use GitHub issues for support requests.
+* Join our [community-maintained Discord channel](https://discord.gg/azv6fzhNCE).
 
-### reNgine Support
+Please note:
+* The Discord channel is maintained by the community.
+* While we strive to help, there's no guarantee of support or response time.
+* For confirmed bugs or feature requests, consider opening a GitHub issue.
 
-Please do not use GitHub for support requests. Instead, [join our Discord channel #support](https://discord.gg/azv6fzhNCE).
 
 ![-----------------------------------------------------](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/aqua.png)
 
-### Support and Sponsoring
+## Support and Sponsoring
 
-Over the past few years, I have been working hard on reNgine to add new features with the sole aim of making it the de facto standard for reconnaissance. I spend most of my free time and weekends working on reNgine. I do this in addition to my day job. I am happy to have received such overwhelming support from the community. To keep this project alive, you may
+reNgine is a passion project developed in my free time, alongside my day job. Your support helps keep this project alive and growing. Here's how you can contribute:
 
 * Add a [GitHub Star](https://github.com/yogeshojha/rengine) to the project.
-* Tweet about this project, or maybe blogs?
-* Maybe nominate me for [GitHub Stars?](https://stars.github.com/nominate/)
-* Join DigitalOcean using my [referral link](https://m.do.co/c/e353502d19fc) your profit is **$100** and I get $25 DO credit. This will help me test reNgine on VPS before I release any major features.
+* Share about reNgine on social media or in blog posts
+* Nominate me for [GitHub Stars?](https://stars.github.com/nominate/)
+* Use my [DigitalOcean referral link](https://m.do.co/c/e353502d19fc) to get $100 credit (I receive $25)
 
-It takes a considerable amount of time to add new features and make sure everything works. Donating is your way of saying: **reNgine is awesome**.
+Your support, whether through donations or simply giving a star, tells me that reNgine is valuable to you. It motivates me to continue improving and adding features to make reNgine the go-to tool for reconnaissance.
 
-Any support is greatly appreciated! Thank you!
+Thank you for your support!
 
 ![-----------------------------------------------------](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/aqua.png)
 
-### License
+## License
 
 Distributed under the GNU GPL v3 License. See [LICENSE](LICENSE) for more information.
 
 ![-----------------------------------------------------](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/aqua.png)
 
-<p align="right">(ChatGPT was used to write some or most part of this README section.)</p>
+<p align="right"><i>Note: Parts of this README were written or refined using AI language models such as ChatGPT, Claude, or other LLMs.</i></p>

From c17b5028b75aab902a7fb816797cdc07c8b369d5 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 23 Jul 2024 07:52:49 +0530
Subject: [PATCH 022/211] fix headers

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index ee2e27261..b578d4bf4 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,7 @@
 </p>
 
 <p align="center">
-  <h1>reNgine: The Ultimate Web Reconnaissance & Vulnerability Scanner 🚀</h1>
+  <h3>reNgine: The Ultimate Web Reconnaissance & Vulnerability Scanner 🚀</h3>
 </p>
 
 <p align="center"><a href="https://github.com/yogeshojha/rengine/releases" target="_blank"><img src="https://img.shields.io/badge/version-v2.1.1-informational?&logo=none" alt="reNgine Latest Version" /></a>&nbsp;<a href="https://www.gnu.org/licenses/gpl-3.0" target="_blank"><img src="https://img.shields.io/badge/License-GPLv3-red.svg?&logo=none" alt="License" /></a>&nbsp;<a href="#" target="_blank"><img src="https://img.shields.io/badge/first--timers--only-friendly-blue.svg?&logo=none" alt="" /></a></p>

From 57906f24d78b0696a9c3f46eae99a93d852ee41c Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 23 Jul 2024 08:33:50 +0530
Subject: [PATCH 023/211] update security

---
 .github/SECURITY.md | 40 ++++++++++++++++++++--------------------
 README.md           | 32 ++++++++++++++++++++++++++++++--
 2 files changed, 50 insertions(+), 22 deletions(-)

diff --git a/.github/SECURITY.md b/.github/SECURITY.md
index 75d9785d6..a9acb291d 100644
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@@ -1,29 +1,39 @@
 # Security Policy
-[![huntr](https://cdn.huntr.dev/huntr_security_badge_mono.svg)](https://huntr.dev/bounties/disclose/?target=https%3A%2F%2Fgithub.com%2Fyogeshojha%2Frengine)
 
-Security Researchers, welcome onboard! I am excited to announce bug bounty program for reNgine in collaboration with [huntr.dev](https://huntr.dev), this means you'll be rewarded for any security vulnerabilities discovered in reNgine.
+We appreciate your efforts to responsibly disclose your findings and will make every effort to acknowledge your contributions.
 
-Thank you for your interest in reporting vulnerabilities to reNgine! If you are aware of potential security vulnerabilities within reNgine, we encourage you to report immediately via [huntr.dev](https://huntr.dev/bounties/disclose/?target=https%3A%2F%2Fgithub.com%2Fyogeshojha%2Frengine)
+To report a security vulnerability, please follow these steps:
 
-**Please do not disclose any vulnerabilities via Github Issues/Blogs/Tweets after/before reporting on huntr.dev as it is explicitly against huntr.dev and reNgine disclosure policy and will not be eligible for monetary rewards.**
+1. **Do Not** disclose the vulnerability publicly on GitHub issues or any other public forum.
 
-Please note that the maintainer of reNgine does not determine the bounty amount.
-The bounty reward is determined by industry-first equation from huntr.dev to understand the popularity, impact and value of repositories to the open source community.
+2. Go to the [Security tab](https://github.com/yogeshojha/rengine/security) of the reNgine repository.
+
+3. Click on "Report a vulnerability" to open GitHub's private vulnerability reporting form.
+
+4. Provide a detailed description of the vulnerability, including:
+   - Steps to reproduce
+   - Potential impact
+   - Any suggested fixes or mitigations (if you have them)
+
+5. I will review your report and respond as quickly as possible, usually within 48-72 hours.
+
+6. Please allow some time to investigate and address the vulnerability before disclosing it to others.
+
+We are committed to working with security researchers to verify and address any potential vulnerabilities reported to us. After fixing the issue, we will publicly acknowledge your responsible disclosure, unless you prefer to remain anonymous.
+
+Thank you for helping to keep reNgine and its users safe!
 
 **What do we expect from security researchers?**
 
 * Patience: Please note that currently I am the only maintainer in reNgine and will take sometime to validate your report. I request your patience throughout the process.
 * Respect Privacy and Security Reports: Please do not disclose any vulnerabilities in public (this also includes github issues) before or after reporting on huntr.dev! That is against the disclosure policy and will not be eligible for monetary rewards.
-* Respect the rules
 
 **What do I get in return?**
 
-* Much thanks from Maintainer
+* Much thanks from Maintainer and the community
 * Monetary Rewards
 * CVE ID(s)
 
-Please find the [FAQ](https://www.huntr.dev/faq) and [Responsible disclosure policy](https://www.huntr.dev/policy/) from huntr.dev.
-
 ## Past Security Vulnerabilities
 
 Thanks to these individuals for reporting Security Issues in reNgine.
@@ -61,13 +71,3 @@ Thanks to these individuals for reporting Security Issues in reNgine.
 * [LOW] [Stored XSS](https://huntr.dev/bounties/81c48a07-9cb8-4da8-babc-28a4076a5e92/) on Nuclei Template Summary via maliclous Nuclei Template, Reported by [Walleson Moura](https://github.com/phor3nsic)
 
 * [MEDIUM] [Path Traversal/LFI](https://huntr.dev/bounties/5df1a485-7a1e-411d-9664-0f4343e8512a/), reported by [Koen Molenaar](https://github.com/k0enm)
-
-
-
-
-
-**reNgine thanks the following people for making a responsible disclosure and helping the community make reNgine safer!**
-
-* [onemishra](https://github.com/omemishra)
-* [Arif Khan, payloadartist](https://twitter.com/payloadartist)
-* [Binit Ghimire](https://github.com/TheBinitGhimire)
diff --git a/README.md b/README.md
index b578d4bf4..e022d6baa 100644
--- a/README.md
+++ b/README.md
@@ -65,7 +65,7 @@ Detailed documentation available at [https://rengine.wiki](https://rengine.wiki)
 * [Contributing](#contributing)
 * [reNgine Support](#rengine-support)
 * [Support and Sponsoring](#support-and-sponsoring)
-* [reNgine Bug Bounty Program](#rengine-bug-bounty-program)
+* [Reporting Security Vulnerabilities](#reporting-security-vulnerabilities)
 * [License](#license)
 
 ![-----------------------------------------------------](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/aqua.png)
@@ -524,4 +524,32 @@ Distributed under the GNU GPL v3 License. See [LICENSE](LICENSE) for more inform
 
 ![-----------------------------------------------------](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/aqua.png)
 
-<p align="right"><i>Note: Parts of this README were written or refined using AI language models such as ChatGPT, Claude, or other LLMs.</i></p>
+
+## Reporting Security Vulnerabilities
+
+We appreciate your efforts to responsibly disclose your findings and will make every effort to acknowledge your contributions.
+
+To report a security vulnerability, please follow these steps:
+
+1. **Do Not** disclose the vulnerability publicly on GitHub issues or any other public forum.
+
+2. Go to the [Security tab](https://github.com/yogeshojha/rengine/security) of the reNgine repository.
+
+3. Click on "Report a vulnerability" to open GitHub's private vulnerability reporting form.
+
+4. Provide a detailed description of the vulnerability, including:
+   - Steps to reproduce
+   - Potential impact
+   - Any suggested fixes or mitigations (if you have them)
+
+5. I will review your report and respond as quickly as possible, usually within 48-72 hours.
+
+6. Please allow some time to investigate and address the vulnerability before disclosing it to others.
+
+We are committed to working with security researchers to verify and address any potential vulnerabilities reported to us. After fixing the issue, we will publicly acknowledge your responsible disclosure, unless you prefer to remain anonymous.
+
+Thank you for helping to keep reNgine and its users safe!
+
+![-----------------------------------------------------](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/aqua.png)
+
+<p align="right"><i>Note: Parts of this README were written or refined using AI language models.</i></p>

From 2a9e199f95053843684cf92c39d27ce272ea16e0 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 23 Jul 2024 06:52:44 +0530
Subject: [PATCH 024/211] Fix command injection in WAF Detector

---
 web/api/views.py | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/web/api/views.py b/web/api/views.py
index b914ac4ad..f5e2ffc6f 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -1,6 +1,7 @@
 import logging
 import re
 import socket
+import shlex
 import subprocess
 from ipaddress import IPv4Network
 
@@ -269,12 +270,22 @@ def get(self, request):
 		response = {}
 		response['status'] = False
 
-		wafw00f_command = f'wafw00f {url}'
-		output = subprocess.check_output(wafw00f_command, shell=True)
+		# validate url as a first step to avoid command injection
+		if not (validators.url(url) or validators.domain(url)):
+			response['message'] = 'Invalid Domain/URL provided!'
+			return Response(response)
+		
+		# valid domain or url provided now run wafw00f
+		# escape the url using shlex
+		safe_url = shlex.quote(url)
+
+		wafw00f_command = ['wafw00f', safe_url]
+		output = subprocess.check_output(wafw00f_command, stderr=subprocess.STDOUT, text=True)
+		ansi_escape = re.compile(r'\x1B(?:[@-Z\\-_]|\[[0-?]*[ -/]*[@-~])')
+		clean_output = ansi_escape.sub('', output)
 		# use regex to get the waf
-		regex = "behind \\\\x1b\[1;96m(.*)\\\\x1b"
-		group = re.search(regex, str(output))
-
+		regex = r"behind (.*?) WAF"
+		group = re.search(regex, clean_output)
 		if group:
 			response['status'] = True
 			response['results'] = group.group(1)

From e5e8142d5d17c7bffdc35ccb9f9a20d9b7e93c46 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 23 Jul 2024 07:01:43 +0530
Subject: [PATCH 025/211] use existing run command

---
 web/api/views.py | 20 ++++++++------------
 1 file changed, 8 insertions(+), 12 deletions(-)

diff --git a/web/api/views.py b/web/api/views.py
index f5e2ffc6f..9616228f8 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -1,8 +1,6 @@
 import logging
 import re
 import socket
-import shlex
-import subprocess
 from ipaddress import IPv4Network
 
 import requests
@@ -275,17 +273,10 @@ def get(self, request):
 			response['message'] = 'Invalid Domain/URL provided!'
 			return Response(response)
 		
-		# valid domain or url provided now run wafw00f
-		# escape the url using shlex
-		safe_url = shlex.quote(url)
-
-		wafw00f_command = ['wafw00f', safe_url]
-		output = subprocess.check_output(wafw00f_command, stderr=subprocess.STDOUT, text=True)
-		ansi_escape = re.compile(r'\x1B(?:[@-Z\\-_]|\[[0-?]*[ -/]*[@-~])')
-		clean_output = ansi_escape.sub('', output)
-		# use regex to get the waf
+		wafw00f_command = f'wafw00f {url}'
+		_, output = run_command(wafw00f_command, remove_ansi_sequence=True)
 		regex = r"behind (.*?) WAF"
-		group = re.search(regex, clean_output)
+		group = re.search(regex, output)
 		if group:
 			response['status'] = True
 			response['results'] = group.group(1)
@@ -1166,6 +1157,11 @@ def get(self, request):
 		url = req.query_params.get('url')
 		#save_db = True if 'save_db' in req.query_params else False
 		response = {'status': False}
+
+		if not (validators.url(url) or validators.domain(url)):
+			response['message'] = 'Invalid Domain/URL provided!'
+			return Response(response)
+
 		try:
 			# response = get_cms_details(url)
 			response = {}

From f890c61f56d7a20f602b6bb57284c155533d2473 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 23 Jul 2024 07:02:00 +0530
Subject: [PATCH 026/211] fix command injection in netlas whois lookup

---
 web/reNgine/tasks.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/reNgine/tasks.py b/web/reNgine/tasks.py
index cd616e464..7ab9ed963 100644
--- a/web/reNgine/tasks.py
+++ b/web/reNgine/tasks.py
@@ -3840,7 +3840,7 @@ def query_whois(ip_domain, force_reload_whois=False):
 		netlas_key = get_netlas_key()
 		command += f' -a {netlas_key}' if netlas_key else ''
 
-		result = subprocess.check_output(command.split()).decode('utf-8')
+		_, result = run_command(command, remove_ansi_sequence=True)
 		if 'Failed to parse response data' in result:
 			# do fallback
 			return {

From 1dbc683ba5cbd74ea39f7dfdd98ac528971a3bb0 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 23 Jul 2024 07:14:14 +0530
Subject: [PATCH 027/211] update security

---
 .github/SECURITY.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/SECURITY.md b/.github/SECURITY.md
index a9acb291d..ed2632d15 100644
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@@ -38,6 +38,10 @@ Thank you for helping to keep reNgine and its users safe!
 
 Thanks to these individuals for reporting Security Issues in reNgine.
 
+### 2024
+
+* [HIGH] [Command Injection](https://github.com/yogeshojha/rengine/security/advisories/GHSA-fx7f-f735-vgh4) in Waf Detector, Reported by [n-thumann](https://github.com/n-thumann)
+
 ### 2022
 
 * [HIGH] [Blind command injection](https://huntr.dev/bounties/b255cf59-9ecd-4255-b9a2-b40b5ec6c572/) in CMS Detector, Reported by [Abdulrahman Abdullah](https://github.com/ph33rr)

From 326d4f1fff6fdde3b526b3dea819a712cfe69309 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 26 Jul 2024 09:19:23 +0530
Subject: [PATCH 028/211] fix slug for organization scan

---
 web/startScan/views.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/startScan/views.py b/web/startScan/views.py
index ac08da282..189165d89 100644
--- a/web/startScan/views.py
+++ b/web/startScan/views.py
@@ -797,7 +797,7 @@ def schedule_organization_scan(request, slug, id):
             messages.INFO,
             f'Scan started for {ndomains} domains in organization {organization.name}'
         )
-        return HttpResponseRedirect(reverse('scheduled_scan_view', kwargs={'slug': slug, 'id': id}))
+        return HttpResponseRedirect(reverse('scheduled_scan_view', kwargs={'slug': slug}))
 
     # GET request
     engine = EngineType.objects

From b83260d3ea06d201e3bbe1c5bf99eeb0932ab82c Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sun, 28 Jul 2024 07:34:43 +0530
Subject: [PATCH 029/211] fix hackerone test api key

---
 web/scanEngine/views.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/web/scanEngine/views.py b/web/scanEngine/views.py
index bed9c8d63..177a44066 100644
--- a/web/scanEngine/views.py
+++ b/web/scanEngine/views.py
@@ -361,8 +361,7 @@ def proxy_settings(request, slug):
 
 
 @has_permission_decorator(PERM_MODIFY_SCAN_CONFIGURATIONS, redirect_url=FOUR_OH_FOUR_URL)
-def test_hackerone(request):
-    context = {}
+def test_hackerone(request, slug):
     if request.method == "POST":
         headers = {
             'Accept': 'application/json'

From f3f02b81ce69435ed37e797ba8953e87a04c1d74 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sun, 28 Jul 2024 07:41:03 +0530
Subject: [PATCH 030/211] fix grouping title

---
 web/templates/base/_items/endpoint_tab_content.html  | 2 +-
 web/templates/base/_items/subdomain_tab_content.html | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/web/templates/base/_items/endpoint_tab_content.html b/web/templates/base/_items/endpoint_tab_content.html
index 88fa40f76..126380e4b 100644
--- a/web/templates/base/_items/endpoint_tab_content.html
+++ b/web/templates/base/_items/endpoint_tab_content.html
@@ -22,7 +22,7 @@
 				<div class="row">
 					<div class="col-12">
 						<div class="btn-group mb-2 float-end dropstart">
-							<button class="btn btn-soft-info dropdown-toggle ms-1" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false" data-toggle="tooltip" data-placement="left" title="Vulnerability Grouping">
+							<button class="btn btn-soft-info dropdown-toggle ms-1" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false" data-toggle="tooltip" data-placement="left" title="Endpoint Grouping">
 								<i class="fe-layout"></i>
 							</button>
 							<div class="dropdown-menu" style="">
diff --git a/web/templates/base/_items/subdomain_tab_content.html b/web/templates/base/_items/subdomain_tab_content.html
index 6c6ef6568..79df41bc3 100644
--- a/web/templates/base/_items/subdomain_tab_content.html
+++ b/web/templates/base/_items/subdomain_tab_content.html
@@ -126,7 +126,7 @@
 
 						</div>
 						<div class="btn-group mb-2 float-end dropstart">
-							<button class="btn btn-soft-info dropdown-toggle ms-1" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false" data-toggle="tooltip" data-placement="left" title="Vulnerability Grouping">
+							<button class="btn btn-soft-info dropdown-toggle ms-1" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false" data-toggle="tooltip" data-placement="left" title="Subdomain Grouping">
 								<i class="fe-layout"></i>
 							</button>
 							<div class="dropdown-menu" style="">

From 9dab7b4f4517fa9a0d8a477c964953ca2e59e5a3 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sun, 28 Jul 2024 08:13:48 +0530
Subject: [PATCH 031/211] fix input box color when disabled

---
 web/static/custom/custom.css | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/web/static/custom/custom.css b/web/static/custom/custom.css
index dcca77511..9b47d515e 100644
--- a/web/static/custom/custom.css
+++ b/web/static/custom/custom.css
@@ -71,11 +71,15 @@ input[type="color"]:focus,
 }
 
 input[type="text"][disabled] {
-  background-color: #dddddd;
+  background-color: #2a2d35;
+  color: #5a6071;
+  border-color: #3a3f4a;
 }
 
 form-control:disabled, .form-control[readonly]{
-  background-color: #dddddd;
+  background-color: #2a2d35;
+  color: #5a6071;
+  border-color: #3a3f4a;
 }
 
 .accordion-item{

From dbad1766aed902b6f006252a94acbcbe64b1cd23 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sun, 28 Jul 2024 08:35:40 +0530
Subject: [PATCH 032/211] fix ui buttons on organization list

---
 .../templates/organization/list.html          | 49 ++++++++-----------
 1 file changed, 21 insertions(+), 28 deletions(-)

diff --git a/web/targetApp/templates/organization/list.html b/web/targetApp/templates/organization/list.html
index 092f5adf4..e204337b1 100644
--- a/web/targetApp/templates/organization/list.html
+++ b/web/targetApp/templates/organization/list.html
@@ -57,34 +57,27 @@
             <td class="text-center"><span class="badge bg-primary badge-link" onclick="get_target_modal({{organization.id}})">{{organization.get_domains.count}}</span></td>
             <td class="text-center"><span data-toggle="tooltip" data-placement="top" title="{{organization.insert_date}}">{{organization.insert_date|naturaltime}}</span></td></td>
             <td class="text-center">
-              {% if user|can:'initiate_scans_subscans' %}
-              <a href="/scan/{{current_project.slug}}/start/organization/{{organization.id}}" data-toggle="tooltip" data-placement="top" title="Quick Scan Entire Organization">
-                <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" class="feather table-scan feather-zap" id="myInput" value="helloworld">
-                  <polygon points="13 2 3 14 12 14 11 22 21 10 12 10 13 2"></polygon>
-                </svg>
-              </a>
-              {% endif %}
-              {% if user|can:'initiate_scans_subscans' %}
-              <a href="{% url 'schedule_organization_scan' current_project.slug organization.id %}" class="open-domain" data-toggle="tooltip" data-placement="top" title="Schedule Scan">
-                <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" class="feather feather-watch table-schedule"><circle cx="12" cy="12" r="7"></circle><polyline points="12 9 12 12 13.5 13.5"></polyline><path d="M16.51 17.35l-.35 3.83a2 2 0 0 1-2 1.82H9.83a2 2 0 0 1-2-1.82l-.35-3.83m.01-10.7l.35-3.83A2 2 0 0 1 9.83 1h4.35a2 2 0 0 1 2 1.82l.35 3.83"></path></svg>
-              </a>
-              {% endif %}
-              {% if user|can:'modify_targets' %}
-              <a href="/target/{{current_project.slug}}/update/organization/{{organization.id}}" class="text-primary open-domain" data-toggle="tooltip" data-placement="top" title="Update Organization">
-                <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" class="feather table-edit feather-edit-2">
-                  <path d="M17 3a2.828 2.828 0 1 1 4 4L7.5 20.5 2 22l1.5-5.5L17 3z"></path>
-                </svg>
-              </a>
-              {% endif %}
-              {% if user|can:'modify_targets' %}
-              <a onclick="delete_organization({{ organization.id }})" class="text-danger" href="#" data-toggle="tooltip" data-placement="top" title="Delete Organization">
-                <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" class="feather table-delete feather-x-circle">
-                  <circle cx="12" cy="12" r="10"></circle>
-                  <line x1="15" y1="9" x2="9" y2="15"></line>
-                  <line x1="9" y1="9" x2="15" y2="15"></line>
-                </svg>
-              </a>
-              {% endif %}
+              <div class-"btn-group float-end">
+                {% if user|can:'initiate_scans_subscans' %}
+                  <a href="/scan/{{current_project.slug}}/start/organization/{{organization.id}}" class="btn btn-soft-primary"><i class="fe-zap"></i>&nbsp;&nbsp;Initiate Scan</a>
+                {% endif %}
+                <div class="btn-group dropstart" role="group">
+                  <button type="button" class="btn btn-soft-primary dropdown-toggle dropdown-toggle-split" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+                    <i class="mdi mdi-chevron-right"></i>
+                  </button>
+                  <div class="dropdown-menu" style="">
+                    {% if user|can:'initiate_scans_subscans' %}
+                      <a class="dropdown-item" href="{% url 'schedule_organization_scan' current_project.slug organization.id %}"><i class="fe-clock"></i>&nbsp;&nbsp;Schedule Scan</a>
+                    {% endif %}
+                    {% if user|can:'modify_targets' %}
+                      <a class="dropdown-item" href="/target/{{current_project.slug}}/update/organization/{{organization.id}}"><i class="fe-edit-2"></i>&nbsp;&nbsp;Edit Target</a>
+                    {% endif %}
+                    {% if user|can:'modify_targets' %}
+                    <a class="dropdown-item text-danger" href="#" onclick="delete_organization({{ organization.id }})"><i class="fe-trash-2"></i>&nbsp;&nbsp;Delete target</a>
+                    {% endif %}
+                  </div>
+                <div>
+              </div>
             </td>
           </tr>
           {% endfor %}

From 15346c2fb3c5d54e624ad2bd539b9b286b4d6ae1 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sun, 28 Jul 2024 08:45:51 +0530
Subject: [PATCH 033/211] fix dark theme  headers

---
 .../templates/organization/start_scan.html    |  2 +-
 .../plugins/accordions/custom-accordions.css  | 24 ++++---------------
 2 files changed, 5 insertions(+), 21 deletions(-)

diff --git a/web/startScan/templates/organization/start_scan.html b/web/startScan/templates/organization/start_scan.html
index 96c932832..555ca9fe0 100644
--- a/web/startScan/templates/organization/start_scan.html
+++ b/web/startScan/templates/organization/start_scan.html
@@ -27,7 +27,7 @@
       <div class="card-body">
         <h4 class="heading-title">{{ domain_list|length }} Domains associated with organization {{organization.name}}</h4>
         {% for domain in domain_list %}
-        <span class="badge bg-dark m-1">{{domain.name}}</span>
+        <span class="badge bg-soft-dark text-dark m-1">{{domain.name}}</span>
         {% endfor %}
         <form method="POST">
           {% csrf_token %}
diff --git a/web/static/plugins/accordions/custom-accordions.css b/web/static/plugins/accordions/custom-accordions.css
index 62be8064a..88dfd43d8 100644
--- a/web/static/plugins/accordions/custom-accordions.css
+++ b/web/static/plugins/accordions/custom-accordions.css
@@ -1,19 +1,3 @@
-/*
-	===============================
-			@Import	Function
-	===============================
-*/
-/*
-	===============================
-			@Import	Mixins
-	===============================
-*/
-h1, h2, h3, h4, h5, h6 {
-  color: #3b3f5c; }
-
-/*
-    Basic
-*/
 .card {
   border: 1px solid #d3d3d3;
   border-radius: 6px;
@@ -68,8 +52,8 @@ h1, h2, h3, h4, h5, h6 {
       .card .card-body ul li a:hover {
         color: #4361ee; }
 
-/*
-    No Outer Spacing
+/*
+    No Outer Spacing
 */
 .no-outer-spacing {
   border: 1px solid #d3d3d3;
@@ -89,8 +73,8 @@ h1, h2, h3, h4, h5, h6 {
   .no-outer-spacing .card-header section > div:not(.collapsed) {
     border-bottom: none; }
 
-/*
-    Accordin with Icons
+/*
+    Accordin with Icons
 */
 .accordion-icons .accordion-icon {
   display: inline-block;

From d0c2ddd872b7b65f78d8b0c3f8df587a73c004bf Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sun, 28 Jul 2024 09:07:02 +0530
Subject: [PATCH 034/211] remove border

---
 web/static/custom/custom.css                    |  2 +-
 web/static/plugins/jquery-step/jquery.steps.css | 10 ++++------
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/web/static/custom/custom.css b/web/static/custom/custom.css
index 9b47d515e..62fa837de 100644
--- a/web/static/custom/custom.css
+++ b/web/static/custom/custom.css
@@ -394,4 +394,4 @@ mark{
 .tab-content .card-body {
   padding-left: 0.8rem !important;
   padding-right: 0.8rem !important;
-}
+}
\ No newline at end of file
diff --git a/web/static/plugins/jquery-step/jquery.steps.css b/web/static/plugins/jquery-step/jquery.steps.css
index 28d9e607a..3f604a92a 100644
--- a/web/static/plugins/jquery-step/jquery.steps.css
+++ b/web/static/plugins/jquery-step/jquery.steps.css
@@ -20,8 +20,8 @@
   position: absolute;
   left: -999em; }
 
-/*
-    Wizard
+/*
+    Wizard
 */
 .wizard > .steps {
   position: relative;
@@ -183,8 +183,8 @@
     background: #ebedf2;
     color: #888ea8; }
 
-/*
-    Tabcontrol
+/*
+    Tabcontrol
 */
 .tabcontrol > .steps {
   position: relative;
@@ -427,13 +427,11 @@
     border: solid 1px #bfc9d4; }
 
 .pill.wizard > .steps a {
-  border-bottom: 2px solid #f1f2f3;
   font-size: 15px;
   font-weight: 600;
   margin-right: 6px;
   border-radius: 20px; }
   .pill.wizard > .steps a:hover, .pill.wizard > .steps a:active {
-    border-bottom: 2px solid #f1f2f3;
     font-size: 15px;
     font-weight: 600;
     margin-right: 6px;

From 26aca5433b0d2212be3aa0003e35ca8396ae6b17 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sun, 28 Jul 2024 09:38:27 +0530
Subject: [PATCH 035/211] fix muted color

---
 web/static/custom/custom.css              |   14 +-
 web/static/plugins/select2/select2.min.js | 2604 +--------------------
 2 files changed, 9 insertions(+), 2609 deletions(-)

diff --git a/web/static/custom/custom.css b/web/static/custom/custom.css
index 62fa837de..03373be25 100644
--- a/web/static/custom/custom.css
+++ b/web/static/custom/custom.css
@@ -71,15 +71,15 @@ input[type="color"]:focus,
 }
 
 input[type="text"][disabled] {
-  background-color: #2a2d35;
-  color: #5a6071;
-  border-color: #3a3f4a;
+  background-color: #E0E0E0;
+  color: #6C6C6C;
+  border-color: #BDBDBD;
 }
 
-form-control:disabled, .form-control[readonly]{
-  background-color: #2a2d35;
-  color: #5a6071;
-  border-color: #3a3f4a;
+.form-control:disabled, .form-control[readonly] {
+  background-color: #E0E0E0;
+  color: #6C6C6C;
+  border-color: #BDBDBD;
 }
 
 .accordion-item{
diff --git a/web/static/plugins/select2/select2.min.js b/web/static/plugins/select2/select2.min.js
index 9ad6497ed..3247adb7a 100644
--- a/web/static/plugins/select2/select2.min.js
+++ b/web/static/plugins/select2/select2.min.js
@@ -1,2602 +1,2 @@
-/*! Select2 4.0.6-rc.1 | https://github.com/select2/select2/blob/master/LICENSE.md */ ! function(a) {
-"function" == typeof define && define.amd ? define(["jquery"], a) : "object" == typeof module && module.exports ? module.exports = function(b, c) {
-  return void 0 === c && (c = "undefined" != typeof window ? require("jquery") : require("jquery")(b)), a(c), c
-} : a(jQuery)
-}(function(a) {
-  var b = function() {
-    if (a && a.fn && a.fn.select2 && a.fn.select2.amd) var b = a.fn.select2.amd;
-    var b;
-    return function() {
-      if (!b || !b.requirejs) {
-        b ? c = b : b = {};
-        var a, c, d;
-        ! function(b) {
-          function e(a, b) {
-            return v.call(a, b)
-          }
-
-          function f(a, b) {
-            var c, d, e, f, g, h, i, j, k, l, m, n, o = b && b.split("/"),
-            p = t.map,
-            q = p && p["*"] || {};
-            if (a) {
-              for (a = a.split("/"), g = a.length - 1, t.nodeIdCompat && x.test(a[g]) && (a[g] = a[g].replace(x, "")), "." === a[0].charAt(0) && o && (n = o.slice(0, o.length - 1), a = n.concat(a)), k = 0; k < a.length; k++)
-              if ("." === (m = a[k])) a.splice(k, 1), k -= 1;
-              else if (".." === m) {
-                if (0 === k || 1 === k && ".." === a[2] || ".." === a[k - 1]) continue;
-                k > 0 && (a.splice(k - 1, 2), k -= 2)
-              }
-              a = a.join("/")
-            }
-            if ((o || q) && p) {
-              for (c = a.split("/"), k = c.length; k > 0; k -= 1) {
-                if (d = c.slice(0, k).join("/"), o)
-                for (l = o.length; l > 0; l -= 1)
-                if ((e = p[o.slice(0, l).join("/")]) && (e = e[d])) {
-                  f = e, h = k;
-                  break
-                }
-                if (f) break;
-                !i && q && q[d] && (i = q[d], j = k)
-              }!f && i && (f = i, h = j), f && (c.splice(0, h, f), a = c.join("/"))
-            }
-            return a
-          }
-
-          function g(a, c) {
-            return function() {
-              var d = w.call(arguments, 0);
-              return "string" != typeof d[0] && 1 === d.length && d.push(null), o.apply(b, d.concat([a, c]))
-            }
-          }
-
-          function h(a) {
-            return function(b) {
-              return f(b, a)
-            }
-          }
-
-          function i(a) {
-            return function(b) {
-              r[a] = b
-            }
-          }
-
-          function j(a) {
-            if (e(s, a)) {
-              var c = s[a];
-              delete s[a], u[a] = !0, n.apply(b, c)
-            }
-            if (!e(r, a) && !e(u, a)) throw new Error("No " + a);
-            return r[a]
-          }
-
-          function k(a) {
-            var b, c = a ? a.indexOf("!") : -1;
-            return c > -1 && (b = a.substring(0, c), a = a.substring(c + 1, a.length)), [b, a]
-          }
-
-          function l(a) {
-            return a ? k(a) : []
-          }
-
-          function m(a) {
-            return function() {
-              return t && t.config && t.config[a] || {}
-            }
-          }
-          var n, o, p, q, r = {},
-          s = {},
-          t = {},
-          u = {},
-          v = Object.prototype.hasOwnProperty,
-          w = [].slice,
-          x = /\.js$/;
-          p = function(a, b) {
-            var c, d = k(a),
-            e = d[0],
-            g = b[1];
-            return a = d[1], e && (e = f(e, g), c = j(e)), e ? a = c && c.normalize ? c.normalize(a, h(g)) : f(a, g) : (a = f(a, g), d = k(a), e = d[0], a = d[1], e && (c = j(e))), {
-              f: e ? e + "!" + a : a,
-              n: a,
-              pr: e,
-              p: c
-            }
-          }, q = {
-            require: function(a) {
-              return g(a)
-            },
-            exports: function(a) {
-              var b = r[a];
-              return void 0 !== b ? b : r[a] = {}
-            },
-            module: function(a) {
-              return {
-                id: a,
-                uri: "",
-                exports: r[a],
-                config: m(a)
-              }
-            }
-          }, n = function(a, c, d, f) {
-            var h, k, m, n, o, t, v, w = [],
-            x = typeof d;
-            if (f = f || a, t = l(f), "undefined" === x || "function" === x) {
-              for (c = !c.length && d.length ? ["require", "exports", "module"] : c, o = 0; o < c.length; o += 1)
-              if (n = p(c[o], t), "require" === (k = n.f)) w[o] = q.require(a);
-              else if ("exports" === k) w[o] = q.exports(a), v = !0;
-              else if ("module" === k) h = w[o] = q.module(a);
-              else if (e(r, k) || e(s, k) || e(u, k)) w[o] = j(k);
-              else {
-                if (!n.p) throw new Error(a + " missing " + k);
-                n.p.load(n.n, g(f, !0), i(k), {}), w[o] = r[k]
-              }
-              m = d ? d.apply(r[a], w) : void 0, a && (h && h.exports !== b && h.exports !== r[a] ? r[a] = h.exports : m === b && v || (r[a] = m))
-            } else a && (r[a] = d)
-          }, a = c = o = function(a, c, d, e, f) {
-            if ("string" == typeof a) return q[a] ? q[a](c) : j(p(a, l(c)).f);
-            if (!a.splice) {
-              if (t = a, t.deps && o(t.deps, t.callback), !c) return;
-              c.splice ? (a = c, c = d, d = null) : a = b
-            }
-            return c = c || function() {}, "function" == typeof d && (d = e, e = f), e ? n(b, a, c, d) : setTimeout(function() {
-              n(b, a, c, d)
-            }, 4), o
-          }, o.config = function(a) {
-            return o(a)
-          }, a._defined = r, d = function(a, b, c) {
-            if ("string" != typeof a) throw new Error("See almond README: incorrect module build, no module name");
-            b.splice || (c = b, b = []), e(r, a) || e(s, a) || (s[a] = [a, b, c])
-          }, d.amd = {
-            jQuery: !0
-          }
-        }(), b.requirejs = a, b.require = c, b.define = d
-      }
-    }(), b.define("almond", function() {}), b.define("jquery", [], function() {
-      var b = a || $;
-      return null == b && console && console.error && console.error("Select2: An instance of jQuery or a jQuery-compatible library was not found. Make sure that you are including jQuery before Select2 on your web page."), b
-    }), b.define("select2/utils", ["jquery"], function(a) {
-      function b(a) {
-        var b = a.prototype,
-        c = [];
-        for (var d in b) {
-          "function" == typeof b[d] && ("constructor" !== d && c.push(d))
-        }
-        return c
-      }
-      var c = {};
-      c.Extend = function(a, b) {
-        function c() {
-          this.constructor = a
-        }
-        var d = {}.hasOwnProperty;
-        for (var e in b) d.call(b, e) && (a[e] = b[e]);
-        return c.prototype = b.prototype, a.prototype = new c, a.__super__ = b.prototype, a
-      }, c.Decorate = function(a, c) {
-        function d() {
-          var b = Array.prototype.unshift,
-          d = c.prototype.constructor.length,
-          e = a.prototype.constructor;
-          d > 0 && (b.call(arguments, a.prototype.constructor), e = c.prototype.constructor), e.apply(this, arguments)
-        }
-
-        function e() {
-          this.constructor = d
-        }
-        var f = b(c),
-        g = b(a);
-        c.displayName = a.displayName, d.prototype = new e;
-        for (var h = 0; h < g.length; h++) {
-          var i = g[h];
-          d.prototype[i] = a.prototype[i]
-        }
-        for (var j = (function(a) {
-          var b = function() {};
-          a in d.prototype && (b = d.prototype[a]);
-          var e = c.prototype[a];
-          return function() {
-            return Array.prototype.unshift.call(arguments, b), e.apply(this, arguments)
-          }
-        }), k = 0; k < f.length; k++) {
-          var l = f[k];
-          d.prototype[l] = j(l)
-        }
-        return d
-      };
-      var d = function() {
-        this.listeners = {}
-      };
-      d.prototype.on = function(a, b) {
-        this.listeners = this.listeners || {}, a in this.listeners ? this.listeners[a].push(b) : this.listeners[a] = [b]
-      }, d.prototype.trigger = function(a) {
-        var b = Array.prototype.slice,
-        c = b.call(arguments, 1);
-        this.listeners = this.listeners || {}, null == c && (c = []), 0 === c.length && c.push({}), c[0]._type = a, a in this.listeners && this.invoke(this.listeners[a], b.call(arguments, 1)), "*" in this.listeners && this.invoke(this.listeners["*"], arguments)
-      }, d.prototype.invoke = function(a, b) {
-        for (var c = 0, d = a.length; c < d; c++) a[c].apply(this, b)
-      }, c.Observable = d, c.generateChars = function(a) {
-        for (var b = "", c = 0; c < a; c++) {
-          b += Math.floor(36 * Math.random()).toString(36)
-        }
-        return b
-      }, c.bind = function(a, b) {
-        return function() {
-          a.apply(b, arguments)
-        }
-      }, c._convertData = function(a) {
-        for (var b in a) {
-          var c = b.split("-"),
-          d = a;
-          if (1 !== c.length) {
-            for (var e = 0; e < c.length; e++) {
-              var f = c[e];
-              f = f.substring(0, 1).toLowerCase() + f.substring(1), f in d || (d[f] = {}), e == c.length - 1 && (d[f] = a[b]), d = d[f]
-            }
-            delete a[b]
-          }
-        }
-        return a
-      }, c.hasScroll = function(b, c) {
-        var d = a(c),
-        e = c.style.overflowX,
-        f = c.style.overflowY;
-        return (e !== f || "hidden" !== f && "visible" !== f) && ("scroll" === e || "scroll" === f || (d.innerHeight() < c.scrollHeight || d.innerWidth() < c.scrollWidth))
-      }, c.escapeMarkup = function(a) {
-        var b = {
-          "\\": "&#92;",
-          "&": "&amp;",
-          "<": "&lt;",
-          ">": "&gt;",
-          '"': "&quot;",
-          "'": "&#39;",
-          "/": "&#47;"
-        };
-        return "string" != typeof a ? a : String(a).replace(/[&<>"'\/\\]/g, function(a) {
-          return b[a]
-        })
-      }, c.appendMany = function(b, c) {
-        if ("1.7" === a.fn.jquery.substr(0, 3)) {
-          var d = a();
-          a.map(c, function(a) {
-            d = d.add(a)
-          }), c = d
-        }
-        b.append(c)
-      }, c.__cache = {};
-      var e = 0;
-      return c.GetUniqueElementId = function(a) {
-        var b = a.getAttribute("data-select2-id");
-        return null == b && (a.id ? (b = a.id, a.setAttribute("data-select2-id", b)) : (a.setAttribute("data-select2-id", ++e), b = e.toString())), b
-      }, c.StoreData = function(a, b, d) {
-        var e = c.GetUniqueElementId(a);
-        c.__cache[e] || (c.__cache[e] = {}), c.__cache[e][b] = d
-      }, c.GetData = function(b, d) {
-        var e = c.GetUniqueElementId(b);
-        return d ? c.__cache[e] && null != c.__cache[e][d] ? c.__cache[e][d] : a(b).data(d) : c.__cache[e]
-      }, c.RemoveData = function(a) {
-        var b = c.GetUniqueElementId(a);
-        null != c.__cache[b] && delete c.__cache[b]
-      }, c
-    }), b.define("select2/results", ["jquery", "./utils"], function(a, b) {
-      function c(a, b, d) {
-        this.$element = a, this.data = d, this.options = b, c.__super__.constructor.call(this)
-      }
-      return b.Extend(c, b.Observable), c.prototype.render = function() {
-        var b = a('<ul class="select2-results__options" role="tree"></ul>');
-        return this.options.get("multiple") && b.attr("aria-multiselectable", "true"), this.$results = b, b
-      }, c.prototype.clear = function() {
-        this.$results.empty()
-      }, c.prototype.displayMessage = function(b) {
-        var c = this.options.get("escapeMarkup");
-        this.clear(), this.hideLoading();
-        var d = a('<li role="treeitem" aria-live="assertive" class="select2-results__option"></li>'),
-        e = this.options.get("translations").get(b.message);
-        d.append(c(e(b.args))), d[0].className += " select2-results__message", this.$results.append(d)
-      }, c.prototype.hideMessages = function() {
-        this.$results.find(".select2-results__message").remove()
-      }, c.prototype.append = function(a) {
-        this.hideLoading();
-        var b = [];
-        if (null == a.results || 0 === a.results.length) return void(0 === this.$results.children().length && this.trigger("results:message", {
-          message: "noResults"
-        }));
-        a.results = this.sort(a.results);
-        for (var c = 0; c < a.results.length; c++) {
-          var d = a.results[c],
-          e = this.option(d);
-          b.push(e)
-        }
-        this.$results.append(b)
-      }, c.prototype.position = function(a, b) {
-        b.find(".select2-results").append(a)
-      }, c.prototype.sort = function(a) {
-        return this.options.get("sorter")(a)
-      }, c.prototype.highlightFirstItem = function() {
-        var a = this.$results.find(".select2-results__option[aria-selected]"),
-        b = a.filter("[aria-selected=true]");
-        b.length > 0 ? b.first().trigger("mouseenter") : a.first().trigger("mouseenter"), this.ensureHighlightVisible()
-      }, c.prototype.setClasses = function() {
-        var c = this;
-        this.data.current(function(d) {
-          var e = a.map(d, function(a) {
-            return a.id.toString()
-          });
-          c.$results.find(".select2-results__option[aria-selected]").each(function() {
-            var c = a(this),
-            d = b.GetData(this, "data"),
-            f = "" + d.id;
-            null != d.element && d.element.selected || null == d.element && a.inArray(f, e) > -1 ? c.attr("aria-selected", "true") : c.attr("aria-selected", "false")
-          })
-        })
-      }, c.prototype.showLoading = function(a) {
-        this.hideLoading();
-        var b = this.options.get("translations").get("searching"),
-        c = {
-          disabled: !0,
-          loading: !0,
-          text: b(a)
-        },
-        d = this.option(c);
-        d.className += " loading-results", this.$results.prepend(d)
-      }, c.prototype.hideLoading = function() {
-        this.$results.find(".loading-results").remove()
-      }, c.prototype.option = function(c) {
-        var d = document.createElement("li");
-        d.className = "select2-results__option";
-        var e = {
-          role: "treeitem",
-          "aria-selected": "false"
-        };
-        c.disabled && (delete e["aria-selected"], e["aria-disabled"] = "true"), null == c.id && delete e["aria-selected"], null != c._resultId && (d.id = c._resultId), c.title && (d.title = c.title), c.children && (e.role = "group", e["aria-label"] = c.text, delete e["aria-selected"]);
-        for (var f in e) {
-          var g = e[f];
-          d.setAttribute(f, g)
-        }
-        if (c.children) {
-          var h = a(d),
-          i = document.createElement("strong");
-          i.className = "select2-results__group";
-          a(i);
-          this.template(c, i);
-          for (var j = [], k = 0; k < c.children.length; k++) {
-            var l = c.children[k],
-            m = this.option(l);
-            j.push(m)
-          }
-          var n = a("<ul></ul>", {
-            class: "select2-results__options select2-results__options--nested"
-          });
-          n.append(j), h.append(i), h.append(n)
-        } else this.template(c, d);
-        return b.StoreData(d, "data", c), d
-      }, c.prototype.bind = function(c, d) {
-        var e = this,
-        f = c.id + "-results";
-        this.$results.attr("id", f), c.on("results:all", function(a) {
-          e.clear(), e.append(a.data), c.isOpen() && (e.setClasses(), e.highlightFirstItem())
-        }), c.on("results:append", function(a) {
-          e.append(a.data), c.isOpen() && e.setClasses()
-        }), c.on("query", function(a) {
-          e.hideMessages(), e.showLoading(a)
-        }), c.on("select", function() {
-          c.isOpen() && (e.setClasses(), e.highlightFirstItem())
-        }), c.on("unselect", function() {
-          c.isOpen() && (e.setClasses(), e.highlightFirstItem())
-        }), c.on("open", function() {
-          e.$results.attr("aria-expanded", "true"), e.$results.attr("aria-hidden", "false"), e.setClasses(), e.ensureHighlightVisible()
-        }), c.on("close", function() {
-          e.$results.attr("aria-expanded", "false"), e.$results.attr("aria-hidden", "true"), e.$results.removeAttr("aria-activedescendant")
-        }), c.on("results:toggle", function() {
-          var a = e.getHighlightedResults();
-          0 !== a.length && a.trigger("mouseup")
-        }), c.on("results:select", function() {
-          var a = e.getHighlightedResults();
-          if (0 !== a.length) {
-            var c = b.GetData(a[0], "data");
-            "true" == a.attr("aria-selected") ? e.trigger("close", {}) : e.trigger("select", {
-              data: c
-            })
-          }
-        }), c.on("results:previous", function() {
-          var a = e.getHighlightedResults(),
-          b = e.$results.find("[aria-selected]"),
-          c = b.index(a);
-          if (!(c <= 0)) {
-            var d = c - 1;
-            0 === a.length && (d = 0);
-            var f = b.eq(d);
-            f.trigger("mouseenter");
-            var g = e.$results.offset().top,
-            h = f.offset().top,
-            i = e.$results.scrollTop() + (h - g);
-            0 === d ? e.$results.scrollTop(0) : h - g < 0 && e.$results.scrollTop(i)
-          }
-        }), c.on("results:next", function() {
-          var a = e.getHighlightedResults(),
-          b = e.$results.find("[aria-selected]"),
-          c = b.index(a),
-          d = c + 1;
-          if (!(d >= b.length)) {
-            var f = b.eq(d);
-            f.trigger("mouseenter");
-            var g = e.$results.offset().top + e.$results.outerHeight(!1),
-            h = f.offset().top + f.outerHeight(!1),
-            i = e.$results.scrollTop() + h - g;
-            0 === d ? e.$results.scrollTop(0) : h > g && e.$results.scrollTop(i)
-          }
-        }), c.on("results:focus", function(a) {
-          a.element.addClass("select2-results__option--highlighted")
-        }), c.on("results:message", function(a) {
-          e.displayMessage(a)
-        }), a.fn.mousewheel && this.$results.on("mousewheel", function(a) {
-          var b = e.$results.scrollTop(),
-          c = e.$results.get(0).scrollHeight - b + a.deltaY,
-          d = a.deltaY > 0 && b - a.deltaY <= 0,
-          f = a.deltaY < 0 && c <= e.$results.height();
-          d ? (e.$results.scrollTop(0), a.preventDefault(), a.stopPropagation()) : f && (e.$results.scrollTop(e.$results.get(0).scrollHeight - e.$results.height()), a.preventDefault(), a.stopPropagation())
-        }), this.$results.on("mouseup", ".select2-results__option[aria-selected]", function(c) {
-          var d = a(this),
-          f = b.GetData(this, "data");
-          if ("true" === d.attr("aria-selected")) return void(e.options.get("multiple") ? e.trigger("unselect", {
-            originalEvent: c,
-            data: f
-          }) : e.trigger("close", {}));
-          e.trigger("select", {
-            originalEvent: c,
-            data: f
-          })
-        }), this.$results.on("mouseenter", ".select2-results__option[aria-selected]", function(c) {
-          var d = b.GetData(this, "data");
-          e.getHighlightedResults().removeClass("select2-results__option--highlighted"), e.trigger("results:focus", {
-            data: d,
-            element: a(this)
-          })
-        })
-      }, c.prototype.getHighlightedResults = function() {
-        return this.$results.find(".select2-results__option--highlighted")
-      }, c.prototype.destroy = function() {
-        this.$results.remove()
-      }, c.prototype.ensureHighlightVisible = function() {
-        var a = this.getHighlightedResults();
-        if (0 !== a.length) {
-          var b = this.$results.find("[aria-selected]"),
-          c = b.index(a),
-          d = this.$results.offset().top,
-          e = a.offset().top,
-          f = this.$results.scrollTop() + (e - d),
-          g = e - d;
-          f -= 2 * a.outerHeight(!1), c <= 2 ? this.$results.scrollTop(0) : (g > this.$results.outerHeight() || g < 0) && this.$results.scrollTop(f)
-        }
-      }, c.prototype.template = function(b, c) {
-        var d = this.options.get("templateResult"),
-        e = this.options.get("escapeMarkup"),
-        f = d(b, c);
-        null == f ? c.style.display = "none" : "string" == typeof f ? c.innerHTML = e(f) : a(c).append(f)
-      }, c
-    }), b.define("select2/keys", [], function() {
-      return {
-        BACKSPACE: 8,
-        TAB: 9,
-        ENTER: 13,
-        SHIFT: 16,
-        CTRL: 17,
-        ALT: 18,
-        ESC: 27,
-        SPACE: 32,
-        PAGE_UP: 33,
-        PAGE_DOWN: 34,
-        END: 35,
-        HOME: 36,
-        LEFT: 37,
-        UP: 38,
-        RIGHT: 39,
-        DOWN: 40,
-        DELETE: 46
-      }
-    }), b.define("select2/selection/base", ["jquery", "../utils", "../keys"], function(a, b, c) {
-      function d(a, b) {
-        this.$element = a, this.options = b, d.__super__.constructor.call(this)
-      }
-      return b.Extend(d, b.Observable), d.prototype.render = function() {
-        var c = a('<span class="select2-selection" role="combobox"  aria-haspopup="true" aria-expanded="false"></span>');
-        return this._tabindex = 0, null != b.GetData(this.$element[0], "old-tabindex") ? this._tabindex = b.GetData(this.$element[0], "old-tabindex") : null != this.$element.attr("tabindex") && (this._tabindex = this.$element.attr("tabindex")), c.attr("title", this.$element.attr("title")), c.attr("tabindex", this._tabindex), this.$selection = c, c
-      }, d.prototype.bind = function(a, b) {
-        var d = this,
-        e = (a.id, a.id + "-results");
-        this.container = a, this.$selection.on("focus", function(a) {
-          d.trigger("focus", a)
-        }), this.$selection.on("blur", function(a) {
-          d._handleBlur(a)
-        }), this.$selection.on("keydown", function(a) {
-          d.trigger("keypress", a), a.which === c.SPACE && a.preventDefault()
-        }), a.on("results:focus", function(a) {
-          d.$selection.attr("aria-activedescendant", a.data._resultId)
-        }), a.on("selection:update", function(a) {
-          d.update(a.data)
-        }), a.on("open", function() {
-          d.$selection.attr("aria-expanded", "true"), d.$selection.attr("aria-owns", e), d._attachCloseHandler(a)
-        }), a.on("close", function() {
-          d.$selection.attr("aria-expanded", "false"), d.$selection.removeAttr("aria-activedescendant"), d.$selection.removeAttr("aria-owns"), d.$selection.focus(), window.setTimeout(function() {
-            d.$selection.focus()
-          }, 0), d._detachCloseHandler(a)
-        }), a.on("enable", function() {
-          d.$selection.attr("tabindex", d._tabindex)
-        }), a.on("disable", function() {
-          d.$selection.attr("tabindex", "-1")
-        })
-      }, d.prototype._handleBlur = function(b) {
-        var c = this;
-        window.setTimeout(function() {
-          document.activeElement == c.$selection[0] || a.contains(c.$selection[0], document.activeElement) || c.trigger("blur", b)
-        }, 1)
-      }, d.prototype._attachCloseHandler = function(c) {
-        a(document.body).on("mousedown.select2." + c.id, function(c) {
-          var d = a(c.target),
-          e = d.closest(".select2");
-          a(".select2.select2-container--open").each(function() {
-            a(this), this != e[0] && b.GetData(this, "element").select2("close")
-          })
-        })
-      }, d.prototype._detachCloseHandler = function(b) {
-        a(document.body).off("mousedown.select2." + b.id)
-      }, d.prototype.position = function(a, b) {
-        b.find(".selection").append(a)
-      }, d.prototype.destroy = function() {
-        this._detachCloseHandler(this.container)
-      }, d.prototype.update = function(a) {
-        throw new Error("The `update` method must be defined in child classes.")
-      }, d
-    }), b.define("select2/selection/single", ["jquery", "./base", "../utils", "../keys"], function(a, b, c, d) {
-      function e() {
-        e.__super__.constructor.apply(this, arguments)
-      }
-      return c.Extend(e, b), e.prototype.render = function() {
-        var a = e.__super__.render.call(this);
-        return a.addClass("select2-selection--single"), a.html('<span class="select2-selection__rendered"></span><span class="select2-selection__arrow" role="presentation"><b role="presentation"></b></span>'), a
-      }, e.prototype.bind = function(a, b) {
-        var c = this;
-        e.__super__.bind.apply(this, arguments);
-        var d = a.id + "-container";
-        this.$selection.find(".select2-selection__rendered").attr("id", d).attr("role", "textbox").attr("aria-readonly", "true"), this.$selection.attr("aria-labelledby", d), this.$selection.on("mousedown", function(a) {
-          1 === a.which && c.trigger("toggle", {
-            originalEvent: a
-          })
-        }), this.$selection.on("focus", function(a) {}), this.$selection.on("blur", function(a) {}), a.on("focus", function(b) {
-          a.isOpen() || c.$selection.focus()
-        })
-      }, e.prototype.clear = function() {
-        var a = this.$selection.find(".select2-selection__rendered");
-        a.empty(), a.removeAttr("title")
-      }, e.prototype.display = function(a, b) {
-        var c = this.options.get("templateSelection");
-        return this.options.get("escapeMarkup")(c(a, b))
-      }, e.prototype.selectionContainer = function() {
-        return a("<span></span>")
-      }, e.prototype.update = function(a) {
-        if (0 === a.length) return void this.clear();
-        var b = a[0],
-        c = this.$selection.find(".select2-selection__rendered"),
-        d = this.display(b, c);
-        c.empty().append(d), c.attr("title", b.title || b.text)
-      }, e
-    }), b.define("select2/selection/multiple", ["jquery", "./base", "../utils"], function(a, b, c) {
-      function d(a, b) {
-        d.__super__.constructor.apply(this, arguments)
-      }
-      return c.Extend(d, b), d.prototype.render = function() {
-        var a = d.__super__.render.call(this);
-        return a.addClass("select2-selection--multiple"), a.html('<ul class="select2-selection__rendered"></ul>'), a
-      }, d.prototype.bind = function(b, e) {
-        var f = this;
-        d.__super__.bind.apply(this, arguments), this.$selection.on("click", function(a) {
-          f.trigger("toggle", {
-            originalEvent: a
-          })
-        }), this.$selection.on("click", ".select2-selection__choice__remove", function(b) {
-          if (!f.options.get("disabled")) {
-            var d = a(this),
-            e = d.parent(),
-            g = c.GetData(e[0], "data");
-            f.trigger("unselect", {
-              originalEvent: b,
-              data: g
-            })
-          }
-        })
-      }, d.prototype.clear = function() {
-        var a = this.$selection.find(".select2-selection__rendered");
-        a.empty(), a.removeAttr("title")
-      }, d.prototype.display = function(a, b) {
-        var c = this.options.get("templateSelection");
-        return this.options.get("escapeMarkup")(c(a, b))
-      }, d.prototype.selectionContainer = function() {
-        return a('<li class="select2-selection__choice"><span class="select2-selection__choice__remove" role="presentation">&times;</span></li>')
-      }, d.prototype.update = function(a) {
-        if (this.clear(), 0 !== a.length) {
-          for (var b = [], d = 0; d < a.length; d++) {
-            var e = a[d],
-            f = this.selectionContainer(),
-            g = this.display(e, f);
-            f.append(g), f.attr("title", e.title || e.text), c.StoreData(f[0], "data", e), b.push(f)
-          }
-          var h = this.$selection.find(".select2-selection__rendered");
-          c.appendMany(h, b)
-        }
-      }, d
-    }), b.define("select2/selection/placeholder", ["../utils"], function(a) {
-      function b(a, b, c) {
-        this.placeholder = this.normalizePlaceholder(c.get("placeholder")), a.call(this, b, c)
-      }
-      return b.prototype.normalizePlaceholder = function(a, b) {
-        return "string" == typeof b && (b = {
-          id: "",
-          text: b
-        }), b
-      }, b.prototype.createPlaceholder = function(a, b) {
-        var c = this.selectionContainer();
-        return c.html(this.display(b)), c.addClass("select2-selection__placeholder").removeClass("select2-selection__choice"), c
-      }, b.prototype.update = function(a, b) {
-        var c = 1 == b.length && b[0].id != this.placeholder.id;
-        if (b.length > 1 || c) return a.call(this, b);
-        this.clear();
-        var d = this.createPlaceholder(this.placeholder);
-        this.$selection.find(".select2-selection__rendered").append(d)
-      }, b
-    }), b.define("select2/selection/allowClear", ["jquery", "../keys", "../utils"], function(a, b, c) {
-      function d() {}
-      return d.prototype.bind = function(a, b, c) {
-        var d = this;
-        a.call(this, b, c), null == this.placeholder && this.options.get("debug") && window.console && console.error && console.error("Select2: The `allowClear` option should be used in combination with the `placeholder` option."), this.$selection.on("mousedown", ".select2-selection__clear", function(a) {
-          d._handleClear(a)
-        }), b.on("keypress", function(a) {
-          d._handleKeyboardClear(a, b)
-        })
-      }, d.prototype._handleClear = function(a, b) {
-        if (!this.options.get("disabled")) {
-          var d = this.$selection.find(".select2-selection__clear");
-          if (0 !== d.length) {
-            b.stopPropagation();
-            var e = c.GetData(d[0], "data"),
-            f = this.$element.val();
-            this.$element.val(this.placeholder.id);
-            var g = {
-              data: e
-            };
-            if (this.trigger("clear", g), g.prevented) return void this.$element.val(f);
-            for (var h = 0; h < e.length; h++)
-            if (g = {
-              data: e[h]
-            }, this.trigger("unselect", g), g.prevented) return void this.$element.val(f);
-            this.$element.trigger("change"), this.trigger("toggle", {})
-          }
-        }
-      }, d.prototype._handleKeyboardClear = function(a, c, d) {
-        d.isOpen() || c.which != b.DELETE && c.which != b.BACKSPACE || this._handleClear(c)
-      }, d.prototype.update = function(b, d) {
-        if (b.call(this, d), !(this.$selection.find(".select2-selection__placeholder").length > 0 || 0 === d.length)) {
-          var e = a('<span class="select2-selection__clear">&times;</span>');
-          c.StoreData(e[0], "data", d), this.$selection.find(".select2-selection__rendered").prepend(e)
-        }
-      }, d
-    }), b.define("select2/selection/search", ["jquery", "../utils", "../keys"], function(a, b, c) {
-      function d(a, b, c) {
-        a.call(this, b, c)
-      }
-      return d.prototype.render = function(b) {
-        var c = a('<li class="select2-search select2-search--inline"><input class="select2-search__field" type="search" tabindex="-1" autocomplete="off" autocorrect="off" autocapitalize="none" spellcheck="false" role="textbox" aria-autocomplete="list" /></li>');
-        this.$searchContainer = c, this.$search = c.find("input");
-        var d = b.call(this);
-        return this._transferTabIndex(), d
-      }, d.prototype.bind = function(a, d, e) {
-        var f = this;
-        a.call(this, d, e), d.on("open", function() {
-          f.$search.trigger("focus")
-        }), d.on("close", function() {
-          f.$search.val(""), f.$search.removeAttr("aria-activedescendant"), f.$search.trigger("focus")
-        }), d.on("enable", function() {
-          f.$search.prop("disabled", !1), f._transferTabIndex()
-        }), d.on("disable", function() {
-          f.$search.prop("disabled", !0)
-        }), d.on("focus", function(a) {
-          f.$search.trigger("focus")
-        }), d.on("results:focus", function(a) {
-          f.$search.attr("aria-activedescendant", a.id)
-        }), this.$selection.on("focusin", ".select2-search--inline", function(a) {
-          f.trigger("focus", a)
-        }), this.$selection.on("focusout", ".select2-search--inline", function(a) {
-          f._handleBlur(a)
-        }), this.$selection.on("keydown", ".select2-search--inline", function(a) {
-          if (a.stopPropagation(), f.trigger("keypress", a), f._keyUpPrevented = a.isDefaultPrevented(), a.which === c.BACKSPACE && "" === f.$search.val()) {
-            var d = f.$searchContainer.prev(".select2-selection__choice");
-            if (d.length > 0) {
-              var e = b.GetData(d[0], "data");
-              f.searchRemoveChoice(e), a.preventDefault()
-            }
-          }
-        });
-        var g = document.documentMode,
-        h = g && g <= 11;
-        this.$selection.on("input.searchcheck", ".select2-search--inline", function(a) {
-          if (h) return void f.$selection.off("input.search input.searchcheck");
-          f.$selection.off("keyup.search")
-        }), this.$selection.on("keyup.search input.search", ".select2-search--inline", function(a) {
-          if (h && "input" === a.type) return void f.$selection.off("input.search input.searchcheck");
-          var b = a.which;
-          b != c.SHIFT && b != c.CTRL && b != c.ALT && b != c.TAB && f.handleSearch(a)
-        })
-      }, d.prototype._transferTabIndex = function(a) {
-        this.$search.attr("tabindex", this.$selection.attr("tabindex")), this.$selection.attr("tabindex", "-1")
-      }, d.prototype.createPlaceholder = function(a, b) {
-        this.$search.attr("placeholder", b.text)
-      }, d.prototype.update = function(a, b) {
-        var c = this.$search[0] == document.activeElement;
-        if (this.$search.attr("placeholder", ""), a.call(this, b), this.$selection.find(".select2-selection__rendered").append(this.$searchContainer), this.resizeSearch(), c) {
-          this.$element.find("[data-select2-tag]").length ? this.$element.focus() : this.$search.focus()
-        }
-      }, d.prototype.handleSearch = function() {
-        if (this.resizeSearch(), !this._keyUpPrevented) {
-          var a = this.$search.val();
-          this.trigger("query", {
-            term: a
-          })
-        }
-        this._keyUpPrevented = !1
-      }, d.prototype.searchRemoveChoice = function(a, b) {
-        this.trigger("unselect", {
-          data: b
-        }), this.$search.val(b.text), this.handleSearch()
-      }, d.prototype.resizeSearch = function() {
-        this.$search.css("width", "25px");
-        var a = "";
-        if ("" !== this.$search.attr("placeholder")) a = this.$selection.find(".select2-selection__rendered").innerWidth();
-        else {
-          a = .75 * (this.$search.val().length + 1) + "em"
-        }
-        this.$search.css("width", a)
-      }, d
-    }), b.define("select2/selection/eventRelay", ["jquery"], function(a) {
-      function b() {}
-      return b.prototype.bind = function(b, c, d) {
-        var e = this,
-        f = ["open", "opening", "close", "closing", "select", "selecting", "unselect", "unselecting", "clear", "clearing"],
-        g = ["opening", "closing", "selecting", "unselecting", "clearing"];
-        b.call(this, c, d), c.on("*", function(b, c) {
-          if (-1 !== a.inArray(b, f)) {
-            c = c || {};
-            var d = a.Event("select2:" + b, {
-              params: c
-            });
-            e.$element.trigger(d), -1 !== a.inArray(b, g) && (c.prevented = d.isDefaultPrevented())
-          }
-        })
-      }, b
-    }), b.define("select2/translation", ["jquery", "require"], function(a, b) {
-      function c(a) {
-        this.dict = a || {}
-      }
-      return c.prototype.all = function() {
-        return this.dict
-      }, c.prototype.get = function(a) {
-        return this.dict[a]
-      }, c.prototype.extend = function(b) {
-        this.dict = a.extend({}, b.all(), this.dict)
-      }, c._cache = {}, c.loadPath = function(a) {
-        if (!(a in c._cache)) {
-          var d = b(a);
-          c._cache[a] = d
-        }
-        return new c(c._cache[a])
-      }, c
-    }), b.define("select2/diacritics", [], function() {
-      return {
-        "Ⓐ": "A",
-        "Ａ": "A",
-        "À": "A",
-        "Á": "A",
-        "Â": "A",
-        "Ầ": "A",
-        "Ấ": "A",
-        "Ẫ": "A",
-        "Ẩ": "A",
-        "Ã": "A",
-        "Ā": "A",
-        "Ă": "A",
-        "Ằ": "A",
-        "Ắ": "A",
-        "Ẵ": "A",
-        "Ẳ": "A",
-        "Ȧ": "A",
-        "Ǡ": "A",
-        "Ä": "A",
-        "Ǟ": "A",
-        "Ả": "A",
-        "Å": "A",
-        "Ǻ": "A",
-        "Ǎ": "A",
-        "Ȁ": "A",
-        "Ȃ": "A",
-        "Ạ": "A",
-        "Ậ": "A",
-        "Ặ": "A",
-        "Ḁ": "A",
-        "Ą": "A",
-        "Ⱥ": "A",
-        "Ɐ": "A",
-        "Ꜳ": "AA",
-        "Æ": "AE",
-        "Ǽ": "AE",
-        "Ǣ": "AE",
-        "Ꜵ": "AO",
-        "Ꜷ": "AU",
-        "Ꜹ": "AV",
-        "Ꜻ": "AV",
-        "Ꜽ": "AY",
-        "Ⓑ": "B",
-        "Ｂ": "B",
-        "Ḃ": "B",
-        "Ḅ": "B",
-        "Ḇ": "B",
-        "Ƀ": "B",
-        "Ƃ": "B",
-        "Ɓ": "B",
-        "Ⓒ": "C",
-        "Ｃ": "C",
-        "Ć": "C",
-        "Ĉ": "C",
-        "Ċ": "C",
-        "Č": "C",
-        "Ç": "C",
-        "Ḉ": "C",
-        "Ƈ": "C",
-        "Ȼ": "C",
-        "Ꜿ": "C",
-        "Ⓓ": "D",
-        "Ｄ": "D",
-        "Ḋ": "D",
-        "Ď": "D",
-        "Ḍ": "D",
-        "Ḑ": "D",
-        "Ḓ": "D",
-        "Ḏ": "D",
-        "Đ": "D",
-        "Ƌ": "D",
-        "Ɗ": "D",
-        "Ɖ": "D",
-        "Ꝺ": "D",
-        "DZ": "DZ",
-        "DŽ": "DZ",
-        "Dz": "Dz",
-        "Dž": "Dz",
-        "Ⓔ": "E",
-        "Ｅ": "E",
-        "È": "E",
-        "É": "E",
-        "Ê": "E",
-        "Ề": "E",
-        "Ế": "E",
-        "Ễ": "E",
-        "Ể": "E",
-        "Ẽ": "E",
-        "Ē": "E",
-        "Ḕ": "E",
-        "Ḗ": "E",
-        "Ĕ": "E",
-        "Ė": "E",
-        "Ë": "E",
-        "Ẻ": "E",
-        "Ě": "E",
-        "Ȅ": "E",
-        "Ȇ": "E",
-        "Ẹ": "E",
-        "Ệ": "E",
-        "Ȩ": "E",
-        "Ḝ": "E",
-        "Ę": "E",
-        "Ḙ": "E",
-        "Ḛ": "E",
-        "Ɛ": "E",
-        "Ǝ": "E",
-        "Ⓕ": "F",
-        "Ｆ": "F",
-        "Ḟ": "F",
-        "Ƒ": "F",
-        "Ꝼ": "F",
-        "Ⓖ": "G",
-        "Ｇ": "G",
-        "Ǵ": "G",
-        "Ĝ": "G",
-        "Ḡ": "G",
-        "Ğ": "G",
-        "Ġ": "G",
-        "Ǧ": "G",
-        "Ģ": "G",
-        "Ǥ": "G",
-        "Ɠ": "G",
-        "Ꞡ": "G",
-        "Ᵹ": "G",
-        "Ꝿ": "G",
-        "Ⓗ": "H",
-        "Ｈ": "H",
-        "Ĥ": "H",
-        "Ḣ": "H",
-        "Ḧ": "H",
-        "Ȟ": "H",
-        "Ḥ": "H",
-        "Ḩ": "H",
-        "Ḫ": "H",
-        "Ħ": "H",
-        "Ⱨ": "H",
-        "Ⱶ": "H",
-        "Ɥ": "H",
-        "Ⓘ": "I",
-        "Ｉ": "I",
-        "Ì": "I",
-        "Í": "I",
-        "Î": "I",
-        "Ĩ": "I",
-        "Ī": "I",
-        "Ĭ": "I",
-        "İ": "I",
-        "Ï": "I",
-        "Ḯ": "I",
-        "Ỉ": "I",
-        "Ǐ": "I",
-        "Ȉ": "I",
-        "Ȋ": "I",
-        "Ị": "I",
-        "Į": "I",
-        "Ḭ": "I",
-        "Ɨ": "I",
-        "Ⓙ": "J",
-        "Ｊ": "J",
-        "Ĵ": "J",
-        "Ɉ": "J",
-        "Ⓚ": "K",
-        "Ｋ": "K",
-        "Ḱ": "K",
-        "Ǩ": "K",
-        "Ḳ": "K",
-        "Ķ": "K",
-        "Ḵ": "K",
-        "Ƙ": "K",
-        "Ⱪ": "K",
-        "Ꝁ": "K",
-        "Ꝃ": "K",
-        "Ꝅ": "K",
-        "Ꞣ": "K",
-        "Ⓛ": "L",
-        "Ｌ": "L",
-        "Ŀ": "L",
-        "Ĺ": "L",
-        "Ľ": "L",
-        "Ḷ": "L",
-        "Ḹ": "L",
-        "Ļ": "L",
-        "Ḽ": "L",
-        "Ḻ": "L",
-        "Ł": "L",
-        "Ƚ": "L",
-        "Ɫ": "L",
-        "Ⱡ": "L",
-        "Ꝉ": "L",
-        "Ꝇ": "L",
-        "Ꞁ": "L",
-        "LJ": "LJ",
-        "Lj": "Lj",
-        "Ⓜ": "M",
-        "Ｍ": "M",
-        "Ḿ": "M",
-        "Ṁ": "M",
-        "Ṃ": "M",
-        "Ɱ": "M",
-        "Ɯ": "M",
-        "Ⓝ": "N",
-        "Ｎ": "N",
-        "Ǹ": "N",
-        "Ń": "N",
-        "Ñ": "N",
-        "Ṅ": "N",
-        "Ň": "N",
-        "Ṇ": "N",
-        "Ņ": "N",
-        "Ṋ": "N",
-        "Ṉ": "N",
-        "Ƞ": "N",
-        "Ɲ": "N",
-        "Ꞑ": "N",
-        "Ꞥ": "N",
-        "NJ": "NJ",
-        "Nj": "Nj",
-        "Ⓞ": "O",
-        "Ｏ": "O",
-        "Ò": "O",
-        "Ó": "O",
-        "Ô": "O",
-        "Ồ": "O",
-        "Ố": "O",
-        "Ỗ": "O",
-        "Ổ": "O",
-        "Õ": "O",
-        "Ṍ": "O",
-        "Ȭ": "O",
-        "Ṏ": "O",
-        "Ō": "O",
-        "Ṑ": "O",
-        "Ṓ": "O",
-        "Ŏ": "O",
-        "Ȯ": "O",
-        "Ȱ": "O",
-        "Ö": "O",
-        "Ȫ": "O",
-        "Ỏ": "O",
-        "Ő": "O",
-        "Ǒ": "O",
-        "Ȍ": "O",
-        "Ȏ": "O",
-        "Ơ": "O",
-        "Ờ": "O",
-        "Ớ": "O",
-        "Ỡ": "O",
-        "Ở": "O",
-        "Ợ": "O",
-        "Ọ": "O",
-        "Ộ": "O",
-        "Ǫ": "O",
-        "Ǭ": "O",
-        "Ø": "O",
-        "Ǿ": "O",
-        "Ɔ": "O",
-        "Ɵ": "O",
-        "Ꝋ": "O",
-        "Ꝍ": "O",
-        "Ƣ": "OI",
-        "Ꝏ": "OO",
-        "Ȣ": "OU",
-        "Ⓟ": "P",
-        "Ｐ": "P",
-        "Ṕ": "P",
-        "Ṗ": "P",
-        "Ƥ": "P",
-        "Ᵽ": "P",
-        "Ꝑ": "P",
-        "Ꝓ": "P",
-        "Ꝕ": "P",
-        "Ⓠ": "Q",
-        "Ｑ": "Q",
-        "Ꝗ": "Q",
-        "Ꝙ": "Q",
-        "Ɋ": "Q",
-        "Ⓡ": "R",
-        "Ｒ": "R",
-        "Ŕ": "R",
-        "Ṙ": "R",
-        "Ř": "R",
-        "Ȑ": "R",
-        "Ȓ": "R",
-        "Ṛ": "R",
-        "Ṝ": "R",
-        "Ŗ": "R",
-        "Ṟ": "R",
-        "Ɍ": "R",
-        "Ɽ": "R",
-        "Ꝛ": "R",
-        "Ꞧ": "R",
-        "Ꞃ": "R",
-        "Ⓢ": "S",
-        "Ｓ": "S",
-        "ẞ": "S",
-        "Ś": "S",
-        "Ṥ": "S",
-        "Ŝ": "S",
-        "Ṡ": "S",
-        "Š": "S",
-        "Ṧ": "S",
-        "Ṣ": "S",
-        "Ṩ": "S",
-        "Ș": "S",
-        "Ş": "S",
-        "Ȿ": "S",
-        "Ꞩ": "S",
-        "Ꞅ": "S",
-        "Ⓣ": "T",
-        "Ｔ": "T",
-        "Ṫ": "T",
-        "Ť": "T",
-        "Ṭ": "T",
-        "Ț": "T",
-        "Ţ": "T",
-        "Ṱ": "T",
-        "Ṯ": "T",
-        "Ŧ": "T",
-        "Ƭ": "T",
-        "Ʈ": "T",
-        "Ⱦ": "T",
-        "Ꞇ": "T",
-        "Ꜩ": "TZ",
-        "Ⓤ": "U",
-        "Ｕ": "U",
-        "Ù": "U",
-        "Ú": "U",
-        "Û": "U",
-        "Ũ": "U",
-        "Ṹ": "U",
-        "Ū": "U",
-        "Ṻ": "U",
-        "Ŭ": "U",
-        "Ü": "U",
-        "Ǜ": "U",
-        "Ǘ": "U",
-        "Ǖ": "U",
-        "Ǚ": "U",
-        "Ủ": "U",
-        "Ů": "U",
-        "Ű": "U",
-        "Ǔ": "U",
-        "Ȕ": "U",
-        "Ȗ": "U",
-        "Ư": "U",
-        "Ừ": "U",
-        "Ứ": "U",
-        "Ữ": "U",
-        "Ử": "U",
-        "Ự": "U",
-        "Ụ": "U",
-        "Ṳ": "U",
-        "Ų": "U",
-        "Ṷ": "U",
-        "Ṵ": "U",
-        "Ʉ": "U",
-        "Ⓥ": "V",
-        "Ｖ": "V",
-        "Ṽ": "V",
-        "Ṿ": "V",
-        "Ʋ": "V",
-        "Ꝟ": "V",
-        "Ʌ": "V",
-        "Ꝡ": "VY",
-        "Ⓦ": "W",
-        "Ｗ": "W",
-        "Ẁ": "W",
-        "Ẃ": "W",
-        "Ŵ": "W",
-        "Ẇ": "W",
-        "Ẅ": "W",
-        "Ẉ": "W",
-        "Ⱳ": "W",
-        "Ⓧ": "X",
-        "Ｘ": "X",
-        "Ẋ": "X",
-        "Ẍ": "X",
-        "Ⓨ": "Y",
-        "Ｙ": "Y",
-        "Ỳ": "Y",
-        "Ý": "Y",
-        "Ŷ": "Y",
-        "Ỹ": "Y",
-        "Ȳ": "Y",
-        "Ẏ": "Y",
-        "Ÿ": "Y",
-        "Ỷ": "Y",
-        "Ỵ": "Y",
-        "Ƴ": "Y",
-        "Ɏ": "Y",
-        "Ỿ": "Y",
-        "Ⓩ": "Z",
-        "Ｚ": "Z",
-        "Ź": "Z",
-        "Ẑ": "Z",
-        "Ż": "Z",
-        "Ž": "Z",
-        "Ẓ": "Z",
-        "Ẕ": "Z",
-        "Ƶ": "Z",
-        "Ȥ": "Z",
-        "Ɀ": "Z",
-        "Ⱬ": "Z",
-        "Ꝣ": "Z",
-        "ⓐ": "a",
-        "ａ": "a",
-        "ẚ": "a",
-        "à": "a",
-        "á": "a",
-        "â": "a",
-        "ầ": "a",
-        "ấ": "a",
-        "ẫ": "a",
-        "ẩ": "a",
-        "ã": "a",
-        "ā": "a",
-        "ă": "a",
-        "ằ": "a",
-        "ắ": "a",
-        "ẵ": "a",
-        "ẳ": "a",
-        "ȧ": "a",
-        "ǡ": "a",
-        "ä": "a",
-        "ǟ": "a",
-        "ả": "a",
-        "å": "a",
-        "ǻ": "a",
-        "ǎ": "a",
-        "ȁ": "a",
-        "ȃ": "a",
-        "ạ": "a",
-        "ậ": "a",
-        "ặ": "a",
-        "ḁ": "a",
-        "ą": "a",
-        "ⱥ": "a",
-        "ɐ": "a",
-        "ꜳ": "aa",
-        "æ": "ae",
-        "ǽ": "ae",
-        "ǣ": "ae",
-        "ꜵ": "ao",
-        "ꜷ": "au",
-        "ꜹ": "av",
-        "ꜻ": "av",
-        "ꜽ": "ay",
-        "ⓑ": "b",
-        "ｂ": "b",
-        "ḃ": "b",
-        "ḅ": "b",
-        "ḇ": "b",
-        "ƀ": "b",
-        "ƃ": "b",
-        "ɓ": "b",
-        "ⓒ": "c",
-        "ｃ": "c",
-        "ć": "c",
-        "ĉ": "c",
-        "ċ": "c",
-        "č": "c",
-        "ç": "c",
-        "ḉ": "c",
-        "ƈ": "c",
-        "ȼ": "c",
-        "ꜿ": "c",
-        "ↄ": "c",
-        "ⓓ": "d",
-        "ｄ": "d",
-        "ḋ": "d",
-        "ď": "d",
-        "ḍ": "d",
-        "ḑ": "d",
-        "ḓ": "d",
-        "ḏ": "d",
-        "đ": "d",
-        "ƌ": "d",
-        "ɖ": "d",
-        "ɗ": "d",
-        "ꝺ": "d",
-        "dz": "dz",
-        "dž": "dz",
-        "ⓔ": "e",
-        "ｅ": "e",
-        "è": "e",
-        "é": "e",
-        "ê": "e",
-        "ề": "e",
-        "ế": "e",
-        "ễ": "e",
-        "ể": "e",
-        "ẽ": "e",
-        "ē": "e",
-        "ḕ": "e",
-        "ḗ": "e",
-        "ĕ": "e",
-        "ė": "e",
-        "ë": "e",
-        "ẻ": "e",
-        "ě": "e",
-        "ȅ": "e",
-        "ȇ": "e",
-        "ẹ": "e",
-        "ệ": "e",
-        "ȩ": "e",
-        "ḝ": "e",
-        "ę": "e",
-        "ḙ": "e",
-        "ḛ": "e",
-        "ɇ": "e",
-        "ɛ": "e",
-        "ǝ": "e",
-        "ⓕ": "f",
-        "ｆ": "f",
-        "ḟ": "f",
-        "ƒ": "f",
-        "ꝼ": "f",
-        "ⓖ": "g",
-        "ｇ": "g",
-        "ǵ": "g",
-        "ĝ": "g",
-        "ḡ": "g",
-        "ğ": "g",
-        "ġ": "g",
-        "ǧ": "g",
-        "ģ": "g",
-        "ǥ": "g",
-        "ɠ": "g",
-        "ꞡ": "g",
-        "ᵹ": "g",
-        "ꝿ": "g",
-        "ⓗ": "h",
-        "ｈ": "h",
-        "ĥ": "h",
-        "ḣ": "h",
-        "ḧ": "h",
-        "ȟ": "h",
-        "ḥ": "h",
-        "ḩ": "h",
-        "ḫ": "h",
-        "ẖ": "h",
-        "ħ": "h",
-        "ⱨ": "h",
-        "ⱶ": "h",
-        "ɥ": "h",
-        "ƕ": "hv",
-        "ⓘ": "i",
-        "ｉ": "i",
-        "ì": "i",
-        "í": "i",
-        "î": "i",
-        "ĩ": "i",
-        "ī": "i",
-        "ĭ": "i",
-        "ï": "i",
-        "ḯ": "i",
-        "ỉ": "i",
-        "ǐ": "i",
-        "ȉ": "i",
-        "ȋ": "i",
-        "ị": "i",
-        "į": "i",
-        "ḭ": "i",
-        "ɨ": "i",
-        "ı": "i",
-        "ⓙ": "j",
-        "ｊ": "j",
-        "ĵ": "j",
-        "ǰ": "j",
-        "ɉ": "j",
-        "ⓚ": "k",
-        "ｋ": "k",
-        "ḱ": "k",
-        "ǩ": "k",
-        "ḳ": "k",
-        "ķ": "k",
-        "ḵ": "k",
-        "ƙ": "k",
-        "ⱪ": "k",
-        "ꝁ": "k",
-        "ꝃ": "k",
-        "ꝅ": "k",
-        "ꞣ": "k",
-        "ⓛ": "l",
-        "ｌ": "l",
-        "ŀ": "l",
-        "ĺ": "l",
-        "ľ": "l",
-        "ḷ": "l",
-        "ḹ": "l",
-        "ļ": "l",
-        "ḽ": "l",
-        "ḻ": "l",
-        "ſ": "l",
-        "ł": "l",
-        "ƚ": "l",
-        "ɫ": "l",
-        "ⱡ": "l",
-        "ꝉ": "l",
-        "ꞁ": "l",
-        "ꝇ": "l",
-        "lj": "lj",
-        "ⓜ": "m",
-        "ｍ": "m",
-        "ḿ": "m",
-        "ṁ": "m",
-        "ṃ": "m",
-        "ɱ": "m",
-        "ɯ": "m",
-        "ⓝ": "n",
-        "ｎ": "n",
-        "ǹ": "n",
-        "ń": "n",
-        "ñ": "n",
-        "ṅ": "n",
-        "ň": "n",
-        "ṇ": "n",
-        "ņ": "n",
-        "ṋ": "n",
-        "ṉ": "n",
-        "ƞ": "n",
-        "ɲ": "n",
-        "ʼn": "n",
-        "ꞑ": "n",
-        "ꞥ": "n",
-        "nj": "nj",
-        "ⓞ": "o",
-        "ｏ": "o",
-        "ò": "o",
-        "ó": "o",
-        "ô": "o",
-        "ồ": "o",
-        "ố": "o",
-        "ỗ": "o",
-        "ổ": "o",
-        "õ": "o",
-        "ṍ": "o",
-        "ȭ": "o",
-        "ṏ": "o",
-        "ō": "o",
-        "ṑ": "o",
-        "ṓ": "o",
-        "ŏ": "o",
-        "ȯ": "o",
-        "ȱ": "o",
-        "ö": "o",
-        "ȫ": "o",
-        "ỏ": "o",
-        "ő": "o",
-        "ǒ": "o",
-        "ȍ": "o",
-        "ȏ": "o",
-        "ơ": "o",
-        "ờ": "o",
-        "ớ": "o",
-        "ỡ": "o",
-        "ở": "o",
-        "ợ": "o",
-        "ọ": "o",
-        "ộ": "o",
-        "ǫ": "o",
-        "ǭ": "o",
-        "ø": "o",
-        "ǿ": "o",
-        "ɔ": "o",
-        "ꝋ": "o",
-        "ꝍ": "o",
-        "ɵ": "o",
-        "ƣ": "oi",
-        "ȣ": "ou",
-        "ꝏ": "oo",
-        "ⓟ": "p",
-        "ｐ": "p",
-        "ṕ": "p",
-        "ṗ": "p",
-        "ƥ": "p",
-        "ᵽ": "p",
-        "ꝑ": "p",
-        "ꝓ": "p",
-        "ꝕ": "p",
-        "ⓠ": "q",
-        "ｑ": "q",
-        "ɋ": "q",
-        "ꝗ": "q",
-        "ꝙ": "q",
-        "ⓡ": "r",
-        "ｒ": "r",
-        "ŕ": "r",
-        "ṙ": "r",
-        "ř": "r",
-        "ȑ": "r",
-        "ȓ": "r",
-        "ṛ": "r",
-        "ṝ": "r",
-        "ŗ": "r",
-        "ṟ": "r",
-        "ɍ": "r",
-        "ɽ": "r",
-        "ꝛ": "r",
-        "ꞧ": "r",
-        "ꞃ": "r",
-        "ⓢ": "s",
-        "ｓ": "s",
-        "ß": "s",
-        "ś": "s",
-        "ṥ": "s",
-        "ŝ": "s",
-        "ṡ": "s",
-        "š": "s",
-        "ṧ": "s",
-        "ṣ": "s",
-        "ṩ": "s",
-        "ș": "s",
-        "ş": "s",
-        "ȿ": "s",
-        "ꞩ": "s",
-        "ꞅ": "s",
-        "ẛ": "s",
-        "ⓣ": "t",
-        "ｔ": "t",
-        "ṫ": "t",
-        "ẗ": "t",
-        "ť": "t",
-        "ṭ": "t",
-        "ț": "t",
-        "ţ": "t",
-        "ṱ": "t",
-        "ṯ": "t",
-        "ŧ": "t",
-        "ƭ": "t",
-        "ʈ": "t",
-        "ⱦ": "t",
-        "ꞇ": "t",
-        "ꜩ": "tz",
-        "ⓤ": "u",
-        "ｕ": "u",
-        "ù": "u",
-        "ú": "u",
-        "û": "u",
-        "ũ": "u",
-        "ṹ": "u",
-        "ū": "u",
-        "ṻ": "u",
-        "ŭ": "u",
-        "ü": "u",
-        "ǜ": "u",
-        "ǘ": "u",
-        "ǖ": "u",
-        "ǚ": "u",
-        "ủ": "u",
-        "ů": "u",
-        "ű": "u",
-        "ǔ": "u",
-        "ȕ": "u",
-        "ȗ": "u",
-        "ư": "u",
-        "ừ": "u",
-        "ứ": "u",
-        "ữ": "u",
-        "ử": "u",
-        "ự": "u",
-        "ụ": "u",
-        "ṳ": "u",
-        "ų": "u",
-        "ṷ": "u",
-        "ṵ": "u",
-        "ʉ": "u",
-        "ⓥ": "v",
-        "ｖ": "v",
-        "ṽ": "v",
-        "ṿ": "v",
-        "ʋ": "v",
-        "ꝟ": "v",
-        "ʌ": "v",
-        "ꝡ": "vy",
-        "ⓦ": "w",
-        "ｗ": "w",
-        "ẁ": "w",
-        "ẃ": "w",
-        "ŵ": "w",
-        "ẇ": "w",
-        "ẅ": "w",
-        "ẘ": "w",
-        "ẉ": "w",
-        "ⱳ": "w",
-        "ⓧ": "x",
-        "ｘ": "x",
-        "ẋ": "x",
-        "ẍ": "x",
-        "ⓨ": "y",
-        "ｙ": "y",
-        "ỳ": "y",
-        "ý": "y",
-        "ŷ": "y",
-        "ỹ": "y",
-        "ȳ": "y",
-        "ẏ": "y",
-        "ÿ": "y",
-        "ỷ": "y",
-        "ẙ": "y",
-        "ỵ": "y",
-        "ƴ": "y",
-        "ɏ": "y",
-        "ỿ": "y",
-        "ⓩ": "z",
-        "ｚ": "z",
-        "ź": "z",
-        "ẑ": "z",
-        "ż": "z",
-        "ž": "z",
-        "ẓ": "z",
-        "ẕ": "z",
-        "ƶ": "z",
-        "ȥ": "z",
-        "ɀ": "z",
-        "ⱬ": "z",
-        "ꝣ": "z",
-        "Ά": "Α",
-        "Έ": "Ε",
-        "Ή": "Η",
-        "Ί": "Ι",
-        "Ϊ": "Ι",
-        "Ό": "Ο",
-        "Ύ": "Υ",
-        "Ϋ": "Υ",
-        "Ώ": "Ω",
-        "ά": "α",
-        "έ": "ε",
-        "ή": "η",
-        "ί": "ι",
-        "ϊ": "ι",
-        "ΐ": "ι",
-        "ό": "ο",
-        "ύ": "υ",
-        "ϋ": "υ",
-        "ΰ": "υ",
-        "ω": "ω",
-        "ς": "σ"
-      }
-    }), b.define("select2/data/base", ["../utils"], function(a) {
-      function b(a, c) {
-        b.__super__.constructor.call(this)
-      }
-      return a.Extend(b, a.Observable), b.prototype.current = function(a) {
-        throw new Error("The `current` method must be defined in child classes.")
-      }, b.prototype.query = function(a, b) {
-        throw new Error("The `query` method must be defined in child classes.")
-      }, b.prototype.bind = function(a, b) {}, b.prototype.destroy = function() {}, b.prototype.generateResultId = function(b, c) {
-        var d = b.id + "-result-";
-        return d += a.generateChars(4), null != c.id ? d += "-" + c.id.toString() : d += "-" + a.generateChars(4), d
-      }, b
-    }), b.define("select2/data/select", ["./base", "../utils", "jquery"], function(a, b, c) {
-      function d(a, b) {
-        this.$element = a, this.options = b, d.__super__.constructor.call(this)
-      }
-      return b.Extend(d, a), d.prototype.current = function(a) {
-        var b = [],
-        d = this;
-        this.$element.find(":selected").each(function() {
-          var a = c(this),
-          e = d.item(a);
-          b.push(e)
-        }), a(b)
-      }, d.prototype.select = function(a) {
-        var b = this;
-        if (a.selected = !0, c(a.element).is("option")) return a.element.selected = !0, void this.$element.trigger("change");
-        if (this.$element.prop("multiple")) this.current(function(d) {
-          var e = [];
-          a = [a], a.push.apply(a, d);
-          for (var f = 0; f < a.length; f++) {
-            var g = a[f].id; - 1 === c.inArray(g, e) && e.push(g)
-          }
-          b.$element.val(e), b.$element.trigger("change")
-        });
-        else {
-          var d = a.id;
-          this.$element.val(d), this.$element.trigger("change")
-        }
-      }, d.prototype.unselect = function(a) {
-        var b = this;
-        if (this.$element.prop("multiple")) {
-          if (a.selected = !1, c(a.element).is("option")) return a.element.selected = !1, void this.$element.trigger("change");
-          this.current(function(d) {
-            for (var e = [], f = 0; f < d.length; f++) {
-              var g = d[f].id;
-              g !== a.id && -1 === c.inArray(g, e) && e.push(g)
-            }
-            b.$element.val(e), b.$element.trigger("change")
-          })
-        }
-      }, d.prototype.bind = function(a, b) {
-        var c = this;
-        this.container = a, a.on("select", function(a) {
-          c.select(a.data)
-        }), a.on("unselect", function(a) {
-          c.unselect(a.data)
-        })
-      }, d.prototype.destroy = function() {
-        this.$element.find("*").each(function() {
-          b.RemoveData(this)
-        })
-      }, d.prototype.query = function(a, b) {
-        var d = [],
-        e = this;
-        this.$element.children().each(function() {
-          var b = c(this);
-          if (b.is("option") || b.is("optgroup")) {
-            var f = e.item(b),
-            g = e.matches(a, f);
-            null !== g && d.push(g)
-          }
-        }), b({
-          results: d
-        })
-      }, d.prototype.addOptions = function(a) {
-        b.appendMany(this.$element, a)
-      }, d.prototype.option = function(a) {
-        var d;
-        a.children ? (d = document.createElement("optgroup"), d.label = a.text) : (d = document.createElement("option"), void 0 !== d.textContent ? d.textContent = a.text : d.innerText = a.text), void 0 !== a.id && (d.value = a.id), a.disabled && (d.disabled = !0), a.selected && (d.selected = !0), a.title && (d.title = a.title);
-        var e = c(d),
-        f = this._normalizeItem(a);
-        return f.element = d, b.StoreData(d, "data", f), e
-      }, d.prototype.item = function(a) {
-        var d = {};
-        if (null != (d = b.GetData(a[0], "data"))) return d;
-        if (a.is("option")) d = {
-          id: a.val(),
-          text: a.text(),
-          disabled: a.prop("disabled"),
-          selected: a.prop("selected"),
-          title: a.prop("title")
-        };
-        else if (a.is("optgroup")) {
-          d = {
-            text: a.prop("label"),
-            children: [],
-            title: a.prop("title")
-          };
-          for (var e = a.children("option"), f = [], g = 0; g < e.length; g++) {
-            var h = c(e[g]),
-            i = this.item(h);
-            f.push(i)
-          }
-          d.children = f
-        }
-        return d = this._normalizeItem(d), d.element = a[0], b.StoreData(a[0], "data", d), d
-      }, d.prototype._normalizeItem = function(a) {
-        a !== Object(a) && (a = {
-          id: a,
-          text: a
-        }), a = c.extend({}, {
-          text: ""
-        }, a);
-        var b = {
-          selected: !1,
-          disabled: !1
-        };
-        return null != a.id && (a.id = a.id.toString()), null != a.text && (a.text = a.text.toString()), null == a._resultId && a.id && null != this.container && (a._resultId = this.generateResultId(this.container, a)), c.extend({}, b, a)
-      }, d.prototype.matches = function(a, b) {
-        return this.options.get("matcher")(a, b)
-      }, d
-    }), b.define("select2/data/array", ["./select", "../utils", "jquery"], function(a, b, c) {
-      function d(a, b) {
-        var c = b.get("data") || [];
-        d.__super__.constructor.call(this, a, b), this.addOptions(this.convertToOptions(c))
-      }
-      return b.Extend(d, a), d.prototype.select = function(a) {
-        var b = this.$element.find("option").filter(function(b, c) {
-          return c.value == a.id.toString()
-        });
-        0 === b.length && (b = this.option(a), this.addOptions(b)), d.__super__.select.call(this, a)
-      }, d.prototype.convertToOptions = function(a) {
-        function d(a) {
-          return function() {
-            return c(this).val() == a.id
-          }
-        }
-        for (var e = this, f = this.$element.find("option"), g = f.map(function() {
-          return e.item(c(this)).id
-        }).get(), h = [], i = 0; i < a.length; i++) {
-          var j = this._normalizeItem(a[i]);
-          if (c.inArray(j.id, g) >= 0) {
-            var k = f.filter(d(j)),
-            l = this.item(k),
-            m = c.extend(!0, {}, j, l),
-            n = this.option(m);
-            k.replaceWith(n)
-          } else {
-            var o = this.option(j);
-            if (j.children) {
-              var p = this.convertToOptions(j.children);
-              b.appendMany(o, p)
-            }
-            h.push(o)
-          }
-        }
-        return h
-      }, d
-    }), b.define("select2/data/ajax", ["./array", "../utils", "jquery"], function(a, b, c) {
-      function d(a, b) {
-        this.ajaxOptions = this._applyDefaults(b.get("ajax")), null != this.ajaxOptions.processResults && (this.processResults = this.ajaxOptions.processResults), d.__super__.constructor.call(this, a, b)
-      }
-      return b.Extend(d, a), d.prototype._applyDefaults = function(a) {
-        var b = {
-          data: function(a) {
-            return c.extend({}, a, {
-              q: a.term
-            })
-          },
-          transport: function(a, b, d) {
-            var e = c.ajax(a);
-            return e.then(b), e.fail(d), e
-          }
-        };
-        return c.extend({}, b, a, !0)
-      }, d.prototype.processResults = function(a) {
-        return a
-      }, d.prototype.query = function(a, b) {
-        function d() {
-          var d = f.transport(f, function(d) {
-            var f = e.processResults(d, a);
-            e.options.get("debug") && window.console && console.error && (f && f.results && c.isArray(f.results) || console.error("Select2: The AJAX results did not return an array in the `results` key of the response.")), b(f)
-          }, function() {
-            "status" in d && (0 === d.status || "0" === d.status) || e.trigger("results:message", {
-              message: "errorLoading"
-            })
-          });
-          e._request = d
-        }
-        var e = this;
-        null != this._request && (c.isFunction(this._request.abort) && this._request.abort(), this._request = null);
-        var f = c.extend({
-          type: "GET"
-        }, this.ajaxOptions);
-        "function" == typeof f.url && (f.url = f.url.call(this.$element, a)), "function" == typeof f.data && (f.data = f.data.call(this.$element, a)), this.ajaxOptions.delay && null != a.term ? (this._queryTimeout && window.clearTimeout(this._queryTimeout), this._queryTimeout = window.setTimeout(d, this.ajaxOptions.delay)) : d()
-      }, d
-    }), b.define("select2/data/tags", ["jquery"], function(a) {
-      function b(b, c, d) {
-        var e = d.get("tags"),
-        f = d.get("createTag");
-        void 0 !== f && (this.createTag = f);
-        var g = d.get("insertTag");
-        if (void 0 !== g && (this.insertTag = g), b.call(this, c, d), a.isArray(e))
-        for (var h = 0; h < e.length; h++) {
-          var i = e[h],
-          j = this._normalizeItem(i),
-          k = this.option(j);
-          this.$element.append(k)
-        }
-      }
-      return b.prototype.query = function(a, b, c) {
-        function d(a, f) {
-          for (var g = a.results, h = 0; h < g.length; h++) {
-            var i = g[h],
-            j = null != i.children && !d({
-              results: i.children
-            }, !0);
-            if ((i.text || "").toUpperCase() === (b.term || "").toUpperCase() || j) return !f && (a.data = g, void c(a))
-          }
-          if (f) return !0;
-          var k = e.createTag(b);
-          if (null != k) {
-            var l = e.option(k);
-            l.attr("data-select2-tag", !0), e.addOptions([l]), e.insertTag(g, k)
-          }
-          a.results = g, c(a)
-        }
-        var e = this;
-        if (this._removeOldTags(), null == b.term || null != b.page) return void a.call(this, b, c);
-        a.call(this, b, d)
-      }, b.prototype.createTag = function(b, c) {
-        var d = a.trim(c.term);
-        return "" === d ? null : {
-          id: d,
-          text: d
-        }
-      }, b.prototype.insertTag = function(a, b, c) {
-        b.unshift(c)
-      }, b.prototype._removeOldTags = function(b) {
-        this._lastTag;
-        this.$element.find("option[data-select2-tag]").each(function() {
-          this.selected || a(this).remove()
-        })
-      }, b
-    }), b.define("select2/data/tokenizer", ["jquery"], function(a) {
-      function b(a, b, c) {
-        var d = c.get("tokenizer");
-        void 0 !== d && (this.tokenizer = d), a.call(this, b, c)
-      }
-      return b.prototype.bind = function(a, b, c) {
-        a.call(this, b, c), this.$search = b.dropdown.$search || b.selection.$search || c.find(".select2-search__field")
-      }, b.prototype.query = function(b, c, d) {
-        function e(b) {
-          var c = g._normalizeItem(b);
-          if (!g.$element.find("option").filter(function() {
-            return a(this).val() === c.id
-          }).length) {
-            var d = g.option(c);
-            d.attr("data-select2-tag", !0), g._removeOldTags(), g.addOptions([d])
-          }
-          f(c)
-        }
-
-        function f(a) {
-          g.trigger("select", {
-            data: a
-          })
-        }
-        var g = this;
-        c.term = c.term || "";
-        var h = this.tokenizer(c, this.options, e);
-        h.term !== c.term && (this.$search.length && (this.$search.val(h.term), this.$search.focus()), c.term = h.term), b.call(this, c, d)
-      }, b.prototype.tokenizer = function(b, c, d, e) {
-        for (var f = d.get("tokenSeparators") || [], g = c.term, h = 0, i = this.createTag || function(a) {
-          return {
-            id: a.term,
-            text: a.term
-          }
-        }; h < g.length;) {
-          var j = g[h];
-          if (-1 !== a.inArray(j, f)) {
-            var k = g.substr(0, h),
-            l = a.extend({}, c, {
-              term: k
-            }),
-            m = i(l);
-            null != m ? (e(m), g = g.substr(h + 1) || "", h = 0) : h++
-          } else h++
-        }
-        return {
-          term: g
-        }
-      }, b
-    }), b.define("select2/data/minimumInputLength", [], function() {
-      function a(a, b, c) {
-        this.minimumInputLength = c.get("minimumInputLength"), a.call(this, b, c)
-      }
-      return a.prototype.query = function(a, b, c) {
-        if (b.term = b.term || "", b.term.length < this.minimumInputLength) return void this.trigger("results:message", {
-          message: "inputTooShort",
-          args: {
-            minimum: this.minimumInputLength,
-            input: b.term,
-            params: b
-          }
-        });
-        a.call(this, b, c)
-      }, a
-    }), b.define("select2/data/maximumInputLength", [], function() {
-      function a(a, b, c) {
-        this.maximumInputLength = c.get("maximumInputLength"), a.call(this, b, c)
-      }
-      return a.prototype.query = function(a, b, c) {
-        if (b.term = b.term || "", this.maximumInputLength > 0 && b.term.length > this.maximumInputLength) return void this.trigger("results:message", {
-          message: "inputTooLong",
-          args: {
-            maximum: this.maximumInputLength,
-            input: b.term,
-            params: b
-          }
-        });
-        a.call(this, b, c)
-      }, a
-    }), b.define("select2/data/maximumSelectionLength", [], function() {
-      function a(a, b, c) {
-        this.maximumSelectionLength = c.get("maximumSelectionLength"), a.call(this, b, c)
-      }
-      return a.prototype.query = function(a, b, c) {
-        var d = this;
-        this.current(function(e) {
-          var f = null != e ? e.length : 0;
-          if (d.maximumSelectionLength > 0 && f >= d.maximumSelectionLength) return void d.trigger("results:message", {
-            message: "maximumSelected",
-            args: {
-              maximum: d.maximumSelectionLength
-            }
-          });
-          a.call(d, b, c)
-        })
-      }, a
-    }), b.define("select2/dropdown", ["jquery", "./utils"], function(a, b) {
-      function c(a, b) {
-        this.$element = a, this.options = b, c.__super__.constructor.call(this)
-      }
-      return b.Extend(c, b.Observable), c.prototype.render = function() {
-        var b = a('<span class="select2-dropdown"><span class="select2-results"></span></span>');
-        return b.attr("dir", this.options.get("dir")), this.$dropdown = b, b
-      }, c.prototype.bind = function() {}, c.prototype.position = function(a, b) {}, c.prototype.destroy = function() {
-        this.$dropdown.remove()
-      }, c
-    }), b.define("select2/dropdown/search", ["jquery", "../utils"], function(a, b) {
-      function c() {}
-      return c.prototype.render = function(b) {
-        var c = b.call(this),
-        d = a('<span class="select2-search select2-search--dropdown"><input class="select2-search__field" type="search" tabindex="-1" autocomplete="off" autocorrect="off" autocapitalize="none" spellcheck="false" role="textbox" /></span>');
-        return this.$searchContainer = d, this.$search = d.find("input"), c.prepend(d), c
-      }, c.prototype.bind = function(b, c, d) {
-        var e = this;
-        b.call(this, c, d), this.$search.on("keydown", function(a) {
-          e.trigger("keypress", a), e._keyUpPrevented = a.isDefaultPrevented()
-        }), this.$search.on("input", function(b) {
-          a(this).off("keyup")
-        }), this.$search.on("keyup input", function(a) {
-          e.handleSearch(a)
-        }), c.on("open", function() {
-          e.$search.attr("tabindex", 0), e.$search.focus(), window.setTimeout(function() {
-            e.$search.focus()
-          }, 0)
-        }), c.on("close", function() {
-          e.$search.attr("tabindex", -1), e.$search.val(""), e.$search.blur()
-        }), c.on("focus", function() {
-          c.isOpen() || e.$search.focus()
-        }), c.on("results:all", function(a) {
-          if (null == a.query.term || "" === a.query.term) {
-            e.showSearch(a) ? e.$searchContainer.removeClass("select2-search--hide") : e.$searchContainer.addClass("select2-search--hide")
-          }
-        })
-      }, c.prototype.handleSearch = function(a) {
-        if (!this._keyUpPrevented) {
-          var b = this.$search.val();
-          this.trigger("query", {
-            term: b
-          })
-        }
-        this._keyUpPrevented = !1
-      }, c.prototype.showSearch = function(a, b) {
-        return !0
-      }, c
-    }), b.define("select2/dropdown/hidePlaceholder", [], function() {
-      function a(a, b, c, d) {
-        this.placeholder = this.normalizePlaceholder(c.get("placeholder")), a.call(this, b, c, d)
-      }
-      return a.prototype.append = function(a, b) {
-        b.results = this.removePlaceholder(b.results), a.call(this, b)
-      }, a.prototype.normalizePlaceholder = function(a, b) {
-        return "string" == typeof b && (b = {
-          id: "",
-          text: b
-        }), b
-      }, a.prototype.removePlaceholder = function(a, b) {
-        for (var c = b.slice(0), d = b.length - 1; d >= 0; d--) {
-          var e = b[d];
-          this.placeholder.id === e.id && c.splice(d, 1)
-        }
-        return c
-      }, a
-    }), b.define("select2/dropdown/infiniteScroll", ["jquery"], function(a) {
-      function b(a, b, c, d) {
-        this.lastParams = {}, a.call(this, b, c, d), this.$loadingMore = this.createLoadingMore(), this.loading = !1
-      }
-      return b.prototype.append = function(a, b) {
-        this.$loadingMore.remove(), this.loading = !1, a.call(this, b), this.showLoadingMore(b) && this.$results.append(this.$loadingMore)
-      }, b.prototype.bind = function(b, c, d) {
-        var e = this;
-        b.call(this, c, d), c.on("query", function(a) {
-          e.lastParams = a, e.loading = !0
-        }), c.on("query:append", function(a) {
-          e.lastParams = a, e.loading = !0
-        }), this.$results.on("scroll", function() {
-          var b = a.contains(document.documentElement, e.$loadingMore[0]);
-          if (!e.loading && b) {
-            e.$results.offset().top + e.$results.outerHeight(!1) + 50 >= e.$loadingMore.offset().top + e.$loadingMore.outerHeight(!1) && e.loadMore()
-          }
-        })
-      }, b.prototype.loadMore = function() {
-        this.loading = !0;
-        var b = a.extend({}, {
-          page: 1
-        }, this.lastParams);
-        b.page++, this.trigger("query:append", b)
-      }, b.prototype.showLoadingMore = function(a, b) {
-        return b.pagination && b.pagination.more
-      }, b.prototype.createLoadingMore = function() {
-        var b = a('<li class="select2-results__option select2-results__option--load-more"role="treeitem" aria-disabled="true"></li>'),
-        c = this.options.get("translations").get("loadingMore");
-        return b.html(c(this.lastParams)), b
-      }, b
-    }), b.define("select2/dropdown/attachBody", ["jquery", "../utils"], function(a, b) {
-      function c(b, c, d) {
-        this.$dropdownParent = d.get("dropdownParent") || a(document.body), b.call(this, c, d)
-      }
-      return c.prototype.bind = function(a, b, c) {
-        var d = this,
-        e = !1;
-        a.call(this, b, c), b.on("open", function() {
-          d._showDropdown(), d._attachPositioningHandler(b), e || (e = !0, b.on("results:all", function() {
-            d._positionDropdown(), d._resizeDropdown()
-          }), b.on("results:append", function() {
-            d._positionDropdown(), d._resizeDropdown()
-          }))
-        }), b.on("close", function() {
-          d._hideDropdown(), d._detachPositioningHandler(b)
-        }), this.$dropdownContainer.on("mousedown", function(a) {
-          a.stopPropagation()
-        })
-      }, c.prototype.destroy = function(a) {
-        a.call(this), this.$dropdownContainer.remove()
-      }, c.prototype.position = function(a, b, c) {
-        b.attr("class", c.attr("class")), b.removeClass("select2"), b.addClass("select2-container--open"), b.css({
-          position: "absolute",
-          top: -999999
-        }), this.$container = c
-      }, c.prototype.render = function(b) {
-        var c = a("<span></span>"),
-        d = b.call(this);
-        return c.append(d), this.$dropdownContainer = c, c
-      }, c.prototype._hideDropdown = function(a) {
-        this.$dropdownContainer.detach()
-      }, c.prototype._attachPositioningHandler = function(c, d) {
-        var e = this,
-        f = "scroll.select2." + d.id,
-        g = "resize.select2." + d.id,
-        h = "orientationchange.select2." + d.id,
-        i = this.$container.parents().filter(b.hasScroll);
-        i.each(function() {
-          b.StoreData(this, "select2-scroll-position", {
-            x: a(this).scrollLeft(),
-            y: a(this).scrollTop()
-          })
-        }), i.on(f, function(c) {
-          var d = b.GetData(this, "select2-scroll-position");
-          a(this).scrollTop(d.y)
-        }), a(window).on(f + " " + g + " " + h, function(a) {
-          e._positionDropdown(), e._resizeDropdown()
-        })
-      }, c.prototype._detachPositioningHandler = function(c, d) {
-        var e = "scroll.select2." + d.id,
-        f = "resize.select2." + d.id,
-        g = "orientationchange.select2." + d.id;
-        this.$container.parents().filter(b.hasScroll).off(e), a(window).off(e + " " + f + " " + g)
-      }, c.prototype._positionDropdown = function() {
-        var b = a(window),
-        c = this.$dropdown.hasClass("select2-dropdown--above"),
-        d = this.$dropdown.hasClass("select2-dropdown--below"),
-        e = null,
-        f = this.$container.offset();
-        f.bottom = f.top + this.$container.outerHeight(!1);
-        var g = {
-          height: this.$container.outerHeight(!1)
-        };
-        g.top = f.top, g.bottom = f.top + g.height;
-        var h = {
-          height: this.$dropdown.outerHeight(!1)
-        },
-        i = {
-          top: b.scrollTop(),
-          bottom: b.scrollTop() + b.height()
-        },
-        j = i.top < f.top - h.height,
-        k = i.bottom > f.bottom + h.height,
-        l = {
-          left: f.left,
-          top: g.bottom
-        },
-        m = this.$dropdownParent;
-        "static" === m.css("position") && (m = m.offsetParent());
-        var n = m.offset();
-        l.top -= n.top, l.left -= n.left, c || d || (e = "below"), k || !j || c ? !j && k && c && (e = "below") : e = "above", ("above" == e || c && "below" !== e) && (l.top = g.top - n.top - h.height), null != e && (this.$dropdown.removeClass("select2-dropdown--below select2-dropdown--above").addClass("select2-dropdown--" + e), this.$container.removeClass("select2-container--below select2-container--above").addClass("select2-container--" + e)), this.$dropdownContainer.css(l)
-      }, c.prototype._resizeDropdown = function() {
-        var a = {
-          width: this.$container.outerWidth(!1) + "px"
-        };
-        this.options.get("dropdownAutoWidth") && (a.minWidth = a.width, a.position = "relative", a.width = "auto"), this.$dropdown.css(a)
-      }, c.prototype._showDropdown = function(a) {
-        this.$dropdownContainer.appendTo(this.$dropdownParent), this._positionDropdown(), this._resizeDropdown()
-      }, c
-    }), b.define("select2/dropdown/minimumResultsForSearch", [], function() {
-      function a(b) {
-        for (var c = 0, d = 0; d < b.length; d++) {
-          var e = b[d];
-          e.children ? c += a(e.children) : c++
-        }
-        return c
-      }
-
-      function b(a, b, c, d) {
-        this.minimumResultsForSearch = c.get("minimumResultsForSearch"), this.minimumResultsForSearch < 0 && (this.minimumResultsForSearch = 1 / 0), a.call(this, b, c, d)
-      }
-      return b.prototype.showSearch = function(b, c) {
-        return !(a(c.data.results) < this.minimumResultsForSearch) && b.call(this, c)
-      }, b
-    }), b.define("select2/dropdown/selectOnClose", ["../utils"], function(a) {
-      function b() {}
-      return b.prototype.bind = function(a, b, c) {
-        var d = this;
-        a.call(this, b, c), b.on("close", function(a) {
-          d._handleSelectOnClose(a)
-        })
-      }, b.prototype._handleSelectOnClose = function(b, c) {
-        if (c && null != c.originalSelect2Event) {
-          var d = c.originalSelect2Event;
-          if ("select" === d._type || "unselect" === d._type) return
-        }
-        var e = this.getHighlightedResults();
-        if (!(e.length < 1)) {
-          var f = a.GetData(e[0], "data");
-          null != f.element && f.element.selected || null == f.element && f.selected || this.trigger("select", {
-            data: f
-          })
-        }
-      }, b
-    }), b.define("select2/dropdown/closeOnSelect", [], function() {
-      function a() {}
-      return a.prototype.bind = function(a, b, c) {
-        var d = this;
-        a.call(this, b, c), b.on("select", function(a) {
-          d._selectTriggered(a)
-        }), b.on("unselect", function(a) {
-          d._selectTriggered(a)
-        })
-      }, a.prototype._selectTriggered = function(a, b) {
-        var c = b.originalEvent;
-        c && c.ctrlKey || this.trigger("close", {
-          originalEvent: c,
-          originalSelect2Event: b
-        })
-      }, a
-    }), b.define("select2/i18n/en", [], function() {
-      return {
-        errorLoading: function() {
-          return "The results could not be loaded."
-        },
-        inputTooLong: function(a) {
-          var b = a.input.length - a.maximum,
-          c = "Please delete " + b + " character";
-          return 1 != b && (c += "s"), c
-        },
-        inputTooShort: function(a) {
-          return "Please enter " + (a.minimum - a.input.length) + " or more characters"
-        },
-        loadingMore: function() {
-          return "Loading more results…"
-        },
-        maximumSelected: function(a) {
-          var b = "You can only select " + a.maximum + " item";
-          return 1 != a.maximum && (b += "s"), b
-        },
-        noResults: function() {
-          return "No results found"
-        },
-        searching: function() {
-          return "Searching…"
-        }
-      }
-    }), b.define("select2/defaults", ["jquery", "require", "./results", "./selection/single", "./selection/multiple", "./selection/placeholder", "./selection/allowClear", "./selection/search", "./selection/eventRelay", "./utils", "./translation", "./diacritics", "./data/select", "./data/array", "./data/ajax", "./data/tags", "./data/tokenizer", "./data/minimumInputLength", "./data/maximumInputLength", "./data/maximumSelectionLength", "./dropdown", "./dropdown/search", "./dropdown/hidePlaceholder", "./dropdown/infiniteScroll", "./dropdown/attachBody", "./dropdown/minimumResultsForSearch", "./dropdown/selectOnClose", "./dropdown/closeOnSelect", "./i18n/en"], function(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p, q, r, s, t, u, v, w, x, y, z, A, B, C) {
-      function D() {
-        this.reset()
-      }
-      return D.prototype.apply = function(l) {
-        if (l = a.extend(!0, {}, this.defaults, l), null == l.dataAdapter) {
-          if (null != l.ajax ? l.dataAdapter = o : null != l.data ? l.dataAdapter = n : l.dataAdapter = m, l.minimumInputLength > 0 && (l.dataAdapter = j.Decorate(l.dataAdapter, r)), l.maximumInputLength > 0 && (l.dataAdapter = j.Decorate(l.dataAdapter, s)), l.maximumSelectionLength > 0 && (l.dataAdapter = j.Decorate(l.dataAdapter, t)), l.tags && (l.dataAdapter = j.Decorate(l.dataAdapter, p)), null == l.tokenSeparators && null == l.tokenizer || (l.dataAdapter = j.Decorate(l.dataAdapter, q)), null != l.query) {
-            var C = b(l.amdBase + "compat/query");
-            l.dataAdapter = j.Decorate(l.dataAdapter, C)
-          }
-          if (null != l.initSelection) {
-            var D = b(l.amdBase + "compat/initSelection");
-            l.dataAdapter = j.Decorate(l.dataAdapter, D)
-          }
-        }
-        if (null == l.resultsAdapter && (l.resultsAdapter = c, null != l.ajax && (l.resultsAdapter = j.Decorate(l.resultsAdapter, x)), null != l.placeholder && (l.resultsAdapter = j.Decorate(l.resultsAdapter, w)), l.selectOnClose && (l.resultsAdapter = j.Decorate(l.resultsAdapter, A))), null == l.dropdownAdapter) {
-          if (l.multiple) l.dropdownAdapter = u;
-          else {
-            var E = j.Decorate(u, v);
-            l.dropdownAdapter = E
-          }
-          if (0 !== l.minimumResultsForSearch && (l.dropdownAdapter = j.Decorate(l.dropdownAdapter, z)), l.closeOnSelect && (l.dropdownAdapter = j.Decorate(l.dropdownAdapter, B)), null != l.dropdownCssClass || null != l.dropdownCss || null != l.adaptDropdownCssClass) {
-            var F = b(l.amdBase + "compat/dropdownCss");
-            l.dropdownAdapter = j.Decorate(l.dropdownAdapter, F)
-          }
-          l.dropdownAdapter = j.Decorate(l.dropdownAdapter, y)
-        }
-        if (null == l.selectionAdapter) {
-          if (l.multiple ? l.selectionAdapter = e : l.selectionAdapter = d, null != l.placeholder && (l.selectionAdapter = j.Decorate(l.selectionAdapter, f)), l.allowClear && (l.selectionAdapter = j.Decorate(l.selectionAdapter, g)), l.multiple && (l.selectionAdapter = j.Decorate(l.selectionAdapter, h)), null != l.containerCssClass || null != l.containerCss || null != l.adaptContainerCssClass) {
-            var G = b(l.amdBase + "compat/containerCss");
-            l.selectionAdapter = j.Decorate(l.selectionAdapter, G)
-          }
-          l.selectionAdapter = j.Decorate(l.selectionAdapter, i)
-        }
-        if ("string" == typeof l.language)
-        if (l.language.indexOf("-") > 0) {
-          var H = l.language.split("-"),
-          I = H[0];
-          l.language = [l.language, I]
-        } else l.language = [l.language];
-        if (a.isArray(l.language)) {
-          var J = new k;
-          l.language.push("en");
-          for (var K = l.language, L = 0; L < K.length; L++) {
-            var M = K[L],
-            N = {};
-            try {
-              N = k.loadPath(M)
-            } catch (a) {
-              try {
-                M = this.defaults.amdLanguageBase + M, N = k.loadPath(M)
-              } catch (a) {
-                l.debug && window.console && console.warn && console.warn('Select2: The language file for "' + M + '" could not be automatically loaded. A fallback will be used instead.');
-                continue
-              }
-            }
-            J.extend(N)
-          }
-          l.translations = J
-        } else {
-          var O = k.loadPath(this.defaults.amdLanguageBase + "en"),
-          P = new k(l.language);
-          P.extend(O), l.translations = P
-        }
-        return l
-      }, D.prototype.reset = function() {
-        function b(a) {
-          function b(a) {
-            return l[a] || a
-          }
-          return a.replace(/[^\u0000-\u007E]/g, b)
-        }
-
-        function c(d, e) {
-          if ("" === a.trim(d.term)) return e;
-          if (e.children && e.children.length > 0) {
-            for (var f = a.extend(!0, {}, e), g = e.children.length - 1; g >= 0; g--) {
-              null == c(d, e.children[g]) && f.children.splice(g, 1)
-            }
-            return f.children.length > 0 ? f : c(d, f)
-          }
-          var h = b(e.text).toUpperCase(),
-          i = b(d.term).toUpperCase();
-          return h.indexOf(i) > -1 ? e : null
-        }
-        this.defaults = {
-          amdBase: "./",
-          amdLanguageBase: "./i18n/",
-          closeOnSelect: !0,
-          debug: !1,
-          dropdownAutoWidth: !1,
-          escapeMarkup: j.escapeMarkup,
-          language: C,
-          matcher: c,
-          minimumInputLength: 0,
-          maximumInputLength: 0,
-          maximumSelectionLength: 0,
-          minimumResultsForSearch: 0,
-          selectOnClose: !1,
-          sorter: function(a) {
-            return a
-          },
-          templateResult: function(a) {
-            return a.text
-          },
-          templateSelection: function(a) {
-            return a.text
-          },
-          theme: "default",
-          width: "resolve"
-        }
-      }, D.prototype.set = function(b, c) {
-        var d = a.camelCase(b),
-        e = {};
-        e[d] = c;
-        var f = j._convertData(e);
-        a.extend(!0, this.defaults, f)
-      }, new D
-    }), b.define("select2/options", ["require", "jquery", "./defaults", "./utils"], function(a, b, c, d) {
-      function e(b, e) {
-        if (this.options = b, null != e && this.fromElement(e), this.options = c.apply(this.options), e && e.is("input")) {
-          var f = a(this.get("amdBase") + "compat/inputData");
-          this.options.dataAdapter = d.Decorate(this.options.dataAdapter, f)
-        }
-      }
-      return e.prototype.fromElement = function(a) {
-        var c = ["select2"];
-        null == this.options.multiple && (this.options.multiple = a.prop("multiple")), null == this.options.disabled && (this.options.disabled = a.prop("disabled")), null == this.options.language && (a.prop("lang") ? this.options.language = a.prop("lang").toLowerCase() : a.closest("[lang]").prop("lang") && (this.options.language = a.closest("[lang]").prop("lang"))), null == this.options.dir && (a.prop("dir") ? this.options.dir = a.prop("dir") : a.closest("[dir]").prop("dir") ? this.options.dir = a.closest("[dir]").prop("dir") : this.options.dir = "ltr"), a.prop("disabled", this.options.disabled), a.prop("multiple", this.options.multiple), d.GetData(a[0], "select2Tags") && (this.options.debug && window.console && console.warn && console.warn('Select2: The `data-select2-tags` attribute has been changed to use the `data-data` and `data-tags="true"` attributes and will be removed in future versions of Select2.'), d.StoreData(a[0], "data", d.GetData(a[0], "select2Tags")), d.StoreData(a[0], "tags", !0)), d.GetData(a[0], "ajaxUrl") && (this.options.debug && window.console && console.warn && console.warn("Select2: The `data-ajax-url` attribute has been changed to `data-ajax--url` and support for the old attribute will be removed in future versions of Select2."), a.attr("ajax--url", d.GetData(a[0], "ajaxUrl")), d.StoreData(a[0], "ajax-Url", d.GetData(a[0], "ajaxUrl")));
-        var e = {};
-        e = b.fn.jquery && "1." == b.fn.jquery.substr(0, 2) && a[0].dataset ? b.extend(!0, {}, a[0].dataset, d.GetData(a[0])) : d.GetData(a[0]);
-        var f = b.extend(!0, {}, e);
-        f = d._convertData(f);
-        for (var g in f) b.inArray(g, c) > -1 || (b.isPlainObject(this.options[g]) ? b.extend(this.options[g], f[g]) : this.options[g] = f[g]);
-        return this
-      }, e.prototype.get = function(a) {
-        return this.options[a]
-      }, e.prototype.set = function(a, b) {
-        this.options[a] = b
-      }, e
-    }), b.define("select2/core", ["jquery", "./options", "./utils", "./keys"], function(a, b, c, d) {
-      var e = function(a, d) {
-        null != c.GetData(a[0], "select2") && c.GetData(a[0], "select2").destroy(), this.$element = a, this.id = this._generateId(a), d = d || {}, this.options = new b(d, a), e.__super__.constructor.call(this);
-        var f = a.attr("tabindex") || 0;
-        c.StoreData(a[0], "old-tabindex", f), a.attr("tabindex", "-1");
-        var g = this.options.get("dataAdapter");
-        this.dataAdapter = new g(a, this.options);
-        var h = this.render();
-        this._placeContainer(h);
-        var i = this.options.get("selectionAdapter");
-        this.selection = new i(a, this.options), this.$selection = this.selection.render(), this.selection.position(this.$selection, h);
-        var j = this.options.get("dropdownAdapter");
-        this.dropdown = new j(a, this.options), this.$dropdown = this.dropdown.render(), this.dropdown.position(this.$dropdown, h);
-        var k = this.options.get("resultsAdapter");
-        this.results = new k(a, this.options, this.dataAdapter), this.$results = this.results.render(), this.results.position(this.$results, this.$dropdown);
-        var l = this;
-        this._bindAdapters(), this._registerDomEvents(), this._registerDataEvents(), this._registerSelectionEvents(), this._registerDropdownEvents(), this._registerResultsEvents(), this._registerEvents(), this.dataAdapter.current(function(a) {
-          l.trigger("selection:update", {
-            data: a
-          })
-        }), a.addClass("select2-hidden-accessible"), a.attr("aria-hidden", "true"), this._syncAttributes(), c.StoreData(a[0], "select2", this), a.data("select2", this)
-      };
-      return c.Extend(e, c.Observable), e.prototype._generateId = function(a) {
-        var b = "";
-        return b = null != a.attr("id") ? a.attr("id") : null != a.attr("name") ? a.attr("name") + "-" + c.generateChars(2) : c.generateChars(4), b = b.replace(/(:|\.|\[|\]|,)/g, ""), b = "select2-" + b
-      }, e.prototype._placeContainer = function(a) {
-        a.insertAfter(this.$element);
-        var b = this._resolveWidth(this.$element, this.options.get("width"));
-        null != b && a.css("width", b)
-      }, e.prototype._resolveWidth = function(a, b) {
-        var c = /^width:(([-+]?([0-9]*\.)?[0-9]+)(px|em|ex|%|in|cm|mm|pt|pc))/i;
-        if ("resolve" == b) {
-          var d = this._resolveWidth(a, "style");
-          return null != d ? d : this._resolveWidth(a, "element")
-        }
-        if ("element" == b) {
-          var e = a.outerWidth(!1);
-          return e <= 0 ? "auto" : e + "px"
-        }
-        if ("style" == b) {
-          var f = a.attr("style");
-          if ("string" != typeof f) return null;
-          for (var g = f.split(";"), h = 0, i = g.length; h < i; h += 1) {
-            var j = g[h].replace(/\s/g, ""),
-            k = j.match(c);
-            if (null !== k && k.length >= 1) return k[1]
-          }
-          return null
-        }
-        return b
-      }, e.prototype._bindAdapters = function() {
-        this.dataAdapter.bind(this, this.$container), this.selection.bind(this, this.$container), this.dropdown.bind(this, this.$container), this.results.bind(this, this.$container)
-      }, e.prototype._registerDomEvents = function() {
-        var b = this;
-        this.$element.on("change.select2", function() {
-          b.dataAdapter.current(function(a) {
-            b.trigger("selection:update", {
-              data: a
-            })
-          })
-        }), this.$element.on("focus.select2", function(a) {
-          b.trigger("focus", a)
-        }), this._syncA = c.bind(this._syncAttributes, this), this._syncS = c.bind(this._syncSubtree, this), this.$element[0].attachEvent && this.$element[0].attachEvent("onpropertychange", this._syncA);
-        var d = window.MutationObserver || window.WebKitMutationObserver || window.MozMutationObserver;
-        null != d ? (this._observer = new d(function(c) {
-          a.each(c, b._syncA), a.each(c, b._syncS)
-        }), this._observer.observe(this.$element[0], {
-          attributes: !0,
-          childList: !0,
-          subtree: !1
-        })) : this.$element[0].addEventListener && (this.$element[0].addEventListener("DOMAttrModified", b._syncA, !1), this.$element[0].addEventListener("DOMNodeInserted", b._syncS, !1), this.$element[0].addEventListener("DOMNodeRemoved", b._syncS, !1))
-      }, e.prototype._registerDataEvents = function() {
-        var a = this;
-        this.dataAdapter.on("*", function(b, c) {
-          a.trigger(b, c)
-        })
-      }, e.prototype._registerSelectionEvents = function() {
-        var b = this,
-        c = ["toggle", "focus"];
-        this.selection.on("toggle", function() {
-          b.toggleDropdown()
-        }), this.selection.on("focus", function(a) {
-          b.focus(a)
-        }), this.selection.on("*", function(d, e) {
-          -1 === a.inArray(d, c) && b.trigger(d, e)
-        })
-      }, e.prototype._registerDropdownEvents = function() {
-        var a = this;
-        this.dropdown.on("*", function(b, c) {
-          a.trigger(b, c)
-        })
-      }, e.prototype._registerResultsEvents = function() {
-        var a = this;
-        this.results.on("*", function(b, c) {
-          a.trigger(b, c)
-        })
-      }, e.prototype._registerEvents = function() {
-        var a = this;
-        this.on("open", function() {
-          a.$container.addClass("select2-container--open")
-        }), this.on("close", function() {
-          a.$container.removeClass("select2-container--open")
-        }), this.on("enable", function() {
-          a.$container.removeClass("select2-container--disabled")
-        }), this.on("disable", function() {
-          a.$container.addClass("select2-container--disabled")
-        }), this.on("blur", function() {
-          a.$container.removeClass("select2-container--focus")
-        }), this.on("query", function(b) {
-          a.isOpen() || a.trigger("open", {}), this.dataAdapter.query(b, function(c) {
-            a.trigger("results:all", {
-              data: c,
-              query: b
-            })
-          })
-        }), this.on("query:append", function(b) {
-          this.dataAdapter.query(b, function(c) {
-            a.trigger("results:append", {
-              data: c,
-              query: b
-            })
-          })
-        }), this.on("keypress", function(b) {
-          var c = b.which;
-          a.isOpen() ? c === d.ESC || c === d.TAB || c === d.UP && b.altKey ? (a.close(), b.preventDefault()) : c === d.ENTER ? (a.trigger("results:select", {}), b.preventDefault()) : c === d.SPACE && b.ctrlKey ? (a.trigger("results:toggle", {}), b.preventDefault()) : c === d.UP ? (a.trigger("results:previous", {}), b.preventDefault()) : c === d.DOWN && (a.trigger("results:next", {}), b.preventDefault()) : (c === d.ENTER || c === d.SPACE || c === d.DOWN && b.altKey) && (a.open(), b.preventDefault())
-        })
-      }, e.prototype._syncAttributes = function() {
-        this.options.set("disabled", this.$element.prop("disabled")), this.options.get("disabled") ? (this.isOpen() && this.close(), this.trigger("disable", {})) : this.trigger("enable", {})
-      }, e.prototype._syncSubtree = function(a, b) {
-        var c = !1,
-        d = this;
-        if (!a || !a.target || "OPTION" === a.target.nodeName || "OPTGROUP" === a.target.nodeName) {
-          if (b)
-          if (b.addedNodes && b.addedNodes.length > 0)
-          for (var e = 0; e < b.addedNodes.length; e++) {
-            var f = b.addedNodes[e];
-            f.selected && (c = !0)
-          } else b.removedNodes && b.removedNodes.length > 0 && (c = !0);
-          else c = !0;
-          c && this.dataAdapter.current(function(a) {
-            d.trigger("selection:update", {
-              data: a
-            })
-          })
-        }
-      }, e.prototype.trigger = function(a, b) {
-        var c = e.__super__.trigger,
-        d = {
-          open: "opening",
-          close: "closing",
-          select: "selecting",
-          unselect: "unselecting",
-          clear: "clearing"
-        };
-        if (void 0 === b && (b = {}), a in d) {
-          var f = d[a],
-          g = {
-            prevented: !1,
-            name: a,
-            args: b
-          };
-          if (c.call(this, f, g), g.prevented) return void(b.prevented = !0)
-        }
-        c.call(this, a, b)
-      }, e.prototype.toggleDropdown = function() {
-        this.options.get("disabled") || (this.isOpen() ? this.close() : this.open())
-      }, e.prototype.open = function() {
-        this.isOpen() || this.trigger("query", {})
-      }, e.prototype.close = function() {
-        this.isOpen() && this.trigger("close", {})
-      }, e.prototype.isOpen = function() {
-        return this.$container.hasClass("select2-container--open")
-      }, e.prototype.hasFocus = function() {
-        return this.$container.hasClass("select2-container--focus")
-      }, e.prototype.focus = function(a) {
-        this.hasFocus() || (this.$container.addClass("select2-container--focus"), this.trigger("focus", {}))
-      }, e.prototype.enable = function(a) {
-        this.options.get("debug") && window.console && console.warn && console.warn('Select2: The `select2("enable")` method has been deprecated and will be removed in later Select2 versions. Use $element.prop("disabled") instead.'), null != a && 0 !== a.length || (a = [!0]);
-        var b = !a[0];
-        this.$element.prop("disabled", b)
-      }, e.prototype.data = function() {
-        this.options.get("debug") && arguments.length > 0 && window.console && console.warn && console.warn('Select2: Data can no longer be set using `select2("data")`. You should consider setting the value instead using `$element.val()`.');
-        var a = [];
-        return this.dataAdapter.current(function(b) {
-          a = b
-        }), a
-      }, e.prototype.val = function(b) {
-        if (this.options.get("debug") && window.console && console.warn && console.warn('Select2: The `select2("val")` method has been deprecated and will be removed in later Select2 versions. Use $element.val() instead.'), null == b || 0 === b.length) return this.$element.val();
-        var c = b[0];
-        a.isArray(c) && (c = a.map(c, function(a) {
-          return a.toString()
-        })), this.$element.val(c).trigger("change")
-      }, e.prototype.destroy = function() {
-        this.$container.remove(), this.$element[0].detachEvent && this.$element[0].detachEvent("onpropertychange", this._syncA), null != this._observer ? (this._observer.disconnect(), this._observer = null) : this.$element[0].removeEventListener && (this.$element[0].removeEventListener("DOMAttrModified", this._syncA, !1), this.$element[0].removeEventListener("DOMNodeInserted", this._syncS, !1), this.$element[0].removeEventListener("DOMNodeRemoved", this._syncS, !1)), this._syncA = null, this._syncS = null, this.$element.off(".select2"), this.$element.attr("tabindex", c.GetData(this.$element[0], "old-tabindex")), this.$element.removeClass("select2-hidden-accessible"), this.$element.attr("aria-hidden", "false"), c.RemoveData(this.$element[0]), this.$element.removeData("select2"), this.dataAdapter.destroy(), this.selection.destroy(), this.dropdown.destroy(), this.results.destroy(), this.dataAdapter = null, this.selection = null, this.dropdown = null, this.results = null
-      }, e.prototype.render = function() {
-        var b = a('<span class="select2 select2-container mb-4"><span class="selection"></span><span class="dropdown-wrapper" aria-hidden="true"></span></span>');
-        return b.attr("dir", this.options.get("dir")), this.$container = b, this.$container.addClass("select2-container--" + this.options.get("theme")), c.StoreData(b[0], "element", this.$element), b
-      }, e
-    }), b.define("jquery-mousewheel", ["jquery"], function(a) {
-      return a
-    }), b.define("jquery.select2", ["jquery", "jquery-mousewheel", "./select2/core", "./select2/defaults", "./select2/utils"], function(a, b, c, d, e) {
-      if (null == a.fn.select2) {
-        var f = ["open", "close", "destroy"];
-        a.fn.select2 = function(b) {
-          if ("object" == typeof(b = b || {})) return this.each(function() {
-            var d = a.extend(!0, {}, b);
-            new c(a(this), d)
-          }), this;
-          if ("string" == typeof b) {
-            var d, g = Array.prototype.slice.call(arguments, 1);
-            return this.each(function() {
-              var a = e.GetData(this, "select2");
-              null == a && window.console && console.error && console.error("The select2('" + b + "') method was called on an element that is not using Select2."), d = a[b].apply(a, g)
-            }), a.inArray(b, f) > -1 ? this : d
-          }
-          throw new Error("Invalid arguments for Select2: " + b)
-        }
-      }
-      return null == a.fn.select2.defaults && (a.fn.select2.defaults = d), c
-    }), {
-      define: b.define,
-      require: b.require
-    }
-  }(),
-  c = b.require("jquery.select2");
-  return a.fn.select2.amd = b, c
-});
+/*! Select2 4.0.13 | https://github.com/select2/select2/blob/master/LICENSE.md */
+!function(n){"function"==typeof define&&define.amd?define(["jquery"],n):"object"==typeof module&&module.exports?module.exports=function(e,t){return void 0===t&&(t="undefined"!=typeof window?require("jquery"):require("jquery")(e)),n(t),t}:n(jQuery)}(function(u){var e=function(){if(u&&u.fn&&u.fn.select2&&u.fn.select2.amd)var e=u.fn.select2.amd;var t,n,r,h,o,s,f,g,m,v,y,_,i,a,b;function w(e,t){return i.call(e,t)}function l(e,t){var n,r,i,o,s,a,l,c,u,d,p,h=t&&t.split("/"),f=y.map,g=f&&f["*"]||{};if(e){for(s=(e=e.split("/")).length-1,y.nodeIdCompat&&b.test(e[s])&&(e[s]=e[s].replace(b,"")),"."===e[0].charAt(0)&&h&&(e=h.slice(0,h.length-1).concat(e)),u=0;u<e.length;u++)if("."===(p=e[u]))e.splice(u,1),--u;else if(".."===p){if(0===u||1===u&&".."===e[2]||".."===e[u-1])continue;0<u&&(e.splice(u-1,2),u-=2)}e=e.join("/")}if((h||g)&&f){for(u=(n=e.split("/")).length;0<u;--u){if(r=n.slice(0,u).join("/"),h)for(d=h.length;0<d;--d)if(i=(i=f[h.slice(0,d).join("/")])&&i[r]){o=i,a=u;break}if(o)break;!l&&g&&g[r]&&(l=g[r],c=u)}!o&&l&&(o=l,a=c),o&&(n.splice(0,a,o),e=n.join("/"))}return e}function A(t,n){return function(){var e=a.call(arguments,0);return"string"!=typeof e[0]&&1===e.length&&e.push(null),s.apply(h,e.concat([t,n]))}}function x(t){return function(e){m[t]=e}}function D(e){if(w(v,e)){var t=v[e];delete v[e],_[e]=!0,o.apply(h,t)}if(!w(m,e)&&!w(_,e))throw new Error("No "+e);return m[e]}function c(e){var t,n=e?e.indexOf("!"):-1;return-1<n&&(t=e.substring(0,n),e=e.substring(n+1,e.length)),[t,e]}function S(e){return e?c(e):[]}return e&&e.requirejs||(e?n=e:e={},m={},v={},y={},_={},i=Object.prototype.hasOwnProperty,a=[].slice,b=/\.js$/,f=function(e,t){var n,r,i=c(e),o=i[0],s=t[1];return e=i[1],o&&(n=D(o=l(o,s))),o?e=n&&n.normalize?n.normalize(e,(r=s,function(e){return l(e,r)})):l(e,s):(o=(i=c(e=l(e,s)))[0],e=i[1],o&&(n=D(o))),{f:o?o+"!"+e:e,n:e,pr:o,p:n}},g={require:function(e){return A(e)},exports:function(e){var t=m[e];return void 0!==t?t:m[e]={}},module:function(e){return{id:e,uri:"",exports:m[e],config:(t=e,function(){return y&&y.config&&y.config[t]||{}})};var t}},o=function(e,t,n,r){var i,o,s,a,l,c,u,d=[],p=typeof n;if(c=S(r=r||e),"undefined"==p||"function"==p){for(t=!t.length&&n.length?["require","exports","module"]:t,l=0;l<t.length;l+=1)if("require"===(o=(a=f(t[l],c)).f))d[l]=g.require(e);else if("exports"===o)d[l]=g.exports(e),u=!0;else if("module"===o)i=d[l]=g.module(e);else if(w(m,o)||w(v,o)||w(_,o))d[l]=D(o);else{if(!a.p)throw new Error(e+" missing "+o);a.p.load(a.n,A(r,!0),x(o),{}),d[l]=m[o]}s=n?n.apply(m[e],d):void 0,e&&(i&&i.exports!==h&&i.exports!==m[e]?m[e]=i.exports:s===h&&u||(m[e]=s))}else e&&(m[e]=n)},t=n=s=function(e,t,n,r,i){if("string"==typeof e)return g[e]?g[e](t):D(f(e,S(t)).f);if(!e.splice){if((y=e).deps&&s(y.deps,y.callback),!t)return;t.splice?(e=t,t=n,n=null):e=h}return t=t||function(){},"function"==typeof n&&(n=r,r=i),r?o(h,e,t,n):setTimeout(function(){o(h,e,t,n)},4),s},s.config=function(e){return s(e)},t._defined=m,(r=function(e,t,n){if("string"!=typeof e)throw new Error("See almond README: incorrect module build, no module name");t.splice||(n=t,t=[]),w(m,e)||w(v,e)||(v[e]=[e,t,n])}).amd={jQuery:!0},e.requirejs=t,e.require=n,e.define=r),e.define("almond",function(){}),e.define("jquery",[],function(){var e=u||$;return null==e&&console&&console.error&&console.error("Select2: An instance of jQuery or a jQuery-compatible library was not found. Make sure that you are including jQuery before Select2 on your web page."),e}),e.define("select2/utils",["jquery"],function(o){var i={};function u(e){var t=e.prototype,n=[];for(var r in t){"function"==typeof t[r]&&"constructor"!==r&&n.push(r)}return n}i.Extend=function(e,t){var n={}.hasOwnProperty;function r(){this.constructor=e}for(var i in t)n.call(t,i)&&(e[i]=t[i]);return r.prototype=t.prototype,e.prototype=new r,e.__super__=t.prototype,e},i.Decorate=function(r,i){var e=u(i),t=u(r);function o(){var e=Array.prototype.unshift,t=i.prototype.constructor.length,n=r.prototype.constructor;0<t&&(e.call(arguments,r.prototype.constructor),n=i.prototype.constructor),n.apply(this,arguments)}i.displayName=r.displayName,o.prototype=new function(){this.constructor=o};for(var n=0;n<t.length;n++){var s=t[n];o.prototype[s]=r.prototype[s]}function a(e){var t=function(){};e in o.prototype&&(t=o.prototype[e]);var n=i.prototype[e];return function(){return Array.prototype.unshift.call(arguments,t),n.apply(this,arguments)}}for(var l=0;l<e.length;l++){var c=e[l];o.prototype[c]=a(c)}return o};function e(){this.listeners={}}e.prototype.on=function(e,t){this.listeners=this.listeners||{},e in this.listeners?this.listeners[e].push(t):this.listeners[e]=[t]},e.prototype.trigger=function(e){var t=Array.prototype.slice,n=t.call(arguments,1);this.listeners=this.listeners||{},null==n&&(n=[]),0===n.length&&n.push({}),(n[0]._type=e)in this.listeners&&this.invoke(this.listeners[e],t.call(arguments,1)),"*"in this.listeners&&this.invoke(this.listeners["*"],arguments)},e.prototype.invoke=function(e,t){for(var n=0,r=e.length;n<r;n++)e[n].apply(this,t)},i.Observable=e,i.generateChars=function(e){for(var t="",n=0;n<e;n++){t+=Math.floor(36*Math.random()).toString(36)}return t},i.bind=function(e,t){return function(){e.apply(t,arguments)}},i._convertData=function(e){for(var t in e){var n=t.split("-"),r=e;if(1!==n.length){for(var i=0;i<n.length;i++){var o=n[i];(o=o.substring(0,1).toLowerCase()+o.substring(1))in r||(r[o]={}),i==n.length-1&&(r[o]=e[t]),r=r[o]}delete e[t]}}return e},i.hasScroll=function(e,t){var n=o(t),r=t.style.overflowX,i=t.style.overflowY;return(r!==i||"hidden"!==i&&"visible"!==i)&&("scroll"===r||"scroll"===i||(n.innerHeight()<t.scrollHeight||n.innerWidth()<t.scrollWidth))},i.escapeMarkup=function(e){var t={"\\":"&#92;","&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#47;"};return"string"!=typeof e?e:String(e).replace(/[&<>"'\/\\]/g,function(e){return t[e]})},i.appendMany=function(e,t){if("1.7"===o.fn.jquery.substr(0,3)){var n=o();o.map(t,function(e){n=n.add(e)}),t=n}e.append(t)},i.__cache={};var n=0;return i.GetUniqueElementId=function(e){var t=e.getAttribute("data-select2-id");return null==t&&(e.id?(t=e.id,e.setAttribute("data-select2-id",t)):(e.setAttribute("data-select2-id",++n),t=n.toString())),t},i.StoreData=function(e,t,n){var r=i.GetUniqueElementId(e);i.__cache[r]||(i.__cache[r]={}),i.__cache[r][t]=n},i.GetData=function(e,t){var n=i.GetUniqueElementId(e);return t?i.__cache[n]&&null!=i.__cache[n][t]?i.__cache[n][t]:o(e).data(t):i.__cache[n]},i.RemoveData=function(e){var t=i.GetUniqueElementId(e);null!=i.__cache[t]&&delete i.__cache[t],e.removeAttribute("data-select2-id")},i}),e.define("select2/results",["jquery","./utils"],function(h,f){function r(e,t,n){this.$element=e,this.data=n,this.options=t,r.__super__.constructor.call(this)}return f.Extend(r,f.Observable),r.prototype.render=function(){var e=h('<ul class="select2-results__options" role="listbox"></ul>');return this.options.get("multiple")&&e.attr("aria-multiselectable","true"),this.$results=e},r.prototype.clear=function(){this.$results.empty()},r.prototype.displayMessage=function(e){var t=this.options.get("escapeMarkup");this.clear(),this.hideLoading();var n=h('<li role="alert" aria-live="assertive" class="select2-results__option"></li>'),r=this.options.get("translations").get(e.message);n.append(t(r(e.args))),n[0].className+=" select2-results__message",this.$results.append(n)},r.prototype.hideMessages=function(){this.$results.find(".select2-results__message").remove()},r.prototype.append=function(e){this.hideLoading();var t=[];if(null!=e.results&&0!==e.results.length){e.results=this.sort(e.results);for(var n=0;n<e.results.length;n++){var r=e.results[n],i=this.option(r);t.push(i)}this.$results.append(t)}else 0===this.$results.children().length&&this.trigger("results:message",{message:"noResults"})},r.prototype.position=function(e,t){t.find(".select2-results").append(e)},r.prototype.sort=function(e){return this.options.get("sorter")(e)},r.prototype.highlightFirstItem=function(){var e=this.$results.find(".select2-results__option[aria-selected]"),t=e.filter("[aria-selected=true]");0<t.length?t.first().trigger("mouseenter"):e.first().trigger("mouseenter"),this.ensureHighlightVisible()},r.prototype.setClasses=function(){var t=this;this.data.current(function(e){var r=h.map(e,function(e){return e.id.toString()});t.$results.find(".select2-results__option[aria-selected]").each(function(){var e=h(this),t=f.GetData(this,"data"),n=""+t.id;null!=t.element&&t.element.selected||null==t.element&&-1<h.inArray(n,r)?e.attr("aria-selected","true"):e.attr("aria-selected","false")})})},r.prototype.showLoading=function(e){this.hideLoading();var t={disabled:!0,loading:!0,text:this.options.get("translations").get("searching")(e)},n=this.option(t);n.className+=" loading-results",this.$results.prepend(n)},r.prototype.hideLoading=function(){this.$results.find(".loading-results").remove()},r.prototype.option=function(e){var t=document.createElement("li");t.className="select2-results__option";var n={role:"option","aria-selected":"false"},r=window.Element.prototype.matches||window.Element.prototype.msMatchesSelector||window.Element.prototype.webkitMatchesSelector;for(var i in(null!=e.element&&r.call(e.element,":disabled")||null==e.element&&e.disabled)&&(delete n["aria-selected"],n["aria-disabled"]="true"),null==e.id&&delete n["aria-selected"],null!=e._resultId&&(t.id=e._resultId),e.title&&(t.title=e.title),e.children&&(n.role="group",n["aria-label"]=e.text,delete n["aria-selected"]),n){var o=n[i];t.setAttribute(i,o)}if(e.children){var s=h(t),a=document.createElement("strong");a.className="select2-results__group";h(a);this.template(e,a);for(var l=[],c=0;c<e.children.length;c++){var u=e.children[c],d=this.option(u);l.push(d)}var p=h("<ul></ul>",{class:"select2-results__options select2-results__options--nested"});p.append(l),s.append(a),s.append(p)}else this.template(e,t);return f.StoreData(t,"data",e),t},r.prototype.bind=function(t,e){var l=this,n=t.id+"-results";this.$results.attr("id",n),t.on("results:all",function(e){l.clear(),l.append(e.data),t.isOpen()&&(l.setClasses(),l.highlightFirstItem())}),t.on("results:append",function(e){l.append(e.data),t.isOpen()&&l.setClasses()}),t.on("query",function(e){l.hideMessages(),l.showLoading(e)}),t.on("select",function(){t.isOpen()&&(l.setClasses(),l.options.get("scrollAfterSelect")&&l.highlightFirstItem())}),t.on("unselect",function(){t.isOpen()&&(l.setClasses(),l.options.get("scrollAfterSelect")&&l.highlightFirstItem())}),t.on("open",function(){l.$results.attr("aria-expanded","true"),l.$results.attr("aria-hidden","false"),l.setClasses(),l.ensureHighlightVisible()}),t.on("close",function(){l.$results.attr("aria-expanded","false"),l.$results.attr("aria-hidden","true"),l.$results.removeAttr("aria-activedescendant")}),t.on("results:toggle",function(){var e=l.getHighlightedResults();0!==e.length&&e.trigger("mouseup")}),t.on("results:select",function(){var e=l.getHighlightedResults();if(0!==e.length){var t=f.GetData(e[0],"data");"true"==e.attr("aria-selected")?l.trigger("close",{}):l.trigger("select",{data:t})}}),t.on("results:previous",function(){var e=l.getHighlightedResults(),t=l.$results.find("[aria-selected]"),n=t.index(e);if(!(n<=0)){var r=n-1;0===e.length&&(r=0);var i=t.eq(r);i.trigger("mouseenter");var o=l.$results.offset().top,s=i.offset().top,a=l.$results.scrollTop()+(s-o);0===r?l.$results.scrollTop(0):s-o<0&&l.$results.scrollTop(a)}}),t.on("results:next",function(){var e=l.getHighlightedResults(),t=l.$results.find("[aria-selected]"),n=t.index(e)+1;if(!(n>=t.length)){var r=t.eq(n);r.trigger("mouseenter");var i=l.$results.offset().top+l.$results.outerHeight(!1),o=r.offset().top+r.outerHeight(!1),s=l.$results.scrollTop()+o-i;0===n?l.$results.scrollTop(0):i<o&&l.$results.scrollTop(s)}}),t.on("results:focus",function(e){e.element.addClass("select2-results__option--highlighted")}),t.on("results:message",function(e){l.displayMessage(e)}),h.fn.mousewheel&&this.$results.on("mousewheel",function(e){var t=l.$results.scrollTop(),n=l.$results.get(0).scrollHeight-t+e.deltaY,r=0<e.deltaY&&t-e.deltaY<=0,i=e.deltaY<0&&n<=l.$results.height();r?(l.$results.scrollTop(0),e.preventDefault(),e.stopPropagation()):i&&(l.$results.scrollTop(l.$results.get(0).scrollHeight-l.$results.height()),e.preventDefault(),e.stopPropagation())}),this.$results.on("mouseup",".select2-results__option[aria-selected]",function(e){var t=h(this),n=f.GetData(this,"data");"true"!==t.attr("aria-selected")?l.trigger("select",{originalEvent:e,data:n}):l.options.get("multiple")?l.trigger("unselect",{originalEvent:e,data:n}):l.trigger("close",{})}),this.$results.on("mouseenter",".select2-results__option[aria-selected]",function(e){var t=f.GetData(this,"data");l.getHighlightedResults().removeClass("select2-results__option--highlighted"),l.trigger("results:focus",{data:t,element:h(this)})})},r.prototype.getHighlightedResults=function(){return this.$results.find(".select2-results__option--highlighted")},r.prototype.destroy=function(){this.$results.remove()},r.prototype.ensureHighlightVisible=function(){var e=this.getHighlightedResults();if(0!==e.length){var t=this.$results.find("[aria-selected]").index(e),n=this.$results.offset().top,r=e.offset().top,i=this.$results.scrollTop()+(r-n),o=r-n;i-=2*e.outerHeight(!1),t<=2?this.$results.scrollTop(0):(o>this.$results.outerHeight()||o<0)&&this.$results.scrollTop(i)}},r.prototype.template=function(e,t){var n=this.options.get("templateResult"),r=this.options.get("escapeMarkup"),i=n(e,t);null==i?t.style.display="none":"string"==typeof i?t.innerHTML=r(i):h(t).append(i)},r}),e.define("select2/keys",[],function(){return{BACKSPACE:8,TAB:9,ENTER:13,SHIFT:16,CTRL:17,ALT:18,ESC:27,SPACE:32,PAGE_UP:33,PAGE_DOWN:34,END:35,HOME:36,LEFT:37,UP:38,RIGHT:39,DOWN:40,DELETE:46}}),e.define("select2/selection/base",["jquery","../utils","../keys"],function(n,r,i){function o(e,t){this.$element=e,this.options=t,o.__super__.constructor.call(this)}return r.Extend(o,r.Observable),o.prototype.render=function(){var e=n('<span class="select2-selection" role="combobox"  aria-haspopup="true" aria-expanded="false"></span>');return this._tabindex=0,null!=r.GetData(this.$element[0],"old-tabindex")?this._tabindex=r.GetData(this.$element[0],"old-tabindex"):null!=this.$element.attr("tabindex")&&(this._tabindex=this.$element.attr("tabindex")),e.attr("title",this.$element.attr("title")),e.attr("tabindex",this._tabindex),e.attr("aria-disabled","false"),this.$selection=e},o.prototype.bind=function(e,t){var n=this,r=e.id+"-results";this.container=e,this.$selection.on("focus",function(e){n.trigger("focus",e)}),this.$selection.on("blur",function(e){n._handleBlur(e)}),this.$selection.on("keydown",function(e){n.trigger("keypress",e),e.which===i.SPACE&&e.preventDefault()}),e.on("results:focus",function(e){n.$selection.attr("aria-activedescendant",e.data._resultId)}),e.on("selection:update",function(e){n.update(e.data)}),e.on("open",function(){n.$selection.attr("aria-expanded","true"),n.$selection.attr("aria-owns",r),n._attachCloseHandler(e)}),e.on("close",function(){n.$selection.attr("aria-expanded","false"),n.$selection.removeAttr("aria-activedescendant"),n.$selection.removeAttr("aria-owns"),n.$selection.trigger("focus"),n._detachCloseHandler(e)}),e.on("enable",function(){n.$selection.attr("tabindex",n._tabindex),n.$selection.attr("aria-disabled","false")}),e.on("disable",function(){n.$selection.attr("tabindex","-1"),n.$selection.attr("aria-disabled","true")})},o.prototype._handleBlur=function(e){var t=this;window.setTimeout(function(){document.activeElement==t.$selection[0]||n.contains(t.$selection[0],document.activeElement)||t.trigger("blur",e)},1)},o.prototype._attachCloseHandler=function(e){n(document.body).on("mousedown.select2."+e.id,function(e){var t=n(e.target).closest(".select2");n(".select2.select2-container--open").each(function(){this!=t[0]&&r.GetData(this,"element").select2("close")})})},o.prototype._detachCloseHandler=function(e){n(document.body).off("mousedown.select2."+e.id)},o.prototype.position=function(e,t){t.find(".selection").append(e)},o.prototype.destroy=function(){this._detachCloseHandler(this.container)},o.prototype.update=function(e){throw new Error("The `update` method must be defined in child classes.")},o.prototype.isEnabled=function(){return!this.isDisabled()},o.prototype.isDisabled=function(){return this.options.get("disabled")},o}),e.define("select2/selection/single",["jquery","./base","../utils","../keys"],function(e,t,n,r){function i(){i.__super__.constructor.apply(this,arguments)}return n.Extend(i,t),i.prototype.render=function(){var e=i.__super__.render.call(this);return e.addClass("select2-selection--single"),e.html('<span class="select2-selection__rendered"></span><span class="select2-selection__arrow" role="presentation"><b role="presentation"></b></span>'),e},i.prototype.bind=function(t,e){var n=this;i.__super__.bind.apply(this,arguments);var r=t.id+"-container";this.$selection.find(".select2-selection__rendered").attr("id",r).attr("role","textbox").attr("aria-readonly","true"),this.$selection.attr("aria-labelledby",r),this.$selection.on("mousedown",function(e){1===e.which&&n.trigger("toggle",{originalEvent:e})}),this.$selection.on("focus",function(e){}),this.$selection.on("blur",function(e){}),t.on("focus",function(e){t.isOpen()||n.$selection.trigger("focus")})},i.prototype.clear=function(){var e=this.$selection.find(".select2-selection__rendered");e.empty(),e.removeAttr("title")},i.prototype.display=function(e,t){var n=this.options.get("templateSelection");return this.options.get("escapeMarkup")(n(e,t))},i.prototype.selectionContainer=function(){return e("<span></span>")},i.prototype.update=function(e){if(0!==e.length){var t=e[0],n=this.$selection.find(".select2-selection__rendered"),r=this.display(t,n);n.empty().append(r);var i=t.title||t.text;i?n.attr("title",i):n.removeAttr("title")}else this.clear()},i}),e.define("select2/selection/multiple",["jquery","./base","../utils"],function(i,e,l){function n(e,t){n.__super__.constructor.apply(this,arguments)}return l.Extend(n,e),n.prototype.render=function(){var e=n.__super__.render.call(this);return e.addClass("select2-selection--multiple"),e.html('<ul class="select2-selection__rendered"></ul>'),e},n.prototype.bind=function(e,t){var r=this;n.__super__.bind.apply(this,arguments),this.$selection.on("click",function(e){r.trigger("toggle",{originalEvent:e})}),this.$selection.on("click",".select2-selection__choice__remove",function(e){if(!r.isDisabled()){var t=i(this).parent(),n=l.GetData(t[0],"data");r.trigger("unselect",{originalEvent:e,data:n})}})},n.prototype.clear=function(){var e=this.$selection.find(".select2-selection__rendered");e.empty(),e.removeAttr("title")},n.prototype.display=function(e,t){var n=this.options.get("templateSelection");return this.options.get("escapeMarkup")(n(e,t))},n.prototype.selectionContainer=function(){return i('<li class="select2-selection__choice"><span class="select2-selection__choice__remove" role="presentation">&times;</span></li>')},n.prototype.update=function(e){if(this.clear(),0!==e.length){for(var t=[],n=0;n<e.length;n++){var r=e[n],i=this.selectionContainer(),o=this.display(r,i);i.append(o);var s=r.title||r.text;s&&i.attr("title",s),l.StoreData(i[0],"data",r),t.push(i)}var a=this.$selection.find(".select2-selection__rendered");l.appendMany(a,t)}},n}),e.define("select2/selection/placeholder",["../utils"],function(e){function t(e,t,n){this.placeholder=this.normalizePlaceholder(n.get("placeholder")),e.call(this,t,n)}return t.prototype.normalizePlaceholder=function(e,t){return"string"==typeof t&&(t={id:"",text:t}),t},t.prototype.createPlaceholder=function(e,t){var n=this.selectionContainer();return n.html(this.display(t)),n.addClass("select2-selection__placeholder").removeClass("select2-selection__choice"),n},t.prototype.update=function(e,t){var n=1==t.length&&t[0].id!=this.placeholder.id;if(1<t.length||n)return e.call(this,t);this.clear();var r=this.createPlaceholder(this.placeholder);this.$selection.find(".select2-selection__rendered").append(r)},t}),e.define("select2/selection/allowClear",["jquery","../keys","../utils"],function(i,r,a){function e(){}return e.prototype.bind=function(e,t,n){var r=this;e.call(this,t,n),null==this.placeholder&&this.options.get("debug")&&window.console&&console.error&&console.error("Select2: The `allowClear` option should be used in combination with the `placeholder` option."),this.$selection.on("mousedown",".select2-selection__clear",function(e){r._handleClear(e)}),t.on("keypress",function(e){r._handleKeyboardClear(e,t)})},e.prototype._handleClear=function(e,t){if(!this.isDisabled()){var n=this.$selection.find(".select2-selection__clear");if(0!==n.length){t.stopPropagation();var r=a.GetData(n[0],"data"),i=this.$element.val();this.$element.val(this.placeholder.id);var o={data:r};if(this.trigger("clear",o),o.prevented)this.$element.val(i);else{for(var s=0;s<r.length;s++)if(o={data:r[s]},this.trigger("unselect",o),o.prevented)return void this.$element.val(i);this.$element.trigger("input").trigger("change"),this.trigger("toggle",{})}}}},e.prototype._handleKeyboardClear=function(e,t,n){n.isOpen()||t.which!=r.DELETE&&t.which!=r.BACKSPACE||this._handleClear(t)},e.prototype.update=function(e,t){if(e.call(this,t),!(0<this.$selection.find(".select2-selection__placeholder").length||0===t.length)){var n=this.options.get("translations").get("removeAllItems"),r=i('<span class="select2-selection__clear" title="'+n()+'">&times;</span>');a.StoreData(r[0],"data",t),this.$selection.find(".select2-selection__rendered").prepend(r)}},e}),e.define("select2/selection/search",["jquery","../utils","../keys"],function(r,a,l){function e(e,t,n){e.call(this,t,n)}return e.prototype.render=function(e){var t=r('<li class="select2-search select2-search--inline"><input class="select2-search__field" type="search" tabindex="-1" autocomplete="off" autocorrect="off" autocapitalize="none" spellcheck="false" role="searchbox" aria-autocomplete="list" /></li>');this.$searchContainer=t,this.$search=t.find("input");var n=e.call(this);return this._transferTabIndex(),n},e.prototype.bind=function(e,t,n){var r=this,i=t.id+"-results";e.call(this,t,n),t.on("open",function(){r.$search.attr("aria-controls",i),r.$search.trigger("focus")}),t.on("close",function(){r.$search.val(""),r.$search.removeAttr("aria-controls"),r.$search.removeAttr("aria-activedescendant"),r.$search.trigger("focus")}),t.on("enable",function(){r.$search.prop("disabled",!1),r._transferTabIndex()}),t.on("disable",function(){r.$search.prop("disabled",!0)}),t.on("focus",function(e){r.$search.trigger("focus")}),t.on("results:focus",function(e){e.data._resultId?r.$search.attr("aria-activedescendant",e.data._resultId):r.$search.removeAttr("aria-activedescendant")}),this.$selection.on("focusin",".select2-search--inline",function(e){r.trigger("focus",e)}),this.$selection.on("focusout",".select2-search--inline",function(e){r._handleBlur(e)}),this.$selection.on("keydown",".select2-search--inline",function(e){if(e.stopPropagation(),r.trigger("keypress",e),r._keyUpPrevented=e.isDefaultPrevented(),e.which===l.BACKSPACE&&""===r.$search.val()){var t=r.$searchContainer.prev(".select2-selection__choice");if(0<t.length){var n=a.GetData(t[0],"data");r.searchRemoveChoice(n),e.preventDefault()}}}),this.$selection.on("click",".select2-search--inline",function(e){r.$search.val()&&e.stopPropagation()});var o=document.documentMode,s=o&&o<=11;this.$selection.on("input.searchcheck",".select2-search--inline",function(e){s?r.$selection.off("input.search input.searchcheck"):r.$selection.off("keyup.search")}),this.$selection.on("keyup.search input.search",".select2-search--inline",function(e){if(s&&"input"===e.type)r.$selection.off("input.search input.searchcheck");else{var t=e.which;t!=l.SHIFT&&t!=l.CTRL&&t!=l.ALT&&t!=l.TAB&&r.handleSearch(e)}})},e.prototype._transferTabIndex=function(e){this.$search.attr("tabindex",this.$selection.attr("tabindex")),this.$selection.attr("tabindex","-1")},e.prototype.createPlaceholder=function(e,t){this.$search.attr("placeholder",t.text)},e.prototype.update=function(e,t){var n=this.$search[0]==document.activeElement;this.$search.attr("placeholder",""),e.call(this,t),this.$selection.find(".select2-selection__rendered").append(this.$searchContainer),this.resizeSearch(),n&&this.$search.trigger("focus")},e.prototype.handleSearch=function(){if(this.resizeSearch(),!this._keyUpPrevented){var e=this.$search.val();this.trigger("query",{term:e})}this._keyUpPrevented=!1},e.prototype.searchRemoveChoice=function(e,t){this.trigger("unselect",{data:t}),this.$search.val(t.text),this.handleSearch()},e.prototype.resizeSearch=function(){this.$search.css("width","25px");var e="";""!==this.$search.attr("placeholder")?e=this.$selection.find(".select2-selection__rendered").width():e=.75*(this.$search.val().length+1)+"em";this.$search.css("width",e)},e}),e.define("select2/selection/eventRelay",["jquery"],function(s){function e(){}return e.prototype.bind=function(e,t,n){var r=this,i=["open","opening","close","closing","select","selecting","unselect","unselecting","clear","clearing"],o=["opening","closing","selecting","unselecting","clearing"];e.call(this,t,n),t.on("*",function(e,t){if(-1!==s.inArray(e,i)){t=t||{};var n=s.Event("select2:"+e,{params:t});r.$element.trigger(n),-1!==s.inArray(e,o)&&(t.prevented=n.isDefaultPrevented())}})},e}),e.define("select2/translation",["jquery","require"],function(t,n){function r(e){this.dict=e||{}}return r.prototype.all=function(){return this.dict},r.prototype.get=function(e){return this.dict[e]},r.prototype.extend=function(e){this.dict=t.extend({},e.all(),this.dict)},r._cache={},r.loadPath=function(e){if(!(e in r._cache)){var t=n(e);r._cache[e]=t}return new r(r._cache[e])},r}),e.define("select2/diacritics",[],function(){return{"Ⓐ":"A","Ａ":"A","À":"A","Á":"A","Â":"A","Ầ":"A","Ấ":"A","Ẫ":"A","Ẩ":"A","Ã":"A","Ā":"A","Ă":"A","Ằ":"A","Ắ":"A","Ẵ":"A","Ẳ":"A","Ȧ":"A","Ǡ":"A","Ä":"A","Ǟ":"A","Ả":"A","Å":"A","Ǻ":"A","Ǎ":"A","Ȁ":"A","Ȃ":"A","Ạ":"A","Ậ":"A","Ặ":"A","Ḁ":"A","Ą":"A","Ⱥ":"A","Ɐ":"A","Ꜳ":"AA","Æ":"AE","Ǽ":"AE","Ǣ":"AE","Ꜵ":"AO","Ꜷ":"AU","Ꜹ":"AV","Ꜻ":"AV","Ꜽ":"AY","Ⓑ":"B","Ｂ":"B","Ḃ":"B","Ḅ":"B","Ḇ":"B","Ƀ":"B","Ƃ":"B","Ɓ":"B","Ⓒ":"C","Ｃ":"C","Ć":"C","Ĉ":"C","Ċ":"C","Č":"C","Ç":"C","Ḉ":"C","Ƈ":"C","Ȼ":"C","Ꜿ":"C","Ⓓ":"D","Ｄ":"D","Ḋ":"D","Ď":"D","Ḍ":"D","Ḑ":"D","Ḓ":"D","Ḏ":"D","Đ":"D","Ƌ":"D","Ɗ":"D","Ɖ":"D","Ꝺ":"D","DZ":"DZ","DŽ":"DZ","Dz":"Dz","Dž":"Dz","Ⓔ":"E","Ｅ":"E","È":"E","É":"E","Ê":"E","Ề":"E","Ế":"E","Ễ":"E","Ể":"E","Ẽ":"E","Ē":"E","Ḕ":"E","Ḗ":"E","Ĕ":"E","Ė":"E","Ë":"E","Ẻ":"E","Ě":"E","Ȅ":"E","Ȇ":"E","Ẹ":"E","Ệ":"E","Ȩ":"E","Ḝ":"E","Ę":"E","Ḙ":"E","Ḛ":"E","Ɛ":"E","Ǝ":"E","Ⓕ":"F","Ｆ":"F","Ḟ":"F","Ƒ":"F","Ꝼ":"F","Ⓖ":"G","Ｇ":"G","Ǵ":"G","Ĝ":"G","Ḡ":"G","Ğ":"G","Ġ":"G","Ǧ":"G","Ģ":"G","Ǥ":"G","Ɠ":"G","Ꞡ":"G","Ᵹ":"G","Ꝿ":"G","Ⓗ":"H","Ｈ":"H","Ĥ":"H","Ḣ":"H","Ḧ":"H","Ȟ":"H","Ḥ":"H","Ḩ":"H","Ḫ":"H","Ħ":"H","Ⱨ":"H","Ⱶ":"H","Ɥ":"H","Ⓘ":"I","Ｉ":"I","Ì":"I","Í":"I","Î":"I","Ĩ":"I","Ī":"I","Ĭ":"I","İ":"I","Ï":"I","Ḯ":"I","Ỉ":"I","Ǐ":"I","Ȉ":"I","Ȋ":"I","Ị":"I","Į":"I","Ḭ":"I","Ɨ":"I","Ⓙ":"J","Ｊ":"J","Ĵ":"J","Ɉ":"J","Ⓚ":"K","Ｋ":"K","Ḱ":"K","Ǩ":"K","Ḳ":"K","Ķ":"K","Ḵ":"K","Ƙ":"K","Ⱪ":"K","Ꝁ":"K","Ꝃ":"K","Ꝅ":"K","Ꞣ":"K","Ⓛ":"L","Ｌ":"L","Ŀ":"L","Ĺ":"L","Ľ":"L","Ḷ":"L","Ḹ":"L","Ļ":"L","Ḽ":"L","Ḻ":"L","Ł":"L","Ƚ":"L","Ɫ":"L","Ⱡ":"L","Ꝉ":"L","Ꝇ":"L","Ꞁ":"L","LJ":"LJ","Lj":"Lj","Ⓜ":"M","Ｍ":"M","Ḿ":"M","Ṁ":"M","Ṃ":"M","Ɱ":"M","Ɯ":"M","Ⓝ":"N","Ｎ":"N","Ǹ":"N","Ń":"N","Ñ":"N","Ṅ":"N","Ň":"N","Ṇ":"N","Ņ":"N","Ṋ":"N","Ṉ":"N","Ƞ":"N","Ɲ":"N","Ꞑ":"N","Ꞥ":"N","NJ":"NJ","Nj":"Nj","Ⓞ":"O","Ｏ":"O","Ò":"O","Ó":"O","Ô":"O","Ồ":"O","Ố":"O","Ỗ":"O","Ổ":"O","Õ":"O","Ṍ":"O","Ȭ":"O","Ṏ":"O","Ō":"O","Ṑ":"O","Ṓ":"O","Ŏ":"O","Ȯ":"O","Ȱ":"O","Ö":"O","Ȫ":"O","Ỏ":"O","Ő":"O","Ǒ":"O","Ȍ":"O","Ȏ":"O","Ơ":"O","Ờ":"O","Ớ":"O","Ỡ":"O","Ở":"O","Ợ":"O","Ọ":"O","Ộ":"O","Ǫ":"O","Ǭ":"O","Ø":"O","Ǿ":"O","Ɔ":"O","Ɵ":"O","Ꝋ":"O","Ꝍ":"O","Œ":"OE","Ƣ":"OI","Ꝏ":"OO","Ȣ":"OU","Ⓟ":"P","Ｐ":"P","Ṕ":"P","Ṗ":"P","Ƥ":"P","Ᵽ":"P","Ꝑ":"P","Ꝓ":"P","Ꝕ":"P","Ⓠ":"Q","Ｑ":"Q","Ꝗ":"Q","Ꝙ":"Q","Ɋ":"Q","Ⓡ":"R","Ｒ":"R","Ŕ":"R","Ṙ":"R","Ř":"R","Ȑ":"R","Ȓ":"R","Ṛ":"R","Ṝ":"R","Ŗ":"R","Ṟ":"R","Ɍ":"R","Ɽ":"R","Ꝛ":"R","Ꞧ":"R","Ꞃ":"R","Ⓢ":"S","Ｓ":"S","ẞ":"S","Ś":"S","Ṥ":"S","Ŝ":"S","Ṡ":"S","Š":"S","Ṧ":"S","Ṣ":"S","Ṩ":"S","Ș":"S","Ş":"S","Ȿ":"S","Ꞩ":"S","Ꞅ":"S","Ⓣ":"T","Ｔ":"T","Ṫ":"T","Ť":"T","Ṭ":"T","Ț":"T","Ţ":"T","Ṱ":"T","Ṯ":"T","Ŧ":"T","Ƭ":"T","Ʈ":"T","Ⱦ":"T","Ꞇ":"T","Ꜩ":"TZ","Ⓤ":"U","Ｕ":"U","Ù":"U","Ú":"U","Û":"U","Ũ":"U","Ṹ":"U","Ū":"U","Ṻ":"U","Ŭ":"U","Ü":"U","Ǜ":"U","Ǘ":"U","Ǖ":"U","Ǚ":"U","Ủ":"U","Ů":"U","Ű":"U","Ǔ":"U","Ȕ":"U","Ȗ":"U","Ư":"U","Ừ":"U","Ứ":"U","Ữ":"U","Ử":"U","Ự":"U","Ụ":"U","Ṳ":"U","Ų":"U","Ṷ":"U","Ṵ":"U","Ʉ":"U","Ⓥ":"V","Ｖ":"V","Ṽ":"V","Ṿ":"V","Ʋ":"V","Ꝟ":"V","Ʌ":"V","Ꝡ":"VY","Ⓦ":"W","Ｗ":"W","Ẁ":"W","Ẃ":"W","Ŵ":"W","Ẇ":"W","Ẅ":"W","Ẉ":"W","Ⱳ":"W","Ⓧ":"X","Ｘ":"X","Ẋ":"X","Ẍ":"X","Ⓨ":"Y","Ｙ":"Y","Ỳ":"Y","Ý":"Y","Ŷ":"Y","Ỹ":"Y","Ȳ":"Y","Ẏ":"Y","Ÿ":"Y","Ỷ":"Y","Ỵ":"Y","Ƴ":"Y","Ɏ":"Y","Ỿ":"Y","Ⓩ":"Z","Ｚ":"Z","Ź":"Z","Ẑ":"Z","Ż":"Z","Ž":"Z","Ẓ":"Z","Ẕ":"Z","Ƶ":"Z","Ȥ":"Z","Ɀ":"Z","Ⱬ":"Z","Ꝣ":"Z","ⓐ":"a","ａ":"a","ẚ":"a","à":"a","á":"a","â":"a","ầ":"a","ấ":"a","ẫ":"a","ẩ":"a","ã":"a","ā":"a","ă":"a","ằ":"a","ắ":"a","ẵ":"a","ẳ":"a","ȧ":"a","ǡ":"a","ä":"a","ǟ":"a","ả":"a","å":"a","ǻ":"a","ǎ":"a","ȁ":"a","ȃ":"a","ạ":"a","ậ":"a","ặ":"a","ḁ":"a","ą":"a","ⱥ":"a","ɐ":"a","ꜳ":"aa","æ":"ae","ǽ":"ae","ǣ":"ae","ꜵ":"ao","ꜷ":"au","ꜹ":"av","ꜻ":"av","ꜽ":"ay","ⓑ":"b","ｂ":"b","ḃ":"b","ḅ":"b","ḇ":"b","ƀ":"b","ƃ":"b","ɓ":"b","ⓒ":"c","ｃ":"c","ć":"c","ĉ":"c","ċ":"c","č":"c","ç":"c","ḉ":"c","ƈ":"c","ȼ":"c","ꜿ":"c","ↄ":"c","ⓓ":"d","ｄ":"d","ḋ":"d","ď":"d","ḍ":"d","ḑ":"d","ḓ":"d","ḏ":"d","đ":"d","ƌ":"d","ɖ":"d","ɗ":"d","ꝺ":"d","dz":"dz","dž":"dz","ⓔ":"e","ｅ":"e","è":"e","é":"e","ê":"e","ề":"e","ế":"e","ễ":"e","ể":"e","ẽ":"e","ē":"e","ḕ":"e","ḗ":"e","ĕ":"e","ė":"e","ë":"e","ẻ":"e","ě":"e","ȅ":"e","ȇ":"e","ẹ":"e","ệ":"e","ȩ":"e","ḝ":"e","ę":"e","ḙ":"e","ḛ":"e","ɇ":"e","ɛ":"e","ǝ":"e","ⓕ":"f","ｆ":"f","ḟ":"f","ƒ":"f","ꝼ":"f","ⓖ":"g","ｇ":"g","ǵ":"g","ĝ":"g","ḡ":"g","ğ":"g","ġ":"g","ǧ":"g","ģ":"g","ǥ":"g","ɠ":"g","ꞡ":"g","ᵹ":"g","ꝿ":"g","ⓗ":"h","ｈ":"h","ĥ":"h","ḣ":"h","ḧ":"h","ȟ":"h","ḥ":"h","ḩ":"h","ḫ":"h","ẖ":"h","ħ":"h","ⱨ":"h","ⱶ":"h","ɥ":"h","ƕ":"hv","ⓘ":"i","ｉ":"i","ì":"i","í":"i","î":"i","ĩ":"i","ī":"i","ĭ":"i","ï":"i","ḯ":"i","ỉ":"i","ǐ":"i","ȉ":"i","ȋ":"i","ị":"i","į":"i","ḭ":"i","ɨ":"i","ı":"i","ⓙ":"j","ｊ":"j","ĵ":"j","ǰ":"j","ɉ":"j","ⓚ":"k","ｋ":"k","ḱ":"k","ǩ":"k","ḳ":"k","ķ":"k","ḵ":"k","ƙ":"k","ⱪ":"k","ꝁ":"k","ꝃ":"k","ꝅ":"k","ꞣ":"k","ⓛ":"l","ｌ":"l","ŀ":"l","ĺ":"l","ľ":"l","ḷ":"l","ḹ":"l","ļ":"l","ḽ":"l","ḻ":"l","ſ":"l","ł":"l","ƚ":"l","ɫ":"l","ⱡ":"l","ꝉ":"l","ꞁ":"l","ꝇ":"l","lj":"lj","ⓜ":"m","ｍ":"m","ḿ":"m","ṁ":"m","ṃ":"m","ɱ":"m","ɯ":"m","ⓝ":"n","ｎ":"n","ǹ":"n","ń":"n","ñ":"n","ṅ":"n","ň":"n","ṇ":"n","ņ":"n","ṋ":"n","ṉ":"n","ƞ":"n","ɲ":"n","ʼn":"n","ꞑ":"n","ꞥ":"n","nj":"nj","ⓞ":"o","ｏ":"o","ò":"o","ó":"o","ô":"o","ồ":"o","ố":"o","ỗ":"o","ổ":"o","õ":"o","ṍ":"o","ȭ":"o","ṏ":"o","ō":"o","ṑ":"o","ṓ":"o","ŏ":"o","ȯ":"o","ȱ":"o","ö":"o","ȫ":"o","ỏ":"o","ő":"o","ǒ":"o","ȍ":"o","ȏ":"o","ơ":"o","ờ":"o","ớ":"o","ỡ":"o","ở":"o","ợ":"o","ọ":"o","ộ":"o","ǫ":"o","ǭ":"o","ø":"o","ǿ":"o","ɔ":"o","ꝋ":"o","ꝍ":"o","ɵ":"o","œ":"oe","ƣ":"oi","ȣ":"ou","ꝏ":"oo","ⓟ":"p","ｐ":"p","ṕ":"p","ṗ":"p","ƥ":"p","ᵽ":"p","ꝑ":"p","ꝓ":"p","ꝕ":"p","ⓠ":"q","ｑ":"q","ɋ":"q","ꝗ":"q","ꝙ":"q","ⓡ":"r","ｒ":"r","ŕ":"r","ṙ":"r","ř":"r","ȑ":"r","ȓ":"r","ṛ":"r","ṝ":"r","ŗ":"r","ṟ":"r","ɍ":"r","ɽ":"r","ꝛ":"r","ꞧ":"r","ꞃ":"r","ⓢ":"s","ｓ":"s","ß":"s","ś":"s","ṥ":"s","ŝ":"s","ṡ":"s","š":"s","ṧ":"s","ṣ":"s","ṩ":"s","ș":"s","ş":"s","ȿ":"s","ꞩ":"s","ꞅ":"s","ẛ":"s","ⓣ":"t","ｔ":"t","ṫ":"t","ẗ":"t","ť":"t","ṭ":"t","ț":"t","ţ":"t","ṱ":"t","ṯ":"t","ŧ":"t","ƭ":"t","ʈ":"t","ⱦ":"t","ꞇ":"t","ꜩ":"tz","ⓤ":"u","ｕ":"u","ù":"u","ú":"u","û":"u","ũ":"u","ṹ":"u","ū":"u","ṻ":"u","ŭ":"u","ü":"u","ǜ":"u","ǘ":"u","ǖ":"u","ǚ":"u","ủ":"u","ů":"u","ű":"u","ǔ":"u","ȕ":"u","ȗ":"u","ư":"u","ừ":"u","ứ":"u","ữ":"u","ử":"u","ự":"u","ụ":"u","ṳ":"u","ų":"u","ṷ":"u","ṵ":"u","ʉ":"u","ⓥ":"v","ｖ":"v","ṽ":"v","ṿ":"v","ʋ":"v","ꝟ":"v","ʌ":"v","ꝡ":"vy","ⓦ":"w","ｗ":"w","ẁ":"w","ẃ":"w","ŵ":"w","ẇ":"w","ẅ":"w","ẘ":"w","ẉ":"w","ⱳ":"w","ⓧ":"x","ｘ":"x","ẋ":"x","ẍ":"x","ⓨ":"y","ｙ":"y","ỳ":"y","ý":"y","ŷ":"y","ỹ":"y","ȳ":"y","ẏ":"y","ÿ":"y","ỷ":"y","ẙ":"y","ỵ":"y","ƴ":"y","ɏ":"y","ỿ":"y","ⓩ":"z","ｚ":"z","ź":"z","ẑ":"z","ż":"z","ž":"z","ẓ":"z","ẕ":"z","ƶ":"z","ȥ":"z","ɀ":"z","ⱬ":"z","ꝣ":"z","Ά":"Α","Έ":"Ε","Ή":"Η","Ί":"Ι","Ϊ":"Ι","Ό":"Ο","Ύ":"Υ","Ϋ":"Υ","Ώ":"Ω","ά":"α","έ":"ε","ή":"η","ί":"ι","ϊ":"ι","ΐ":"ι","ό":"ο","ύ":"υ","ϋ":"υ","ΰ":"υ","ώ":"ω","ς":"σ","’":"'"}}),e.define("select2/data/base",["../utils"],function(r){function n(e,t){n.__super__.constructor.call(this)}return r.Extend(n,r.Observable),n.prototype.current=function(e){throw new Error("The `current` method must be defined in child classes.")},n.prototype.query=function(e,t){throw new Error("The `query` method must be defined in child classes.")},n.prototype.bind=function(e,t){},n.prototype.destroy=function(){},n.prototype.generateResultId=function(e,t){var n=e.id+"-result-";return n+=r.generateChars(4),null!=t.id?n+="-"+t.id.toString():n+="-"+r.generateChars(4),n},n}),e.define("select2/data/select",["./base","../utils","jquery"],function(e,a,l){function n(e,t){this.$element=e,this.options=t,n.__super__.constructor.call(this)}return a.Extend(n,e),n.prototype.current=function(e){var n=[],r=this;this.$element.find(":selected").each(function(){var e=l(this),t=r.item(e);n.push(t)}),e(n)},n.prototype.select=function(i){var o=this;if(i.selected=!0,l(i.element).is("option"))return i.element.selected=!0,void this.$element.trigger("input").trigger("change");if(this.$element.prop("multiple"))this.current(function(e){var t=[];(i=[i]).push.apply(i,e);for(var n=0;n<i.length;n++){var r=i[n].id;-1===l.inArray(r,t)&&t.push(r)}o.$element.val(t),o.$element.trigger("input").trigger("change")});else{var e=i.id;this.$element.val(e),this.$element.trigger("input").trigger("change")}},n.prototype.unselect=function(i){var o=this;if(this.$element.prop("multiple")){if(i.selected=!1,l(i.element).is("option"))return i.element.selected=!1,void this.$element.trigger("input").trigger("change");this.current(function(e){for(var t=[],n=0;n<e.length;n++){var r=e[n].id;r!==i.id&&-1===l.inArray(r,t)&&t.push(r)}o.$element.val(t),o.$element.trigger("input").trigger("change")})}},n.prototype.bind=function(e,t){var n=this;(this.container=e).on("select",function(e){n.select(e.data)}),e.on("unselect",function(e){n.unselect(e.data)})},n.prototype.destroy=function(){this.$element.find("*").each(function(){a.RemoveData(this)})},n.prototype.query=function(r,e){var i=[],o=this;this.$element.children().each(function(){var e=l(this);if(e.is("option")||e.is("optgroup")){var t=o.item(e),n=o.matches(r,t);null!==n&&i.push(n)}}),e({results:i})},n.prototype.addOptions=function(e){a.appendMany(this.$element,e)},n.prototype.option=function(e){var t;e.children?(t=document.createElement("optgroup")).label=e.text:void 0!==(t=document.createElement("option")).textContent?t.textContent=e.text:t.innerText=e.text,void 0!==e.id&&(t.value=e.id),e.disabled&&(t.disabled=!0),e.selected&&(t.selected=!0),e.title&&(t.title=e.title);var n=l(t),r=this._normalizeItem(e);return r.element=t,a.StoreData(t,"data",r),n},n.prototype.item=function(e){var t={};if(null!=(t=a.GetData(e[0],"data")))return t;if(e.is("option"))t={id:e.val(),text:e.text(),disabled:e.prop("disabled"),selected:e.prop("selected"),title:e.prop("title")};else if(e.is("optgroup")){t={text:e.prop("label"),children:[],title:e.prop("title")};for(var n=e.children("option"),r=[],i=0;i<n.length;i++){var o=l(n[i]),s=this.item(o);r.push(s)}t.children=r}return(t=this._normalizeItem(t)).element=e[0],a.StoreData(e[0],"data",t),t},n.prototype._normalizeItem=function(e){e!==Object(e)&&(e={id:e,text:e});return null!=(e=l.extend({},{text:""},e)).id&&(e.id=e.id.toString()),null!=e.text&&(e.text=e.text.toString()),null==e._resultId&&e.id&&null!=this.container&&(e._resultId=this.generateResultId(this.container,e)),l.extend({},{selected:!1,disabled:!1},e)},n.prototype.matches=function(e,t){return this.options.get("matcher")(e,t)},n}),e.define("select2/data/array",["./select","../utils","jquery"],function(e,f,g){function r(e,t){this._dataToConvert=t.get("data")||[],r.__super__.constructor.call(this,e,t)}return f.Extend(r,e),r.prototype.bind=function(e,t){r.__super__.bind.call(this,e,t),this.addOptions(this.convertToOptions(this._dataToConvert))},r.prototype.select=function(n){var e=this.$element.find("option").filter(function(e,t){return t.value==n.id.toString()});0===e.length&&(e=this.option(n),this.addOptions(e)),r.__super__.select.call(this,n)},r.prototype.convertToOptions=function(e){var t=this,n=this.$element.find("option"),r=n.map(function(){return t.item(g(this)).id}).get(),i=[];function o(e){return function(){return g(this).val()==e.id}}for(var s=0;s<e.length;s++){var a=this._normalizeItem(e[s]);if(0<=g.inArray(a.id,r)){var l=n.filter(o(a)),c=this.item(l),u=g.extend(!0,{},a,c),d=this.option(u);l.replaceWith(d)}else{var p=this.option(a);if(a.children){var h=this.convertToOptions(a.children);f.appendMany(p,h)}i.push(p)}}return i},r}),e.define("select2/data/ajax",["./array","../utils","jquery"],function(e,t,o){function n(e,t){this.ajaxOptions=this._applyDefaults(t.get("ajax")),null!=this.ajaxOptions.processResults&&(this.processResults=this.ajaxOptions.processResults),n.__super__.constructor.call(this,e,t)}return t.Extend(n,e),n.prototype._applyDefaults=function(e){var t={data:function(e){return o.extend({},e,{q:e.term})},transport:function(e,t,n){var r=o.ajax(e);return r.then(t),r.fail(n),r}};return o.extend({},t,e,!0)},n.prototype.processResults=function(e){return e},n.prototype.query=function(n,r){var i=this;null!=this._request&&(o.isFunction(this._request.abort)&&this._request.abort(),this._request=null);var t=o.extend({type:"GET"},this.ajaxOptions);function e(){var e=t.transport(t,function(e){var t=i.processResults(e,n);i.options.get("debug")&&window.console&&console.error&&(t&&t.results&&o.isArray(t.results)||console.error("Select2: The AJAX results did not return an array in the `results` key of the response.")),r(t)},function(){"status"in e&&(0===e.status||"0"===e.status)||i.trigger("results:message",{message:"errorLoading"})});i._request=e}"function"==typeof t.url&&(t.url=t.url.call(this.$element,n)),"function"==typeof t.data&&(t.data=t.data.call(this.$element,n)),this.ajaxOptions.delay&&null!=n.term?(this._queryTimeout&&window.clearTimeout(this._queryTimeout),this._queryTimeout=window.setTimeout(e,this.ajaxOptions.delay)):e()},n}),e.define("select2/data/tags",["jquery"],function(u){function e(e,t,n){var r=n.get("tags"),i=n.get("createTag");void 0!==i&&(this.createTag=i);var o=n.get("insertTag");if(void 0!==o&&(this.insertTag=o),e.call(this,t,n),u.isArray(r))for(var s=0;s<r.length;s++){var a=r[s],l=this._normalizeItem(a),c=this.option(l);this.$element.append(c)}}return e.prototype.query=function(e,c,u){var d=this;this._removeOldTags(),null!=c.term&&null==c.page?e.call(this,c,function e(t,n){for(var r=t.results,i=0;i<r.length;i++){var o=r[i],s=null!=o.children&&!e({results:o.children},!0);if((o.text||"").toUpperCase()===(c.term||"").toUpperCase()||s)return!n&&(t.data=r,void u(t))}if(n)return!0;var a=d.createTag(c);if(null!=a){var l=d.option(a);l.attr("data-select2-tag",!0),d.addOptions([l]),d.insertTag(r,a)}t.results=r,u(t)}):e.call(this,c,u)},e.prototype.createTag=function(e,t){var n=u.trim(t.term);return""===n?null:{id:n,text:n}},e.prototype.insertTag=function(e,t,n){t.unshift(n)},e.prototype._removeOldTags=function(e){this.$element.find("option[data-select2-tag]").each(function(){this.selected||u(this).remove()})},e}),e.define("select2/data/tokenizer",["jquery"],function(d){function e(e,t,n){var r=n.get("tokenizer");void 0!==r&&(this.tokenizer=r),e.call(this,t,n)}return e.prototype.bind=function(e,t,n){e.call(this,t,n),this.$search=t.dropdown.$search||t.selection.$search||n.find(".select2-search__field")},e.prototype.query=function(e,t,n){var i=this;t.term=t.term||"";var r=this.tokenizer(t,this.options,function(e){var t,n=i._normalizeItem(e);if(!i.$element.find("option").filter(function(){return d(this).val()===n.id}).length){var r=i.option(n);r.attr("data-select2-tag",!0),i._removeOldTags(),i.addOptions([r])}t=n,i.trigger("select",{data:t})});r.term!==t.term&&(this.$search.length&&(this.$search.val(r.term),this.$search.trigger("focus")),t.term=r.term),e.call(this,t,n)},e.prototype.tokenizer=function(e,t,n,r){for(var i=n.get("tokenSeparators")||[],o=t.term,s=0,a=this.createTag||function(e){return{id:e.term,text:e.term}};s<o.length;){var l=o[s];if(-1!==d.inArray(l,i)){var c=o.substr(0,s),u=a(d.extend({},t,{term:c}));null!=u?(r(u),o=o.substr(s+1)||"",s=0):s++}else s++}return{term:o}},e}),e.define("select2/data/minimumInputLength",[],function(){function e(e,t,n){this.minimumInputLength=n.get("minimumInputLength"),e.call(this,t,n)}return e.prototype.query=function(e,t,n){t.term=t.term||"",t.term.length<this.minimumInputLength?this.trigger("results:message",{message:"inputTooShort",args:{minimum:this.minimumInputLength,input:t.term,params:t}}):e.call(this,t,n)},e}),e.define("select2/data/maximumInputLength",[],function(){function e(e,t,n){this.maximumInputLength=n.get("maximumInputLength"),e.call(this,t,n)}return e.prototype.query=function(e,t,n){t.term=t.term||"",0<this.maximumInputLength&&t.term.length>this.maximumInputLength?this.trigger("results:message",{message:"inputTooLong",args:{maximum:this.maximumInputLength,input:t.term,params:t}}):e.call(this,t,n)},e}),e.define("select2/data/maximumSelectionLength",[],function(){function e(e,t,n){this.maximumSelectionLength=n.get("maximumSelectionLength"),e.call(this,t,n)}return e.prototype.bind=function(e,t,n){var r=this;e.call(this,t,n),t.on("select",function(){r._checkIfMaximumSelected()})},e.prototype.query=function(e,t,n){var r=this;this._checkIfMaximumSelected(function(){e.call(r,t,n)})},e.prototype._checkIfMaximumSelected=function(e,n){var r=this;this.current(function(e){var t=null!=e?e.length:0;0<r.maximumSelectionLength&&t>=r.maximumSelectionLength?r.trigger("results:message",{message:"maximumSelected",args:{maximum:r.maximumSelectionLength}}):n&&n()})},e}),e.define("select2/dropdown",["jquery","./utils"],function(t,e){function n(e,t){this.$element=e,this.options=t,n.__super__.constructor.call(this)}return e.Extend(n,e.Observable),n.prototype.render=function(){var e=t('<span class="select2-dropdown"><span class="select2-results"></span></span>');return e.attr("dir",this.options.get("dir")),this.$dropdown=e},n.prototype.bind=function(){},n.prototype.position=function(e,t){},n.prototype.destroy=function(){this.$dropdown.remove()},n}),e.define("select2/dropdown/search",["jquery","../utils"],function(o,e){function t(){}return t.prototype.render=function(e){var t=e.call(this),n=o('<span class="select2-search select2-search--dropdown"><input class="select2-search__field" type="search" tabindex="-1" autocomplete="off" autocorrect="off" autocapitalize="none" spellcheck="false" role="searchbox" aria-autocomplete="list" /></span>');return this.$searchContainer=n,this.$search=n.find("input"),t.prepend(n),t},t.prototype.bind=function(e,t,n){var r=this,i=t.id+"-results";e.call(this,t,n),this.$search.on("keydown",function(e){r.trigger("keypress",e),r._keyUpPrevented=e.isDefaultPrevented()}),this.$search.on("input",function(e){o(this).off("keyup")}),this.$search.on("keyup input",function(e){r.handleSearch(e)}),t.on("open",function(){r.$search.attr("tabindex",0),r.$search.attr("aria-controls",i),r.$search.trigger("focus"),window.setTimeout(function(){r.$search.trigger("focus")},0)}),t.on("close",function(){r.$search.attr("tabindex",-1),r.$search.removeAttr("aria-controls"),r.$search.removeAttr("aria-activedescendant"),r.$search.val(""),r.$search.trigger("blur")}),t.on("focus",function(){t.isOpen()||r.$search.trigger("focus")}),t.on("results:all",function(e){null!=e.query.term&&""!==e.query.term||(r.showSearch(e)?r.$searchContainer.removeClass("select2-search--hide"):r.$searchContainer.addClass("select2-search--hide"))}),t.on("results:focus",function(e){e.data._resultId?r.$search.attr("aria-activedescendant",e.data._resultId):r.$search.removeAttr("aria-activedescendant")})},t.prototype.handleSearch=function(e){if(!this._keyUpPrevented){var t=this.$search.val();this.trigger("query",{term:t})}this._keyUpPrevented=!1},t.prototype.showSearch=function(e,t){return!0},t}),e.define("select2/dropdown/hidePlaceholder",[],function(){function e(e,t,n,r){this.placeholder=this.normalizePlaceholder(n.get("placeholder")),e.call(this,t,n,r)}return e.prototype.append=function(e,t){t.results=this.removePlaceholder(t.results),e.call(this,t)},e.prototype.normalizePlaceholder=function(e,t){return"string"==typeof t&&(t={id:"",text:t}),t},e.prototype.removePlaceholder=function(e,t){for(var n=t.slice(0),r=t.length-1;0<=r;r--){var i=t[r];this.placeholder.id===i.id&&n.splice(r,1)}return n},e}),e.define("select2/dropdown/infiniteScroll",["jquery"],function(n){function e(e,t,n,r){this.lastParams={},e.call(this,t,n,r),this.$loadingMore=this.createLoadingMore(),this.loading=!1}return e.prototype.append=function(e,t){this.$loadingMore.remove(),this.loading=!1,e.call(this,t),this.showLoadingMore(t)&&(this.$results.append(this.$loadingMore),this.loadMoreIfNeeded())},e.prototype.bind=function(e,t,n){var r=this;e.call(this,t,n),t.on("query",function(e){r.lastParams=e,r.loading=!0}),t.on("query:append",function(e){r.lastParams=e,r.loading=!0}),this.$results.on("scroll",this.loadMoreIfNeeded.bind(this))},e.prototype.loadMoreIfNeeded=function(){var e=n.contains(document.documentElement,this.$loadingMore[0]);if(!this.loading&&e){var t=this.$results.offset().top+this.$results.outerHeight(!1);this.$loadingMore.offset().top+this.$loadingMore.outerHeight(!1)<=t+50&&this.loadMore()}},e.prototype.loadMore=function(){this.loading=!0;var e=n.extend({},{page:1},this.lastParams);e.page++,this.trigger("query:append",e)},e.prototype.showLoadingMore=function(e,t){return t.pagination&&t.pagination.more},e.prototype.createLoadingMore=function(){var e=n('<li class="select2-results__option select2-results__option--load-more"role="option" aria-disabled="true"></li>'),t=this.options.get("translations").get("loadingMore");return e.html(t(this.lastParams)),e},e}),e.define("select2/dropdown/attachBody",["jquery","../utils"],function(f,a){function e(e,t,n){this.$dropdownParent=f(n.get("dropdownParent")||document.body),e.call(this,t,n)}return e.prototype.bind=function(e,t,n){var r=this;e.call(this,t,n),t.on("open",function(){r._showDropdown(),r._attachPositioningHandler(t),r._bindContainerResultHandlers(t)}),t.on("close",function(){r._hideDropdown(),r._detachPositioningHandler(t)}),this.$dropdownContainer.on("mousedown",function(e){e.stopPropagation()})},e.prototype.destroy=function(e){e.call(this),this.$dropdownContainer.remove()},e.prototype.position=function(e,t,n){t.attr("class",n.attr("class")),t.removeClass("select2"),t.addClass("select2-container--open"),t.css({position:"absolute",top:-999999}),this.$container=n},e.prototype.render=function(e){var t=f("<span></span>"),n=e.call(this);return t.append(n),this.$dropdownContainer=t},e.prototype._hideDropdown=function(e){this.$dropdownContainer.detach()},e.prototype._bindContainerResultHandlers=function(e,t){if(!this._containerResultsHandlersBound){var n=this;t.on("results:all",function(){n._positionDropdown(),n._resizeDropdown()}),t.on("results:append",function(){n._positionDropdown(),n._resizeDropdown()}),t.on("results:message",function(){n._positionDropdown(),n._resizeDropdown()}),t.on("select",function(){n._positionDropdown(),n._resizeDropdown()}),t.on("unselect",function(){n._positionDropdown(),n._resizeDropdown()}),this._containerResultsHandlersBound=!0}},e.prototype._attachPositioningHandler=function(e,t){var n=this,r="scroll.select2."+t.id,i="resize.select2."+t.id,o="orientationchange.select2."+t.id,s=this.$container.parents().filter(a.hasScroll);s.each(function(){a.StoreData(this,"select2-scroll-position",{x:f(this).scrollLeft(),y:f(this).scrollTop()})}),s.on(r,function(e){var t=a.GetData(this,"select2-scroll-position");f(this).scrollTop(t.y)}),f(window).on(r+" "+i+" "+o,function(e){n._positionDropdown(),n._resizeDropdown()})},e.prototype._detachPositioningHandler=function(e,t){var n="scroll.select2."+t.id,r="resize.select2."+t.id,i="orientationchange.select2."+t.id;this.$container.parents().filter(a.hasScroll).off(n),f(window).off(n+" "+r+" "+i)},e.prototype._positionDropdown=function(){var e=f(window),t=this.$dropdown.hasClass("select2-dropdown--above"),n=this.$dropdown.hasClass("select2-dropdown--below"),r=null,i=this.$container.offset();i.bottom=i.top+this.$container.outerHeight(!1);var o={height:this.$container.outerHeight(!1)};o.top=i.top,o.bottom=i.top+o.height;var s=this.$dropdown.outerHeight(!1),a=e.scrollTop(),l=e.scrollTop()+e.height(),c=a<i.top-s,u=l>i.bottom+s,d={left:i.left,top:o.bottom},p=this.$dropdownParent;"static"===p.css("position")&&(p=p.offsetParent());var h={top:0,left:0};(f.contains(document.body,p[0])||p[0].isConnected)&&(h=p.offset()),d.top-=h.top,d.left-=h.left,t||n||(r="below"),u||!c||t?!c&&u&&t&&(r="below"):r="above",("above"==r||t&&"below"!==r)&&(d.top=o.top-h.top-s),null!=r&&(this.$dropdown.removeClass("select2-dropdown--below select2-dropdown--above").addClass("select2-dropdown--"+r),this.$container.removeClass("select2-container--below select2-container--above").addClass("select2-container--"+r)),this.$dropdownContainer.css(d)},e.prototype._resizeDropdown=function(){var e={width:this.$container.outerWidth(!1)+"px"};this.options.get("dropdownAutoWidth")&&(e.minWidth=e.width,e.position="relative",e.width="auto"),this.$dropdown.css(e)},e.prototype._showDropdown=function(e){this.$dropdownContainer.appendTo(this.$dropdownParent),this._positionDropdown(),this._resizeDropdown()},e}),e.define("select2/dropdown/minimumResultsForSearch",[],function(){function e(e,t,n,r){this.minimumResultsForSearch=n.get("minimumResultsForSearch"),this.minimumResultsForSearch<0&&(this.minimumResultsForSearch=1/0),e.call(this,t,n,r)}return e.prototype.showSearch=function(e,t){return!(function e(t){for(var n=0,r=0;r<t.length;r++){var i=t[r];i.children?n+=e(i.children):n++}return n}(t.data.results)<this.minimumResultsForSearch)&&e.call(this,t)},e}),e.define("select2/dropdown/selectOnClose",["../utils"],function(o){function e(){}return e.prototype.bind=function(e,t,n){var r=this;e.call(this,t,n),t.on("close",function(e){r._handleSelectOnClose(e)})},e.prototype._handleSelectOnClose=function(e,t){if(t&&null!=t.originalSelect2Event){var n=t.originalSelect2Event;if("select"===n._type||"unselect"===n._type)return}var r=this.getHighlightedResults();if(!(r.length<1)){var i=o.GetData(r[0],"data");null!=i.element&&i.element.selected||null==i.element&&i.selected||this.trigger("select",{data:i})}},e}),e.define("select2/dropdown/closeOnSelect",[],function(){function e(){}return e.prototype.bind=function(e,t,n){var r=this;e.call(this,t,n),t.on("select",function(e){r._selectTriggered(e)}),t.on("unselect",function(e){r._selectTriggered(e)})},e.prototype._selectTriggered=function(e,t){var n=t.originalEvent;n&&(n.ctrlKey||n.metaKey)||this.trigger("close",{originalEvent:n,originalSelect2Event:t})},e}),e.define("select2/i18n/en",[],function(){return{errorLoading:function(){return"The results could not be loaded."},inputTooLong:function(e){var t=e.input.length-e.maximum,n="Please delete "+t+" character";return 1!=t&&(n+="s"),n},inputTooShort:function(e){return"Please enter "+(e.minimum-e.input.length)+" or more characters"},loadingMore:function(){return"Loading more results…"},maximumSelected:function(e){var t="You can only select "+e.maximum+" item";return 1!=e.maximum&&(t+="s"),t},noResults:function(){return"No results found"},searching:function(){return"Searching…"},removeAllItems:function(){return"Remove all items"}}}),e.define("select2/defaults",["jquery","require","./results","./selection/single","./selection/multiple","./selection/placeholder","./selection/allowClear","./selection/search","./selection/eventRelay","./utils","./translation","./diacritics","./data/select","./data/array","./data/ajax","./data/tags","./data/tokenizer","./data/minimumInputLength","./data/maximumInputLength","./data/maximumSelectionLength","./dropdown","./dropdown/search","./dropdown/hidePlaceholder","./dropdown/infiniteScroll","./dropdown/attachBody","./dropdown/minimumResultsForSearch","./dropdown/selectOnClose","./dropdown/closeOnSelect","./i18n/en"],function(c,u,d,p,h,f,g,m,v,y,s,t,_,$,b,w,A,x,D,S,E,C,O,T,q,L,I,j,e){function n(){this.reset()}return n.prototype.apply=function(e){if(null==(e=c.extend(!0,{},this.defaults,e)).dataAdapter){if(null!=e.ajax?e.dataAdapter=b:null!=e.data?e.dataAdapter=$:e.dataAdapter=_,0<e.minimumInputLength&&(e.dataAdapter=y.Decorate(e.dataAdapter,x)),0<e.maximumInputLength&&(e.dataAdapter=y.Decorate(e.dataAdapter,D)),0<e.maximumSelectionLength&&(e.dataAdapter=y.Decorate(e.dataAdapter,S)),e.tags&&(e.dataAdapter=y.Decorate(e.dataAdapter,w)),null==e.tokenSeparators&&null==e.tokenizer||(e.dataAdapter=y.Decorate(e.dataAdapter,A)),null!=e.query){var t=u(e.amdBase+"compat/query");e.dataAdapter=y.Decorate(e.dataAdapter,t)}if(null!=e.initSelection){var n=u(e.amdBase+"compat/initSelection");e.dataAdapter=y.Decorate(e.dataAdapter,n)}}if(null==e.resultsAdapter&&(e.resultsAdapter=d,null!=e.ajax&&(e.resultsAdapter=y.Decorate(e.resultsAdapter,T)),null!=e.placeholder&&(e.resultsAdapter=y.Decorate(e.resultsAdapter,O)),e.selectOnClose&&(e.resultsAdapter=y.Decorate(e.resultsAdapter,I))),null==e.dropdownAdapter){if(e.multiple)e.dropdownAdapter=E;else{var r=y.Decorate(E,C);e.dropdownAdapter=r}if(0!==e.minimumResultsForSearch&&(e.dropdownAdapter=y.Decorate(e.dropdownAdapter,L)),e.closeOnSelect&&(e.dropdownAdapter=y.Decorate(e.dropdownAdapter,j)),null!=e.dropdownCssClass||null!=e.dropdownCss||null!=e.adaptDropdownCssClass){var i=u(e.amdBase+"compat/dropdownCss");e.dropdownAdapter=y.Decorate(e.dropdownAdapter,i)}e.dropdownAdapter=y.Decorate(e.dropdownAdapter,q)}if(null==e.selectionAdapter){if(e.multiple?e.selectionAdapter=h:e.selectionAdapter=p,null!=e.placeholder&&(e.selectionAdapter=y.Decorate(e.selectionAdapter,f)),e.allowClear&&(e.selectionAdapter=y.Decorate(e.selectionAdapter,g)),e.multiple&&(e.selectionAdapter=y.Decorate(e.selectionAdapter,m)),null!=e.containerCssClass||null!=e.containerCss||null!=e.adaptContainerCssClass){var o=u(e.amdBase+"compat/containerCss");e.selectionAdapter=y.Decorate(e.selectionAdapter,o)}e.selectionAdapter=y.Decorate(e.selectionAdapter,v)}e.language=this._resolveLanguage(e.language),e.language.push("en");for(var s=[],a=0;a<e.language.length;a++){var l=e.language[a];-1===s.indexOf(l)&&s.push(l)}return e.language=s,e.translations=this._processTranslations(e.language,e.debug),e},n.prototype.reset=function(){function a(e){return e.replace(/[^\u0000-\u007E]/g,function(e){return t[e]||e})}this.defaults={amdBase:"./",amdLanguageBase:"./i18n/",closeOnSelect:!0,debug:!1,dropdownAutoWidth:!1,escapeMarkup:y.escapeMarkup,language:{},matcher:function e(t,n){if(""===c.trim(t.term))return n;if(n.children&&0<n.children.length){for(var r=c.extend(!0,{},n),i=n.children.length-1;0<=i;i--)null==e(t,n.children[i])&&r.children.splice(i,1);return 0<r.children.length?r:e(t,r)}var o=a(n.text).toUpperCase(),s=a(t.term).toUpperCase();return-1<o.indexOf(s)?n:null},minimumInputLength:0,maximumInputLength:0,maximumSelectionLength:0,minimumResultsForSearch:0,selectOnClose:!1,scrollAfterSelect:!1,sorter:function(e){return e},templateResult:function(e){return e.text},templateSelection:function(e){return e.text},theme:"default",width:"resolve"}},n.prototype.applyFromElement=function(e,t){var n=e.language,r=this.defaults.language,i=t.prop("lang"),o=t.closest("[lang]").prop("lang"),s=Array.prototype.concat.call(this._resolveLanguage(i),this._resolveLanguage(n),this._resolveLanguage(r),this._resolveLanguage(o));return e.language=s,e},n.prototype._resolveLanguage=function(e){if(!e)return[];if(c.isEmptyObject(e))return[];if(c.isPlainObject(e))return[e];var t;t=c.isArray(e)?e:[e];for(var n=[],r=0;r<t.length;r++)if(n.push(t[r]),"string"==typeof t[r]&&0<t[r].indexOf("-")){var i=t[r].split("-")[0];n.push(i)}return n},n.prototype._processTranslations=function(e,t){for(var n=new s,r=0;r<e.length;r++){var i=new s,o=e[r];if("string"==typeof o)try{i=s.loadPath(o)}catch(e){try{o=this.defaults.amdLanguageBase+o,i=s.loadPath(o)}catch(e){t&&window.console&&console.warn&&console.warn('Select2: The language file for "'+o+'" could not be automatically loaded. A fallback will be used instead.')}}else i=c.isPlainObject(o)?new s(o):o;n.extend(i)}return n},n.prototype.set=function(e,t){var n={};n[c.camelCase(e)]=t;var r=y._convertData(n);c.extend(!0,this.defaults,r)},new n}),e.define("select2/options",["require","jquery","./defaults","./utils"],function(r,d,i,p){function e(e,t){if(this.options=e,null!=t&&this.fromElement(t),null!=t&&(this.options=i.applyFromElement(this.options,t)),this.options=i.apply(this.options),t&&t.is("input")){var n=r(this.get("amdBase")+"compat/inputData");this.options.dataAdapter=p.Decorate(this.options.dataAdapter,n)}}return e.prototype.fromElement=function(e){var t=["select2"];null==this.options.multiple&&(this.options.multiple=e.prop("multiple")),null==this.options.disabled&&(this.options.disabled=e.prop("disabled")),null==this.options.dir&&(e.prop("dir")?this.options.dir=e.prop("dir"):e.closest("[dir]").prop("dir")?this.options.dir=e.closest("[dir]").prop("dir"):this.options.dir="ltr"),e.prop("disabled",this.options.disabled),e.prop("multiple",this.options.multiple),p.GetData(e[0],"select2Tags")&&(this.options.debug&&window.console&&console.warn&&console.warn('Select2: The `data-select2-tags` attribute has been changed to use the `data-data` and `data-tags="true"` attributes and will be removed in future versions of Select2.'),p.StoreData(e[0],"data",p.GetData(e[0],"select2Tags")),p.StoreData(e[0],"tags",!0)),p.GetData(e[0],"ajaxUrl")&&(this.options.debug&&window.console&&console.warn&&console.warn("Select2: The `data-ajax-url` attribute has been changed to `data-ajax--url` and support for the old attribute will be removed in future versions of Select2."),e.attr("ajax--url",p.GetData(e[0],"ajaxUrl")),p.StoreData(e[0],"ajax-Url",p.GetData(e[0],"ajaxUrl")));var n={};function r(e,t){return t.toUpperCase()}for(var i=0;i<e[0].attributes.length;i++){var o=e[0].attributes[i].name,s="data-";if(o.substr(0,s.length)==s){var a=o.substring(s.length),l=p.GetData(e[0],a);n[a.replace(/-([a-z])/g,r)]=l}}d.fn.jquery&&"1."==d.fn.jquery.substr(0,2)&&e[0].dataset&&(n=d.extend(!0,{},e[0].dataset,n));var c=d.extend(!0,{},p.GetData(e[0]),n);for(var u in c=p._convertData(c))-1<d.inArray(u,t)||(d.isPlainObject(this.options[u])?d.extend(this.options[u],c[u]):this.options[u]=c[u]);return this},e.prototype.get=function(e){return this.options[e]},e.prototype.set=function(e,t){this.options[e]=t},e}),e.define("select2/core",["jquery","./options","./utils","./keys"],function(o,c,u,r){var d=function(e,t){null!=u.GetData(e[0],"select2")&&u.GetData(e[0],"select2").destroy(),this.$element=e,this.id=this._generateId(e),t=t||{},this.options=new c(t,e),d.__super__.constructor.call(this);var n=e.attr("tabindex")||0;u.StoreData(e[0],"old-tabindex",n),e.attr("tabindex","-1");var r=this.options.get("dataAdapter");this.dataAdapter=new r(e,this.options);var i=this.render();this._placeContainer(i);var o=this.options.get("selectionAdapter");this.selection=new o(e,this.options),this.$selection=this.selection.render(),this.selection.position(this.$selection,i);var s=this.options.get("dropdownAdapter");this.dropdown=new s(e,this.options),this.$dropdown=this.dropdown.render(),this.dropdown.position(this.$dropdown,i);var a=this.options.get("resultsAdapter");this.results=new a(e,this.options,this.dataAdapter),this.$results=this.results.render(),this.results.position(this.$results,this.$dropdown);var l=this;this._bindAdapters(),this._registerDomEvents(),this._registerDataEvents(),this._registerSelectionEvents(),this._registerDropdownEvents(),this._registerResultsEvents(),this._registerEvents(),this.dataAdapter.current(function(e){l.trigger("selection:update",{data:e})}),e.addClass("select2-hidden-accessible"),e.attr("aria-hidden","true"),this._syncAttributes(),u.StoreData(e[0],"select2",this),e.data("select2",this)};return u.Extend(d,u.Observable),d.prototype._generateId=function(e){return"select2-"+(null!=e.attr("id")?e.attr("id"):null!=e.attr("name")?e.attr("name")+"-"+u.generateChars(2):u.generateChars(4)).replace(/(:|\.|\[|\]|,)/g,"")},d.prototype._placeContainer=function(e){e.insertAfter(this.$element);var t=this._resolveWidth(this.$element,this.options.get("width"));null!=t&&e.css("width",t)},d.prototype._resolveWidth=function(e,t){var n=/^width:(([-+]?([0-9]*\.)?[0-9]+)(px|em|ex|%|in|cm|mm|pt|pc))/i;if("resolve"==t){var r=this._resolveWidth(e,"style");return null!=r?r:this._resolveWidth(e,"element")}if("element"==t){var i=e.outerWidth(!1);return i<=0?"auto":i+"px"}if("style"!=t)return"computedstyle"!=t?t:window.getComputedStyle(e[0]).width;var o=e.attr("style");if("string"!=typeof o)return null;for(var s=o.split(";"),a=0,l=s.length;a<l;a+=1){var c=s[a].replace(/\s/g,"").match(n);if(null!==c&&1<=c.length)return c[1]}return null},d.prototype._bindAdapters=function(){this.dataAdapter.bind(this,this.$container),this.selection.bind(this,this.$container),this.dropdown.bind(this,this.$container),this.results.bind(this,this.$container)},d.prototype._registerDomEvents=function(){var t=this;this.$element.on("change.select2",function(){t.dataAdapter.current(function(e){t.trigger("selection:update",{data:e})})}),this.$element.on("focus.select2",function(e){t.trigger("focus",e)}),this._syncA=u.bind(this._syncAttributes,this),this._syncS=u.bind(this._syncSubtree,this),this.$element[0].attachEvent&&this.$element[0].attachEvent("onpropertychange",this._syncA);var e=window.MutationObserver||window.WebKitMutationObserver||window.MozMutationObserver;null!=e?(this._observer=new e(function(e){t._syncA(),t._syncS(null,e)}),this._observer.observe(this.$element[0],{attributes:!0,childList:!0,subtree:!1})):this.$element[0].addEventListener&&(this.$element[0].addEventListener("DOMAttrModified",t._syncA,!1),this.$element[0].addEventListener("DOMNodeInserted",t._syncS,!1),this.$element[0].addEventListener("DOMNodeRemoved",t._syncS,!1))},d.prototype._registerDataEvents=function(){var n=this;this.dataAdapter.on("*",function(e,t){n.trigger(e,t)})},d.prototype._registerSelectionEvents=function(){var n=this,r=["toggle","focus"];this.selection.on("toggle",function(){n.toggleDropdown()}),this.selection.on("focus",function(e){n.focus(e)}),this.selection.on("*",function(e,t){-1===o.inArray(e,r)&&n.trigger(e,t)})},d.prototype._registerDropdownEvents=function(){var n=this;this.dropdown.on("*",function(e,t){n.trigger(e,t)})},d.prototype._registerResultsEvents=function(){var n=this;this.results.on("*",function(e,t){n.trigger(e,t)})},d.prototype._registerEvents=function(){var n=this;this.on("open",function(){n.$container.addClass("select2-container--open")}),this.on("close",function(){n.$container.removeClass("select2-container--open")}),this.on("enable",function(){n.$container.removeClass("select2-container--disabled")}),this.on("disable",function(){n.$container.addClass("select2-container--disabled")}),this.on("blur",function(){n.$container.removeClass("select2-container--focus")}),this.on("query",function(t){n.isOpen()||n.trigger("open",{}),this.dataAdapter.query(t,function(e){n.trigger("results:all",{data:e,query:t})})}),this.on("query:append",function(t){this.dataAdapter.query(t,function(e){n.trigger("results:append",{data:e,query:t})})}),this.on("keypress",function(e){var t=e.which;n.isOpen()?t===r.ESC||t===r.TAB||t===r.UP&&e.altKey?(n.close(e),e.preventDefault()):t===r.ENTER?(n.trigger("results:select",{}),e.preventDefault()):t===r.SPACE&&e.ctrlKey?(n.trigger("results:toggle",{}),e.preventDefault()):t===r.UP?(n.trigger("results:previous",{}),e.preventDefault()):t===r.DOWN&&(n.trigger("results:next",{}),e.preventDefault()):(t===r.ENTER||t===r.SPACE||t===r.DOWN&&e.altKey)&&(n.open(),e.preventDefault())})},d.prototype._syncAttributes=function(){this.options.set("disabled",this.$element.prop("disabled")),this.isDisabled()?(this.isOpen()&&this.close(),this.trigger("disable",{})):this.trigger("enable",{})},d.prototype._isChangeMutation=function(e,t){var n=!1,r=this;if(!e||!e.target||"OPTION"===e.target.nodeName||"OPTGROUP"===e.target.nodeName){if(t)if(t.addedNodes&&0<t.addedNodes.length)for(var i=0;i<t.addedNodes.length;i++){t.addedNodes[i].selected&&(n=!0)}else t.removedNodes&&0<t.removedNodes.length?n=!0:o.isArray(t)&&o.each(t,function(e,t){if(r._isChangeMutation(e,t))return!(n=!0)});else n=!0;return n}},d.prototype._syncSubtree=function(e,t){var n=this._isChangeMutation(e,t),r=this;n&&this.dataAdapter.current(function(e){r.trigger("selection:update",{data:e})})},d.prototype.trigger=function(e,t){var n=d.__super__.trigger,r={open:"opening",close:"closing",select:"selecting",unselect:"unselecting",clear:"clearing"};if(void 0===t&&(t={}),e in r){var i=r[e],o={prevented:!1,name:e,args:t};if(n.call(this,i,o),o.prevented)return void(t.prevented=!0)}n.call(this,e,t)},d.prototype.toggleDropdown=function(){this.isDisabled()||(this.isOpen()?this.close():this.open())},d.prototype.open=function(){this.isOpen()||this.isDisabled()||this.trigger("query",{})},d.prototype.close=function(e){this.isOpen()&&this.trigger("close",{originalEvent:e})},d.prototype.isEnabled=function(){return!this.isDisabled()},d.prototype.isDisabled=function(){return this.options.get("disabled")},d.prototype.isOpen=function(){return this.$container.hasClass("select2-container--open")},d.prototype.hasFocus=function(){return this.$container.hasClass("select2-container--focus")},d.prototype.focus=function(e){this.hasFocus()||(this.$container.addClass("select2-container--focus"),this.trigger("focus",{}))},d.prototype.enable=function(e){this.options.get("debug")&&window.console&&console.warn&&console.warn('Select2: The `select2("enable")` method has been deprecated and will be removed in later Select2 versions. Use $element.prop("disabled") instead.'),null!=e&&0!==e.length||(e=[!0]);var t=!e[0];this.$element.prop("disabled",t)},d.prototype.data=function(){this.options.get("debug")&&0<arguments.length&&window.console&&console.warn&&console.warn('Select2: Data can no longer be set using `select2("data")`. You should consider setting the value instead using `$element.val()`.');var t=[];return this.dataAdapter.current(function(e){t=e}),t},d.prototype.val=function(e){if(this.options.get("debug")&&window.console&&console.warn&&console.warn('Select2: The `select2("val")` method has been deprecated and will be removed in later Select2 versions. Use $element.val() instead.'),null==e||0===e.length)return this.$element.val();var t=e[0];o.isArray(t)&&(t=o.map(t,function(e){return e.toString()})),this.$element.val(t).trigger("input").trigger("change")},d.prototype.destroy=function(){this.$container.remove(),this.$element[0].detachEvent&&this.$element[0].detachEvent("onpropertychange",this._syncA),null!=this._observer?(this._observer.disconnect(),this._observer=null):this.$element[0].removeEventListener&&(this.$element[0].removeEventListener("DOMAttrModified",this._syncA,!1),this.$element[0].removeEventListener("DOMNodeInserted",this._syncS,!1),this.$element[0].removeEventListener("DOMNodeRemoved",this._syncS,!1)),this._syncA=null,this._syncS=null,this.$element.off(".select2"),this.$element.attr("tabindex",u.GetData(this.$element[0],"old-tabindex")),this.$element.removeClass("select2-hidden-accessible"),this.$element.attr("aria-hidden","false"),u.RemoveData(this.$element[0]),this.$element.removeData("select2"),this.dataAdapter.destroy(),this.selection.destroy(),this.dropdown.destroy(),this.results.destroy(),this.dataAdapter=null,this.selection=null,this.dropdown=null,this.results=null},d.prototype.render=function(){var e=o('<span class="select2 select2-container"><span class="selection"></span><span class="dropdown-wrapper" aria-hidden="true"></span></span>');return e.attr("dir",this.options.get("dir")),this.$container=e,this.$container.addClass("select2-container--"+this.options.get("theme")),u.StoreData(e[0],"element",this.$element),e},d}),e.define("jquery-mousewheel",["jquery"],function(e){return e}),e.define("jquery.select2",["jquery","jquery-mousewheel","./select2/core","./select2/defaults","./select2/utils"],function(i,e,o,t,s){if(null==i.fn.select2){var a=["open","close","destroy"];i.fn.select2=function(t){if("object"==typeof(t=t||{}))return this.each(function(){var e=i.extend(!0,{},t);new o(i(this),e)}),this;if("string"!=typeof t)throw new Error("Invalid arguments for Select2: "+t);var n,r=Array.prototype.slice.call(arguments,1);return this.each(function(){var e=s.GetData(this,"select2");null==e&&window.console&&console.error&&console.error("The select2('"+t+"') method was called on an element that is not using Select2."),n=e[t].apply(e,r)}),-1<i.inArray(t,a)?this:n}}return null==i.fn.select2.defaults&&(i.fn.select2.defaults=t),o}),{define:e.define,require:e.require}}(),t=e.require("jquery.select2");return u.fn.select2.amd=e,t});
\ No newline at end of file

From 9346b468bd69dd490c05dd1c461b31166b7fc392 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 29 Jul 2024 11:31:19 +0530
Subject: [PATCH 036/211] Fix 500 error during tool update

---
 web/api/views.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/web/api/views.py b/web/api/views.py
index 9616228f8..e2c7805a0 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -982,10 +982,14 @@ def get(self, request):
 			tool_name = tool_name.split('/')[-1]
 			update_command = 'cd /usr/src/github/' + tool_name + ' && git pull && cd -'
 
-		run_command(update_command)
-		run_command.apply_async(args=(update_command,))
-		return Response({'status': True, 'message': tool.name + ' updated successfully.'})
-
+		
+		try:
+			run_command(update_command, shell=True)
+			run_command.apply_async(args=[update_command], kwargs={'shell': True})
+			return Response({'status': True, 'message': tool.name + ' updated successfully.'})
+		except Exception as e:
+			logger.error(str(e))
+			return Response({'status': False, 'message': str(e)})
 
 class GetExternalToolCurrentVersion(APIView):
 	def get(self, request):

From b998eeb9861ed5a9d02d825e7d1e832d6eb13902 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 30 Jul 2024 06:52:38 +0530
Subject: [PATCH 037/211] Bypass issues with yanked 72.0.0 version

---
 web/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/Dockerfile b/web/Dockerfile
index b9082d594..02415059f 100644
--- a/web/Dockerfile
+++ b/web/Dockerfile
@@ -106,7 +106,7 @@ RUN nuclei -update-templates
 
 # Copy requirements
 COPY ./requirements.txt /tmp/requirements.txt
-RUN pip3 install --upgrade setuptools pip && \
+RUN pip3 install --upgrade setuptools==72.1.0 pip && \
     pip3 install -r /tmp/requirements.txt --no-cache-dir
 
 # install eyewitness

From 88f3e71965a3f58c2b15a0613f1b13ac770c1d62 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 30 Jul 2024 07:18:07 +0530
Subject: [PATCH 038/211] Create main.yml

---
 .github/workflows/main.yml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 .github/workflows/main.yml

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
new file mode 100644
index 000000000..9fe482c91
--- /dev/null
+++ b/.github/workflows/main.yml
@@ -0,0 +1,31 @@
+name: Deploy README to GitHub Pages
+
+on:
+  push:
+    branches:
+      - master
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: '14'
+          
+      - name: Install dependencies
+        run: npm install -g markdown-to-html
+        
+      - name: Convert README to HTML
+        run: markdown README.md > index.html
+        
+      - name: Deploy to GitHub Pages
+        uses: peaceiris/actions-gh-pages@v3
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          publish_dir: .
+          publish_branch: gh-pages

From 60e366d55403ebd9b5f698b9522d869c1d7d748c Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 30 Jul 2024 08:47:45 +0530
Subject: [PATCH 039/211] Update and rename main.yml to github-pages-deploy.yml

---
 .../{main.yml => github-pages-deploy.yml}        | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)
 rename .github/workflows/{main.yml => github-pages-deploy.yml} (66%)

diff --git a/.github/workflows/main.yml b/.github/workflows/github-pages-deploy.yml
similarity index 66%
rename from .github/workflows/main.yml
rename to .github/workflows/github-pages-deploy.yml
index 9fe482c91..cafff33d1 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/github-pages-deploy.yml
@@ -10,19 +10,17 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
       - name: Setup Node.js
         uses: actions/setup-node@v3
         with:
           node-version: '14'
-          
-      - name: Install dependencies
-        run: npm install -g markdown-to-html
-        
-      - name: Convert README to HTML
-        run: markdown README.md > index.html
-        
+
+      - name: Copy README to index.md
+        run: cp README.md index.md
+
       - name: Deploy to GitHub Pages
         uses: peaceiris/actions-gh-pages@v3
         with:

From 08b0247ec176a04b2129fba0adb116bbdeedc89c Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 30 Jul 2024 09:00:43 +0530
Subject: [PATCH 040/211] Update github-pages-deploy.yml

---
 .github/workflows/github-pages-deploy.yml | 33 +++++++++++++++++++++--
 1 file changed, 31 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/github-pages-deploy.yml b/.github/workflows/github-pages-deploy.yml
index cafff33d1..50fb29f6c 100644
--- a/.github/workflows/github-pages-deploy.yml
+++ b/.github/workflows/github-pages-deploy.yml
@@ -18,8 +18,37 @@ jobs:
         with:
           node-version: '14'
 
-      - name: Copy README to index.md
-        run: cp README.md index.md
+      - name: Install marked (Markdown parser)
+        run: npm install marked
+
+      - name: Convert README to HTML
+        run: |
+          echo "<!DOCTYPE html>
+          <html lang='en'>
+          <head>
+            <meta charset='UTF-8'>
+            <meta name='viewport' content='width=device-width, initial-scale=1.0'>
+            <title>reNgine Documentation</title>
+            <link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/github-markdown-css/5.1.0/github-markdown.min.css'>
+            <style>
+              .markdown-body {
+                box-sizing: border-box;
+                min-width: 200px;
+                max-width: 980px;
+                margin: 0 auto;
+                padding: 45px;
+              }
+              @media (max-width: 767px) {
+                .markdown-body {
+                  padding: 15px;
+                }
+              }
+            </style>
+          </head>
+          <body class='markdown-body'>
+          $(node -e "const marked = require('marked'); const fs = require('fs'); console.log(marked.parse(fs.readFileSync('README.md', 'utf-8')))")
+          </body>
+          </html>" > index.html
 
       - name: Deploy to GitHub Pages
         uses: peaceiris/actions-gh-pages@v3

From aa89fbd9ecce6519389f955f3244582daa58f112 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 30 Jul 2024 08:38:07 +0530
Subject: [PATCH 041/211] Fix subdomain import for subdomains with suffix more
 than 4 chars

---
 web/reNgine/common_func.py | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/web/reNgine/common_func.py b/web/reNgine/common_func.py
index 172ed02da..c9c50fe5d 100644
--- a/web/reNgine/common_func.py
+++ b/web/reNgine/common_func.py
@@ -430,8 +430,29 @@ def get_domain_from_subdomain(subdomain):
 	Returns:
 		str: Domain name.
 	"""
-	ext = tldextract.extract(subdomain)
-	return '.'.join(ext[1:3])
+	# ext = tldextract.extract(subdomain)
+	# return '.'.join(ext[1:3])
+
+	if not validators.domain(subdomain):
+		return None
+	
+	# Use tldextract to parse the subdomain
+	extracted = tldextract.extract(subdomain)
+
+	# if tldextract recognized the tld then its the final result
+	if extracted.suffix:
+		domain = f"{extracted.domain}.{extracted.suffix}"
+	else:
+		# Fallback method for unknown TLDs, like .clouds or .local etc
+		parts = subdomain.split('.')
+		if len(parts) >= 2:
+			domain = '.'.join(parts[-2:])
+		else:
+			return None
+		
+	# Validate the domain before returning
+	return domain if validators.domain(domain) else None
+
 
 
 def sanitize_url(http_url):

From d2f438e2f5daf0b125be22ce91e8fcf21442a9bf Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 31 Jul 2024 09:34:09 +0530
Subject: [PATCH 042/211] update version and changelog

---
 CHANGELOG.md                                 | 22 ++++++++++++++++++++
 README.md                                    |  2 +-
 docker-compose.dev.yml                       |  2 +-
 docker-compose.yml                           |  2 +-
 web/dashboard/templates/dashboard/index.html |  2 +-
 web/templates/base/_items/top_bar.html       |  8 +++----
 web/templates/base/login.html                |  2 +-
 7 files changed, 31 insertions(+), 9 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 007898571..2c3b3262d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,27 @@
 # Changelog
 
+## 2.1.2
+
+**Release Date: July 30, 2024**
+
+## What's Changed
+
+### Security update
+* (Security) CVE-2024-41661 Fix Authenticated command injection in WAF detection tool reported by @n-thumann Advisory https://github.com/yogeshojha/rengine/security/advisories/GHSA-fx7f-f735-vgh4
+
+### Bug Fixes
+
+* Fix issue while initiating periodic and clocked scan #1322 by @yogeshojha in https://github.com/yogeshojha/rengine/pull/1328
+* Fix 500 error on "Test Hackerone api Key" by @yogeshojha in https://github.com/yogeshojha/rengine/pull/1332
+* UI Typos and bug Fixes #1333 by @yogeshojha in https://github.com/yogeshojha/rengine/pull/1334
+* Fix error during tool update Fixes #1152 by @yogeshojha in https://github.com/yogeshojha/rengine/pull/1335
+* Upgrade setuptools to 72.1.0 to resolve installation error by @yogeshojha in https://github.com/yogeshojha/rengine/pull/1338
+* (chores) Fix github pages build by @yogeshojha in https://github.com/yogeshojha/rengine/pull/1339
+* Fix subdomain import for subdomains with suffixes more than 4 chars Fixes #1128 by @yogeshojha in https://github.com/yogeshojha/rengine/pull/1340
+
+**Full Changelog**: https://github.com/yogeshojha/rengine/compare/v2.1.1...v2.1.2
+
+
 ## 2.1.1
 
 **Release Date: July 20, 2024**
diff --git a/README.md b/README.md
index e022d6baa..4a7b45d2e 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@
   <h3>reNgine: The Ultimate Web Reconnaissance & Vulnerability Scanner 🚀</h3>
 </p>
 
-<p align="center"><a href="https://github.com/yogeshojha/rengine/releases" target="_blank"><img src="https://img.shields.io/badge/version-v2.1.1-informational?&logo=none" alt="reNgine Latest Version" /></a>&nbsp;<a href="https://www.gnu.org/licenses/gpl-3.0" target="_blank"><img src="https://img.shields.io/badge/License-GPLv3-red.svg?&logo=none" alt="License" /></a>&nbsp;<a href="#" target="_blank"><img src="https://img.shields.io/badge/first--timers--only-friendly-blue.svg?&logo=none" alt="" /></a></p>
+<p align="center"><a href="https://github.com/yogeshojha/rengine/releases" target="_blank"><img src="https://img.shields.io/badge/version-v2.1.2-informational?&logo=none" alt="reNgine Latest Version" /></a>&nbsp;<a href="https://www.gnu.org/licenses/gpl-3.0" target="_blank"><img src="https://img.shields.io/badge/License-GPLv3-red.svg?&logo=none" alt="License" /></a>&nbsp;<a href="#" target="_blank"><img src="https://img.shields.io/badge/first--timers--only-friendly-blue.svg?&logo=none" alt="" /></a></p>
 
 <p align="center">
   <a href="https://www.youtube.com/watch?v=Xk_YH83IQgg" target="_blank"><img src="https://img.shields.io/badge/BlackHat--Arsenal--Asia-2023-blue.svg?logo=none" alt="" /></a>&nbsp;
diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml
index ced261db6..f80e3d91b 100644
--- a/docker-compose.dev.yml
+++ b/docker-compose.dev.yml
@@ -96,7 +96,7 @@ services:
       - POSTGRES_HOST=${POSTGRES_HOST}
       # THIS IS A MUST FOR CHECKING UPDATE, EVERYTIME A COMMIT IS MERGED INTO
       # MASTER, UPDATE THIS!!! MAJOR.MINOR.PATCH https://semver.org/
-      - RENGINE_CURRENT_VERSION='2.1.1'
+      - RENGINE_CURRENT_VERSION='2.1.2'
     volumes:
       - ./web:/usr/src/app
       - github_repos:/usr/src/github
diff --git a/docker-compose.yml b/docker-compose.yml
index b53ddb2c8..e46db5430 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -98,7 +98,7 @@ services:
       - DJANGO_SUPERUSER_PASSWORD=${DJANGO_SUPERUSER_PASSWORD}
       # THIS IS A MUST FOR CHECKING UPDATE, EVERYTIME A COMMIT IS MERGED INTO
       # MASTER, UPDATE THIS!!! MAJOR.MINOR.PATCH https://semver.org/
-      - RENGINE_CURRENT_VERSION='2.1.1'
+      - RENGINE_CURRENT_VERSION='2.1.2'
     volumes:
       - ./web:/usr/src/app
       - github_repos:/usr/src/github
diff --git a/web/dashboard/templates/dashboard/index.html b/web/dashboard/templates/dashboard/index.html
index 10bdc9c3c..99276d2d2 100644
--- a/web/dashboard/templates/dashboard/index.html
+++ b/web/dashboard/templates/dashboard/index.html
@@ -17,7 +17,7 @@
 {% endblock custom_js_css_link %}
 
 {% block breadcrumb_title %}
-<span class="badge badge-soft-info">reNgine 2.1.1</span>
+<span class="badge badge-soft-info">reNgine 2.1.2</span>
 {% endblock breadcrumb_title %}
 
 {% block main_content %}
diff --git a/web/templates/base/_items/top_bar.html b/web/templates/base/_items/top_bar.html
index c2b2e1479..9819958ae 100644
--- a/web/templates/base/_items/top_bar.html
+++ b/web/templates/base/_items/top_bar.html
@@ -170,18 +170,18 @@ <h6 class="text-overflow m-0">Welcome {{user.get_username}}!</h6>
     <div class="logo-box">
       <a href="{% url 'dashboardIndex' current_project.slug %}" class="logo logo-dark text-center">
         <span class="logo-sm">
-          <h3 class="text-logo vertical-center">reNgine&nbsp;<small>2.1.1</small></h3>
+          <h3 class="text-logo vertical-center">reNgine&nbsp;<small>2.1.2</small></h3>
         </span>
         <span class="logo-lg">
-          <h3 class="text-logo vertical-center">reNgine&nbsp;<small>2.1.1</small></h3>
+          <h3 class="text-logo vertical-center">reNgine&nbsp;<small>2.1.2</small></h3>
         </span>
       </a>
       <a href="{% url 'dashboardIndex' current_project.slug %}" class="logo logo-light text-center">
         <span class="logo-sm">
-          <h3 class="text-sm-logo vertical-center">reNgine&nbsp;<small>2.1.1</small></h3>
+          <h3 class="text-sm-logo vertical-center">reNgine&nbsp;<small>2.1.2</small></h3>
         </span>
         <span class="logo-lg">
-          <h3 class="text-lg-logo vertical-center">reNgine&nbsp;<small>2.1.1</small></h3>
+          <h3 class="text-lg-logo vertical-center">reNgine&nbsp;<small>2.1.2</small></h3>
         </span>
       </a>
     </div>
diff --git a/web/templates/base/login.html b/web/templates/base/login.html
index c46a81366..1ce18a7ba 100644
--- a/web/templates/base/login.html
+++ b/web/templates/base/login.html
@@ -58,7 +58,7 @@
                   </a>
                 </div>
                 <h3 class="">Login to reNgine</h3>
-                <p>Current release: v2.1.1</p>
+                <p>Current release: v2.1.2</p>
               </div>
               <div class="alert alert-primary" role="alert">
                 <a href="https://rengine.wiki" target="_blank">Learn how to create reNgine account.</a>

From 28d9959a5343e5a15798f1b57472b52fceb1cf00 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 22 Jul 2024 07:08:42 +0530
Subject: [PATCH 043/211] Add feat multiple gf pattern upload

---
 .../templates/scanEngine/settings/tool.html      |  2 +-
 web/scanEngine/views.py                          | 16 ++++++++++------
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/web/scanEngine/templates/scanEngine/settings/tool.html b/web/scanEngine/templates/scanEngine/settings/tool.html
index 9500aa7d4..24d0fb218 100644
--- a/web/scanEngine/templates/scanEngine/settings/tool.html
+++ b/web/scanEngine/templates/scanEngine/settings/tool.html
@@ -39,7 +39,7 @@ <h4 class="header-title">Currently available GF patterns</h4>
           {% csrf_token %}
           <div class="mb-3 mb-xl-0">
             <label for="gfFileUpload" class="form-label">Upload GF Pattern JSON</label>
-            <input class="form-control" type="file" id="gfFileUpload" accept="application/JSON" name="gfFileUpload">
+            <input class="form-control" type="file" id="gfFileUpload" accept=".json" name="gfFileUpload[]" multiple>
           </div>
           <input type="submit" class="btn btn-primary mt-3 float-end" value="Upload">
         </form>
diff --git a/web/scanEngine/views.py b/web/scanEngine/views.py
index 177a44066..7e93bcfac 100644
--- a/web/scanEngine/views.py
+++ b/web/scanEngine/views.py
@@ -204,12 +204,16 @@ def tool_specific_settings(request, slug):
                 messages.add_message(request, messages.ERROR, 'Invalid GF Pattern, upload only *.json extension')
             else:
                 # remove special chars from filename, that could possibly do directory traversal or XSS
-                filename = re.sub(r'[\\/*?:"<>|]',"", gf_file.name)
-                file_path = '/root/.gf/' + filename
-                file = open(file_path, "w")
-                file.write(gf_file.read().decode("utf-8"))
-                file.close()
-                messages.add_message(request, messages.INFO, f'Pattern {gf_file.name[:4]} successfully uploaded')
+                original_filename = re.sub(r'[\\/*?:"<>|]',"", original_filename)
+                file_extension = original_filename.split('.')[len(gf_file.name.split('.'))-1]
+                if file_extension == 'json':
+                    base_filename = os.path.splitext(original_filename)[0]
+                    file_path = '/root/.gf/' + base_filename + '.json'
+                    file = open(file_path, "w")
+                    file.write(gf_file.read().decode("utf-8"))
+                    file.close()
+                    upload_count += 1
+            messages.add_message(request, messages.INFO, f'{upload_count} GF files successfully uploaded')
             return http.HttpResponseRedirect(reverse('tool_settings', kwargs={'slug': slug}))
 
         elif 'nucleiFileUpload[]' in request.FILES:

From d8625002fa63b7f97b68d6cec0af3cc32d711bdc Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 22 Jul 2024 07:09:54 +0530
Subject: [PATCH 044/211] update text

---
 web/scanEngine/templates/scanEngine/settings/tool.html | 1 +
 1 file changed, 1 insertion(+)

diff --git a/web/scanEngine/templates/scanEngine/settings/tool.html b/web/scanEngine/templates/scanEngine/settings/tool.html
index 24d0fb218..5cbf20fd6 100644
--- a/web/scanEngine/templates/scanEngine/settings/tool.html
+++ b/web/scanEngine/templates/scanEngine/settings/tool.html
@@ -39,6 +39,7 @@ <h4 class="header-title">Currently available GF patterns</h4>
           {% csrf_token %}
           <div class="mb-3 mb-xl-0">
             <label for="gfFileUpload" class="form-label">Upload GF Pattern JSON</label>
+            <small class="text-muted">(Multiple files can be uploaded.)</small>
             <input class="form-control" type="file" id="gfFileUpload" accept=".json" name="gfFileUpload[]" multiple>
           </div>
           <input type="submit" class="btn btn-primary mt-3 float-end" value="Upload">

From 367f0db4d388dffb09d42625a8d662a7e4e360c3 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 22 Jul 2024 08:34:01 +0530
Subject: [PATCH 045/211] added option to stop multiple scans

---
 web/api/views.py                              |  4 +-
 .../templates/startScan/history.html          | 38 +++++++++++++-
 web/startScan/urls.py                         |  4 ++
 web/startScan/views.py                        | 49 +++++++++++++++++--
 4 files changed, 87 insertions(+), 8 deletions(-)

diff --git a/web/api/views.py b/web/api/views.py
index e2c7805a0..b209d2bd1 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -791,7 +791,7 @@ def post(self, request):
 				create_scan_activity(
 					subscan.scan_history.id,
 					f'Subscan {subscan_id} aborted',
-					SUCCESS_TASK)
+					ABORTED_TASK)
 				response['status'] = True
 			except Exception as e:
 				logging.error(e)
@@ -807,7 +807,7 @@ def post(self, request):
 				create_scan_activity(
 					scan.id,
 					"Scan aborted",
-					SUCCESS_TASK)
+					ABORTED_TASK)
 				response['status'] = True
 			except Exception as e:
 				logging.error(e)
diff --git a/web/startScan/templates/startScan/history.html b/web/startScan/templates/startScan/history.html
index 3221c800b..06830940f 100644
--- a/web/startScan/templates/startScan/history.html
+++ b/web/startScan/templates/startScan/history.html
@@ -58,9 +58,12 @@ <h4 class="headline-title">Filters</h4>
               <a href="#" class="dropdown-ite text-primary float-end" id="resetFilters">Reset Filters</a>
             </div>
           </div>
+          {% if user|can:'initiate_scans_subscans' %}
           <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
-            <a class="btn btn-soft-danger float-end disabled ms-1" href="#" onclick="deleteMultipleScan()" id="delete_multiple_button">Delete Multiple Scans</a>
+            <a class="btn btn-soft-danger float-end disabled ms-1 mt-1" href="#" onclick="deleteMultipleScan()" id="delete_multiple_button">Delete Multiple Scans</a>
+            <a class="btn btn-soft-danger float-end disabled ms-1 mt-1" href="#" onclick="stopMultipleScan()" id="stop_multiple_button">Stop Multiple Scans</a>
           </div>
+          {% endif %}
         </div>
       </div>
     </div>
@@ -435,17 +438,21 @@ <h4 class="modal-title" id="myCenterModalLabel">Download Report</h4>
   function toggleMultipleTargetButton() {
     if (checkedCount() > 0) {
       $("#delete_multiple_button").removeClass("disabled");
+      $("#stop_multiple_button").removeClass("disabled");
     } else {
       $("#delete_multiple_button").addClass("disabled");
+      $("#stop_multiple_button").addClass("disabled");
     }
   }
 
   function mainCheckBoxSelected(checkbox) {
     if (checkbox.checked) {
       $("#delete_multiple_button").removeClass("disabled");
+      $("#stop_multiple_button").removeClass("disabled");
       $(".targets_checkbox").prop('checked', true);
     } else {
       $("#delete_multiple_button").addClass("disabled");
+      $("#stop_multiple_button").addClass("disabled");
       $(".targets_checkbox").prop('checked', false);
     }
   }
@@ -454,7 +461,7 @@ <h4 class="modal-title" id="myCenterModalLabel">Download Report</h4>
     if (!checkedCount()) {
       swal({
         title: '',
-        text: "Oops! No targets has been selected!",
+        text: "Oops! You haven't selected any scan to delete.",
         type: 'error',
         padding: '2em'
       })
@@ -477,6 +484,33 @@ <h4 class="modal-title" id="myCenterModalLabel">Download Report</h4>
     }
   }
 
+  function stopMultipleScan() {
+    if (!checkedCount()) {
+      swal({
+        title: '',
+        text: "Oops! You haven't selected any scans to stop.",
+        type: 'error',
+        padding: '2em'
+      })
+    } else {
+      // atleast one target is selected
+      swal.queue([{
+        title: 'Are you sure you want to stop ' + checkedCount() + ' Scans?',
+        text: "This action is irreversible.\nThis will stop all the selected scans if they are running.",
+        type: 'warning',
+        showCancelButton: true,
+        confirmButtonText: 'Delete',
+        padding: '2em',
+        showLoaderOnConfirm: true,
+        preConfirm: function() {
+          deleteForm = document.getElementById("scan_history_form");
+          deleteForm.action = "../stop/multiple";
+          deleteForm.submit();
+        }
+      }])
+    }
+  }
+
   // select option listener for report_type_select
   var report_type = document.getElementById("report_type_select");
   report_type.addEventListener("change", function() {
diff --git a/web/startScan/urls.py b/web/startScan/urls.py
index 31054f069..7ff6a57d0 100644
--- a/web/startScan/urls.py
+++ b/web/startScan/urls.py
@@ -106,4 +106,8 @@
         '<slug:slug>/delete/multiple',
         views.delete_scans,
         name='delete_multiple_scans'),
+    path(
+        '<slug:slug>/stop/multiple',
+        views.stop_scans,
+        name='stop_multiple_scans'),
 ]
diff --git a/web/startScan/views.py b/web/startScan/views.py
index 189165d89..9e7403a10 100644
--- a/web/startScan/views.py
+++ b/web/startScan/views.py
@@ -462,11 +462,13 @@ def delete_scan(request, id):
 def stop_scan(request, id):
     if request.method == "POST":
         scan = get_object_or_404(ScanHistory, id=id)
-        scan.scan_status = ABORTED_TASK
-        scan.save()
         try:
             for task_id in scan.celery_ids:
                 app.control.revoke(task_id, terminate=True, signal='SIGKILL')
+            
+            # after celery task is stopped, update the scan status
+            scan.scan_status = ABORTED_TASK
+            scan.save()
             tasks = (
                 ScanActivity.objects
                 .filter(scan_of=scan)
@@ -474,10 +476,11 @@ def stop_scan(request, id):
                 .order_by('-pk')
             )
             for task in tasks:
+                app.control.revoke(task.celery_id, terminate=True, signal='SIGKILL')
                 task.status = ABORTED_TASK
                 task.time = timezone.now()
                 task.save()
-            create_scan_activity(scan.id, "Scan aborted", SUCCESS_TASK)
+            create_scan_activity(scan.id, "Scan aborted", ABORTED_TASK)
             response = {'status': True}
             messages.add_message(
                 request,
@@ -496,6 +499,44 @@ def stop_scan(request, id):
     return scan_history(request)
 
 
+@has_permission_decorator(PERM_INITATE_SCANS_SUBSCANS, redirect_url=FOUR_OH_FOUR_URL)
+def stop_scans(request, slug):
+    if request.method == "POST":
+        for key, value in request.POST.items():
+            if key == 'scan_history_table_length' or key == 'csrfmiddlewaretoken':
+                continue
+            scan = get_object_or_404(ScanHistory, id=value)
+            try:
+                for task_id in scan.celery_ids:
+                    app.control.revoke(task_id, terminate=True, signal='SIGKILL')
+                tasks = (
+                    ScanActivity.objects
+                    .filter(scan_of=scan)
+                    .filter(status=RUNNING_TASK)
+                    .order_by('-pk')
+                )
+                for task in tasks:
+                    app.control.revoke(task.celery_id, terminate=True, signal='SIGKILL')
+                    task.status = ABORTED_TASK
+                    task.time = timezone.now()
+                    task.save()
+                create_scan_activity(scan.id, "Scan aborted", ABORTED_TASK)
+                messages.add_message(
+                    request,
+                    messages.INFO,
+                    'Multiple scans successfully stopped!'
+                )
+            except Exception as e:
+                logger.error(e)
+                messages.add_message(
+                    request,
+                    messages.ERROR,
+                    f'Scans failed to stop ! Error: {str(e)}'
+                )
+    return HttpResponseRedirect(reverse('scan_history', kwargs={'slug': slug}))
+
+
+
 @has_permission_decorator(PERM_INITATE_SCANS_SUBSCANS, redirect_url=FOUR_OH_FOUR_URL)
 def schedule_scan(request, host_id, slug):
     domain = Domain.objects.get(id=host_id)
@@ -825,7 +866,7 @@ def delete_scans(request, slug):
         messages.add_message(
             request,
             messages.INFO,
-            'All Scans deleted!')
+            'Multiple scans successfully deleted!')
     return HttpResponseRedirect(reverse('scan_history', kwargs={'slug': slug}))
 
 

From 3627f6bb8d412b460f4fdcb9a71b00350e4c00c5 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 22 Jul 2024 09:17:07 +0530
Subject: [PATCH 046/211] update logger

---
 web/api/views.py        | 6 ++++--
 web/reNgine/settings.py | 5 +++++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/web/api/views.py b/web/api/views.py
index b209d2bd1..3a4e38ce4 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -794,12 +794,14 @@ def post(self, request):
 					ABORTED_TASK)
 				response['status'] = True
 			except Exception as e:
-				logging.error(e)
+				logger.error(e)
 				response = {'status': False, 'message': str(e)}
 		elif scan_id:
 			try:
+				logger.info(f'Aborting scan History')
 				scan = get_object_or_404(ScanHistory, id=scan_id)
 				task_ids = scan.celery_ids
+				logger.info(f"Setting scan {scan} status to ABORTED_TASK")
 				scan.scan_status = ABORTED_TASK
 				scan.stop_scan_date = timezone.now()
 				scan.aborted_by = request.user
@@ -810,7 +812,7 @@ def post(self, request):
 					ABORTED_TASK)
 				response['status'] = True
 			except Exception as e:
-				logging.error(e)
+				logger.error(e)
 				response = {'status': False, 'message': str(e)}
 
 		logger.warning(f'Revoking tasks {task_ids}')
diff --git a/web/reNgine/settings.py b/web/reNgine/settings.py
index f84b95401..9f4549992 100644
--- a/web/reNgine/settings.py
+++ b/web/reNgine/settings.py
@@ -303,6 +303,11 @@
             'handlers': ['task'],
             'level': 'DEBUG' if DEBUG else 'INFO',
             'propagate': False
+        },
+        'api.views': {
+            'handlers': ['console'],
+            'level': 'DEBUG' if DEBUG else 'INFO',
+            'propagate': False
         }
     },
 }

From 39d41ea8d715760811cfbd86eed96f289d7ff0f4 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 22 Jul 2024 09:45:24 +0530
Subject: [PATCH 047/211] Modified StopScan ApiView to accept multiple scan ids

---
 web/api/views.py                              | 112 +++++++++++-------
 .../templates/startScan/history.html          |  64 ++++++++--
 2 files changed, 124 insertions(+), 52 deletions(-)

diff --git a/web/api/views.py b/web/api/views.py
index 3a4e38ce4..ea8976866 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -774,65 +774,89 @@ class StopScan(APIView):
 	def post(self, request):
 		req = self.request
 		data = req.data
-		scan_id = data.get('scan_id')
-		subscan_id = data.get('subscan_id')
-		response = {}
-		task_ids = []
-		scan = None
-		subscan = None
-		if subscan_id:
-			try:
-				subscan = get_object_or_404(SubScan, id=subscan_id)
-				scan = subscan.scan_history
-				task_ids = subscan.celery_ids
-				subscan.status = ABORTED_TASK
-				subscan.stop_scan_date = timezone.now()
-				subscan.save()
-				create_scan_activity(
-					subscan.scan_history.id,
-					f'Subscan {subscan_id} aborted',
-					ABORTED_TASK)
-				response['status'] = True
-			except Exception as e:
-				logger.error(e)
-				response = {'status': False, 'message': str(e)}
-		elif scan_id:
+		scan_ids = data.get('scan_ids', [])
+		subscan_ids = data.get('subscan_ids', [])
+
+		scan_ids = [int(id) for id in scan_ids]
+		subscan_ids = [int(id) for id in subscan_ids]
+
+
+		def abort_scan(scan):
+			response = {}
+			logger.info(f'Aborting scan History')
 			try:
-				logger.info(f'Aborting scan History')
-				scan = get_object_or_404(ScanHistory, id=scan_id)
-				task_ids = scan.celery_ids
 				logger.info(f"Setting scan {scan} status to ABORTED_TASK")
+				task_ids = scan.celery_ids
 				scan.scan_status = ABORTED_TASK
 				scan.stop_scan_date = timezone.now()
 				scan.aborted_by = request.user
 				scan.save()
+				for task_id in task_ids:
+					app.control.revoke(task_id, terminate=True, signal='SIGKILL')
+
+				tasks = (
+					ScanActivity.objects
+					.filter(scan_of=scan)
+					.filter(status=RUNNING_TASK)
+					.order_by('-pk')
+				)
+				for task in tasks:
+					task.status = ABORTED_TASK
+					task.time = timezone.now()
+					task.save()
+
 				create_scan_activity(
 					scan.id,
 					"Scan aborted",
-					ABORTED_TASK)
+					ABORTED_TASK
+				)
 				response['status'] = True
 			except Exception as e:
 				logger.error(e)
 				response = {'status': False, 'message': str(e)}
 
-		logger.warning(f'Revoking tasks {task_ids}')
-		for task_id in task_ids:
-			app.control.revoke(task_id, terminate=True, signal='SIGKILL')
+			return response
 
-		# Abort running tasks
-		tasks = (
-			ScanActivity.objects
-			.filter(scan_of=scan)
-			.filter(status=RUNNING_TASK)
-			.order_by('-pk')
-		)
-		if tasks.exists():
-			for task in tasks:
-				if subscan_id and task.id not in subscan.celery_ids:
-					continue
-				task.status = ABORTED_TASK
-				task.time = timezone.now()
-				task.save()
+		def abort_subscan(subscan):
+			response = {}
+			logger.info(f'Aborting subscan')
+			try:
+				logger.info(f"Setting scan {subscan} status to ABORTED_TASK")
+				task_ids = subscan.celery_ids
+
+				for task_id in task_ids:
+					app.control.revoke(task_id, terminate=True, signal='SIGKILL')
+
+				subscan.status = ABORTED_TASK
+				subscan.stop_scan_date = timezone.now()
+				subscan.save()
+				create_scan_activity(
+					subscan.scan_history.id,
+					f'Subscan aborted',
+					ABORTED_TASK
+				)
+				response['status'] = True
+			except Exception as e:
+				logger.error(e)
+				response = {'status': False, 'message': str(e)}
+
+			return response
+
+		for scan_id in scan_ids:
+			try:
+				scan = ScanHistory.objects.get(id=scan_id)
+				response = abort_scan(scan)
+			except Exception as e:
+				logger.error(e)
+				response = {'status': False, 'message': str(e)}
+			
+		for subscan_id in subscan_ids:
+			try:
+				subscan = SubScan.objects.get(id=subscan_id)
+				response = abort_subscan(subscan)
+			except Exception as e:
+				logger.error(e)
+				response = {'status': False, 'message': str(e)}
 
 		return Response(response)
 
diff --git a/web/startScan/templates/startScan/history.html b/web/startScan/templates/startScan/history.html
index 06830940f..ff9bfba1f 100644
--- a/web/startScan/templates/startScan/history.html
+++ b/web/startScan/templates/startScan/history.html
@@ -494,20 +494,68 @@ <h4 class="modal-title" id="myCenterModalLabel">Download Report</h4>
       })
     } else {
       // atleast one target is selected
-      swal.queue([{
+      Swal.fire({
         title: 'Are you sure you want to stop ' + checkedCount() + ' Scans?',
         text: "This action is irreversible.\nThis will stop all the selected scans if they are running.",
-        type: 'warning',
+        icon: 'warning',
         showCancelButton: true,
-        confirmButtonText: 'Delete',
-        padding: '2em',
+        confirmButtonColor: '#d33',
+        cancelButtonColor: '#3085d6',
+        confirmButtonText: 'Stop',
+        cancelButtonText: 'Cancel',
         showLoaderOnConfirm: true,
         preConfirm: function() {
-          deleteForm = document.getElementById("scan_history_form");
-          deleteForm.action = "../stop/multiple";
-          deleteForm.submit();
+          var selected_scan_ids = [];
+          $('.targets_checkbox:checked').each(function() {
+            selected_scan_ids.push($(this).val());
+          });
+          data = {
+            'scan_ids': selected_scan_ids
+          }
+          fetch('/api/action/stop/scan/', {
+            method: 'POST',
+            headers: {
+              'Content-Type': 'application/json',
+              'X-CSRFToken': getCookie('csrftoken')
+            },
+            body: JSON.stringify(data)
+          }).then(function(response) {
+            if (response.ok) {
+              return response.json();
+            }
+            throw new Error('Network response was not ok.');
+          }).then(function(data) {
+            if (data['status']) {
+              Swal.fire({
+                title: 'Success',
+                text: data['message'],
+                icon: 'success',
+                showConfirmButton: false,
+                timer: 1500
+              });
+              setTimeout(function() {
+                location.reload();
+              }, 1500);
+            } else {
+              Swal.fire({
+                title: 'Error',
+                text: data['message'],
+                icon: 'error',
+                showConfirmButton: false,
+                timer: 1500
+              });
+            }
+          }).catch(function(error) {
+            Swal.fire({
+              title: 'Error',
+              text: 'An error occurred while stopping the scans',
+              icon: 'error',
+              showConfirmButton: false,
+              timer: 1500
+            });
+          });
         }
-      }])
+      });
     }
   }
 

From 29e1f97f989d4c2523cce0756c26c8a2eefafc1b Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 22 Jul 2024 09:49:00 +0530
Subject: [PATCH 048/211] modify abort scan

---
 web/api/views.py            |  1 +
 web/static/custom/custom.js | 28 ++++++++++++++++------------
 2 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/web/api/views.py b/web/api/views.py
index ea8976866..126434536 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -780,6 +780,7 @@ def post(self, request):
 		scan_ids = [int(id) for id in scan_ids]
 		subscan_ids = [int(id) for id in subscan_ids]
 
+		response = {'status': False}
 
 		def abort_scan(scan):
 			response = {}
diff --git a/web/static/custom/custom.js b/web/static/custom/custom.js
index 1755b0508..a0ae9694f 100644
--- a/web/static/custom/custom.js
+++ b/web/static/custom/custom.js
@@ -830,10 +830,10 @@ function stop_scan(scan_id=null, subscan_id=null, reload_scan_bar=true, reload_l
 	const stopAPI = "/api/action/stop/scan/";
 
 	if (scan_id) {
-		var data = {'scan_id': scan_id}
+		var data = {'scan_ids': [scan_id]}
 	}
 	else if (subscan_id) {
-		var data = {'subscan_id': subscan_id}
+		var data = {'subscan_ids': [subscan_id]}
 	}
 	swal.queue([{
 		title: 'Are you sure you want to stop this scan?',
@@ -857,17 +857,21 @@ function stop_scan(scan_id=null, subscan_id=null, reload_scan_bar=true, reload_l
 			}).then(function(data) {
 				// TODO Look for better way
 				if (data.status) {
-					Snackbar.show({
-						text: 'Scan Successfully Aborted.',
-						pos: 'top-right',
-						duration: 1500
+					Swal.fire({
+						title: 'Success',
+						text: data['message'],
+						icon: 'success',
+						showConfirmButton: false,
+						timer: 1500
 					});
-					if (reload_scan_bar) {
-						getScanStatusSidebar();
-					}
-					if (reload_location) {
-						window.location.reload();
-					}
+					setTimeout(function() {
+						if (reload_scan_bar) {
+							getScanStatusSidebar();
+						}
+						if (reload_location) {
+							window.location.reload();
+						}
+					}, 1500);
 				} else {
 					Snackbar.show({
 						text: 'Oops! Could not abort the scan. ' + data.message,

From 652a94ff471d3deb486b9e53a78ef1e4cbe89674 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 22 Jul 2024 09:57:28 +0530
Subject: [PATCH 049/211] added feature to stop multiple subscans

---
 .../templates/startScan/subscan_history.html  | 84 ++++++++++++++++++-
 1 file changed, 83 insertions(+), 1 deletion(-)

diff --git a/web/startScan/templates/startScan/subscan_history.html b/web/startScan/templates/startScan/subscan_history.html
index add9e21bd..4b4f1c82e 100644
--- a/web/startScan/templates/startScan/subscan_history.html
+++ b/web/startScan/templates/startScan/subscan_history.html
@@ -58,9 +58,10 @@ <h4 class="headline-title">Filters</h4>
               <a href="#" class="dropdown-ite text-primary float-end" id="resetFilters">Reset Filters</a>
             </div>
           </div>
-          {% if user|can:'modify_scan_results' %}
+          {% if user|can:'initiate_scans_subscans' %}
           <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
             <a class="btn btn-soft-danger float-end disabled ms-1" href="#" onclick="deleteMultipleSubScan()" id="delete_multiple_button">Delete Multiple SubScans</a>
+            <a class="btn btn-soft-danger float-end disabled ms-1" href="#" onclick="stopMultipleSubScan()" id="stop_multiple_button">Stop Multiple SubScans</a>
           </div>
           {% endif %}
         </div>
@@ -353,17 +354,21 @@ <h4 class="headline-title">Filters</h4>
   function toggleMultipleTargetButton() {
     if (checkedCount() > 0) {
       $("#delete_multiple_button").removeClass("disabled");
+      $("#stop_multiple_button").removeClass("disabled");
     } else {
       $("#delete_multiple_button").addClass("disabled");
+      $("#stop_multiple_button").addClass("disabled");
     }
   }
 
   function mainCheckBoxSelected(checkbox) {
     if (checkbox.checked) {
       $("#delete_multiple_button").removeClass("disabled");
+      $("#stop_multiple_button").removeClass("disabled");
       $(".targets_checkbox").prop('checked', true);
     } else {
       $("#delete_multiple_button").addClass("disabled");
+      $("#stop_multiple_button").addClass("disabled");
       $(".targets_checkbox").prop('checked', false);
     }
   }
@@ -423,5 +428,82 @@ <h4 class="headline-title">Filters</h4>
       }])
     }
   }
+
+
+  function stopMultipleSubScan() {
+    if (!checkedCount()) {
+      swal({
+        title: '',
+        text: "Oops! You haven't selected any subscans to stop.",
+        type: 'error',
+        padding: '2em'
+      })
+    } else {
+      // atleast one target is selected
+      Swal.fire({
+        title: 'Are you sure you want to stop ' + checkedCount() + ' SubScans?',
+        text: "This action is irreversible.\nThis will stop all the selected subscans if they are running.",
+        icon: 'warning',
+        showCancelButton: true,
+        confirmButtonColor: '#d33',
+        cancelButtonColor: '#3085d6',
+        confirmButtonText: 'Stop',
+        cancelButtonText: 'Cancel',
+        showLoaderOnConfirm: true,
+        preConfirm: function() {
+          var selected_subscan_ids = [];
+          $('.targets_checkbox:checked').each(function() {
+            selected_subscan_ids.push($(this).val());
+          });
+          data = {
+            'subscan_ids': selected_subscan_ids
+          }
+          fetch('/api/action/stop/scan/', {
+            method: 'POST',
+            headers: {
+              'Content-Type': 'application/json',
+              'X-CSRFToken': getCookie('csrftoken')
+            },
+            body: JSON.stringify(data)
+          }).then(function(response) {
+            if (response.ok) {
+              return response.json();
+            }
+            throw new Error('Network response was not ok.');
+          }).then(function(data) {
+            if (data['status']) {
+              Swal.fire({
+                title: 'Success',
+                text: data['message'],
+                icon: 'success',
+                showConfirmButton: false,
+                timer: 1500
+              });
+              setTimeout(function() {
+                location.reload();
+              }, 1500);
+            } else {
+              Swal.fire({
+                title: 'Error',
+                text: data['message'],
+                icon: 'error',
+                showConfirmButton: false,
+                timer: 1500
+              });
+            }
+          }).catch(function(error) {
+            Swal.fire({
+              title: 'Error',
+              text: 'An error occurred while stopping the subscans',
+              icon: 'error',
+              showConfirmButton: false,
+              timer: 1500
+            });
+          });
+        }
+      });
+    }
+  }
+
   </script>
   {% endblock page_level_script %}

From f9c35ddd55b51235cf4189d52c61ada657c55626 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 22 Jul 2024 10:00:32 +0530
Subject: [PATCH 050/211] fix issue on aborting scans that are already success
 or aborted

---
 web/api/views.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/web/api/views.py b/web/api/views.py
index 126434536..84bd49ec3 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -846,6 +846,9 @@ def abort_subscan(subscan):
 		for scan_id in scan_ids:
 			try:
 				scan = ScanHistory.objects.get(id=scan_id)
+				# if scan is already successful or aborted then do nothing
+				if scan.scan_status == SUCCESS_TASK or scan.scan_status == ABORTED_TASK:
+					continue
 				response = abort_scan(scan)
 			except Exception as e:
 				logger.error(e)
@@ -854,6 +857,8 @@ def abort_subscan(subscan):
 		for subscan_id in subscan_ids:
 			try:
 				subscan = SubScan.objects.get(id=subscan_id)
+				if subscan.scan_status == SUCCESS_TASK or subscan.scan_status == ABORTED_TASK:
+					continue
 				response = abort_subscan(subscan)
 			except Exception as e:
 				logger.error(e)

From 80d577cc23c1a2309d4340b0e1628ba5635b7957 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 26 Jul 2024 10:35:53 +0530
Subject: [PATCH 051/211] Hide API keys in vault

---
 .../templates/scanEngine/settings/api.html         | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/web/scanEngine/templates/scanEngine/settings/api.html b/web/scanEngine/templates/scanEngine/settings/api.html
index 150e912a0..a98a9306b 100644
--- a/web/scanEngine/templates/scanEngine/settings/api.html
+++ b/web/scanEngine/templates/scanEngine/settings/api.html
@@ -29,21 +29,31 @@
               <div class="mb-3">
                 <label for="key_openai" class="form-label">OpenAI</label>
                 <p class="text-muted">OpenAI keys will be used to generate vulnerability description, remediation, impact and vulnerability report writing using GPT.</p>
+                <div class="input-group input-group-merge">
                 {% if openai_key %}
-                  <input class="form-control" type="text" id="key_openai" name="key_openai" placeholder="Enter OpenAI Key" value="{{openai_key}}">
+                  <input class="form-control" type="password" id="key_openai" name="key_openai" placeholder="Enter OpenAI Key" value="{{openai_key}}">
                 {% else %}
                   <input class="form-control" type="text" id="key_openai" name="key_openai" placeholder="Enter OpenAI Key">
                 {% endif %}
+                  <div class="input-group-text" data-password="false">
+                    <span class="password-eye"></span>
+                  </div>
+                </div>
                 <span class="text-muted float-end">This is optional but recommended.</span>
               </div>
               <div class="mb-3">
                 <label for="key_netlas" class="form-label">Netlas</label>
                 <p class="text-muted">Netlas keys will be used to get whois information and other OSINT related data.</p>
+                <div class="input-group input-group-merge">
                 {% if netlas_key %}
-                  <input class="form-control" type="text" id="key_netlas" name="key_netlas" placeholder="Enter Netlas Key" value="{{netlas_key}}">
+                  <input class="form-control" type="password" id="key_netlas" name="key_netlas" placeholder="Enter Netlas Key" value="{{netlas_key}}">
                 {% else %}
                   <input class="form-control" type="text" id="key_netlas" name="key_netlas" placeholder="Enter Netlas Key">
                 {% endif %}
+                  <div class="input-group-text" data-password="false">
+                    <span class="password-eye"></span>
+                  </div>
+                </div>
                 <span class="text-muted float-end">This is optional</span>
               </div>
               <div class="mb-0">

From 1fc3fad5afe88680a48e0904c02ad9ee6c0732ba Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 26 Jul 2024 11:25:20 +0530
Subject: [PATCH 052/211] hide hackerone api key

---
 web/scanEngine/admin.py                                     | 1 +
 web/scanEngine/forms.py                                     | 6 ++++--
 web/scanEngine/templates/scanEngine/settings/hackerone.html | 5 +++++
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/web/scanEngine/admin.py b/web/scanEngine/admin.py
index b2f2e0c10..edca16621 100644
--- a/web/scanEngine/admin.py
+++ b/web/scanEngine/admin.py
@@ -9,3 +9,4 @@
 admin.site.register(Notification)
 admin.site.register(VulnerabilityReportSetting)
 admin.site.register(InstalledExternalTool)
+admin.site.register(Hackerone)
\ No newline at end of file
diff --git a/web/scanEngine/forms.py b/web/scanEngine/forms.py
index 4eddf0d92..3f6431b54 100644
--- a/web/scanEngine/forms.py
+++ b/web/scanEngine/forms.py
@@ -399,12 +399,14 @@ class Meta:
 
     api_key = forms.CharField(
         required=True,
-        widget=forms.TextInput(
+        widget=forms.PasswordInput(
             attrs={
                 "class": "form-control form-control-lg",
                 "id": "api_key",
                 "placeholder": "Hackerone API Token",
-            }))
+            },
+            render_value=True
+        ))
 
     send_critical = forms.BooleanField(
         required=False,
diff --git a/web/scanEngine/templates/scanEngine/settings/hackerone.html b/web/scanEngine/templates/scanEngine/settings/hackerone.html
index 1cbd18142..bb1288042 100644
--- a/web/scanEngine/templates/scanEngine/settings/hackerone.html
+++ b/web/scanEngine/templates/scanEngine/settings/hackerone.html
@@ -47,7 +47,12 @@ <h4 class="header-title">Hackerone Automatic Vulnerability Report Settings</h4>
             </div>
             <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
               <label for="hackerone_api_token" class="form-label">Generate your <a href="https://hackerone.com/settings/api_token/edit" target="_blank">API Token from here <i class="fe-external-link"></i></a></label>
+              <div class="input-group input-group-merge">
               {{form.api_key}}
+                <div class="input-group-text" data-password="false">
+                  <span class="password-eye"></span>
+                </div>
+              </div>
             </div>
           </div>
           <a class="btn btn-primary float-end mt-3" href="javascript:test_hackerone()" role="button">

From 3be72aca043c183cd9770fd6d19033af83d46859 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sun, 28 Jul 2024 07:03:00 +0530
Subject: [PATCH 053/211] fix slack url hide

---
 web/scanEngine/forms.py                       | 32 ++++++++++++-------
 .../scanEngine/settings/notification.html     | 19 +++++++----
 2 files changed, 33 insertions(+), 18 deletions(-)

diff --git a/web/scanEngine/forms.py b/web/scanEngine/forms.py
index 3f6431b54..dd8151e9e 100644
--- a/web/scanEngine/forms.py
+++ b/web/scanEngine/forms.py
@@ -176,12 +176,14 @@ class Meta:
 
     slack_hook_url = forms.CharField(
         required=False,
-        widget=forms.TextInput(
+        widget=forms.PasswordInput(
             attrs={
-                "class": "form-control",
+                "class": "form-control h-100",
                 "id": "slack_hook_url",
                 "placeholder": "https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX",
-            }))
+            },
+            render_value=True
+        ))
 
     send_to_lark = forms.BooleanField(
         required=False,
@@ -193,12 +195,14 @@ class Meta:
 
     lark_hook_url = forms.CharField(
         required=False,
-        widget=forms.TextInput(
+        widget=forms.PasswordInput(
             attrs={
                 "class": "form-control",
                 "id": "lark_hook_url",
                 "placeholder": "https://open.larksuite.com/open-apis/bot/v2/hook/XXXXXXXXXXXXXXXXXXXXXXXX",
-            }))
+            },
+            render_value=True
+        ))
 
     send_to_discord = forms.BooleanField(
         required=False,
@@ -210,12 +214,14 @@ class Meta:
 
     discord_hook_url = forms.CharField(
         required=False,
-        widget=forms.TextInput(
+        widget=forms.PasswordInput(
             attrs={
                 "class": "form-control",
                 "id": "discord_hook_url",
                 "placeholder": "https://discord.com/api/webhooks/000000000000000000/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
-            }))
+            },
+            render_value=True
+        ))
 
     send_to_telegram = forms.BooleanField(
         required=False,
@@ -227,21 +233,25 @@ class Meta:
 
     telegram_bot_token = forms.CharField(
         required=False,
-        widget=forms.TextInput(
+        widget=forms.PasswordInput(
             attrs={
                 "class": "form-control",
                 "id": "telegram_bot_token",
                 "placeholder": "Bot Token",
-            }))
+            },
+            render_value=True
+        ))
 
     telegram_bot_chat_id = forms.CharField(
         required=False,
-        widget=forms.TextInput(
+        widget=forms.PasswordInput(
             attrs={
                 "class": "form-control",
                 "id": "telegram_bot_chat_id",
                 "placeholder": "Bot Chat ID",
-            }))
+            },
+            render_value=True
+        ))
 
     send_scan_status_notif = forms.BooleanField(
         required=False,
diff --git a/web/scanEngine/templates/scanEngine/settings/notification.html b/web/scanEngine/templates/scanEngine/settings/notification.html
index cffc23511..6f02519e4 100644
--- a/web/scanEngine/templates/scanEngine/settings/notification.html
+++ b/web/scanEngine/templates/scanEngine/settings/notification.html
@@ -31,19 +31,24 @@ <h4 class="header-title">Send Notifications to: </h4>
           <div class="row">
             <label for="slack_url" class="col-xl-2 col-sm-3 col-sm-2 col-form-label">Slack</label>
             <div class="col-xl-10 col-lg-9 col-sm-10">
-              <div class="input-group mb-4">
+              <div class="input-group mb-4 align-items-stretch">
                 <div class="input-group-prepend">
-                  <span class="input-group-text" style="height: 100%">
+                  <div class="input-group-text h-100 d-flex align-items-center">
                     <div class="form-check form-switch">
-                      {{form.send_to_slack}}
+                      {{ form.send_to_slack }}
                     </div>
-                  </span>
+                  </div>
+                </div>
+                <div class="flex-grow-1 position-relative">
+                  {{ form.slack_hook_url }}
+                  <div class="position-absolute top-50 end-0 translate-middle-y pe-2" style="cursor: pointer;" data-password="false">
+                    <span class="password-eye"></span>
+                  </div>
                 </div>
-                {{form.slack_hook_url}}
                 <div class="input-group-append">
-                  <span class="input-group-text" id="basic-addon2">
+                  <div class="input-group-text h-100 d-flex align-items-center">
                     <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-slack"><path d="M14.5 10c-.83 0-1.5-.67-1.5-1.5v-5c0-.83.67-1.5 1.5-1.5s1.5.67 1.5 1.5v5c0 .83-.67 1.5-1.5 1.5z"></path><path d="M20.5 10H19V8.5c0-.83.67-1.5 1.5-1.5s1.5.67 1.5 1.5-.67 1.5-1.5 1.5z"></path><path d="M9.5 14c.83 0 1.5.67 1.5 1.5v5c0 .83-.67 1.5-1.5 1.5S8 21.33 8 20.5v-5c0-.83.67-1.5 1.5-1.5z"></path><path d="M3.5 14H5v1.5c0 .83-.67 1.5-1.5 1.5S2 16.33 2 15.5 2.67 14 3.5 14z"></path><path d="M14 14.5c0-.83.67-1.5 1.5-1.5h5c.83 0 1.5.67 1.5 1.5s-.67 1.5-1.5 1.5h-5c-.83 0-1.5-.67-1.5-1.5z"></path><path d="M15.5 19H14v1.5c0 .83.67 1.5 1.5 1.5s1.5-.67 1.5-1.5-.67-1.5-1.5-1.5z"></path><path d="M10 9.5C10 8.67 9.33 8 8.5 8h-5C2.67 8 2 8.67 2 9.5S2.67 11 3.5 11h5c.83 0 1.5-.67 1.5-1.5z"></path><path d="M8.5 5H10V3.5C10 2.67 9.33 2 8.5 2S7 2.67 7 3.5 7.67 5 8.5 5z"></path></svg>
-                  </span>
+                  </div>
                 </div>
               </div>
             </div>

From 7d8e3edb9465bbaf3a24b67a80519860caeb7c65 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sun, 28 Jul 2024 07:05:30 +0530
Subject: [PATCH 054/211] added hide icon for lark

---
 web/scanEngine/forms.py                       |  4 ++--
 .../scanEngine/settings/notification.html     | 19 ++++++++++++-------
 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/web/scanEngine/forms.py b/web/scanEngine/forms.py
index dd8151e9e..0f3e0d411 100644
--- a/web/scanEngine/forms.py
+++ b/web/scanEngine/forms.py
@@ -197,7 +197,7 @@ class Meta:
         required=False,
         widget=forms.PasswordInput(
             attrs={
-                "class": "form-control",
+                "class": "form-control h-100",
                 "id": "lark_hook_url",
                 "placeholder": "https://open.larksuite.com/open-apis/bot/v2/hook/XXXXXXXXXXXXXXXXXXXXXXXX",
             },
@@ -216,7 +216,7 @@ class Meta:
         required=False,
         widget=forms.PasswordInput(
             attrs={
-                "class": "form-control",
+                "class": "form-control h-100",
                 "id": "discord_hook_url",
                 "placeholder": "https://discord.com/api/webhooks/000000000000000000/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
             },
diff --git a/web/scanEngine/templates/scanEngine/settings/notification.html b/web/scanEngine/templates/scanEngine/settings/notification.html
index 6f02519e4..6be78ef68 100644
--- a/web/scanEngine/templates/scanEngine/settings/notification.html
+++ b/web/scanEngine/templates/scanEngine/settings/notification.html
@@ -59,19 +59,24 @@ <h4 class="header-title">Send Notifications to: </h4>
           <div class="row mt-3">
             <label for="slack_url" class="col-xl-2 col-sm-3 col-sm-2 col-form-label">Lark</label>
             <div class="col-xl-10 col-lg-9 col-sm-10">
-              <div class="input-group mb-4">
+              <div class="input-group mb-4 align-items-stretch">
                 <div class="input-group-prepend">
-                  <span class="input-group-text" style="height: 100%">
+                  <div class="input-group-text h-100 d-flex align-items-center">
                     <div class="form-check form-switch">
-                      {{form.send_to_lark}}
+                      {{ form.send_to_lark }}
                     </div>
-                  </span>
+                  </div>
+                </div>
+                <div class="flex-grow-1 position-relative">
+                  {{ form.lark_hook_url }}
+                  <div class="position-absolute top-50 end-0 translate-middle-y pe-2" style="cursor: pointer;" data-password="false">
+                    <span class="password-eye"></span>
+                  </div>
                 </div>
-                {{form.lark_hook_url}}
                 <div class="input-group-append">
-                  <span class="input-group-text" id="basic-addon2">
+                  <div class="input-group-text h-100 d-flex align-items-center">
                     <svg xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://www.w3.org/2000/svg" width="24px" height="24px" fill="none"><path fill="#646A73" d="M7.844 4.564c.865.697 1.905 1.704 2.75 2.912.143.191.314.48.381.592l.028.047a7.34 7.34 0 0 0-.768 1.083l-.226-.412C8.545 6.276 5.75 4.564 5.614 4.481a.708.708 0 0 1-.005-.003l-.555-.329-.089-.07a.416.416 0 0 1 .255-.738l.35-.008h6.664c.132.005.265.03.392.076.145.054.264.145.381.257.112.12.227.247.336.374.519.562 1.104 1.407 1.104 1.407-.478.16-1.124.612-1.124.612a4.222 4.222 0 0 0-.29-.45 17.215 17.215 0 0 0-.865-1.045H7.844z"/><path fill="#646A73" d="M15.902 6.255a4.517 4.517 0 0 1 3.367.598c.206.14.656.529.201 1.027-1.416 1.391-1.829 2.688-2.192 3.833-.232.727-.45 1.414-.888 2.02-1.51 2.09-3.429 3.334-5.697 3.695-.468.074-.944.11-1.417.11-3.299 0-6.249-1.697-7.292-2.37h.003l-.135-.09c-.445-.315-.509-.603-.519-.824V5.88a.405.405 0 0 1 .69-.265l.401.491c4.235 5.168 7.605 6.72 9.688 7.109 1.872.353 3.027-.138 3.352-.308.278-.426.445-.953.636-1.555l.006-.018c.338-1.062.748-2.35 1.935-3.73a3.276 3.276 0 0 0-1.9-.14c-1.468.328-2.836 1.633-4.075 3.869-.112.2-.206.381-.285.56-.602-.09-1.111-.542-1.111-.542a7.52 7.52 0 0 1 .287-.56c1.432-2.604 3.096-4.135 4.945-4.535zM2.564 14.073c.954.621 4.451 2.694 7.943 2.137 1.3-.206 2.47-.763 3.497-1.658-2.31.21-6.297-.628-11.44-6.39v5.911z"/></svg>
-                  </span>
+                  </div>
                 </div>
               </div>
             </div>

From cccb3a9e97caf8aa68c7c3387b57084dbe8f1177 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sun, 28 Jul 2024 07:07:59 +0530
Subject: [PATCH 055/211] hide icon for discord

---
 .../scanEngine/settings/notification.html     | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/web/scanEngine/templates/scanEngine/settings/notification.html b/web/scanEngine/templates/scanEngine/settings/notification.html
index 6be78ef68..7410c9936 100644
--- a/web/scanEngine/templates/scanEngine/settings/notification.html
+++ b/web/scanEngine/templates/scanEngine/settings/notification.html
@@ -87,19 +87,24 @@ <h4 class="header-title">Send Notifications to: </h4>
           <div class="row mt-3">
             <label for="slack_url" class="col-xl-2 col-sm-3 col-sm-2 col-form-label">Discord<br>(Recommended)</label>
             <div class="col-xl-10 col-lg-9 col-sm-10">
-              <div class="input-group mb-4">
+              <div class="input-group mb-4 align-items-stretch">
                 <div class="input-group-prepend">
-                  <span class="input-group-text" style="height: 100%">
+                  <div class="input-group-text h-100 d-flex align-items-center">
                     <div class="form-check form-switch">
-                      {{form.send_to_discord}}
+                      {{ form.send_to_discord }}
                     </div>
-                  </span>
+                  </div>
+                </div>
+                <div class="flex-grow-1 position-relative">
+                  {{ form.discord_hook_url }}
+                  <div class="position-absolute top-50 end-0 translate-middle-y pe-2" style="cursor: pointer;" data-password="false">
+                    <span class="password-eye"></span>
+                  </div>
                 </div>
-                {{form.discord_hook_url}}
                 <div class="input-group-append">
-                  <span class="input-group-text" id="basic-addon2">
+                  <div class="input-group-text h-100 d-flex align-items-center">
                     <svg fill="#000000" xmlns="http://www.w3.org/2000/svg"  viewBox="0 0 47 47" width="24px" height="24px" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M 18.90625 7 C 18.90625 7 12.539063 7.4375 8.375 10.78125 C 8.355469 10.789063 8.332031 10.800781 8.3125 10.8125 C 7.589844 11.480469 7.046875 12.515625 6.375 14 C 5.703125 15.484375 4.992188 17.394531 4.34375 19.53125 C 3.050781 23.808594 2 29.058594 2 34 C 1.996094 34.175781 2.039063 34.347656 2.125 34.5 C 3.585938 37.066406 6.273438 38.617188 8.78125 39.59375 C 11.289063 40.570313 13.605469 40.960938 14.78125 41 C 15.113281 41.011719 15.429688 40.859375 15.625 40.59375 L 18.0625 37.21875 C 20.027344 37.683594 22.332031 38 25 38 C 27.667969 38 29.972656 37.683594 31.9375 37.21875 L 34.375 40.59375 C 34.570313 40.859375 34.886719 41.011719 35.21875 41 C 36.394531 40.960938 38.710938 40.570313 41.21875 39.59375 C 43.726563 38.617188 46.414063 37.066406 47.875 34.5 C 47.960938 34.347656 48.003906 34.175781 48 34 C 48 29.058594 46.949219 23.808594 45.65625 19.53125 C 45.007813 17.394531 44.296875 15.484375 43.625 14 C 42.953125 12.515625 42.410156 11.480469 41.6875 10.8125 C 41.667969 10.800781 41.644531 10.789063 41.625 10.78125 C 37.460938 7.4375 31.09375 7 31.09375 7 C 31.019531 6.992188 30.949219 6.992188 30.875 7 C 30.527344 7.046875 30.234375 7.273438 30.09375 7.59375 C 30.09375 7.59375 29.753906 8.339844 29.53125 9.40625 C 27.582031 9.09375 25.941406 9 25 9 C 24.058594 9 22.417969 9.09375 20.46875 9.40625 C 20.246094 8.339844 19.90625 7.59375 19.90625 7.59375 C 19.734375 7.203125 19.332031 6.964844 18.90625 7 Z M 18.28125 9.15625 C 18.355469 9.359375 18.40625 9.550781 18.46875 9.78125 C 16.214844 10.304688 13.746094 11.160156 11.4375 12.59375 C 11.074219 12.746094 10.835938 13.097656 10.824219 13.492188 C 10.816406 13.882813 11.039063 14.246094 11.390625 14.417969 C 11.746094 14.585938 12.167969 14.535156 12.46875 14.28125 C 17.101563 11.410156 22.996094 11 25 11 C 27.003906 11 32.898438 11.410156 37.53125 14.28125 C 37.832031 14.535156 38.253906 14.585938 38.609375 14.417969 C 38.960938 14.246094 39.183594 13.882813 39.175781 13.492188 C 39.164063 13.097656 38.925781 12.746094 38.5625 12.59375 C 36.253906 11.160156 33.785156 10.304688 31.53125 9.78125 C 31.59375 9.550781 31.644531 9.359375 31.71875 9.15625 C 32.859375 9.296875 37.292969 9.894531 40.3125 12.28125 C 40.507813 12.460938 41.1875 13.460938 41.8125 14.84375 C 42.4375 16.226563 43.09375 18.027344 43.71875 20.09375 C 44.9375 24.125 45.921875 29.097656 45.96875 33.65625 C 44.832031 35.496094 42.699219 36.863281 40.5 37.71875 C 38.5 38.496094 36.632813 38.84375 35.65625 38.9375 L 33.96875 36.65625 C 34.828125 36.378906 35.601563 36.078125 36.28125 35.78125 C 38.804688 34.671875 40.15625 33.5 40.15625 33.5 C 40.570313 33.128906 40.605469 32.492188 40.234375 32.078125 C 39.863281 31.664063 39.226563 31.628906 38.8125 32 C 38.8125 32 37.765625 32.957031 35.46875 33.96875 C 34.625 34.339844 33.601563 34.707031 32.4375 35.03125 C 32.167969 35 31.898438 35.078125 31.6875 35.25 C 29.824219 35.703125 27.609375 36 25 36 C 22.371094 36 20.152344 35.675781 18.28125 35.21875 C 18.070313 35.078125 17.8125 35.019531 17.5625 35.0625 C 16.394531 34.738281 15.378906 34.339844 14.53125 33.96875 C 12.234375 32.957031 11.1875 32 11.1875 32 C 10.960938 31.789063 10.648438 31.699219 10.34375 31.75 C 9.957031 31.808594 9.636719 32.085938 9.53125 32.464844 C 9.421875 32.839844 9.546875 33.246094 9.84375 33.5 C 9.84375 33.5 11.195313 34.671875 13.71875 35.78125 C 14.398438 36.078125 15.171875 36.378906 16.03125 36.65625 L 14.34375 38.9375 C 13.367188 38.84375 11.5 38.496094 9.5 37.71875 C 7.300781 36.863281 5.167969 35.496094 4.03125 33.65625 C 4.078125 29.097656 5.0625 24.125 6.28125 20.09375 C 6.90625 18.027344 7.5625 16.226563 8.1875 14.84375 C 8.8125 13.460938 9.492188 12.460938 9.6875 12.28125 C 12.707031 9.894531 17.140625 9.296875 18.28125 9.15625 Z M 18.5 21 C 15.949219 21 14 23.316406 14 26 C 14 28.683594 15.949219 31 18.5 31 C 21.050781 31 23 28.683594 23 26 C 23 23.316406 21.050781 21 18.5 21 Z M 31.5 21 C 28.949219 21 27 23.316406 27 26 C 27 28.683594 28.949219 31 31.5 31 C 34.050781 31 36 28.683594 36 26 C 36 23.316406 34.050781 21 31.5 21 Z M 18.5 23 C 19.816406 23 21 24.265625 21 26 C 21 27.734375 19.816406 29 18.5 29 C 17.183594 29 16 27.734375 16 26 C 16 24.265625 17.183594 23 18.5 23 Z M 31.5 23 C 32.816406 23 34 24.265625 34 26 C 34 27.734375 32.816406 29 31.5 29 C 30.183594 29 29 27.734375 29 26 C 29 24.265625 30.183594 23 31.5 23 Z"/></svg>
-                  </span>
+                  </div>
                 </div>
               </div>
             </div>

From 78c5ffcf2eb07820ef0b37611c86248c12308911 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sun, 28 Jul 2024 07:13:21 +0530
Subject: [PATCH 056/211] fix telegram input box hide icon

---
 web/scanEngine/forms.py                       |  4 +--
 .../scanEngine/settings/notification.html     | 34 +++++++++++++------
 2 files changed, 25 insertions(+), 13 deletions(-)

diff --git a/web/scanEngine/forms.py b/web/scanEngine/forms.py
index 0f3e0d411..e55744621 100644
--- a/web/scanEngine/forms.py
+++ b/web/scanEngine/forms.py
@@ -235,7 +235,7 @@ class Meta:
         required=False,
         widget=forms.PasswordInput(
             attrs={
-                "class": "form-control",
+                "class": "form-control h-100",
                 "id": "telegram_bot_token",
                 "placeholder": "Bot Token",
             },
@@ -246,7 +246,7 @@ class Meta:
         required=False,
         widget=forms.PasswordInput(
             attrs={
-                "class": "form-control",
+                "class": "form-control h-100",
                 "id": "telegram_bot_chat_id",
                 "placeholder": "Bot Chat ID",
             },
diff --git a/web/scanEngine/templates/scanEngine/settings/notification.html b/web/scanEngine/templates/scanEngine/settings/notification.html
index 7410c9936..d5b9aa4b5 100644
--- a/web/scanEngine/templates/scanEngine/settings/notification.html
+++ b/web/scanEngine/templates/scanEngine/settings/notification.html
@@ -57,7 +57,7 @@ <h4 class="header-title">Send Notifications to: </h4>
             </div>
           </div>
           <div class="row mt-3">
-            <label for="slack_url" class="col-xl-2 col-sm-3 col-sm-2 col-form-label">Lark</label>
+            <label for="lark_url" class="col-xl-2 col-sm-3 col-sm-2 col-form-label">Lark</label>
             <div class="col-xl-10 col-lg-9 col-sm-10">
               <div class="input-group mb-4 align-items-stretch">
                 <div class="input-group-prepend">
@@ -85,7 +85,7 @@ <h4 class="header-title">Send Notifications to: </h4>
             </div>
           </div>
           <div class="row mt-3">
-            <label for="slack_url" class="col-xl-2 col-sm-3 col-sm-2 col-form-label">Discord<br>(Recommended)</label>
+            <label for="discord_url" class="col-xl-2 col-sm-3 col-sm-2 col-form-label">Discord<br>(Recommended)</label>
             <div class="col-xl-10 col-lg-9 col-sm-10">
               <div class="input-group mb-4 align-items-stretch">
                 <div class="input-group-prepend">
@@ -113,24 +113,36 @@ <h4 class="header-title">Send Notifications to: </h4>
             </div>
           </div>
           <div class="row mt-3">
-            <label for="slack_url" class="col-xl-2 col-sm-3 col-sm-2 col-form-label">Telegram</label>
+            <label for="telegram_url" class="col-xl-2 col-sm-3 col-sm-2 col-form-label">Telegram</label>
             <div class="col-xl-10 col-lg-9 col-sm-10">
-              <div class="input-group mb-4">
+              <div class="input-group mb-4 align-items-stretch">
                 <div class="input-group-prepend">
-                  <span class="input-group-text" style="height: 100%">
+                  <div class="input-group-text h-100 d-flex align-items-center">
                     <div class="form-check form-switch">
-                      {{form.send_to_telegram}}
+                      {{ form.send_to_telegram }}
+                    </div>
+                  </div>
+                </div>
+                <div class="flex-grow-1 d-flex">
+                  <div class="position-relative flex-grow-1">
+                    {{ form.telegram_bot_token }}
+                    <div class="position-absolute top-50 end-0 translate-middle-y pe-2" style="cursor: pointer;" data-password="false">
+                      <span class="password-eye"></span>
                     </div>
-                  </span>
+                  </div>
+                  <div class="position-relative flex-grow-1">
+                    {{ form.telegram_bot_chat_id }}
+                    <div class="position-absolute top-50 end-0 translate-middle-y pe-2" style="cursor: pointer;" data-password="false">
+                      <span class="password-eye"></span>
+                    </div>
+                  </div>
                 </div>
-                {{form.telegram_bot_token}}
-                {{form.telegram_bot_chat_id}}
                 <div class="input-group-append">
-                  <span class="input-group-text" id="basic-addon2">
+                  <div class="input-group-text h-100 d-flex align-items-center">
                     <svg fill="#000000" xmlns="http://www.w3.org/2000/svg"  viewBox="0 0 47 47" width="24px" height="24px" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
                       <path d="M 44.376953 5.9863281 C 43.889905 6.0076957 43.415817 6.1432497 42.988281 6.3144531 C 42.565113 6.4845113 40.128883 7.5243408 36.53125 9.0625 C 32.933617 10.600659 28.256963 12.603668 23.621094 14.589844 C 14.349356 18.562196 5.2382813 22.470703 5.2382812 22.470703 L 5.3046875 22.445312 C 5.3046875 22.445312 4.7547875 22.629122 4.1972656 23.017578 C 3.9185047 23.211806 3.6186028 23.462555 3.3730469 23.828125 C 3.127491 24.193695 2.9479735 24.711788 3.015625 25.259766 C 3.2532479 27.184511 5.2480469 27.730469 5.2480469 27.730469 L 5.2558594 27.734375 L 14.158203 30.78125 C 14.385177 31.538434 16.858319 39.792923 17.402344 41.541016 C 17.702797 42.507484 17.984013 43.064995 18.277344 43.445312 C 18.424133 43.635633 18.577962 43.782915 18.748047 43.890625 C 18.815627 43.933415 18.8867 43.965525 18.957031 43.994141 C 18.958531 43.994806 18.959437 43.99348 18.960938 43.994141 C 18.969579 43.997952 18.977708 43.998295 18.986328 44.001953 L 18.962891 43.996094 C 18.979231 44.002694 18.995359 44.013801 19.011719 44.019531 C 19.043456 44.030655 19.062905 44.030268 19.103516 44.039062 C 20.123059 44.395042 20.966797 43.734375 20.966797 43.734375 L 21.001953 43.707031 L 26.470703 38.634766 L 35.345703 45.554688 L 35.457031 45.605469 C 37.010484 46.295216 38.415349 45.910403 39.193359 45.277344 C 39.97137 44.644284 40.277344 43.828125 40.277344 43.828125 L 40.310547 43.742188 L 46.832031 9.7519531 C 46.998903 8.9915162 47.022612 8.334202 46.865234 7.7402344 C 46.707857 7.1462668 46.325492 6.6299361 45.845703 6.34375 C 45.365914 6.0575639 44.864001 5.9649605 44.376953 5.9863281 z M 44.429688 8.0195312 C 44.627491 8.0103707 44.774102 8.032983 44.820312 8.0605469 C 44.866523 8.0881109 44.887272 8.0844829 44.931641 8.2519531 C 44.976011 8.419423 45.000036 8.7721605 44.878906 9.3242188 L 44.875 9.3359375 L 38.390625 43.128906 C 38.375275 43.162926 38.240151 43.475531 37.931641 43.726562 C 37.616914 43.982653 37.266874 44.182554 36.337891 43.792969 L 26.632812 36.224609 L 26.359375 36.009766 L 26.353516 36.015625 L 23.451172 33.837891 L 39.761719 14.648438 A 1.0001 1.0001 0 0 0 38.974609 13 A 1.0001 1.0001 0 0 0 38.445312 13.167969 L 14.84375 28.902344 L 5.9277344 25.849609 C 5.9277344 25.849609 5.0423771 25.356927 5 25.013672 C 4.99765 24.994652 4.9871961 25.011869 5.0332031 24.943359 C 5.0792101 24.874869 5.1948546 24.759225 5.3398438 24.658203 C 5.6298218 24.456159 5.9609375 24.333984 5.9609375 24.333984 L 5.9941406 24.322266 L 6.0273438 24.308594 C 6.0273438 24.308594 15.138894 20.399882 24.410156 16.427734 C 29.045787 14.44166 33.721617 12.440122 37.318359 10.902344 C 40.914175 9.3649615 43.512419 8.2583658 43.732422 8.1699219 C 43.982886 8.0696253 44.231884 8.0286918 44.429688 8.0195312 z M 33.613281 18.792969 L 21.244141 33.345703 L 21.238281 33.351562 A 1.0001 1.0001 0 0 0 21.183594 33.423828 A 1.0001 1.0001 0 0 0 21.128906 33.507812 A 1.0001 1.0001 0 0 0 20.998047 33.892578 A 1.0001 1.0001 0 0 0 20.998047 33.900391 L 19.386719 41.146484 C 19.35993 41.068197 19.341173 41.039555 19.3125 40.947266 L 19.3125 40.945312 C 18.800713 39.30085 16.467362 31.5161 16.144531 30.439453 L 33.613281 18.792969 z M 22.640625 35.730469 L 24.863281 37.398438 L 21.597656 40.425781 L 22.640625 35.730469 z"/>
                     </svg>
-                  </span>
+                  </div>
                 </div>
               </div>
             </div>

From 4ccb62b6254262a2702377f1d5d961e6ec8f7637 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sun, 28 Jul 2024 07:20:11 +0530
Subject: [PATCH 057/211] use new eye icon inside input box for api

---
 web/scanEngine/templates/scanEngine/settings/api.html | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/web/scanEngine/templates/scanEngine/settings/api.html b/web/scanEngine/templates/scanEngine/settings/api.html
index a98a9306b..9f57f1a6d 100644
--- a/web/scanEngine/templates/scanEngine/settings/api.html
+++ b/web/scanEngine/templates/scanEngine/settings/api.html
@@ -29,13 +29,13 @@
               <div class="mb-3">
                 <label for="key_openai" class="form-label">OpenAI</label>
                 <p class="text-muted">OpenAI keys will be used to generate vulnerability description, remediation, impact and vulnerability report writing using GPT.</p>
-                <div class="input-group input-group-merge">
+                <div class="flex-grow-1 position-relative">
                 {% if openai_key %}
                   <input class="form-control" type="password" id="key_openai" name="key_openai" placeholder="Enter OpenAI Key" value="{{openai_key}}">
                 {% else %}
                   <input class="form-control" type="text" id="key_openai" name="key_openai" placeholder="Enter OpenAI Key">
                 {% endif %}
-                  <div class="input-group-text" data-password="false">
+                  <div class="position-absolute top-50 end-0 translate-middle-y pe-2" style="cursor: pointer;" data-password="false">
                     <span class="password-eye"></span>
                   </div>
                 </div>
@@ -44,13 +44,13 @@
               <div class="mb-3">
                 <label for="key_netlas" class="form-label">Netlas</label>
                 <p class="text-muted">Netlas keys will be used to get whois information and other OSINT related data.</p>
-                <div class="input-group input-group-merge">
+                <div class="flex-grow-1 position-relative">
                 {% if netlas_key %}
                   <input class="form-control" type="password" id="key_netlas" name="key_netlas" placeholder="Enter Netlas Key" value="{{netlas_key}}">
                 {% else %}
                   <input class="form-control" type="text" id="key_netlas" name="key_netlas" placeholder="Enter Netlas Key">
                 {% endif %}
-                  <div class="input-group-text" data-password="false">
+                  <div class="position-absolute top-50 end-0 translate-middle-y pe-2" style="cursor: pointer;" data-password="false">
                     <span class="password-eye"></span>
                   </div>
                 </div>

From b749c2a4b6a67e58621a4d580e0b34b7ad481db2 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sun, 28 Jul 2024 07:23:15 +0530
Subject: [PATCH 058/211] hackerone hide icon fix

---
 .../templates/scanEngine/settings/hackerone.html     | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/web/scanEngine/templates/scanEngine/settings/hackerone.html b/web/scanEngine/templates/scanEngine/settings/hackerone.html
index bb1288042..eec049813 100644
--- a/web/scanEngine/templates/scanEngine/settings/hackerone.html
+++ b/web/scanEngine/templates/scanEngine/settings/hackerone.html
@@ -43,15 +43,15 @@ <h4 class="header-title">Hackerone Automatic Vulnerability Report Settings</h4>
           <div class="row">
             <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
               <label for="hackerone_username"  class="form-label">Your Hackerone Username (Not email)</label>
-              {{form.username}}
+              {{ form.username }}
             </div>
             <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
               <label for="hackerone_api_token" class="form-label">Generate your <a href="https://hackerone.com/settings/api_token/edit" target="_blank">API Token from here <i class="fe-external-link"></i></a></label>
-              <div class="input-group input-group-merge">
-              {{form.api_key}}
-                <div class="input-group-text" data-password="false">
-                  <span class="password-eye"></span>
-                </div>
+              <div class="flex-grow-1 position-relative">
+              {{ form.api_key }}
+              <div class="position-absolute top-50 end-0 translate-middle-y pe-2" style="cursor: pointer;" data-password="false">
+                <span class="password-eye"></span>
+              </div>
               </div>
             </div>
           </div>

From 4297dcff12b28e322c5b2486e0b1291c7dbeada0 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 31 Jul 2024 19:51:11 +0530
Subject: [PATCH 059/211] fix mr conflict

---
 web/scanEngine/views.py | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/web/scanEngine/views.py b/web/scanEngine/views.py
index 7ee695948..54659f9a3 100644
--- a/web/scanEngine/views.py
+++ b/web/scanEngine/views.py
@@ -214,16 +214,6 @@ def tool_specific_settings(request, slug):
                     file.write(gf_file.read().decode("utf-8"))
                     file.close()
                     upload_count += 1
-            messages.add_message(request, messages.INFO, f'{upload_count} GF files successfully uploaded')
-                original_filename = re.sub(r'[\\/*?:"<>|]',"", original_filename)
-                file_extension = original_filename.split('.')[len(gf_file.name.split('.'))-1]
-                if file_extension == 'json':
-                    base_filename = os.path.splitext(original_filename)[0]
-                    file_path = '/root/.gf/' + base_filename + '.json'
-                    file = open(file_path, "w")
-                    file.write(gf_file.read().decode("utf-8"))
-                    file.close()
-                    upload_count += 1
             messages.add_message(request, messages.INFO, f'{upload_count} GF files successfully uploaded')
             return http.HttpResponseRedirect(reverse('tool_settings', kwargs={'slug': slug}))
 

From 18a782a9d9ee3c7492aef15ae938bb61985a5b85 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 31 Jul 2024 19:51:51 +0530
Subject: [PATCH 060/211] remove print messages

---
 web/scanEngine/views.py | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/web/scanEngine/views.py b/web/scanEngine/views.py
index 54659f9a3..08433ec44 100644
--- a/web/scanEngine/views.py
+++ b/web/scanEngine/views.py
@@ -174,9 +174,7 @@ def interesting_lookup(request, slug):
             form = InterestingLookupForm(request.POST, instance=lookup_keywords)
         else:
             form = InterestingLookupForm(request.POST or None)
-        print(form.errors)
         if form.is_valid():
-            print(form.cleaned_data)
             form.save()
             messages.add_message(
                 request,
@@ -198,7 +196,6 @@ def tool_specific_settings(request, slug):
     # check for incoming form requests
     if request.method == "POST":
 
-        print(request.FILES)
         if 'gfFileUpload[]' in request.FILES:
             gf_files = request.FILES.getlist('gfFileUpload[]')
             upload_count = 0
@@ -536,7 +533,6 @@ def add_tool(request, slug):
     form = ExternalToolForm()
     if request.method == "POST":
         form = ExternalToolForm(request.POST)
-        print(form.errors)
         if form.is_valid():
             # add tool
             install_command = form.data['install_command']

From 6733b62cf97dd524a4d92cfb65be0727335ae38c Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 31 Jul 2024 19:57:47 +0530
Subject: [PATCH 061/211] remove external ip from dashboard

---
 web/reNgine/context_processors.py     | 8 +-------
 web/templates/base/_items/footer.html | 1 -
 web/templates/base/base.html          | 2 +-
 3 files changed, 2 insertions(+), 9 deletions(-)

diff --git a/web/reNgine/context_processors.py b/web/reNgine/context_processors.py
index 8fefeae09..e91b726d1 100644
--- a/web/reNgine/context_processors.py
+++ b/web/reNgine/context_processors.py
@@ -1,5 +1,5 @@
 from dashboard.models import *
-import requests
+
 
 def projects(request):
     projects = Project.objects.all()
@@ -11,10 +11,4 @@ def projects(request):
     return {
         'projects': projects,
         'current_project': project
-    }
-
-def misc(request):
-    externalIp = requests.get('https://checkip.amazonaws.com').text.strip()
-    return {
-        'external_ip': externalIp
     }
\ No newline at end of file
diff --git a/web/templates/base/_items/footer.html b/web/templates/base/_items/footer.html
index 108ba8133..7c7789035 100644
--- a/web/templates/base/_items/footer.html
+++ b/web/templates/base/_items/footer.html
@@ -1,7 +1,6 @@
 <div class="footer">
   <div class="row justify-content-center">
     <div class="col-12 col-md-8 col-lg-6 justify-content-center text-center">
-      External IP : {{external_ip}}
     </div>
   </div>
 </div>
diff --git a/web/templates/base/base.html b/web/templates/base/base.html
index a3d5ac984..b633e356f 100644
--- a/web/templates/base/base.html
+++ b/web/templates/base/base.html
@@ -92,7 +92,7 @@ <h4 class="page-title">{% block page_title %}{% endblock page_title %}</h4>
         {% include 'base/_items/offcanvas.html' %}
       </div>
       {% include 'base/_items/right_bar.html' %}
-      {% include 'base/_items/footer.html' %}
+      {% comment %} {% include 'base/_items/footer.html' %} {% endcomment %}
     </div>
     <script src="{% static 'assets/js/vendor.min.js' %}"></script>
     <script src="https://unpkg.com/@popperjs/core@2"></script>

From 21f4dfff8ff3cd2c62f2910392451431e7558b28 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 31 Jul 2024 19:59:31 +0530
Subject: [PATCH 062/211] Revert "remove external ip from dashboard"

This reverts commit 6733b62cf97dd524a4d92cfb65be0727335ae38c.
---
 web/reNgine/context_processors.py     | 8 +++++++-
 web/templates/base/_items/footer.html | 1 +
 web/templates/base/base.html          | 2 +-
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/web/reNgine/context_processors.py b/web/reNgine/context_processors.py
index e91b726d1..8fefeae09 100644
--- a/web/reNgine/context_processors.py
+++ b/web/reNgine/context_processors.py
@@ -1,5 +1,5 @@
 from dashboard.models import *
-
+import requests
 
 def projects(request):
     projects = Project.objects.all()
@@ -11,4 +11,10 @@ def projects(request):
     return {
         'projects': projects,
         'current_project': project
+    }
+
+def misc(request):
+    externalIp = requests.get('https://checkip.amazonaws.com').text.strip()
+    return {
+        'external_ip': externalIp
     }
\ No newline at end of file
diff --git a/web/templates/base/_items/footer.html b/web/templates/base/_items/footer.html
index 7c7789035..108ba8133 100644
--- a/web/templates/base/_items/footer.html
+++ b/web/templates/base/_items/footer.html
@@ -1,6 +1,7 @@
 <div class="footer">
   <div class="row justify-content-center">
     <div class="col-12 col-md-8 col-lg-6 justify-content-center text-center">
+      External IP : {{external_ip}}
     </div>
   </div>
 </div>
diff --git a/web/templates/base/base.html b/web/templates/base/base.html
index b633e356f..a3d5ac984 100644
--- a/web/templates/base/base.html
+++ b/web/templates/base/base.html
@@ -92,7 +92,7 @@ <h4 class="page-title">{% block page_title %}{% endblock page_title %}</h4>
         {% include 'base/_items/offcanvas.html' %}
       </div>
       {% include 'base/_items/right_bar.html' %}
-      {% comment %} {% include 'base/_items/footer.html' %} {% endcomment %}
+      {% include 'base/_items/footer.html' %}
     </div>
     <script src="{% static 'assets/js/vendor.min.js' %}"></script>
     <script src="https://unpkg.com/@popperjs/core@2"></script>

From 12627198606da6f5ac1911d5608ced79d8917a77 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 31 Jul 2024 20:03:40 +0530
Subject: [PATCH 063/211] remove external ip

---
 web/reNgine/context_processors.py     | 8 --------
 web/reNgine/settings.py               | 1 -
 web/templates/base/_items/footer.html | 1 -
 web/templates/base/base.html          | 2 +-
 4 files changed, 1 insertion(+), 11 deletions(-)

diff --git a/web/reNgine/context_processors.py b/web/reNgine/context_processors.py
index cbf89af9b..356289a97 100644
--- a/web/reNgine/context_processors.py
+++ b/web/reNgine/context_processors.py
@@ -1,5 +1,3 @@
-import requests
-
 from dashboard.models import *
 from django.conf import settings
 
@@ -16,12 +14,6 @@ def projects(request):
         'current_project': project
     }
 
-def misc(request):
-    externalIp = requests.get('https://checkip.amazonaws.com').text.strip()
-    return {
-        'external_ip': externalIp
-    }
-
 def version_context(request):
     return {
         'RENGINE_CURRENT_VERSION': settings.RENGINE_CURRENT_VERSION
diff --git a/web/reNgine/settings.py b/web/reNgine/settings.py
index e98ff21a6..841c1172c 100644
--- a/web/reNgine/settings.py
+++ b/web/reNgine/settings.py
@@ -118,7 +118,6 @@
                 'django.contrib.auth.context_processors.auth',
                 'django.contrib.messages.context_processors.messages',
                 'reNgine.context_processors.projects',
-                'reNgine.context_processors.misc',
                 'reNgine.context_processors.version_context'
             ],
     },
diff --git a/web/templates/base/_items/footer.html b/web/templates/base/_items/footer.html
index 108ba8133..7c7789035 100644
--- a/web/templates/base/_items/footer.html
+++ b/web/templates/base/_items/footer.html
@@ -1,7 +1,6 @@
 <div class="footer">
   <div class="row justify-content-center">
     <div class="col-12 col-md-8 col-lg-6 justify-content-center text-center">
-      External IP : {{external_ip}}
     </div>
   </div>
 </div>
diff --git a/web/templates/base/base.html b/web/templates/base/base.html
index a3d5ac984..b633e356f 100644
--- a/web/templates/base/base.html
+++ b/web/templates/base/base.html
@@ -92,7 +92,7 @@ <h4 class="page-title">{% block page_title %}{% endblock page_title %}</h4>
         {% include 'base/_items/offcanvas.html' %}
       </div>
       {% include 'base/_items/right_bar.html' %}
-      {% include 'base/_items/footer.html' %}
+      {% comment %} {% include 'base/_items/footer.html' %} {% endcomment %}
     </div>
     <script src="{% static 'assets/js/vendor.min.js' %}"></script>
     <script src="https://unpkg.com/@popperjs/core@2"></script>

From fd68ce1f9e448ee0323b253e5a3af1d9322c3d3f Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Thu, 1 Aug 2024 09:19:52 +0530
Subject: [PATCH 064/211] Added excluded path in ui, refactor url filter to
 starting point url

---
 web/reNgine/definitions.py                    |  16 +
 .../templates/startScan/start_scan_ui.html    | 105 +++--
 web/startScan/views.py                        |  14 +-
 .../selectize/css/selectize.bootstrap3.css    | 417 ++++++++++++++++++
 .../plugins/selectize/css/selectize.css       | 333 ++++++++++++++
 .../selectize/js/standalone/selectize.min.js  |   4 +
 6 files changed, 841 insertions(+), 48 deletions(-)
 create mode 100644 web/static/plugins/selectize/css/selectize.bootstrap3.css
 create mode 100644 web/static/plugins/selectize/css/selectize.css
 create mode 100644 web/static/plugins/selectize/js/standalone/selectize.min.js

diff --git a/web/reNgine/definitions.py b/web/reNgine/definitions.py
index e5b80d577..3a9c9ad7c 100644
--- a/web/reNgine/definitions.py
+++ b/web/reNgine/definitions.py
@@ -423,6 +423,22 @@
     '.pdf',
 ]
 
+# Default Excluded Paths during Initate Scan
+# Mostly static files and directories
+DEFAULT_EXCLUDED_PATHS = [
+    # Static assets (using regex patterns)
+    '/static/.*',
+    '/assets/.*',
+    '/css/.*',
+    '/js/.*',
+    '/images/.*',
+    '/img/.*',
+    '/fonts/.*',
+
+    # File types (using regex patterns)
+    '.*\.ico',
+]
+
 # Roles and Permissions
 PERM_MODIFY_SYSTEM_CONFIGURATIONS = 'modify_system_configurations'
 PERM_MODIFY_SCAN_CONFIGURATIONS = 'modify_scan_configurations'
diff --git a/web/startScan/templates/startScan/start_scan_ui.html b/web/startScan/templates/startScan/start_scan_ui.html
index 8c5de75a6..d9c20aeaa 100644
--- a/web/startScan/templates/startScan/start_scan_ui.html
+++ b/web/startScan/templates/startScan/start_scan_ui.html
@@ -9,6 +9,7 @@
 {% block custom_js_css_link %}
 <link href="{% static 'plugins/jquery-step/jquery.steps.css' %}" rel="stylesheet" type="text/css" />
 <link href="{% static 'plugins/accordions/custom-accordions.css' %}" rel="stylesheet" type="text/css" />
+<link href="{% static 'plugins/selectize/css/selectize.bootstrap3.css' %}" rel="stylesheet" type="text/css" />
 {% endblock custom_js_css_link %}
 
 {% block breadcrumb_title %}
@@ -64,15 +65,33 @@ <h4 class="text-warning">Out of Scope Subdomains(Optional)</h4>
               </div>
             </div>
 
-            <h4>Filters</h4>
-            <div class="">
+            <h4>URL Scope and Exclusions</h4>
+            <div class="mb-4">
               <div class="mb-3">
-                <h4 class="text-info">Filters (Optional)</h4>
-                <span class="">You can filter on a specific path for <b>{{domain.name}}</b>.</span>
-                <br>
-                <label for="filterPath" class="form-label mt-1">Path filter</label>
-                <textarea class="form-control" id="filterPath" name="filterPath" rows="6" spellcheck="false"></textarea>
+                <h4 class="text-info">Starting Point URL (Optional)</h4>
+                <input type="email" class="form-control" id="startingPointUrl" placeholder="e.g. /home">
+                <small class="form-text text-muted">
+                  Defines where the scan should begin. Leave blank to scan from the root (/) and include all subdomains. 
+                  </br>
+                  If a path is provided (e.g., /home), the scan will focus only on that path and its subpaths, 
+                  skipping subdomain scanning. For example, entering '/home' for {{domain.name}} will scan 
+                  https://{{domain.name}}/home, but not other parts of {{domain.name}} or its subdomains.
+                </small>
               </div>
+              <div class="mb-3">
+                <h4 class="text-warning">Excluded Paths (Optional)</h4>
+                <input type="text" id="excludedPaths" value="{{excluded_paths}}">
+                <small class="form-text text-muted">
+                Enter paths or regex patterns to exclude from the scan. Type a path or pattern and press Enter to add it.
+                Supports both exact path matching and regex patterns. Examples:<br>
+                • <code>/admin</code> excludes paths starting with '/admin'<br>
+                • <code>/images/.*\.jpg</code> excludes all .jpg files in the images directory<br>
+                • <code>/static/(?:css|js)/</code> excludes all contents of /static/css/ and /static/js/<br>
+                <b>Common exclusions:</b><br>
+                • Static assets: <code>/images/.*</code>, <code>/css/.*</code><br>
+                <br>
+                <b>Note: Use regex patterns carefully. While exclusions can speed up scans, be cautious not to exclude critical areas that may contain vulnerabilities. Test your patterns to ensure they match as intended.</b>
+              </small>
             </div>
           </div>
         </form>
@@ -85,40 +104,13 @@ <h4 class="text-info">Filters (Optional)</h4>
 
 {% block page_level_script %}
 <script src="{% static 'plugins/jquery-step/jquery.steps.min.js' %}"></script>
+<script src="{% static 'plugins/selectize/js/standalone/selectize.min.js' %}"></script>
 <script type="text/javascript">
-var buttonEnabled = true;
-var globalTimeout = 0;
-
-function initTimer() {
-  if (globalTimeout) clearTimeout(globalTimeout);
-  globalTimeout = setTimeout(updateButton, 400);
-}
-
-function disableNext(){
-  var nextButton = $(".actions ul li:nth-child(2) a");
-  nextButton.attr("href", "#");
-  buttonEnabled = $(".actions ul li:nth-child(2)").addClass("disabled").attr("aria-disabled", "true");
-}
-
-function enableNext(){
-  var nextButton = $(".actions ul li:nth-child(2) a");
-  nextButton.attr("href", "#next");
-  buttonEnabled = $(".actions ul li:nth-child(2)").removeClass("disabled").attr("aria-disabled", "false");
-}
-
-function updateButton(){
-  $('a[role="menuitem"]').addClass('btn btn-primary waves-effect waves-light');
-  var text = $("input[type=radio][name=scan_mode]").val();
-  if(text === ''){
-    disableNext();
-    return false;
-  }else{
-    enableNext();
-    return true;
-  }
-}
 
-$(function(){
+$(document).ready(function() {
+  var buttonEnabled = true;
+  var globalTimeout = 0;
+
   $("#select_engine").steps({
     headerTag: "h4",
     bodyTag: "div",
@@ -134,8 +126,41 @@ <h4 class="text-info">Filters (Optional)</h4>
   $("input[type=radio][name=scan_mode]").change(initTimer).keyup(initTimer);
   disableNext();
   $('a[role="menuitem"]').addClass('text-white');
-});
 
+  function initTimer() {
+    if (globalTimeout) clearTimeout(globalTimeout);
+    globalTimeout = setTimeout(updateButton, 400);
+  }
+  function disableNext(){
+    var nextButton = $(".actions ul li:nth-child(2) a");
+    nextButton.attr("href", "#");
+    buttonEnabled = $(".actions ul li:nth-child(2)").addClass("disabled").attr("aria-disabled", "true");
+  }
 
+  function enableNext(){
+    var nextButton = $(".actions ul li:nth-child(2) a");
+    nextButton.attr("href", "#next");
+    buttonEnabled = $(".actions ul li:nth-child(2)").removeClass("disabled").attr("aria-disabled", "false");
+  }
+
+  function updateButton(){
+    $('a[role="menuitem"]').addClass('btn btn-primary waves-effect waves-light');
+    var text = $("input[type=radio][name=scan_mode]").val();
+    if(text === ''){
+      disableNext();
+      return false;
+    }else{
+      enableNext();
+      return true;
+    }
+  }
+
+  $('#excludedPaths').selectize({
+    persist: false,
+    createOnBlur: true,
+    create: true,
+  });
+
+});
 </script>
 {% endblock page_level_script %}
diff --git a/web/startScan/views.py b/web/startScan/views.py
index 9e7403a10..edd242071 100644
--- a/web/startScan/views.py
+++ b/web/startScan/views.py
@@ -259,12 +259,7 @@ def start_scan_ui(request, slug, domain_id):
         subdomains_in = [s.rstrip() for s in subdomains_in if s]
         subdomains_out = request.POST['outOfScopeSubdomainTextarea'].split()
         subdomains_out = [s.rstrip() for s in subdomains_out if s]
-        paths = request.POST['filterPath'].split()
-        filterPath = [s.rstrip() for s in paths if s]
-        if len(filterPath) > 0:
-            filterPath = filterPath[0]
-        else:
-            filterPath = ''
+        starting_point_url = request.POST['startingPointUrl'].split()
 
         # Get engine type
         engine_id = request.POST['scan_mode']
@@ -286,7 +281,7 @@ def start_scan_ui(request, slug, domain_id):
             'results_dir': '/usr/src/scan_results',
             'imported_subdomains': subdomains_in,
             'out_of_scope_subdomains': subdomains_out,
-            'url_filter': filterPath,
+            'starting_point_url': starting_point_url,
             'initiated_by_id': request.user.id
         }
         initiate_scan.apply_async(kwargs=kwargs)
@@ -306,11 +301,14 @@ def start_scan_ui(request, slug, domain_id):
         .filter(default_engine=False)
         .count()
     )
+    excluded_paths = ','.join(DEFAULT_EXCLUDED_PATHS)
     context = {
         'scan_history_active': 'active',
         'domain': domain,
         'engines': engine,
-        'custom_engine_count': custom_engine_count}
+        'custom_engine_count': custom_engine_count,
+        'excluded_paths': excluded_paths
+    }
     return render(request, 'startScan/start_scan_ui.html', context)
 
 
diff --git a/web/static/plugins/selectize/css/selectize.bootstrap3.css b/web/static/plugins/selectize/css/selectize.bootstrap3.css
new file mode 100644
index 000000000..7c50f611e
--- /dev/null
+++ b/web/static/plugins/selectize/css/selectize.bootstrap3.css
@@ -0,0 +1,417 @@
+/**
+ * selectize.bootstrap3.css (v0.12.6) - Bootstrap 3 Theme
+ * Copyright (c) 2013–2015 Brian Reavis & contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this
+ * file except in compliance with the License. You may obtain a copy of the License at:
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
+ * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+ * ANY KIND, either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ *
+ * @author Brian Reavis <brian@thirdroute.com>
+ */
+.selectize-control.plugin-drag_drop.multi > .selectize-input > div.ui-sortable-placeholder {
+  visibility: visible !important;
+  background: #f2f2f2 !important;
+  background: rgba(0, 0, 0, 0.06) !important;
+  border: 0 none !important;
+  -webkit-box-shadow: inset 0 0 12px 4px #fff;
+  box-shadow: inset 0 0 12px 4px #fff;
+}
+.selectize-control.plugin-drag_drop .ui-sortable-placeholder::after {
+  content: '!';
+  visibility: hidden;
+}
+.selectize-control.plugin-drag_drop .ui-sortable-helper {
+  -webkit-box-shadow: 0 2px 5px rgba(0, 0, 0, 0.2);
+  box-shadow: 0 2px 5px rgba(0, 0, 0, 0.2);
+}
+.selectize-dropdown-header {
+  position: relative;
+  padding: 3px 12px;
+  border-bottom: 1px solid #d0d0d0;
+  background: #f8f8f8;
+  -webkit-border-radius: 4px 4px 0 0;
+  -moz-border-radius: 4px 4px 0 0;
+  border-radius: 4px 4px 0 0;
+}
+.selectize-dropdown-header-close {
+  position: absolute;
+  right: 12px;
+  top: 50%;
+  color: #333333;
+  opacity: 0.4;
+  margin-top: -12px;
+  line-height: 20px;
+  font-size: 20px !important;
+}
+.selectize-dropdown-header-close:hover {
+  color: #000000;
+}
+.selectize-dropdown.plugin-optgroup_columns .optgroup {
+  border-right: 1px solid #f2f2f2;
+  border-top: 0 none;
+  float: left;
+  -webkit-box-sizing: border-box;
+  -moz-box-sizing: border-box;
+  box-sizing: border-box;
+}
+.selectize-dropdown.plugin-optgroup_columns .optgroup:last-child {
+  border-right: 0 none;
+}
+.selectize-dropdown.plugin-optgroup_columns .optgroup:before {
+  display: none;
+}
+.selectize-dropdown.plugin-optgroup_columns .optgroup-header {
+  border-top: 0 none;
+}
+.selectize-control.plugin-remove_button [data-value] {
+  position: relative;
+  padding-right: 24px !important;
+}
+.selectize-control.plugin-remove_button [data-value] .remove {
+  z-index: 1;
+  /* fixes ie bug (see #392) */
+  position: absolute;
+  top: 0;
+  right: 0;
+  bottom: 0;
+  width: 17px;
+  text-align: center;
+  font-weight: bold;
+  font-size: 12px;
+  color: inherit;
+  text-decoration: none;
+  vertical-align: middle;
+  display: inline-block;
+  padding: 1px 0 0 0;
+  border-left: 1px solid rgba(0, 0, 0, 0);
+  -webkit-border-radius: 0 2px 2px 0;
+  -moz-border-radius: 0 2px 2px 0;
+  border-radius: 0 2px 2px 0;
+  -webkit-box-sizing: border-box;
+  -moz-box-sizing: border-box;
+  box-sizing: border-box;
+}
+.selectize-control.plugin-remove_button [data-value] .remove:hover {
+  background: rgba(0, 0, 0, 0.05);
+}
+.selectize-control.plugin-remove_button [data-value].active .remove {
+  border-left-color: rgba(0, 0, 0, 0);
+}
+.selectize-control.plugin-remove_button .disabled [data-value] .remove:hover {
+  background: none;
+}
+.selectize-control.plugin-remove_button .disabled [data-value] .remove {
+  border-left-color: rgba(77, 77, 77, 0);
+}
+.selectize-control.plugin-remove_button .remove-single {
+  position: absolute;
+  right: 0;
+  top: 0;
+  font-size: 23px;
+}
+.selectize-control {
+  position: relative;
+}
+.selectize-dropdown,
+.selectize-input,
+.selectize-input input {
+  color: #333333;
+  font-family: inherit;
+  font-size: inherit;
+  line-height: 20px;
+  -webkit-font-smoothing: inherit;
+}
+.selectize-input,
+.selectize-control.single .selectize-input.input-active {
+  background: #fff;
+  cursor: text;
+  display: inline-block;
+}
+.selectize-input {
+  border: 1px solid #ccc;
+  padding: 6px 12px;
+  display: inline-block;
+  width: 100%;
+  overflow: hidden;
+  position: relative;
+  z-index: 1;
+  -webkit-box-sizing: border-box;
+  -moz-box-sizing: border-box;
+  box-sizing: border-box;
+  -webkit-box-shadow: none;
+  box-shadow: none;
+  -webkit-border-radius: 4px;
+  -moz-border-radius: 4px;
+  border-radius: 4px;
+}
+.selectize-control.multi .selectize-input.has-items {
+  padding: 5px 12px 2px;
+}
+.selectize-input.full {
+  background-color: #fff;
+}
+.selectize-input.disabled,
+.selectize-input.disabled * {
+  cursor: default !important;
+}
+.selectize-input.focus {
+  -webkit-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.15);
+  box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.15);
+}
+.selectize-input.dropdown-active {
+  -webkit-border-radius: 4px 4px 0 0;
+  -moz-border-radius: 4px 4px 0 0;
+  border-radius: 4px 4px 0 0;
+}
+.selectize-input > * {
+  vertical-align: baseline;
+  display: -moz-inline-stack;
+  display: inline-block;
+  zoom: 1;
+  *display: inline;
+}
+.selectize-control.multi .selectize-input > div {
+  cursor: pointer;
+  margin: 0 3px 3px 0;
+  padding: 1px 3px;
+  background: #efefef;
+  color: #333333;
+  border: 0 solid rgba(0, 0, 0, 0);
+}
+.selectize-control.multi .selectize-input > div.active {
+  background: #428bca;
+  color: #fff;
+  border: 0 solid rgba(0, 0, 0, 0);
+}
+.selectize-control.multi .selectize-input.disabled > div,
+.selectize-control.multi .selectize-input.disabled > div.active {
+  color: #808080;
+  background: #ffffff;
+  border: 0 solid rgba(77, 77, 77, 0);
+}
+.selectize-input > input {
+  display: inline-block !important;
+  padding: 0 !important;
+  min-height: 0 !important;
+  max-height: none !important;
+  max-width: 100% !important;
+  margin: 0 !important;
+  text-indent: 0 !important;
+  border: 0 none !important;
+  background: none !important;
+  line-height: inherit !important;
+  -webkit-user-select: auto !important;
+  -webkit-box-shadow: none !important;
+  box-shadow: none !important;
+}
+.selectize-input > input::-ms-clear {
+  display: none;
+}
+.selectize-input > input:focus {
+  outline: none !important;
+}
+.selectize-input::after {
+  content: ' ';
+  display: block;
+  clear: left;
+}
+.selectize-input.dropdown-active::before {
+  content: ' ';
+  display: block;
+  position: absolute;
+  background: #ffffff;
+  height: 1px;
+  bottom: 0;
+  left: 0;
+  right: 0;
+}
+.selectize-dropdown {
+  position: absolute;
+  z-index: 10;
+  border: 1px solid #d0d0d0;
+  background: #fff;
+  margin: -1px 0 0 0;
+  border-top: 0 none;
+  -webkit-box-sizing: border-box;
+  -moz-box-sizing: border-box;
+  box-sizing: border-box;
+  -webkit-box-shadow: 0 1px 3px rgba(0, 0, 0, 0.1);
+  box-shadow: 0 1px 3px rgba(0, 0, 0, 0.1);
+  -webkit-border-radius: 0 0 4px 4px;
+  -moz-border-radius: 0 0 4px 4px;
+  border-radius: 0 0 4px 4px;
+}
+.selectize-dropdown [data-selectable] {
+  cursor: pointer;
+  overflow: hidden;
+}
+.selectize-dropdown [data-selectable] .highlight {
+  background: rgba(255, 237, 40, 0.4);
+  -webkit-border-radius: 1px;
+  -moz-border-radius: 1px;
+  border-radius: 1px;
+}
+.selectize-dropdown .option,
+.selectize-dropdown .optgroup-header {
+  padding: 3px 12px;
+}
+.selectize-dropdown .option,
+.selectize-dropdown [data-disabled],
+.selectize-dropdown [data-disabled] [data-selectable].option {
+  cursor: inherit;
+  opacity: 0.5;
+}
+.selectize-dropdown [data-selectable].option {
+  opacity: 1;
+}
+.selectize-dropdown .optgroup:first-child .optgroup-header {
+  border-top: 0 none;
+}
+.selectize-dropdown .optgroup-header {
+  color: #777777;
+  background: #fff;
+  cursor: default;
+}
+.selectize-dropdown .active {
+  background-color: #f5f5f5;
+  color: #262626;
+}
+.selectize-dropdown .active.create {
+  color: #262626;
+}
+.selectize-dropdown .create {
+  color: rgba(51, 51, 51, 0.5);
+}
+.selectize-dropdown-content {
+  overflow-y: auto;
+  overflow-x: hidden;
+  max-height: 200px;
+  -webkit-overflow-scrolling: touch;
+}
+.selectize-control.single .selectize-input,
+.selectize-control.single .selectize-input input {
+  cursor: pointer;
+}
+.selectize-control.single .selectize-input.input-active,
+.selectize-control.single .selectize-input.input-active input {
+  cursor: text;
+}
+.selectize-control.single .selectize-input:after {
+  content: ' ';
+  display: block;
+  position: absolute;
+  top: 50%;
+  right: 17px;
+  margin-top: -3px;
+  width: 0;
+  height: 0;
+  border-style: solid;
+  border-width: 5px 5px 0 5px;
+  border-color: #333333 transparent transparent transparent;
+}
+.selectize-control.single .selectize-input.dropdown-active:after {
+  margin-top: -4px;
+  border-width: 0 5px 5px 5px;
+  border-color: transparent transparent #333333 transparent;
+}
+.selectize-control.rtl.single .selectize-input:after {
+  left: 17px;
+  right: auto;
+}
+.selectize-control.rtl .selectize-input > input {
+  margin: 0 4px 0 -2px !important;
+}
+.selectize-control .selectize-input.disabled {
+  opacity: 0.5;
+  background-color: #fff;
+}
+.selectize-dropdown,
+.selectize-dropdown.form-control {
+  height: auto;
+  padding: 0;
+  margin: 2px 0 0 0;
+  z-index: 1000;
+  background: #fff;
+  border: 1px solid #ccc;
+  border: 1px solid rgba(0, 0, 0, 0.15);
+  -webkit-border-radius: 4px;
+  -moz-border-radius: 4px;
+  border-radius: 4px;
+  -webkit-box-shadow: 0 6px 12px rgba(0, 0, 0, 0.175);
+  box-shadow: 0 6px 12px rgba(0, 0, 0, 0.175);
+}
+.selectize-dropdown .optgroup-header {
+  font-size: 12px;
+  line-height: 1.42857143;
+}
+.selectize-dropdown .optgroup:first-child:before {
+  display: none;
+}
+.selectize-dropdown .optgroup:before {
+  content: ' ';
+  display: block;
+  height: 1px;
+  margin: 9px 0;
+  overflow: hidden;
+  background-color: #e5e5e5;
+  margin-left: -12px;
+  margin-right: -12px;
+}
+.selectize-dropdown-content {
+  padding: 5px 0;
+}
+.selectize-dropdown-header {
+  padding: 6px 12px;
+}
+.selectize-input {
+  min-height: 34px;
+}
+.selectize-input.dropdown-active {
+  -webkit-border-radius: 4px;
+  -moz-border-radius: 4px;
+  border-radius: 4px;
+}
+.selectize-input.dropdown-active::before {
+  display: none;
+}
+.selectize-input.focus {
+  border-color: #66afe9;
+  outline: 0;
+  -webkit-box-shadow: inset 0 1px 1px rgba(0,0,0,.075), 0 0 8px rgba(102, 175, 233, 0.6);
+  box-shadow: inset 0 1px 1px rgba(0,0,0,.075), 0 0 8px rgba(102, 175, 233, 0.6);
+}
+.has-error .selectize-input {
+  border-color: #a94442;
+  -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075);
+  box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075);
+}
+.has-error .selectize-input:focus {
+  border-color: #843534;
+  -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #ce8483;
+  box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #ce8483;
+}
+.selectize-control.multi .selectize-input.has-items {
+  padding-left: 9px;
+  padding-right: 9px;
+}
+.selectize-control.multi .selectize-input > div {
+  -webkit-border-radius: 3px;
+  -moz-border-radius: 3px;
+  border-radius: 3px;
+}
+.form-control.selectize-control {
+  padding: 0;
+  height: auto;
+  border: none;
+  background: none;
+  -webkit-box-shadow: none;
+  box-shadow: none;
+  -webkit-border-radius: 0;
+  -moz-border-radius: 0;
+  border-radius: 0;
+}
diff --git a/web/static/plugins/selectize/css/selectize.css b/web/static/plugins/selectize/css/selectize.css
new file mode 100644
index 000000000..3ec90ad0e
--- /dev/null
+++ b/web/static/plugins/selectize/css/selectize.css
@@ -0,0 +1,333 @@
+/**
+ * selectize.css (v0.12.6)
+ * Copyright (c) 2013–2015 Brian Reavis & contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this
+ * file except in compliance with the License. You may obtain a copy of the License at:
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
+ * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+ * ANY KIND, either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ *
+ * @author Brian Reavis <brian@thirdroute.com>
+ */
+
+.selectize-control.plugin-drag_drop.multi > .selectize-input > div.ui-sortable-placeholder {
+  visibility: visible !important;
+  background: #f2f2f2 !important;
+  background: rgba(0, 0, 0, 0.06) !important;
+  border: 0 none !important;
+  -webkit-box-shadow: inset 0 0 12px 4px #fff;
+  box-shadow: inset 0 0 12px 4px #fff;
+}
+.selectize-control.plugin-drag_drop .ui-sortable-placeholder::after {
+  content: '!';
+  visibility: hidden;
+}
+.selectize-control.plugin-drag_drop .ui-sortable-helper {
+  -webkit-box-shadow: 0 2px 5px rgba(0, 0, 0, 0.2);
+  box-shadow: 0 2px 5px rgba(0, 0, 0, 0.2);
+}
+.selectize-dropdown-header {
+  position: relative;
+  padding: 5px 8px;
+  border-bottom: 1px solid #d0d0d0;
+  background: #f8f8f8;
+  -webkit-border-radius: 3px 3px 0 0;
+  -moz-border-radius: 3px 3px 0 0;
+  border-radius: 3px 3px 0 0;
+}
+.selectize-dropdown-header-close {
+  position: absolute;
+  right: 8px;
+  top: 50%;
+  color: #303030;
+  opacity: 0.4;
+  margin-top: -12px;
+  line-height: 20px;
+  font-size: 20px !important;
+}
+.selectize-dropdown-header-close:hover {
+  color: #000000;
+}
+.selectize-dropdown.plugin-optgroup_columns .optgroup {
+  border-right: 1px solid #f2f2f2;
+  border-top: 0 none;
+  float: left;
+  -webkit-box-sizing: border-box;
+  -moz-box-sizing: border-box;
+  box-sizing: border-box;
+}
+.selectize-dropdown.plugin-optgroup_columns .optgroup:last-child {
+  border-right: 0 none;
+}
+.selectize-dropdown.plugin-optgroup_columns .optgroup:before {
+  display: none;
+}
+.selectize-dropdown.plugin-optgroup_columns .optgroup-header {
+  border-top: 0 none;
+}
+.selectize-control.plugin-remove_button [data-value] {
+  position: relative;
+  padding-right: 24px !important;
+}
+.selectize-control.plugin-remove_button [data-value] .remove {
+  z-index: 1;
+  /* fixes ie bug (see #392) */
+  position: absolute;
+  top: 0;
+  right: 0;
+  bottom: 0;
+  width: 17px;
+  text-align: center;
+  font-weight: bold;
+  font-size: 12px;
+  color: inherit;
+  text-decoration: none;
+  vertical-align: middle;
+  display: inline-block;
+  padding: 2px 0 0 0;
+  border-left: 1px solid #d0d0d0;
+  -webkit-border-radius: 0 2px 2px 0;
+  -moz-border-radius: 0 2px 2px 0;
+  border-radius: 0 2px 2px 0;
+  -webkit-box-sizing: border-box;
+  -moz-box-sizing: border-box;
+  box-sizing: border-box;
+}
+.selectize-control.plugin-remove_button [data-value] .remove:hover {
+  background: rgba(0, 0, 0, 0.05);
+}
+.selectize-control.plugin-remove_button [data-value].active .remove {
+  border-left-color: #cacaca;
+}
+.selectize-control.plugin-remove_button .disabled [data-value] .remove:hover {
+  background: none;
+}
+.selectize-control.plugin-remove_button .disabled [data-value] .remove {
+  border-left-color: #ffffff;
+}
+.selectize-control.plugin-remove_button .remove-single {
+  position: absolute;
+  right: 0;
+  top: 0;
+  font-size: 23px;
+}
+.selectize-control {
+  position: relative;
+}
+.selectize-dropdown,
+.selectize-input,
+.selectize-input input {
+  color: #303030;
+  font-family: inherit;
+  font-size: 13px;
+  line-height: 18px;
+  -webkit-font-smoothing: inherit;
+}
+.selectize-input,
+.selectize-control.single .selectize-input.input-active {
+  background: #fff;
+  cursor: text;
+  display: inline-block;
+}
+.selectize-input {
+  border: 1px solid #d0d0d0;
+  padding: 8px 8px;
+  display: inline-block;
+  width: 100%;
+  overflow: hidden;
+  position: relative;
+  z-index: 1;
+  -webkit-box-sizing: border-box;
+  -moz-box-sizing: border-box;
+  box-sizing: border-box;
+  -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.1);
+  box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.1);
+  -webkit-border-radius: 3px;
+  -moz-border-radius: 3px;
+  border-radius: 3px;
+}
+.selectize-control.multi .selectize-input.has-items {
+  padding: 6px 8px 3px;
+}
+.selectize-input.full {
+  background-color: #fff;
+}
+.selectize-input.disabled,
+.selectize-input.disabled * {
+  cursor: default !important;
+}
+.selectize-input.focus {
+  -webkit-box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.15);
+  box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.15);
+}
+.selectize-input.dropdown-active {
+  -webkit-border-radius: 3px 3px 0 0;
+  -moz-border-radius: 3px 3px 0 0;
+  border-radius: 3px 3px 0 0;
+}
+.selectize-input > * {
+  vertical-align: baseline;
+  display: -moz-inline-stack;
+  display: inline-block;
+  zoom: 1;
+  *display: inline;
+}
+.selectize-control.multi .selectize-input > div {
+  cursor: pointer;
+  margin: 0 3px 3px 0;
+  padding: 2px 6px;
+  background: #f2f2f2;
+  color: #303030;
+  border: 0 solid #d0d0d0;
+}
+.selectize-control.multi .selectize-input > div.active {
+  background: #e8e8e8;
+  color: #303030;
+  border: 0 solid #cacaca;
+}
+.selectize-control.multi .selectize-input.disabled > div,
+.selectize-control.multi .selectize-input.disabled > div.active {
+  color: #7d7d7d;
+  background: #ffffff;
+  border: 0 solid #ffffff;
+}
+.selectize-input > input {
+  display: inline-block !important;
+  padding: 0 !important;
+  min-height: 0 !important;
+  max-height: none !important;
+  max-width: 100% !important;
+  margin: 0 2px 0 0 !important;
+  text-indent: 0 !important;
+  border: 0 none !important;
+  background: none !important;
+  line-height: inherit !important;
+  -webkit-user-select: auto !important;
+  -webkit-box-shadow: none !important;
+  box-shadow: none !important;
+}
+.selectize-input > input::-ms-clear {
+  display: none;
+}
+.selectize-input > input:focus {
+  outline: none !important;
+}
+.selectize-input::after {
+  content: ' ';
+  display: block;
+  clear: left;
+}
+.selectize-input.dropdown-active::before {
+  content: ' ';
+  display: block;
+  position: absolute;
+  background: #f0f0f0;
+  height: 1px;
+  bottom: 0;
+  left: 0;
+  right: 0;
+}
+.selectize-dropdown {
+  position: absolute;
+  z-index: 10;
+  border: 1px solid #d0d0d0;
+  background: #fff;
+  margin: -1px 0 0 0;
+  border-top: 0 none;
+  -webkit-box-sizing: border-box;
+  -moz-box-sizing: border-box;
+  box-sizing: border-box;
+  -webkit-box-shadow: 0 1px 3px rgba(0, 0, 0, 0.1);
+  box-shadow: 0 1px 3px rgba(0, 0, 0, 0.1);
+  -webkit-border-radius: 0 0 3px 3px;
+  -moz-border-radius: 0 0 3px 3px;
+  border-radius: 0 0 3px 3px;
+}
+.selectize-dropdown [data-selectable] {
+  cursor: pointer;
+  overflow: hidden;
+}
+.selectize-dropdown [data-selectable] .highlight {
+  background: rgba(125, 168, 208, 0.2);
+  -webkit-border-radius: 1px;
+  -moz-border-radius: 1px;
+  border-radius: 1px;
+}
+.selectize-dropdown .option,
+.selectize-dropdown .optgroup-header {
+  padding: 5px 8px;
+}
+.selectize-dropdown .option,
+.selectize-dropdown [data-disabled],
+.selectize-dropdown [data-disabled] [data-selectable].option {
+  cursor: inherit;
+  opacity: 0.5;
+}
+.selectize-dropdown [data-selectable].option {
+  opacity: 1;
+}
+.selectize-dropdown .optgroup:first-child .optgroup-header {
+  border-top: 0 none;
+}
+.selectize-dropdown .optgroup-header {
+  color: #303030;
+  background: #fff;
+  cursor: default;
+}
+.selectize-dropdown .active {
+  background-color: #f5fafd;
+  color: #495c68;
+}
+.selectize-dropdown .active.create {
+  color: #495c68;
+}
+.selectize-dropdown .create {
+  color: rgba(48, 48, 48, 0.5);
+}
+.selectize-dropdown-content {
+  overflow-y: auto;
+  overflow-x: hidden;
+  max-height: 200px;
+  -webkit-overflow-scrolling: touch;
+}
+.selectize-control.single .selectize-input,
+.selectize-control.single .selectize-input input {
+  cursor: pointer;
+}
+.selectize-control.single .selectize-input.input-active,
+.selectize-control.single .selectize-input.input-active input {
+  cursor: text;
+}
+.selectize-control.single .selectize-input:after {
+  content: ' ';
+  display: block;
+  position: absolute;
+  top: 50%;
+  right: 15px;
+  margin-top: -3px;
+  width: 0;
+  height: 0;
+  border-style: solid;
+  border-width: 5px 5px 0 5px;
+  border-color: #808080 transparent transparent transparent;
+}
+.selectize-control.single .selectize-input.dropdown-active:after {
+  margin-top: -4px;
+  border-width: 0 5px 5px 5px;
+  border-color: transparent transparent #808080 transparent;
+}
+.selectize-control.rtl.single .selectize-input:after {
+  left: 15px;
+  right: auto;
+}
+.selectize-control.rtl .selectize-input > input {
+  margin: 0 4px 0 -2px !important;
+}
+.selectize-control .selectize-input.disabled {
+  opacity: 0.5;
+  background-color: #fafafa;
+}
diff --git a/web/static/plugins/selectize/js/standalone/selectize.min.js b/web/static/plugins/selectize/js/standalone/selectize.min.js
new file mode 100644
index 000000000..43046c90d
--- /dev/null
+++ b/web/static/plugins/selectize/js/standalone/selectize.min.js
@@ -0,0 +1,4 @@
+/*! selectize.js - v0.12.6 | https://github.com/selectize/selectize.js | Apache License (v2) */
+
+!function(a,b){"function"==typeof define&&define.amd?define("sifter",b):"object"==typeof exports?module.exports=b():a.Sifter=b()}(this,function(){var a=function(a,b){this.items=a,this.settings=b||{diacritics:!0}};a.prototype.tokenize=function(a){if(!(a=e(String(a||"").toLowerCase()))||!a.length)return[];var b,c,d,g,i=[],j=a.split(/ +/);for(b=0,c=j.length;b<c;b++){if(d=f(j[b]),this.settings.diacritics)for(g in h)h.hasOwnProperty(g)&&(d=d.replace(new RegExp(g,"g"),h[g]));i.push({string:j[b],regex:new RegExp(d,"i")})}return i},a.prototype.iterator=function(a,b){var c;c=g(a)?Array.prototype.forEach||function(a){for(var b=0,c=this.length;b<c;b++)a(this[b],b,this)}:function(a){for(var b in this)this.hasOwnProperty(b)&&a(this[b],b,this)},c.apply(a,[b])},a.prototype.getScoreFunction=function(a,b){var c,e,f,g,h;c=this,a=c.prepareSearch(a,b),f=a.tokens,e=a.options.fields,g=f.length,h=a.options.nesting;var i=function(a,b){var c,d;return a?(a=String(a||""),-1===(d=a.search(b.regex))?0:(c=b.string.length/a.length,0===d&&(c+=.5),c)):0},j=function(){var a=e.length;return a?1===a?function(a,b){return i(d(b,e[0],h),a)}:function(b,c){for(var f=0,g=0;f<a;f++)g+=i(d(c,e[f],h),b);return g/a}:function(){return 0}}();return g?1===g?function(a){return j(f[0],a)}:"and"===a.options.conjunction?function(a){for(var b,c=0,d=0;c<g;c++){if((b=j(f[c],a))<=0)return 0;d+=b}return d/g}:function(a){for(var b=0,c=0;b<g;b++)c+=j(f[b],a);return c/g}:function(){return 0}},a.prototype.getSortFunction=function(a,c){var e,f,g,h,i,j,k,l,m,n,o;if(g=this,a=g.prepareSearch(a,c),o=!a.query&&c.sort_empty||c.sort,m=function(a,b){return"$score"===a?b.score:d(g.items[b.id],a,c.nesting)},i=[],o)for(e=0,f=o.length;e<f;e++)(a.query||"$score"!==o[e].field)&&i.push(o[e]);if(a.query){for(n=!0,e=0,f=i.length;e<f;e++)if("$score"===i[e].field){n=!1;break}n&&i.unshift({field:"$score",direction:"desc"})}else for(e=0,f=i.length;e<f;e++)if("$score"===i[e].field){i.splice(e,1);break}for(l=[],e=0,f=i.length;e<f;e++)l.push("desc"===i[e].direction?-1:1);return j=i.length,j?1===j?(h=i[0].field,k=l[0],function(a,c){return k*b(m(h,a),m(h,c))}):function(a,c){var d,e,f;for(d=0;d<j;d++)if(f=i[d].field,e=l[d]*b(m(f,a),m(f,c)))return e;return 0}:null},a.prototype.prepareSearch=function(a,b){if("object"==typeof a)return a;b=c({},b);var d=b.fields,e=b.sort,f=b.sort_empty;return d&&!g(d)&&(b.fields=[d]),e&&!g(e)&&(b.sort=[e]),f&&!g(f)&&(b.sort_empty=[f]),{options:b,query:String(a||"").toLowerCase(),tokens:this.tokenize(a),total:0,items:[]}},a.prototype.search=function(a,b){var c,d,e,f,g=this;return d=this.prepareSearch(a,b),b=d.options,a=d.query,f=b.score||g.getScoreFunction(d),a.length?g.iterator(g.items,function(a,e){c=f(a),(!1===b.filter||c>0)&&d.items.push({score:c,id:e})}):g.iterator(g.items,function(a,b){d.items.push({score:1,id:b})}),e=g.getSortFunction(d,b),e&&d.items.sort(e),d.total=d.items.length,"number"==typeof b.limit&&(d.items=d.items.slice(0,b.limit)),d};var b=function(a,b){return"number"==typeof a&&"number"==typeof b?a>b?1:a<b?-1:0:(a=i(String(a||"")),b=i(String(b||"")),a>b?1:b>a?-1:0)},c=function(a,b){var c,d,e,f;for(c=1,d=arguments.length;c<d;c++)if(f=arguments[c])for(e in f)f.hasOwnProperty(e)&&(a[e]=f[e]);return a},d=function(a,b,c){if(a&&b){if(!c)return a[b];for(var d=b.split(".");d.length&&(a=a[d.shift()]););return a}},e=function(a){return(a+"").replace(/^\s+|\s+$|/g,"")},f=function(a){return(a+"").replace(/([.?*+^$[\]\\(){}|-])/g,"\\$1")},g=Array.isArray||"undefined"!=typeof $&&$.isArray||function(a){return"[object Array]"===Object.prototype.toString.call(a)},h={a:"[aḀḁĂăÂâǍǎȺⱥȦȧẠạÄäÀàÁáĀāÃãÅåąĄÃąĄ]",b:"[b␢βΒB฿𐌁ᛒ]",c:"[cĆćĈĉČčĊċC̄c̄ÇçḈḉȻȼƇƈɕᴄＣｃ]",d:"[dĎďḊḋḐḑḌḍḒḓḎḏĐđD̦d̦ƉɖƊɗƋƌᵭᶁᶑȡᴅＤｄð]",e:"[eÉéÈèÊêḘḙĚěĔĕẼẽḚḛẺẻĖėËëĒēȨȩĘęᶒɆɇȄȅẾếỀềỄễỂểḜḝḖḗḔḕȆȇẸẹỆệⱸᴇＥｅɘǝƏƐε]",f:"[fƑƒḞḟ]",g:"[gɢ₲ǤǥĜĝĞğĢģƓɠĠġ]",h:"[hĤĥĦħḨḩẖẖḤḥḢḣɦʰǶƕ]",i:"[iÍíÌìĬĭÎîǏǐÏïḮḯĨĩĮįĪīỈỉȈȉȊȋỊịḬḭƗɨɨ̆ᵻᶖİiIıɪＩｉ]",j:"[jȷĴĵɈɉʝɟʲ]",k:"[kƘƙꝀꝁḰḱǨǩḲḳḴḵκϰ₭]",l:"[lŁłĽľĻļĹĺḶḷḸḹḼḽḺḻĿŀȽƚⱠⱡⱢɫɬᶅɭȴʟＬｌ]",n:"[nŃńǸǹŇňÑñṄṅŅņṆṇṊṋṈṉN̈n̈ƝɲȠƞᵰᶇɳȵɴＮｎŊŋ]",o:"[oØøÖöÓóÒòÔôǑǒŐőŎŏȮȯỌọƟɵƠơỎỏŌōÕõǪǫȌȍՕօ]",p:"[pṔṕṖṗⱣᵽƤƥᵱ]",q:"[qꝖꝗʠɊɋꝘꝙq̃]",r:"[rŔŕɌɍŘřŖŗṘṙȐȑȒȓṚṛⱤɽ]",s:"[sŚśṠṡṢṣꞨꞩŜŝŠšŞşȘșS̈s̈]",t:"[tŤťṪṫŢţṬṭƮʈȚțṰṱṮṯƬƭ]",u:"[uŬŭɄʉỤụÜüÚúÙùÛûǓǔŰűŬŭƯưỦủŪūŨũŲųȔȕ∪]",v:"[vṼṽṾṿƲʋꝞꝟⱱʋ]",w:"[wẂẃẀẁŴŵẄẅẆẇẈẉ]",x:"[xẌẍẊẋχ]",y:"[yÝýỲỳŶŷŸÿỸỹẎẏỴỵɎɏƳƴ]",z:"[zŹźẐẑŽžŻżẒẓẔẕƵƶ]"},i=function(){var a,b,c,d,e="",f={};for(c in h)if(h.hasOwnProperty(c))for(d=h[c].substring(2,h[c].length-1),e+=d,a=0,b=d.length;a<b;a++)f[d.charAt(a)]=c;var g=new RegExp("["+e+"]","g");return function(a){return a.replace(g,function(a){return f[a]}).toLowerCase()}}();return a}),function(a,b){"function"==typeof define&&define.amd?define("microplugin",b):"object"==typeof exports?module.exports=b():a.MicroPlugin=b()}(this,function(){var a={};a.mixin=function(a){a.plugins={},a.prototype.initializePlugins=function(a){var c,d,e,f=this,g=[];if(f.plugins={names:[],settings:{},requested:{},loaded:{}},b.isArray(a))for(c=0,d=a.length;c<d;c++)"string"==typeof a[c]?g.push(a[c]):(f.plugins.settings[a[c].name]=a[c].options,g.push(a[c].name));else if(a)for(e in a)a.hasOwnProperty(e)&&(f.plugins.settings[e]=a[e],g.push(e));for(;g.length;)f.require(g.shift())},a.prototype.loadPlugin=function(b){var c=this,d=c.plugins,e=a.plugins[b];if(!a.plugins.hasOwnProperty(b))throw new Error('Unable to find "'+b+'" plugin');d.requested[b]=!0,d.loaded[b]=e.fn.apply(c,[c.plugins.settings[b]||{}]),d.names.push(b)},a.prototype.require=function(a){var b=this,c=b.plugins;if(!b.plugins.loaded.hasOwnProperty(a)){if(c.requested[a])throw new Error('Plugin has circular dependency ("'+a+'")');b.loadPlugin(a)}return c.loaded[a]},a.define=function(b,c){a.plugins[b]={name:b,fn:c}}};var b={isArray:Array.isArray||function(a){return"[object Array]"===Object.prototype.toString.call(a)}};return a}),function(a,b){"function"==typeof define&&define.amd?define("selectize",["jquery","sifter","microplugin"],b):"object"==typeof exports?module.exports=b(require("jquery"),require("sifter"),require("microplugin")):a.Selectize=b(a.jQuery,a.Sifter,a.MicroPlugin)}(this,function(a,b,c){"use strict";var d=function(a,b){if("string"!=typeof b||b.length){var c="string"==typeof b?new RegExp(b,"i"):b,d=function(a){var b=0;if(3===a.nodeType){var e=a.data.search(c);if(e>=0&&a.data.length>0){var f=a.data.match(c),g=document.createElement("span");g.className="highlight";var h=a.splitText(e),i=(h.splitText(f[0].length),h.cloneNode(!0));g.appendChild(i),h.parentNode.replaceChild(g,h),b=1}}else if(1===a.nodeType&&a.childNodes&&!/(script|style)/i.test(a.tagName)&&("highlight"!==a.className||"SPAN"!==a.tagName))for(var j=0;j<a.childNodes.length;++j)j+=d(a.childNodes[j]);return b};return a.each(function(){d(this)})}};a.fn.removeHighlight=function(){return this.find("span.highlight").each(function(){this.parentNode.firstChild.nodeName;var a=this.parentNode;a.replaceChild(this.firstChild,this),a.normalize()}).end()};var e=function(){};e.prototype={on:function(a,b){this._events=this._events||{},this._events[a]=this._events[a]||[],this._events[a].push(b)},off:function(a,b){var c=arguments.length;return 0===c?delete this._events:1===c?delete this._events[a]:(this._events=this._events||{},void(a in this._events!=!1&&this._events[a].splice(this._events[a].indexOf(b),1)))},trigger:function(a){if(this._events=this._events||{},a in this._events!=!1)for(var b=0;b<this._events[a].length;b++)this._events[a][b].apply(this,Array.prototype.slice.call(arguments,1))}},e.mixin=function(a){for(var b=["on","off","trigger"],c=0;c<b.length;c++)a.prototype[b[c]]=e.prototype[b[c]]};var f=/Mac/.test(navigator.userAgent),g=f?91:17,h=f?18:17,i=!/android/i.test(window.navigator.userAgent)&&!!document.createElement("input").validity,j=function(a){return void 0!==a},k=function(a){return void 0===a||null===a?null:"boolean"==typeof a?a?"1":"0":a+""},l=function(a){return(a+"").replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")},m={};m.before=function(a,b,c){var d=a[b];a[b]=function(){return c.apply(a,arguments),d.apply(a,arguments)}},m.after=function(a,b,c){var d=a[b];a[b]=function(){var b=d.apply(a,arguments);return c.apply(a,arguments),b}};var n=function(a){var b=!1;return function(){b||(b=!0,a.apply(this,arguments))}},o=function(a,b){var c;return function(){var d=this,e=arguments;window.clearTimeout(c),c=window.setTimeout(function(){a.apply(d,e)},b)}},p=function(a,b,c){var d,e=a.trigger,f={};a.trigger=function(){var c=arguments[0];if(-1===b.indexOf(c))return e.apply(a,arguments);f[c]=arguments},c.apply(a,[]),a.trigger=e;for(d in f)f.hasOwnProperty(d)&&e.apply(a,f[d])},q=function(a,b,c,d){a.on(b,c,function(b){for(var c=b.target;c&&c.parentNode!==a[0];)c=c.parentNode;return b.currentTarget=c,d.apply(this,[b])})},r=function(a){var b={};if("selectionStart"in a)b.start=a.selectionStart,b.length=a.selectionEnd-b.start;else if(document.selection){a.focus();var c=document.selection.createRange(),d=document.selection.createRange().text.length;c.moveStart("character",-a.value.length),b.start=c.text.length-d,b.length=d}return b},s=function(a,b,c){var d,e,f={};if(c)for(d=0,e=c.length;d<e;d++)f[c[d]]=a.css(c[d]);else f=a.css();b.css(f)},t=function(b,c){return b?(w.$testInput||(w.$testInput=a("<span />").css({position:"absolute",top:-99999,left:-99999,width:"auto",padding:0,whiteSpace:"pre"}).appendTo("body")),w.$testInput.text(b),s(c,w.$testInput,["letterSpacing","fontSize","fontFamily","fontWeight","textTransform"]),w.$testInput.width()):0},u=function(a){var b=null,c=function(c,d){var e,f,g,h,i,j,k,l;c=c||window.event||{},d=d||{},c.metaKey||c.altKey||(d.force||!1!==a.data("grow"))&&(e=a.val(),c.type&&"keydown"===c.type.toLowerCase()&&(f=c.keyCode,g=f>=48&&f<=57||f>=65&&f<=90||f>=96&&f<=111||f>=186&&f<=222||32===f,46===f||8===f?(l=r(a[0]),l.length?e=e.substring(0,l.start)+e.substring(l.start+l.length):8===f&&l.start?e=e.substring(0,l.start-1)+e.substring(l.start+1):46===f&&void 0!==l.start&&(e=e.substring(0,l.start)+e.substring(l.start+1))):g&&(j=c.shiftKey,k=String.fromCharCode(c.keyCode),k=j?k.toUpperCase():k.toLowerCase(),e+=k)),h=a.attr("placeholder"),!e&&h&&(e=h),(i=t(e,a)+4)!==b&&(b=i,a.width(i),a.triggerHandler("resize")))};a.on("keydown keyup update blur",c),c()},v=function(a){var b=document.createElement("div");return b.appendChild(a.cloneNode(!0)),b.innerHTML},w=function(c,d){var e,f,g,h,i=this;h=c[0],h.selectize=i;var j=window.getComputedStyle&&window.getComputedStyle(h,null);if(g=j?j.getPropertyValue("direction"):h.currentStyle&&h.currentStyle.direction,g=g||c.parents("[dir]:first").attr("dir")||"",a.extend(i,{order:0,settings:d,$input:c,tabIndex:c.attr("tabindex")||"",tagType:"select"===h.tagName.toLowerCase()?1:2,rtl:/rtl/i.test(g),eventNS:".selectize"+ ++w.count,highlightedValue:null,isBlurring:!1,isOpen:!1,isDisabled:!1,isRequired:c.is("[required]"),isInvalid:!1,isLocked:!1,isFocused:!1,isInputHidden:!1,isSetup:!1,isShiftDown:!1,isCmdDown:!1,isCtrlDown:!1,ignoreFocus:!1,ignoreBlur:!1,ignoreHover:!1,hasOptions:!1,currentResults:null,lastValue:"",caretPos:0,loading:0,loadedSearches:{},$activeOption:null,$activeItems:[],optgroups:{},options:{},userOptions:{},items:[],renderCache:{},onSearchChange:null===d.loadThrottle?i.onSearchChange:o(i.onSearchChange,d.loadThrottle)}),i.sifter=new b(this.options,{diacritics:d.diacritics}),i.settings.options){for(e=0,f=i.settings.options.length;e<f;e++)i.registerOption(i.settings.options[e]);delete i.settings.options}if(i.settings.optgroups){for(e=0,f=i.settings.optgroups.length;e<f;e++)i.registerOptionGroup(i.settings.optgroups[e]);delete i.settings.optgroups}i.settings.mode=i.settings.mode||(1===i.settings.maxItems?"single":"multi"),"boolean"!=typeof i.settings.hideSelected&&(i.settings.hideSelected="multi"===i.settings.mode),i.initializePlugins(i.settings.plugins),i.setupCallbacks(),i.setupTemplates(),i.setup()};return e.mixin(w),void 0!==c?c.mixin(w):function(a,b){b||(b={});console.error("Selectize: "+a),b.explanation&&(console.group&&console.group(),console.error(b.explanation),console.group&&console.groupEnd())}("Dependency MicroPlugin is missing",{explanation:'Make sure you either: (1) are using the "standalone" version of Selectize, or (2) require MicroPlugin before you load Selectize.'}),a.extend(w.prototype,{setup:function(){var b,c,d,e,j,k,l,m,n,o,p=this,r=p.settings,s=p.eventNS,t=a(window),v=a(document),w=p.$input;if(l=p.settings.mode,m=w.attr("class")||"",b=a("<div>").addClass(r.wrapperClass).addClass(m).addClass(l),c=a("<div>").addClass(r.inputClass).addClass("items").appendTo(b),d=a('<input type="text" autocomplete="off" />').appendTo(c).attr("tabindex",w.is(":disabled")?"-1":p.tabIndex),k=a(r.dropdownParent||b),e=a("<div>").addClass(r.dropdownClass).addClass(l).hide().appendTo(k),j=a("<div>").addClass(r.dropdownContentClass).appendTo(e),(o=w.attr("id"))&&(d.attr("id",o+"-selectized"),a("label[for='"+o+"']").attr("for",o+"-selectized")),p.settings.copyClassesToDropdown&&e.addClass(m),b.css({width:w[0].style.width}),p.plugins.names.length&&(n="plugin-"+p.plugins.names.join(" plugin-"),b.addClass(n),e.addClass(n)),(null===r.maxItems||r.maxItems>1)&&1===p.tagType&&w.attr("multiple","multiple"),p.settings.placeholder&&d.attr("placeholder",r.placeholder),!p.settings.splitOn&&p.settings.delimiter){var x=p.settings.delimiter.replace(/[-\/\\^$*+?.()|[\]{}]/g,"\\$&");p.settings.splitOn=new RegExp("\\s*"+x+"+\\s*")}w.attr("autocorrect")&&d.attr("autocorrect",w.attr("autocorrect")),w.attr("autocapitalize")&&d.attr("autocapitalize",w.attr("autocapitalize")),d[0].type=w[0].type,p.$wrapper=b,p.$control=c,p.$control_input=d,p.$dropdown=e,p.$dropdown_content=j,e.on("mouseenter mousedown click","[data-disabled]>[data-selectable]",function(a){a.stopImmediatePropagation()}),e.on("mouseenter","[data-selectable]",function(){return p.onOptionHover.apply(p,arguments)}),e.on("mousedown click","[data-selectable]",function(){return p.onOptionSelect.apply(p,arguments)}),q(c,"mousedown","*:not(input)",function(){return p.onItemSelect.apply(p,arguments)}),u(d),c.on({mousedown:function(){return p.onMouseDown.apply(p,arguments)},click:function(){return p.onClick.apply(p,arguments)}}),d.on({mousedown:function(a){a.stopPropagation()},keydown:function(){return p.onKeyDown.apply(p,arguments)},keyup:function(){return p.onKeyUp.apply(p,arguments)},keypress:function(){return p.onKeyPress.apply(p,arguments)},resize:function(){p.positionDropdown.apply(p,[])},blur:function(){return p.onBlur.apply(p,arguments)},focus:function(){return p.ignoreBlur=!1,p.onFocus.apply(p,arguments)},paste:function(){return p.onPaste.apply(p,arguments)}}),v.on("keydown"+s,function(a){p.isCmdDown=a[f?"metaKey":"ctrlKey"],p.isCtrlDown=a[f?"altKey":"ctrlKey"],p.isShiftDown=a.shiftKey}),v.on("keyup"+s,function(a){a.keyCode===h&&(p.isCtrlDown=!1),16===a.keyCode&&(p.isShiftDown=!1),a.keyCode===g&&(p.isCmdDown=!1)}),v.on("mousedown"+s,function(a){if(p.isFocused){if(a.target===p.$dropdown[0]||a.target.parentNode===p.$dropdown[0])return!1;p.$control.has(a.target).length||a.target===p.$control[0]||p.blur(a.target)}}),t.on(["scroll"+s,"resize"+s].join(" "),function(){p.isOpen&&p.positionDropdown.apply(p,arguments)}),t.on("mousemove"+s,function(){p.ignoreHover=!1}),this.revertSettings={$children:w.children().detach(),tabindex:w.attr("tabindex")},w.attr("tabindex",-1).hide().after(p.$wrapper),a.isArray(r.items)&&(p.setValue(r.items),delete r.items),i&&w.on("invalid"+s,function(a){a.preventDefault(),p.isInvalid=!0,p.refreshState()}),p.updateOriginalInput(),p.refreshItems(),p.refreshState(),p.updatePlaceholder(),p.isSetup=!0,w.is(":disabled")&&p.disable(),p.on("change",this.onChange),w.data("selectize",p),w.addClass("selectized"),p.trigger("initialize"),!0===r.preload&&p.onSearchChange("")},setupTemplates:function(){var b=this,c=b.settings.labelField,d=b.settings.optgroupLabelField,e={optgroup:function(a){return'<div class="optgroup">'+a.html+"</div>"},optgroup_header:function(a,b){return'<div class="optgroup-header">'+b(a[d])+"</div>"},option:function(a,b){return'<div class="option">'+b(a[c])+"</div>"},item:function(a,b){return'<div class="item">'+b(a[c])+"</div>"},option_create:function(a,b){return'<div class="create">Add <strong>'+b(a.input)+"</strong>&hellip;</div>"}};b.settings.render=a.extend({},e,b.settings.render)},setupCallbacks:function(){var a,b,c={initialize:"onInitialize",change:"onChange",item_add:"onItemAdd",item_remove:"onItemRemove",clear:"onClear",option_add:"onOptionAdd",option_remove:"onOptionRemove",option_clear:"onOptionClear",optgroup_add:"onOptionGroupAdd",optgroup_remove:"onOptionGroupRemove",optgroup_clear:"onOptionGroupClear",dropdown_open:"onDropdownOpen",dropdown_close:"onDropdownClose",type:"onType",load:"onLoad",focus:"onFocus",blur:"onBlur"};for(a in c)c.hasOwnProperty(a)&&(b=this.settings[c[a]])&&this.on(a,b)},onClick:function(a){var b=this;b.isFocused&&b.isOpen||(b.focus(),a.preventDefault())},onMouseDown:function(b){var c=this,d=b.isDefaultPrevented();a(b.target);if(c.isFocused){if(b.target!==c.$control_input[0])return"single"===c.settings.mode?c.isOpen?c.close():c.open():d||c.setActiveItem(null),!1}else d||window.setTimeout(function(){c.focus()},0)},onChange:function(){this.$input.trigger("change")},onPaste:function(b){var c=this;if(c.isFull()||c.isInputHidden||c.isLocked)return void b.preventDefault();c.settings.splitOn&&setTimeout(function(){var b=c.$control_input.val();if(b.match(c.settings.splitOn))for(var d=a.trim(b).split(c.settings.splitOn),e=0,f=d.length;e<f;e++)c.createItem(d[e])},0)},onKeyPress:function(a){if(this.isLocked)return a&&a.preventDefault();var b=String.fromCharCode(a.keyCode||a.which);return this.settings.create&&"multi"===this.settings.mode&&b===this.settings.delimiter?(this.createItem(),a.preventDefault(),!1):void 0},onKeyDown:function(a){var b=(a.target,this.$control_input[0],this);if(b.isLocked)return void(9!==a.keyCode&&a.preventDefault());switch(a.keyCode){case 65:if(b.isCmdDown)return void b.selectAll();break;case 27:return void(b.isOpen&&(a.preventDefault(),a.stopPropagation(),b.close()));case 78:if(!a.ctrlKey||a.altKey)break;case 40:if(!b.isOpen&&b.hasOptions)b.open();else if(b.$activeOption){b.ignoreHover=!0;var c=b.getAdjacentOption(b.$activeOption,1);c.length&&b.setActiveOption(c,!0,!0)}return void a.preventDefault();case 80:if(!a.ctrlKey||a.altKey)break;case 38:if(b.$activeOption){b.ignoreHover=!0;var d=b.getAdjacentOption(b.$activeOption,-1);d.length&&b.setActiveOption(d,!0,!0)}return void a.preventDefault();case 13:return void(b.isOpen&&b.$activeOption&&(b.onOptionSelect({currentTarget:b.$activeOption}),a.preventDefault()));case 37:return void b.advanceSelection(-1,a);case 39:return void b.advanceSelection(1,a);case 9:return b.settings.selectOnTab&&b.isOpen&&b.$activeOption&&(b.onOptionSelect({currentTarget:b.$activeOption}),b.isFull()||a.preventDefault()),void(b.settings.create&&b.createItem()&&a.preventDefault());case 8:case 46:return void b.deleteSelection(a)}return!b.isFull()&&!b.isInputHidden||(f?a.metaKey:a.ctrlKey)?void 0:void a.preventDefault()},onKeyUp:function(a){var b=this;if(b.isLocked)return a&&a.preventDefault();var c=b.$control_input.val()||"";b.lastValue!==c&&(b.lastValue=c,b.onSearchChange(c),b.refreshOptions(),b.trigger("type",c))},onSearchChange:function(a){var b=this,c=b.settings.load;c&&(b.loadedSearches.hasOwnProperty(a)||(b.loadedSearches[a]=!0,b.load(function(d){c.apply(b,[a,d])})))},onFocus:function(a){var b=this,c=b.isFocused;if(b.isDisabled)return b.blur(),a&&a.preventDefault(),!1;b.ignoreFocus||(b.isFocused=!0,"focus"===b.settings.preload&&b.onSearchChange(""),c||b.trigger("focus"),b.$activeItems.length||(b.showInput(),b.setActiveItem(null),b.refreshOptions(!!b.settings.openOnFocus)),b.refreshState())},onBlur:function(a,b){var c=this;if(c.isFocused&&(c.isFocused=!1,!c.ignoreFocus)){if(!c.ignoreBlur&&document.activeElement===c.$dropdown_content[0])return c.ignoreBlur=!0,void c.onFocus(a);var d=function(){c.close(),c.setTextboxValue(""),c.setActiveItem(null),c.setActiveOption(null),c.setCaret(c.items.length),c.refreshState(),b&&b.focus&&b.focus(),c.isBlurring=!1,c.ignoreFocus=!1,c.trigger("blur")};c.isBlurring=!0,c.ignoreFocus=!0,c.settings.create&&c.settings.createOnBlur?c.createItem(null,!1,d):d()}},onOptionHover:function(a){this.ignoreHover||this.setActiveOption(a.currentTarget,!1)},onOptionSelect:function(b){var c,d,e=this;b.preventDefault&&(b.preventDefault(),b.stopPropagation()),d=a(b.currentTarget),d.hasClass("create")?e.createItem(null,function(){e.settings.closeAfterSelect&&e.close()}):void 0!==(c=d.attr("data-value"))&&(e.lastQuery=null,e.setTextboxValue(""),e.addItem(c),e.settings.closeAfterSelect?e.close():!e.settings.hideSelected&&b.type&&/mouse/.test(b.type)&&e.setActiveOption(e.getOption(c)))},onItemSelect:function(a){var b=this;b.isLocked||"multi"===b.settings.mode&&(a.preventDefault(),b.setActiveItem(a.currentTarget,a))},load:function(a){var b=this,c=b.$wrapper.addClass(b.settings.loadingClass);b.loading++,a.apply(b,[function(a){b.loading=Math.max(b.loading-1,0),a&&a.length&&(b.addOption(a),b.refreshOptions(b.isFocused&&!b.isInputHidden)),b.loading||c.removeClass(b.settings.loadingClass),b.trigger("load",a)}])},setTextboxValue:function(a){var b=this.$control_input;b.val()!==a&&(b.val(a).triggerHandler("update"),this.lastValue=a)},getValue:function(){return 1===this.tagType&&this.$input.attr("multiple")?this.items:this.items.join(this.settings.delimiter)},setValue:function(a,b){p(this,b?[]:["change"],function(){this.clear(b),this.addItems(a,b)})},setActiveItem:function(b,c){var d,e,f,g,h,i,j,k,l=this;if("single"!==l.settings.mode){if(b=a(b),!b.length)return a(l.$activeItems).removeClass("active"),l.$activeItems=[],void(l.isFocused&&l.showInput());if("mousedown"===(d=c&&c.type.toLowerCase())&&l.isShiftDown&&l.$activeItems.length){for(k=l.$control.children(".active:last"),g=Array.prototype.indexOf.apply(l.$control[0].childNodes,[k[0]]),h=Array.prototype.indexOf.apply(l.$control[0].childNodes,[b[0]]),g>h&&(j=g,g=h,h=j),e=g;e<=h;e++)i=l.$control[0].childNodes[e],-1===l.$activeItems.indexOf(i)&&(a(i).addClass("active"),l.$activeItems.push(i));c.preventDefault()}else"mousedown"===d&&l.isCtrlDown||"keydown"===d&&this.isShiftDown?b.hasClass("active")?(f=l.$activeItems.indexOf(b[0]),l.$activeItems.splice(f,1),b.removeClass("active")):l.$activeItems.push(b.addClass("active")[0]):(a(l.$activeItems).removeClass("active"),l.$activeItems=[b.addClass("active")[0]]);l.hideInput(),this.isFocused||l.focus()}},setActiveOption:function(b,c,d){var e,f,g,h,i,k=this;k.$activeOption&&k.$activeOption.removeClass("active"),k.$activeOption=null,b=a(b),b.length&&(k.$activeOption=b.addClass("active"),!c&&j(c)||(e=k.$dropdown_content.height(),f=k.$activeOption.outerHeight(!0),c=k.$dropdown_content.scrollTop()||0,g=k.$activeOption.offset().top-k.$dropdown_content.offset().top+c,h=g,i=g-e+f,g+f>e+c?k.$dropdown_content.stop().animate({scrollTop:i},d?k.settings.scrollDuration:0):g<c&&k.$dropdown_content.stop().animate({scrollTop:h},d?k.settings.scrollDuration:0)))},selectAll:function(){var a=this;"single"!==a.settings.mode&&(a.$activeItems=Array.prototype.slice.apply(a.$control.children(":not(input)").addClass("active")),a.$activeItems.length&&(a.hideInput(),a.close()),a.focus())},hideInput:function(){var a=this;a.setTextboxValue(""),a.$control_input.css({opacity:0,position:"absolute",left:a.rtl?1e4:-1e4}),a.isInputHidden=!0},showInput:function(){this.$control_input.css({opacity:1,position:"relative",left:0}),this.isInputHidden=!1},focus:function(){var a=this;a.isDisabled||(a.ignoreFocus=!0,a.$control_input[0].focus(),window.setTimeout(function(){a.ignoreFocus=!1,a.onFocus()},0))},blur:function(a){this.$control_input[0].blur(),this.onBlur(null,a)},getScoreFunction:function(a){return this.sifter.getScoreFunction(a,this.getSearchOptions())},getSearchOptions:function(){var a=this.settings,b=a.sortField;return"string"==typeof b&&(b=[{field:b}]),{fields:a.searchField,conjunction:a.searchConjunction,sort:b,nesting:a.nesting}},search:function(b){var c,d,e,f=this,g=f.settings,h=this.getSearchOptions();if(g.score&&"function"!=typeof(e=f.settings.score.apply(this,[b])))throw new Error('Selectize "score" setting must be a function that returns a function');if(b!==f.lastQuery?(f.lastQuery=b,d=f.sifter.search(b,a.extend(h,{score:e})),f.currentResults=d):d=a.extend(!0,{},f.currentResults),g.hideSelected)for(c=d.items.length-1;c>=0;c--)-1!==f.items.indexOf(k(d.items[c].id))&&d.items.splice(c,1);return d},refreshOptions:function(b){var c,e,f,g,h,i,j,l,m,n,o,p,q,r,s,t;void 0===b&&(b=!0);var u=this,w=a.trim(u.$control_input.val()),x=u.search(w),y=u.$dropdown_content,z=u.$activeOption&&k(u.$activeOption.attr("data-value"));for(g=x.items.length,"number"==typeof u.settings.maxOptions&&(g=Math.min(g,u.settings.maxOptions)),h={},i=[],c=0;c<g;c++)for(j=u.options[x.items[c].id],l=u.render("option",j),m=j[u.settings.optgroupField]||"",n=a.isArray(m)?m:[m],e=0,f=n&&n.length;e<f;e++)m=n[e],u.optgroups.hasOwnProperty(m)||(m=""),h.hasOwnProperty(m)||(h[m]=document.createDocumentFragment(),i.push(m)),h[m].appendChild(l);for(this.settings.lockOptgroupOrder&&i.sort(function(a,b){return(u.optgroups[a].$order||0)-(u.optgroups[b].$order||0)}),o=document.createDocumentFragment(),c=0,g=i.length;c<g;c++)m=i[c],u.optgroups.hasOwnProperty(m)&&h[m].childNodes.length?(p=document.createDocumentFragment(),p.appendChild(u.render("optgroup_header",u.optgroups[m])),p.appendChild(h[m]),o.appendChild(u.render("optgroup",a.extend({},u.optgroups[m],{html:v(p),dom:p})))):o.appendChild(h[m]);if(y.html(o),u.settings.highlight&&(y.removeHighlight(),x.query.length&&x.tokens.length))for(c=0,g=x.tokens.length;c<g;c++)d(y,x.tokens[c].regex);if(!u.settings.hideSelected)for(c=0,g=u.items.length;c<g;c++)u.getOption(u.items[c]).addClass("selected");q=u.canCreate(w),q&&(y.prepend(u.render("option_create",{input:w})),t=a(y[0].childNodes[0])),u.hasOptions=x.items.length>0||q,u.hasOptions?(x.items.length>0?(s=z&&u.getOption(z),s&&s.length?r=s:"single"===u.settings.mode&&u.items.length&&(r=u.getOption(u.items[0])),r&&r.length||(r=t&&!u.settings.addPrecedence?u.getAdjacentOption(t,1):y.find("[data-selectable]:first"))):r=t,u.setActiveOption(r),b&&!u.isOpen&&u.open()):(u.setActiveOption(null),b&&u.isOpen&&u.close())},addOption:function(b){var c,d,e,f=this;if(a.isArray(b))for(c=0,d=b.length;c<d;c++)f.addOption(b[c]);else(e=f.registerOption(b))&&(f.userOptions[e]=!0,f.lastQuery=null,f.trigger("option_add",e,b))},registerOption:function(a){var b=k(a[this.settings.valueField]);return void 0!==b&&null!==b&&!this.options.hasOwnProperty(b)&&(a.$order=a.$order||++this.order,this.options[b]=a,b)},registerOptionGroup:function(a){var b=k(a[this.settings.optgroupValueField]);return!!b&&(a.$order=a.$order||++this.order,this.optgroups[b]=a,b)},addOptionGroup:function(a,b){b[this.settings.optgroupValueField]=a,(a=this.registerOptionGroup(b))&&this.trigger("optgroup_add",a,b)},removeOptionGroup:function(a){this.optgroups.hasOwnProperty(a)&&(delete this.optgroups[a],this.renderCache={},this.trigger("optgroup_remove",a))},clearOptionGroups:function(){this.optgroups={},this.renderCache={},this.trigger("optgroup_clear")},updateOption:function(b,c){var d,e,f,g,h,i,j,l=this;if(b=k(b),f=k(c[l.settings.valueField]),null!==b&&l.options.hasOwnProperty(b)){if("string"!=typeof f)throw new Error("Value must be set in option data");j=l.options[b].$order,f!==b&&(delete l.options[b],-1!==(g=l.items.indexOf(b))&&l.items.splice(g,1,f)),c.$order=c.$order||j,l.options[f]=c,h=l.renderCache.item,i=l.renderCache.option,h&&(delete h[b],delete h[f]),i&&(delete i[b],delete i[f]),-1!==l.items.indexOf(f)&&(d=l.getItem(b),e=a(l.render("item",c)),d.hasClass("active")&&e.addClass("active"),d.replaceWith(e)),l.lastQuery=null,l.isOpen&&l.refreshOptions(!1)}},removeOption:function(a,b){var c=this;a=k(a);var d=c.renderCache.item,e=c.renderCache.option;d&&delete d[a],e&&delete e[a],delete c.userOptions[a],delete c.options[a],c.lastQuery=null,c.trigger("option_remove",a),c.removeItem(a,b)},clearOptions:function(){var b=this;b.loadedSearches={},b.userOptions={},b.renderCache={};var c=b.options;a.each(b.options,function(a,d){-1==b.items.indexOf(a)&&delete c[a]}),b.options=b.sifter.items=c,b.lastQuery=null,b.trigger("option_clear")},getOption:function(a){return this.getElementWithValue(a,this.$dropdown_content.find("[data-selectable]"))},getAdjacentOption:function(b,c){var d=this.$dropdown.find("[data-selectable]"),e=d.index(b)+c;return e>=0&&e<d.length?d.eq(e):a()},getElementWithValue:function(b,c){if(void 0!==(b=k(b))&&null!==b)for(var d=0,e=c.length;d<e;d++)if(c[d].getAttribute("data-value")===b)return a(c[d]);return a()},getItem:function(a){return this.getElementWithValue(a,this.$control.children())},addItems:function(b,c){this.buffer=document.createDocumentFragment();for(var d=this.$control[0].childNodes,e=0;e<d.length;e++)this.buffer.appendChild(d[e]);for(var f=a.isArray(b)?b:[b],e=0,g=f.length;e<g;e++)this.isPending=e<g-1,this.addItem(f[e],c);var h=this.$control[0];h.insertBefore(this.buffer,h.firstChild),this.buffer=null},addItem:function(b,c){p(this,c?[]:["change"],function(){var d,e,f,g,h,i=this,j=i.settings.mode;if(b=k(b),-1!==i.items.indexOf(b))return void("single"===j&&i.close());i.options.hasOwnProperty(b)&&("single"===j&&i.clear(c),"multi"===j&&i.isFull()||(d=a(i.render("item",i.options[b])),h=i.isFull(),i.items.splice(i.caretPos,0,b),i.insertAtCaret(d),(!i.isPending||!h&&i.isFull())&&i.refreshState(),i.isSetup&&(f=i.$dropdown_content.find("[data-selectable]"),i.isPending||(e=i.getOption(b),g=i.getAdjacentOption(e,1).attr("data-value"),i.refreshOptions(i.isFocused&&"single"!==j),g&&i.setActiveOption(i.getOption(g))),!f.length||i.isFull()?i.close():i.isPending||i.positionDropdown(),i.updatePlaceholder(),i.trigger("item_add",b,d),i.isPending||i.updateOriginalInput({silent:c}))))})},removeItem:function(b,c){var d,e,f,g=this;d=b instanceof a?b:g.getItem(b),b=k(d.attr("data-value")),-1!==(e=g.items.indexOf(b))&&(d.remove(),d.hasClass("active")&&(f=g.$activeItems.indexOf(d[0]),g.$activeItems.splice(f,1)),g.items.splice(e,1),g.lastQuery=null,!g.settings.persist&&g.userOptions.hasOwnProperty(b)&&g.removeOption(b,c),e<g.caretPos&&g.setCaret(g.caretPos-1),g.refreshState(),g.updatePlaceholder(),g.updateOriginalInput({silent:c}),g.positionDropdown(),g.trigger("item_remove",b,d))},createItem:function(b,c){var d=this,e=d.caretPos;b=b||a.trim(d.$control_input.val()||"");var f=arguments[arguments.length-1];if("function"!=typeof f&&(f=function(){}),"boolean"!=typeof c&&(c=!0),!d.canCreate(b))return f(),!1;d.lock();var g="function"==typeof d.settings.create?this.settings.create:function(a){var b={};return b[d.settings.labelField]=a,b[d.settings.valueField]=a,b},h=n(function(a){if(d.unlock(),!a||"object"!=typeof a)return f();var b=k(a[d.settings.valueField]);if("string"!=typeof b)return f();d.setTextboxValue(""),d.addOption(a),d.setCaret(e),d.addItem(b),d.refreshOptions(c&&"single"!==d.settings.mode),f(a)}),i=g.apply(this,[b,h]);return void 0!==i&&h(i),!0},refreshItems:function(){this.lastQuery=null,this.isSetup&&this.addItem(this.items),this.refreshState(),this.updateOriginalInput()},refreshState:function(){this.refreshValidityState(),this.refreshClasses()},refreshValidityState:function(){if(!this.isRequired)return!1;var a=!this.items.length;this.isInvalid=a,this.$control_input.prop("required",a),this.$input.prop("required",!a)},refreshClasses:function(){var b=this,c=b.isFull(),d=b.isLocked;b.$wrapper.toggleClass("rtl",b.rtl),b.$control.toggleClass("focus",b.isFocused).toggleClass("disabled",b.isDisabled).toggleClass("required",b.isRequired).toggleClass("invalid",b.isInvalid).toggleClass("locked",d).toggleClass("full",c).toggleClass("not-full",!c).toggleClass("input-active",b.isFocused&&!b.isInputHidden).toggleClass("dropdown-active",b.isOpen).toggleClass("has-options",!a.isEmptyObject(b.options)).toggleClass("has-items",b.items.length>0),b.$control_input.data("grow",!c&&!d)},isFull:function(){
+return null!==this.settings.maxItems&&this.items.length>=this.settings.maxItems},updateOriginalInput:function(a){var b,c,d,e,f=this;if(a=a||{},1===f.tagType){for(d=[],b=0,c=f.items.length;b<c;b++)e=f.options[f.items[b]][f.settings.labelField]||"",d.push('<option value="'+l(f.items[b])+'" selected="selected">'+l(e)+"</option>");d.length||this.$input.attr("multiple")||d.push('<option value="" selected="selected"></option>'),f.$input.html(d.join(""))}else f.$input.val(f.getValue()),f.$input.attr("value",f.$input.val());f.isSetup&&(a.silent||f.trigger("change",f.$input.val()))},updatePlaceholder:function(){if(this.settings.placeholder){var a=this.$control_input;this.items.length?a.removeAttr("placeholder"):a.attr("placeholder",this.settings.placeholder),a.triggerHandler("update",{force:!0})}},open:function(){var a=this;a.isLocked||a.isOpen||"multi"===a.settings.mode&&a.isFull()||(a.focus(),a.isOpen=!0,a.refreshState(),a.$dropdown.css({visibility:"hidden",display:"block"}),a.positionDropdown(),a.$dropdown.css({visibility:"visible"}),a.trigger("dropdown_open",a.$dropdown))},close:function(){var a=this,b=a.isOpen;"single"===a.settings.mode&&a.items.length&&(a.hideInput(),a.isBlurring||a.$control_input.blur()),a.isOpen=!1,a.$dropdown.hide(),a.setActiveOption(null),a.refreshState(),b&&a.trigger("dropdown_close",a.$dropdown)},positionDropdown:function(){var a=this.$control,b="body"===this.settings.dropdownParent?a.offset():a.position();b.top+=a.outerHeight(!0),this.$dropdown.css({width:a[0].getBoundingClientRect().width,top:b.top,left:b.left})},clear:function(a){var b=this;b.items.length&&(b.$control.children(":not(input)").remove(),b.items=[],b.lastQuery=null,b.setCaret(0),b.setActiveItem(null),b.updatePlaceholder(),b.updateOriginalInput({silent:a}),b.refreshState(),b.showInput(),b.trigger("clear"))},insertAtCaret:function(a){var b=Math.min(this.caretPos,this.items.length),c=a[0],d=this.buffer||this.$control[0];0===b?d.insertBefore(c,d.firstChild):d.insertBefore(c,d.childNodes[b]),this.setCaret(b+1)},deleteSelection:function(b){var c,d,e,f,g,h,i,j,k,l=this;if(e=b&&8===b.keyCode?-1:1,f=r(l.$control_input[0]),l.$activeOption&&!l.settings.hideSelected&&(i=l.getAdjacentOption(l.$activeOption,-1).attr("data-value")),g=[],l.$activeItems.length){for(k=l.$control.children(".active:"+(e>0?"last":"first")),h=l.$control.children(":not(input)").index(k),e>0&&h++,c=0,d=l.$activeItems.length;c<d;c++)g.push(a(l.$activeItems[c]).attr("data-value"));b&&(b.preventDefault(),b.stopPropagation())}else(l.isFocused||"single"===l.settings.mode)&&l.items.length&&(e<0&&0===f.start&&0===f.length?g.push(l.items[l.caretPos-1]):e>0&&f.start===l.$control_input.val().length&&g.push(l.items[l.caretPos]));if(!g.length||"function"==typeof l.settings.onDelete&&!1===l.settings.onDelete.apply(l,[g]))return!1;for(void 0!==h&&l.setCaret(h);g.length;)l.removeItem(g.pop());return l.showInput(),l.positionDropdown(),l.refreshOptions(!0),i&&(j=l.getOption(i),j.length&&l.setActiveOption(j)),!0},advanceSelection:function(a,b){var c,d,e,f,g,h=this;0!==a&&(h.rtl&&(a*=-1),c=a>0?"last":"first",d=r(h.$control_input[0]),h.isFocused&&!h.isInputHidden?(f=h.$control_input.val().length,(a<0?0===d.start&&0===d.length:d.start===f)&&!f&&h.advanceCaret(a,b)):(g=h.$control.children(".active:"+c),g.length&&(e=h.$control.children(":not(input)").index(g),h.setActiveItem(null),h.setCaret(a>0?e+1:e))))},advanceCaret:function(a,b){var c,d,e=this;0!==a&&(c=a>0?"next":"prev",e.isShiftDown?(d=e.$control_input[c](),d.length&&(e.hideInput(),e.setActiveItem(d),b&&b.preventDefault())):e.setCaret(e.caretPos+a))},setCaret:function(b){var c=this;if(b="single"===c.settings.mode?c.items.length:Math.max(0,Math.min(c.items.length,b)),!c.isPending){var d,e,f,g;for(f=c.$control.children(":not(input)"),d=0,e=f.length;d<e;d++)g=a(f[d]).detach(),d<b?c.$control_input.before(g):c.$control.append(g)}c.caretPos=b},lock:function(){this.close(),this.isLocked=!0,this.refreshState()},unlock:function(){this.isLocked=!1,this.refreshState()},disable:function(){var a=this;a.$input.prop("disabled",!0),a.$control_input.prop("disabled",!0).prop("tabindex",-1),a.isDisabled=!0,a.lock()},enable:function(){var a=this;a.$input.prop("disabled",!1),a.$control_input.prop("disabled",!1).prop("tabindex",a.tabIndex),a.isDisabled=!1,a.unlock()},destroy:function(){var b=this,c=b.eventNS,d=b.revertSettings;b.trigger("destroy"),b.off(),b.$wrapper.remove(),b.$dropdown.remove(),b.$input.html("").append(d.$children).removeAttr("tabindex").removeClass("selectized").attr({tabindex:d.tabindex}).show(),b.$control_input.removeData("grow"),b.$input.removeData("selectize"),0==--w.count&&w.$testInput&&(w.$testInput.remove(),w.$testInput=void 0),a(window).off(c),a(document).off(c),a(document.body).off(c),delete b.$input[0].selectize},render:function(b,c){var d,e,f="",g=!1,h=this;return"option"!==b&&"item"!==b||(d=k(c[h.settings.valueField]),g=!!d),g&&(j(h.renderCache[b])||(h.renderCache[b]={}),h.renderCache[b].hasOwnProperty(d))?h.renderCache[b][d]:(f=a(h.settings.render[b].apply(this,[c,l])),"option"===b||"option_create"===b?c[h.settings.disabledField]||f.attr("data-selectable",""):"optgroup"===b&&(e=c[h.settings.optgroupValueField]||"",f.attr("data-group",e),c[h.settings.disabledField]&&f.attr("data-disabled","")),"option"!==b&&"item"!==b||f.attr("data-value",d||""),g&&(h.renderCache[b][d]=f[0]),f[0])},clearCache:function(a){var b=this;void 0===a?b.renderCache={}:delete b.renderCache[a]},canCreate:function(a){var b=this;if(!b.settings.create)return!1;var c=b.settings.createFilter;return a.length&&("function"!=typeof c||c.apply(b,[a]))&&("string"!=typeof c||new RegExp(c).test(a))&&(!(c instanceof RegExp)||c.test(a))}}),w.count=0,w.defaults={options:[],optgroups:[],plugins:[],delimiter:",",splitOn:null,persist:!0,diacritics:!0,create:!1,createOnBlur:!1,createFilter:null,highlight:!0,openOnFocus:!0,maxOptions:1e3,maxItems:null,hideSelected:null,addPrecedence:!1,selectOnTab:!1,preload:!1,allowEmptyOption:!1,closeAfterSelect:!1,scrollDuration:60,loadThrottle:300,loadingClass:"loading",dataAttr:"data-data",optgroupField:"optgroup",valueField:"value",labelField:"text",disabledField:"disabled",optgroupLabelField:"label",optgroupValueField:"value",lockOptgroupOrder:!1,sortField:"$order",searchField:["text"],searchConjunction:"and",mode:null,wrapperClass:"selectize-control",inputClass:"selectize-input",dropdownClass:"selectize-dropdown",dropdownContentClass:"selectize-dropdown-content",dropdownParent:null,copyClassesToDropdown:!0,render:{}},a.fn.selectize=function(b){var c=a.fn.selectize.defaults,d=a.extend({},c,b),e=d.dataAttr,f=d.labelField,g=d.valueField,h=d.disabledField,i=d.optgroupField,j=d.optgroupLabelField,l=d.optgroupValueField,m=function(b,c){var h,i,j,k,l=b.attr(e);if(l)for(c.options=JSON.parse(l),h=0,i=c.options.length;h<i;h++)c.items.push(c.options[h][g]);else{var m=a.trim(b.val()||"");if(!d.allowEmptyOption&&!m.length)return;for(j=m.split(d.delimiter),h=0,i=j.length;h<i;h++)k={},k[f]=j[h],k[g]=j[h],c.options.push(k);c.items=j}},n=function(b,c){var m,n,o,p,q=c.options,r={},s=function(a){var b=e&&a.attr(e);return"string"==typeof b&&b.length?JSON.parse(b):null},t=function(b,e){b=a(b);var j=k(b.val());if(j||d.allowEmptyOption)if(r.hasOwnProperty(j)){if(e){var l=r[j][i];l?a.isArray(l)?l.push(e):r[j][i]=[l,e]:r[j][i]=e}}else{var m=s(b)||{};m[f]=m[f]||b.text(),m[g]=m[g]||j,m[h]=m[h]||b.prop("disabled"),m[i]=m[i]||e,r[j]=m,q.push(m),b.is(":selected")&&c.items.push(j)}};for(c.maxItems=b.attr("multiple")?null:1,p=b.children(),m=0,n=p.length;m<n;m++)o=p[m].tagName.toLowerCase(),"optgroup"===o?function(b){var d,e,f,g,i;for(b=a(b),f=b.attr("label"),f&&(g=s(b)||{},g[j]=f,g[l]=f,g[h]=b.prop("disabled"),c.optgroups.push(g)),i=a("option",b),d=0,e=i.length;d<e;d++)t(i[d],f)}(p[m]):"option"===o&&t(p[m])};return this.each(function(){if(!this.selectize){var e=a(this),f=this.tagName.toLowerCase(),g=e.attr("placeholder")||e.attr("data-placeholder");g||d.allowEmptyOption||(g=e.children('option[value=""]').text());var h={placeholder:g,options:[],optgroups:[],items:[]};"select"===f?n(e,h):m(e,h),new w(e,a.extend(!0,{},c,h,b))}})},a.fn.selectize.defaults=w.defaults,a.fn.selectize.support={validity:i},w.define("drag_drop",function(b){if(!a.fn.sortable)throw new Error('The "drag_drop" plugin requires jQuery UI "sortable".');if("multi"===this.settings.mode){var c=this;c.lock=function(){var a=c.lock;return function(){var b=c.$control.data("sortable");return b&&b.disable(),a.apply(c,arguments)}}(),c.unlock=function(){var a=c.unlock;return function(){var b=c.$control.data("sortable");return b&&b.enable(),a.apply(c,arguments)}}(),c.setup=function(){var b=c.setup;return function(){b.apply(this,arguments);var d=c.$control.sortable({items:"[data-value]",forcePlaceholderSize:!0,disabled:c.isLocked,start:function(a,b){b.placeholder.css("width",b.helper.css("width")),d.css({overflow:"visible"})},stop:function(){d.css({overflow:"hidden"});var b=c.$activeItems?c.$activeItems.slice():null,e=[];d.children("[data-value]").each(function(){e.push(a(this).attr("data-value"))}),c.setValue(e),c.setActiveItem(b)}})}}()}}),w.define("dropdown_header",function(b){var c=this;b=a.extend({title:"Untitled",headerClass:"selectize-dropdown-header",titleRowClass:"selectize-dropdown-header-title",labelClass:"selectize-dropdown-header-label",closeClass:"selectize-dropdown-header-close",html:function(a){return'<div class="'+a.headerClass+'"><div class="'+a.titleRowClass+'"><span class="'+a.labelClass+'">'+a.title+'</span><a href="javascript:void(0)" class="'+a.closeClass+'">&times;</a></div></div>'}},b),c.setup=function(){var d=c.setup;return function(){d.apply(c,arguments),c.$dropdown_header=a(b.html(b)),c.$dropdown.prepend(c.$dropdown_header)}}()}),w.define("optgroup_columns",function(b){var c=this;b=a.extend({equalizeWidth:!0,equalizeHeight:!0},b),this.getAdjacentOption=function(b,c){var d=b.closest("[data-group]").find("[data-selectable]"),e=d.index(b)+c;return e>=0&&e<d.length?d.eq(e):a()},this.onKeyDown=function(){var a=c.onKeyDown;return function(b){var d,e,f,g;return!this.isOpen||37!==b.keyCode&&39!==b.keyCode?a.apply(this,arguments):(c.ignoreHover=!0,g=this.$activeOption.closest("[data-group]"),d=g.find("[data-selectable]").index(this.$activeOption),g=37===b.keyCode?g.prev("[data-group]"):g.next("[data-group]"),f=g.find("[data-selectable]"),e=f.eq(Math.min(f.length-1,d)),void(e.length&&this.setActiveOption(e)))}}();var d=function(){var a,b=d.width,c=document;return void 0===b&&(a=c.createElement("div"),a.innerHTML='<div style="width:50px;height:50px;position:absolute;left:-50px;top:-50px;overflow:auto;"><div style="width:1px;height:100px;"></div></div>',a=a.firstChild,c.body.appendChild(a),b=d.width=a.offsetWidth-a.clientWidth,c.body.removeChild(a)),b},e=function(){var e,f,g,h,i,j,k;if(k=a("[data-group]",c.$dropdown_content),(f=k.length)&&c.$dropdown_content.width()){if(b.equalizeHeight){for(g=0,e=0;e<f;e++)g=Math.max(g,k.eq(e).height());k.css({height:g})}b.equalizeWidth&&(j=c.$dropdown_content.innerWidth()-d(),h=Math.round(j/f),k.css({width:h}),f>1&&(i=j-h*(f-1),k.eq(f-1).css({width:i})))}};(b.equalizeHeight||b.equalizeWidth)&&(m.after(this,"positionDropdown",e),m.after(this,"refreshOptions",e))}),w.define("remove_button",function(b){b=a.extend({label:"&times;",title:"Remove",className:"remove",append:!0},b);if("single"===this.settings.mode)return void function(b,c){c.className="remove-single";var d=b,e='<a href="javascript:void(0)" class="'+c.className+'" tabindex="-1" title="'+l(c.title)+'">'+c.label+"</a>",f=function(b,c){return a("<span>").append(b).append(c)};b.setup=function(){var g=d.setup;return function(){if(c.append){var h=a(d.$input.context).attr("id"),i=(a("#"+h),d.settings.render.item);d.settings.render.item=function(a){return f(i.apply(b,arguments),e)}}g.apply(b,arguments),b.$control.on("click","."+c.className,function(a){a.preventDefault(),d.isLocked||d.clear()})}}()}(this,b);!function(b,c){var d=b,e='<a href="javascript:void(0)" class="'+c.className+'" tabindex="-1" title="'+l(c.title)+'">'+c.label+"</a>",f=function(a,b){var c=a.search(/(<\/[^>]+>\s*)$/);return a.substring(0,c)+b+a.substring(c)};b.setup=function(){var g=d.setup;return function(){if(c.append){var h=d.settings.render.item;d.settings.render.item=function(a){return f(h.apply(b,arguments),e)}}g.apply(b,arguments),b.$control.on("click","."+c.className,function(b){if(b.preventDefault(),!d.isLocked){var c=a(b.currentTarget).parent();d.setActiveItem(c),d.deleteSelection()&&d.setCaret(d.items.length)}})}}()}(this,b)}),w.define("restore_on_backspace",function(a){var b=this;a.text=a.text||function(a){return a[this.settings.labelField]},this.onKeyDown=function(){var c=b.onKeyDown;return function(b){var d,e;return 8===b.keyCode&&""===this.$control_input.val()&&!this.$activeItems.length&&(d=this.caretPos-1)>=0&&d<this.items.length?(e=this.options[this.items[d]],this.deleteSelection(b)&&(this.setTextboxValue(a.text.apply(this,[e])),this.refreshOptions(!0)),void b.preventDefault()):c.apply(this,arguments)}}()}),w});
\ No newline at end of file

From 9cccaba68dfa92ed9e79b206ecb5859f4166d782 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 2 Aug 2024 20:25:41 +0530
Subject: [PATCH 065/211] refactor url_filter to starting_point_url

---
 web/reNgine/tasks.py | 35 +++++++++++++++++++----------------
 1 file changed, 19 insertions(+), 16 deletions(-)

diff --git a/web/reNgine/tasks.py b/web/reNgine/tasks.py
index 7ab9ed963..863d8d86a 100644
--- a/web/reNgine/tasks.py
+++ b/web/reNgine/tasks.py
@@ -57,7 +57,9 @@ def initiate_scan(
 		imported_subdomains=[],
 		out_of_scope_subdomains=[],
 		initiated_by_id=None,
-		url_filter=''):
+		starting_point_url='',
+		excluded_paths=[],
+	):
 	"""Initiate a new scan.
 
 	Args:
@@ -68,8 +70,9 @@ def initiate_scan(
 		results_dir (str): Results directory.
 		imported_subdomains (list): Imported subdomains.
 		out_of_scope_subdomains (list): Out-of-scope subdomains.
-		url_filter (str): URL path. Default: ''.
+		starting_point_url (str): URL path. Default: '' Defined where to start the scan.
 		initiated_by (int): User ID initiating the scan.
+		excluded_paths (list): Excluded paths. Default: [], url paths to exclude from scan.
 	"""
 	logger.info('Initiating scan on celery')
 	scan = None
@@ -89,7 +92,7 @@ def initiate_scan(
 		domain.save()
 
 		# Get path filter
-		url_filter = url_filter.rstrip('/')
+		starting_point_url = starting_point_url.rstrip('/')
 
 		# for live scan scan history id is passed as scan_history_id 
 		# and no need to create scan_history object
@@ -124,7 +127,7 @@ def initiate_scan(
 			'engine_id': engine_id,
 			'domain_id': domain.id,
 			'results_dir': scan.results_dir,
-			'url_filter': url_filter,
+			'starting_point_url': starting_point_url,
 			'yaml_configuration': config,
 			'out_of_scope_subdomains': out_of_scope_subdomains
 		}
@@ -148,7 +151,7 @@ def initiate_scan(
 
 		# If enable_http_crawl is set, create an initial root HTTP endpoint so that
 		# HTTP crawling can start somewhere
-		http_url = f'{domain.name}{url_filter}' if url_filter else domain.name
+		http_url = f'{domain.name}{starting_point_url}' if starting_point_url else domain.name
 		endpoint, _ = save_endpoint(
 			http_url,
 			ctx=ctx,
@@ -224,7 +227,7 @@ def initiate_subscan(
 		engine_id=None,
 		scan_type=None,
 		results_dir=RENGINE_RESULTS,
-		url_filter=''):
+		starting_point_url=''):
 	"""Initiate a new subscan.
 
 	Args:
@@ -233,7 +236,7 @@ def initiate_subscan(
 		engine_id (int): Engine ID.
 		scan_type (int): Scan type (periodic, live).
 		results_dir (str): Results directory.
-		url_filter (str): URL path. Default: ''
+		starting_point_url (str): URL path. Default: ''
 	"""
 
 	# Get Subdomain, Domain and ScanHistory
@@ -291,12 +294,12 @@ def initiate_subscan(
 		'subdomain_id': subdomain.id,
 		'yaml_configuration': config,
 		'results_dir': results_dir,
-		'url_filter': url_filter
+		'starting_point_url': starting_point_url
 	}
 
 	# Create initial endpoints in DB: find domain HTTP endpoint so that HTTP
 	# crawling can start somewhere
-	base_url = f'{subdomain.name}{url_filter}' if url_filter else subdomain.name
+	base_url = f'{subdomain.name}{starting_point_url}' if starting_point_url else subdomain.name
 	endpoint, _ = save_endpoint(
 		base_url,
 		crawl=enable_http_crawl,
@@ -398,8 +401,8 @@ def subdomain_discovery(
 	if not host:
 		host = self.subdomain.name if self.subdomain else self.domain.name
 
-	if self.url_filter:
-		logger.warning(f'Ignoring subdomains scan as an URL path filter was passed ({self.url_filter}).')
+	if self.starting_point_url:
+		logger.warning(f'Ignoring subdomains scan as an URL path filter was passed ({self.starting_point_url}).')
 		return
 
 	# Config
@@ -1921,7 +1924,7 @@ def fetch_url(self, urls=[], ctx={}, description=None):
 
 		if base_url and urlpath:
 			subdomain = urlparse(base_url)
-			url = f'{subdomain.scheme}://{subdomain.netloc}{self.url_filter}'
+			url = f'{subdomain.scheme}://{subdomain.netloc}{self.starting_point_url}'
 
 		if not validators.url(url):
 			logger.warning(f'Invalid URL "{url}". Skipping.')
@@ -1930,8 +1933,8 @@ def fetch_url(self, urls=[], ctx={}, description=None):
 			all_urls.append(url)
 
 	# Filter out URLs if a path filter was passed
-	if self.url_filter:
-		all_urls = [url for url in all_urls if self.url_filter in url]
+	if self.starting_point_url:
+		all_urls = [url for url in all_urls if self.starting_point_url in url]
 
 	# Write result to output path
 	with open(self.output_path, 'w') as f:
@@ -2827,8 +2830,8 @@ def http_crawl(
 	input_path = f'{self.results_dir}/httpx_input.txt'
 	history_file = f'{self.results_dir}/commands.txt'
 	if urls: # direct passing URLs to check
-		if self.url_filter:
-			urls = [u for u in urls if self.url_filter in u]
+		if self.starting_point_url:
+			urls = [u for u in urls if self.starting_point_url in u]
 		with open(input_path, 'w') as f:
 			f.write('\n'.join(urls))
 	else:

From 79a266e253344d8dc9d0a5d318391e27cf9b37fa Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 2 Aug 2024 20:35:55 +0530
Subject: [PATCH 066/211] refactor starting_point_url

---
 web/reNgine/celery_custom_task.py | 3 ++-
 web/startScan/views.py            | 4 +++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/web/reNgine/celery_custom_task.py b/web/reNgine/celery_custom_task.py
index 37bbdbbbb..2c6b11f25 100644
--- a/web/reNgine/celery_custom_task.py
+++ b/web/reNgine/celery_custom_task.py
@@ -67,7 +67,8 @@ def __call__(self, *args, **kwargs):
 		self.subscan_id = ctx.get('subscan_id')
 		self.engine_id = ctx.get('engine_id')
 		self.filename = ctx.get('filename')
-		self.url_filter = ctx.get('url_filter', '')
+		self.starting_point_url = ctx.get('starting_point_url', '')
+		self.excluded_paths = ctx.get('excluded_paths', [])
 		self.results_dir = ctx.get('results_dir', RENGINE_RESULTS)
 		self.yaml_configuration = ctx.get('yaml_configuration', {})
 		self.out_of_scope_subdomains = ctx.get('out_of_scope_subdomains', [])
diff --git a/web/startScan/views.py b/web/startScan/views.py
index edd242071..c00af36a7 100644
--- a/web/startScan/views.py
+++ b/web/startScan/views.py
@@ -259,7 +259,8 @@ def start_scan_ui(request, slug, domain_id):
         subdomains_in = [s.rstrip() for s in subdomains_in if s]
         subdomains_out = request.POST['outOfScopeSubdomainTextarea'].split()
         subdomains_out = [s.rstrip() for s in subdomains_out if s]
-        starting_point_url = request.POST['startingPointUrl'].split()
+        starting_point_url = request.POST['startingPointUrl'].strip()
+        excluded_paths = request.POST['excludedPaths']
 
         # Get engine type
         engine_id = request.POST['scan_mode']
@@ -282,6 +283,7 @@ def start_scan_ui(request, slug, domain_id):
             'imported_subdomains': subdomains_in,
             'out_of_scope_subdomains': subdomains_out,
             'starting_point_url': starting_point_url,
+            'excluded_paths': excluded_paths,
             'initiated_by_id': request.user.id
         }
         initiate_scan.apply_async(kwargs=kwargs)

From fa761a794b051525bc669a16134bb0495b7436e1 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 2 Aug 2024 22:08:29 +0530
Subject: [PATCH 067/211] filter exclude path :rocket:

---
 web/reNgine/common_func.py                    | 47 ++++++++++++++++++-
 web/reNgine/tasks.py                          | 19 +++++++-
 .../templates/startScan/start_scan_ui.html    |  4 +-
 3 files changed, 65 insertions(+), 5 deletions(-)

diff --git a/web/reNgine/common_func.py b/web/reNgine/common_func.py
index c9c50fe5d..c13c09eb5 100644
--- a/web/reNgine/common_func.py
+++ b/web/reNgine/common_func.py
@@ -1158,4 +1158,49 @@ def update_or_create_port(port_number, service_name=None, description=None):
 		)
 		created = True
 	finally:
-		return port, created
\ No newline at end of file
+		return port, created
+	
+
+def exclude_urls_by_patterns(exclude_paths, urls):
+	"""
+		Filter out URLs based on a list of exclusion patterns provided from user
+		
+		Args:
+			exclude_patterns (list of str): A list of patterns to exclude. 
+			These can be plain path or regex.
+			urls (list of str): A list of URLs to filter from.
+			
+		Returns:
+			list of str: A new list containing URLs that don't match any exclusion pattern.
+	"""
+	if not exclude_paths:
+		# if no exclude paths are passed and is empty list return all urls as it is
+		return urls
+	
+	compiled_patterns = []
+	for path in exclude_paths:
+		# treat each path as either regex or plain path
+		try:
+			raw_pattern = r"{}".format(path)
+			compiled_patterns.append(re.compile(raw_pattern))
+		except re.error:
+			compiled_patterns.append(path)
+
+	filtered_urls = []
+	for url in urls:
+		exclude = False
+		for pattern in compiled_patterns:
+			if isinstance(pattern, re.Pattern):
+				if pattern.search(url):
+					exclude = True
+					break
+			else:
+				if pattern in url: #if the word matches anywhere in url exclude
+					exclude = True
+					break
+		
+		# if none conditions matches then add the url to filtered urls
+		if not exclude:
+			filtered_urls.append(url)
+
+	return filtered_urls
\ No newline at end of file
diff --git a/web/reNgine/tasks.py b/web/reNgine/tasks.py
index 863d8d86a..a75032b2d 100644
--- a/web/reNgine/tasks.py
+++ b/web/reNgine/tasks.py
@@ -128,6 +128,7 @@ def initiate_scan(
 			'domain_id': domain.id,
 			'results_dir': scan.results_dir,
 			'starting_point_url': starting_point_url,
+			'excluded_paths': excluded_paths,
 			'yaml_configuration': config,
 			'out_of_scope_subdomains': out_of_scope_subdomains
 		}
@@ -227,7 +228,9 @@ def initiate_subscan(
 		engine_id=None,
 		scan_type=None,
 		results_dir=RENGINE_RESULTS,
-		starting_point_url=''):
+		starting_point_url='',
+		excluded_paths=[],
+	):
 	"""Initiate a new subscan.
 
 	Args:
@@ -237,6 +240,7 @@ def initiate_subscan(
 		scan_type (int): Scan type (periodic, live).
 		results_dir (str): Results directory.
 		starting_point_url (str): URL path. Default: ''
+		excluded_paths (list): Excluded paths. Default: [], url paths to exclude from scan.
 	"""
 
 	# Get Subdomain, Domain and ScanHistory
@@ -294,7 +298,8 @@ def initiate_subscan(
 		'subdomain_id': subdomain.id,
 		'yaml_configuration': config,
 		'results_dir': results_dir,
-		'starting_point_url': starting_point_url
+		'starting_point_url': starting_point_url,
+		'excluded_paths': excluded_paths,
 	}
 
 	# Create initial endpoints in DB: find domain HTTP endpoint so that HTTP
@@ -1936,6 +1941,10 @@ def fetch_url(self, urls=[], ctx={}, description=None):
 	if self.starting_point_url:
 		all_urls = [url for url in all_urls if self.starting_point_url in url]
 
+	# if exclude_paths is found, then remove urls matching those paths
+	if self.excluded_paths:
+		all_urls = exclude_urls_by_patterns(self.excluded_paths, all_urls)
+
 	# Write result to output path
 	with open(self.output_path, 'w') as f:
 		f.write('\n'.join(all_urls))
@@ -2830,8 +2839,14 @@ def http_crawl(
 	input_path = f'{self.results_dir}/httpx_input.txt'
 	history_file = f'{self.results_dir}/commands.txt'
 	if urls: # direct passing URLs to check
+		print(vars(self).items())
 		if self.starting_point_url:
 			urls = [u for u in urls if self.starting_point_url in u]
+
+		# exclude urls by pattern
+		if self.excluded_paths:
+			urls = exclude_urls_by_patterns(self.excluded_paths, urls)
+
 		with open(input_path, 'w') as f:
 			f.write('\n'.join(urls))
 	else:
diff --git a/web/startScan/templates/startScan/start_scan_ui.html b/web/startScan/templates/startScan/start_scan_ui.html
index d9c20aeaa..181a40400 100644
--- a/web/startScan/templates/startScan/start_scan_ui.html
+++ b/web/startScan/templates/startScan/start_scan_ui.html
@@ -69,7 +69,7 @@ <h4>URL Scope and Exclusions</h4>
             <div class="mb-4">
               <div class="mb-3">
                 <h4 class="text-info">Starting Point URL (Optional)</h4>
-                <input type="email" class="form-control" id="startingPointUrl" placeholder="e.g. /home">
+                <input type="email" class="form-control" id="startingPointUrl" placeholder="e.g. /home" name="startingPointUrl">
                 <small class="form-text text-muted">
                   Defines where the scan should begin. Leave blank to scan from the root (/) and include all subdomains. 
                   </br>
@@ -80,7 +80,7 @@ <h4 class="text-info">Starting Point URL (Optional)</h4>
               </div>
               <div class="mb-3">
                 <h4 class="text-warning">Excluded Paths (Optional)</h4>
-                <input type="text" id="excludedPaths" value="{{excluded_paths}}">
+                <input type="text" id="excludedPaths" value="{{excluded_paths}}" name="excludedPaths">
                 <small class="form-text text-muted">
                 Enter paths or regex patterns to exclude from the scan. Type a path or pattern and press Enter to add it.
                 Supports both exact path matching and regex patterns. Examples:<br>

From 7abaae33165213e039ab1f7126d4b14375fd8f09 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 2 Aug 2024 23:33:57 +0530
Subject: [PATCH 068/211] fix typos for excluded paths

---
 web/reNgine/common_func.py | 1 +
 web/reNgine/tasks.py       | 9 ++++-----
 web/startScan/views.py     | 5 ++++-
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/web/reNgine/common_func.py b/web/reNgine/common_func.py
index c13c09eb5..2f1cec942 100644
--- a/web/reNgine/common_func.py
+++ b/web/reNgine/common_func.py
@@ -1173,6 +1173,7 @@ def exclude_urls_by_patterns(exclude_paths, urls):
 		Returns:
 			list of str: A new list containing URLs that don't match any exclusion pattern.
 	"""
+	logger.info('exclude_urls_by_patterns')
 	if not exclude_paths:
 		# if no exclude paths are passed and is empty list return all urls as it is
 		return urls
diff --git a/web/reNgine/tasks.py b/web/reNgine/tasks.py
index a75032b2d..3f0291d02 100644
--- a/web/reNgine/tasks.py
+++ b/web/reNgine/tasks.py
@@ -2839,14 +2839,9 @@ def http_crawl(
 	input_path = f'{self.results_dir}/httpx_input.txt'
 	history_file = f'{self.results_dir}/commands.txt'
 	if urls: # direct passing URLs to check
-		print(vars(self).items())
 		if self.starting_point_url:
 			urls = [u for u in urls if self.starting_point_url in u]
 
-		# exclude urls by pattern
-		if self.excluded_paths:
-			urls = exclude_urls_by_patterns(self.excluded_paths, urls)
-
 		with open(input_path, 'w') as f:
 			f.write('\n'.join(urls))
 	else:
@@ -2857,6 +2852,10 @@ def http_crawl(
 		)
 		# logger.debug(urls)
 
+	# exclude urls by pattern
+	if self.excluded_paths:
+		urls = exclude_urls_by_patterns(self.excluded_paths, urls)
+
 	# If no URLs found, skip it
 	if not urls:
 		return
diff --git a/web/startScan/views.py b/web/startScan/views.py
index c00af36a7..37d7d6858 100644
--- a/web/startScan/views.py
+++ b/web/startScan/views.py
@@ -260,7 +260,10 @@ def start_scan_ui(request, slug, domain_id):
         subdomains_out = request.POST['outOfScopeSubdomainTextarea'].split()
         subdomains_out = [s.rstrip() for s in subdomains_out if s]
         starting_point_url = request.POST['startingPointUrl'].strip()
-        excluded_paths = request.POST['excludedPaths']
+        excluded_paths = request.POST['excludedPaths'] # string separated by ,
+
+        # split excluded paths by ,
+        excluded_paths = [path.strip() for path in excluded_paths.split(',')]
 
         # Get engine type
         engine_id = request.POST['scan_mode']

From 999194c87145c740d32b16693e4b7ad1539d5fe8 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 7 Aug 2024 22:25:57 +0530
Subject: [PATCH 069/211] feat: add import, out_of_scope subdomains, and
 starting point url, etc in multiple scans

---
 .../startScan/_items/start_scan_wizard.html   |  88 +++++++++++
 .../startScan/start_multiple_scan_ui.html     |  41 ++----
 .../templates/startScan/start_scan_ui.html    | 138 +-----------------
 web/startScan/views.py                        |  34 +++--
 web/static/custom/start-scan-wizard-init.js   |  59 ++++++++
 5 files changed, 183 insertions(+), 177 deletions(-)
 create mode 100644 web/startScan/templates/startScan/_items/start_scan_wizard.html
 create mode 100644 web/static/custom/start-scan-wizard-init.js

diff --git a/web/startScan/templates/startScan/_items/start_scan_wizard.html b/web/startScan/templates/startScan/_items/start_scan_wizard.html
new file mode 100644
index 000000000..cecb29f75
--- /dev/null
+++ b/web/startScan/templates/startScan/_items/start_scan_wizard.html
@@ -0,0 +1,88 @@
+<div class="row">
+  <div class="col-12">
+    <div class="card">
+      <div class="card-body">
+        {% if domain_list %}
+          <h4 class="header-title">Initiating multiple scan for {{ domain_list|length }} targets: </h4>
+        {% for domain in domain_list %}
+          <span class="badge badge-soft-primary m-1">{{domain}}</span>
+        {% endfor %}
+        <br>
+        <br>
+        {% endif %}
+        <form method="POST" id="start-scan-form">
+          {% csrf_token %}
+          <div id="select_engine">
+            <h4>Choose Scan Engine</h4>
+            <div class="">
+              <h4>Select Scan Engine</h4>
+              {% if custom_engines_count == 0 %}
+              <div class="alert bg-soft-primary border-0 mb-4" role="alert">
+                <span><b>Tips! </b> You do not have any custom scan engines. Would you like to create your own scan engine?</span>
+                <a href="{% url 'add_engine' current_project.slug %}" class="text-primary">Create Custom Scan Engine</a>
+              </div>
+              {% endif %}
+              {% include "startScan/_items/scanEngine_select.html" %}
+            </div>
+            <h4>Import/Ignore Subdomains</h4>
+            <div class="">
+              <div class="mb-3">
+                <h4 class="text-info">Import Subdomains(Optional)</h4>
+                <span class="">You can import subdomains for <b>{{domain.name}}</b> using your private recon tools.</span>
+                <br>
+                <div class="alert bg-soft-primary border-0 mt-1 mb-1" role="alert">
+                  <span class="">Separate the subdomains using <b>new line</b>. If the subdomain does not belong to <b>{{domain.name}}</b> it will be skipped.</span>
+                </div>
+                <label for="importSubdomainFormControlTextarea" class="form-label mt-1">Subdomains List</label>
+                <textarea class="form-control" id="importSubdomainFormControlTextarea" name="importSubdomainTextArea" rows="6" spellcheck="false"></textarea>
+              </div>
+              <div class="mb-3">
+                <h4 class="text-warning">Out of Scope Subdomains(Optional)</h4>
+                <span class="">You can import subdomains for <b>{{domain.name}}</b> using your private recon tools.</span>
+                <br>
+                <div class="alert bg-soft-warning border-0 mt-1 mb-1" role="alert">
+                  <span class="">Separate the out of scope subdomains/keywords using new line.(No regex currently supported.)</span>
+                </div>
+                <label for="outOfScopeSubdomainTextarea" class="form-label mt-1">Out of Scope Subdomains List</label>
+                <textarea class="form-control" id="outOfScopeSubdomainTextarea" name="outOfScopeSubdomainTextarea" rows="6" spellcheck="false"></textarea>
+              </div>
+            </div>
+
+            <h4>URL Scope and Exclusions</h4>
+            <div class="mb-4">
+              <div class="mb-3">
+                <h4 class="text-info">Starting Point URL (Optional)</h4>
+                <input type="email" class="form-control" id="startingPointUrl" placeholder="e.g. /home" name="startingPointUrl">
+                <small class="form-text text-muted">
+                  Defines where the scan should begin. Leave blank to scan from the root (/) and include all subdomains. 
+                  </br>
+                  If a path is provided (e.g., /home), the scan will focus only on that path and its subpaths, 
+                  skipping subdomain scanning. For example, entering '/home' for {{domain.name}} will scan 
+                  https://{{domain.name}}/home, but not other parts of {{domain.name}} or its subdomains.
+                </small>
+              </div>
+              <div class="mb-3">
+                <h4 class="text-warning">Excluded Paths (Optional)</h4>
+                <input type="text" id="excludedPaths" value="{{excluded_paths}}" name="excludedPaths">
+                <small class="form-text text-muted">
+                Enter paths or regex patterns to exclude from the scan. Type a path or pattern and press Enter to add it.
+                Supports both exact path matching and regex patterns. Examples:<br>
+                • <code>/admin</code> excludes paths starting with '/admin'<br>
+                • <code>/images/.*\.jpg</code> excludes all .jpg files in the images directory<br>
+                • <code>/static/(?:css|js)/</code> excludes all contents of /static/css/ and /static/js/<br>
+                <b>Common exclusions:</b><br>
+                • Static assets: <code>/images/.*</code>, <code>/css/.*</code><br>
+                <br>
+                <b>Note: Use regex patterns carefully. While exclusions can speed up scans, be cautious not to exclude critical areas that may contain vulnerabilities. Test your patterns to ensure they match as intended.</b>
+              </small>
+            </div>
+          </div>
+          {% if domain_ids %}
+          <input type="hidden" name="domain_ids" value="{{domain_ids}}">
+          {% endif %}
+        </form>
+      </div>
+    </div>
+  </div>
+</div>
+
diff --git a/web/startScan/templates/startScan/start_multiple_scan_ui.html b/web/startScan/templates/startScan/start_multiple_scan_ui.html
index f69e85d47..0230b8f38 100644
--- a/web/startScan/templates/startScan/start_multiple_scan_ui.html
+++ b/web/startScan/templates/startScan/start_multiple_scan_ui.html
@@ -2,11 +2,15 @@
 {% load static %}
 
 {% block title %}
-Start Scan
+Start Scan for Multiple Targets
 {% endblock title %}
 
 
+
 {% block custom_js_css_link %}
+<link href="{% static 'plugins/jquery-step/jquery.steps.css' %}" rel="stylesheet" type="text/css" />
+<link href="{% static 'plugins/accordions/custom-accordions.css' %}" rel="stylesheet" type="text/css" />
+<link href="{% static 'plugins/selectize/css/selectize.bootstrap3.css' %}" rel="stylesheet" type="text/css" />
 {% endblock custom_js_css_link %}
 
 {% block breadcrumb_title %}
@@ -15,41 +19,16 @@
 {% endblock breadcrumb_title %}
 
 {% block page_title %}
-Initiate Scan for Multiple Targets
+  Initiate Scan for Multiple Targets
 {% endblock page_title %}
 
 {% block main_content %}
-<div class="row">
-  <div class="col-xl-12">
-    <div class="card">
-      <div class="card-body">
-        <h4 class="header-title">Initiating multiple scan for {{ domain_list|length }} targets: </h4>
-        {% for domain in domain_list %}
-        <span class="badge badge-soft-primary m-1">{{domain}}</span>
-        {% endfor %}
-        <form method="POST">
-          {% csrf_token %}
-          <h4 class="header-title mt-4">Select the scan type</h4>
-          <div class="mt-4">
-            {% if custom_engine_count == 0 %}
-            <div class="alert bg-soft-primary border-0 mb-4" role="alert">
-              <span><b>Tips! </b> You do not have any custom scan engines. Would you like to create your own scan engine?</span>
-              <a href="{% url 'add_engine' current_project.slug %}" class="text-primary">Create Custom Scan Engine</a>
-            </div>
-            {% endif %}
-            <input type="hidden" name="list_of_domain_id" value="{{domain_ids}}">
-            {% include "startScan/_items/scanEngine_select.html" %}
-          </div>
-          <button class="btn btn-primary submit-fn mt-2 float-end" type="submit"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" class="feather table-scan feather-zap" id="myInput" value="helloworld">
-            <polygon points="13 2 3 14 12 14 11 22 21 10 12 10 13 2"></polygon>
-          </svg> Start Scan</button>
-        </form>
-      </div>
-    </div>
-  </div>
-</div>
+  {% include "startScan/_items/start_scan_wizard.html" %}
 {% endblock main_content %}
 
 
 {% block page_level_script %}
+<script src="{% static 'plugins/jquery-step/jquery.steps.min.js' %}"></script>
+<script src="{% static 'plugins/selectize/js/standalone/selectize.min.js' %}"></script>
+<script src="{% static 'custom/start-scan-wizard-init.js' %}"></script>
 {% endblock page_level_script %}
diff --git a/web/startScan/templates/startScan/start_scan_ui.html b/web/startScan/templates/startScan/start_scan_ui.html
index 181a40400..296a6c5f6 100644
--- a/web/startScan/templates/startScan/start_scan_ui.html
+++ b/web/startScan/templates/startScan/start_scan_ui.html
@@ -19,148 +19,16 @@
 {% endblock breadcrumb_title %}
 
 {% block page_title %}
-Initiating scan for {{domain.name}}
+  Initiating scan for {{domain.name}}
 {% endblock page_title %}
 
 {% block main_content %}
-<div class="row">
-  <div class="col-12">
-    <div class="card">
-      <div class="card-body">
-        <form method="POST" id="start-scan-form">
-          {% csrf_token %}
-          <div id="select_engine">
-            <h4>Choose Scan Engine</h4>
-            <div class="">
-              <h4>Select Scan Engine</h4>
-              {% if custom_engine_count == 0 %}
-              <div class="alert bg-soft-primary border-0 mb-4" role="alert">
-                <span><b>Tips! </b> You do not have any custom scan engines. Would you like to create your own scan engine?</span>
-                <a href="{% url 'add_engine' current_project.slug %}" class="text-primary">Create Custom Scan Engine</a>
-              </div>
-              {% endif %}
-              {% include "startScan/_items/scanEngine_select.html" %}
-            </div>
-            <h4>Import/Ignore Subdomains</h4>
-            <div class="">
-              <div class="mb-3">
-                <h4 class="text-info">Import Subdomains(Optional)</h4>
-                <span class="">You can import subdomains for <b>{{domain.name}}</b> using your private recon tools.</span>
-                <br>
-                <div class="alert bg-soft-primary border-0 mt-1 mb-1" role="alert">
-                  <span class="">Separate the subdomains using <b>new line</b>. If the subdomain does not belong to <b>{{domain.name}}</b> it will be skipped.</span>
-                </div>
-                <label for="importSubdomainFormControlTextarea" class="form-label mt-1">Subdomains List</label>
-                <textarea class="form-control" id="importSubdomainFormControlTextarea" name="importSubdomainTextArea" rows="6" spellcheck="false"></textarea>
-              </div>
-              <div class="mb-3">
-                <h4 class="text-warning">Out of Scope Subdomains(Optional)</h4>
-                <span class="">You can import subdomains for <b>{{domain.name}}</b> using your private recon tools.</span>
-                <br>
-                <div class="alert bg-soft-warning border-0 mt-1 mb-1" role="alert">
-                  <span class="">Separate the out of scope subdomains/keywords using new line.(No regex currently supported.)</span>
-                </div>
-                <label for="outOfScopeSubdomainTextarea" class="form-label mt-1">Out of Scope Subdomains List</label>
-                <textarea class="form-control" id="outOfScopeSubdomainTextarea" name="outOfScopeSubdomainTextarea" rows="6" spellcheck="false"></textarea>
-              </div>
-            </div>
-
-            <h4>URL Scope and Exclusions</h4>
-            <div class="mb-4">
-              <div class="mb-3">
-                <h4 class="text-info">Starting Point URL (Optional)</h4>
-                <input type="email" class="form-control" id="startingPointUrl" placeholder="e.g. /home" name="startingPointUrl">
-                <small class="form-text text-muted">
-                  Defines where the scan should begin. Leave blank to scan from the root (/) and include all subdomains. 
-                  </br>
-                  If a path is provided (e.g., /home), the scan will focus only on that path and its subpaths, 
-                  skipping subdomain scanning. For example, entering '/home' for {{domain.name}} will scan 
-                  https://{{domain.name}}/home, but not other parts of {{domain.name}} or its subdomains.
-                </small>
-              </div>
-              <div class="mb-3">
-                <h4 class="text-warning">Excluded Paths (Optional)</h4>
-                <input type="text" id="excludedPaths" value="{{excluded_paths}}" name="excludedPaths">
-                <small class="form-text text-muted">
-                Enter paths or regex patterns to exclude from the scan. Type a path or pattern and press Enter to add it.
-                Supports both exact path matching and regex patterns. Examples:<br>
-                • <code>/admin</code> excludes paths starting with '/admin'<br>
-                • <code>/images/.*\.jpg</code> excludes all .jpg files in the images directory<br>
-                • <code>/static/(?:css|js)/</code> excludes all contents of /static/css/ and /static/js/<br>
-                <b>Common exclusions:</b><br>
-                • Static assets: <code>/images/.*</code>, <code>/css/.*</code><br>
-                <br>
-                <b>Note: Use regex patterns carefully. While exclusions can speed up scans, be cautious not to exclude critical areas that may contain vulnerabilities. Test your patterns to ensure they match as intended.</b>
-              </small>
-            </div>
-          </div>
-        </form>
-      </div>
-    </div>
-  </div>
-</div>
+  {% include "startScan/_items/start_scan_wizard.html" %}
 {% endblock main_content %}
 
 
 {% block page_level_script %}
 <script src="{% static 'plugins/jquery-step/jquery.steps.min.js' %}"></script>
 <script src="{% static 'plugins/selectize/js/standalone/selectize.min.js' %}"></script>
-<script type="text/javascript">
-
-$(document).ready(function() {
-  var buttonEnabled = true;
-  var globalTimeout = 0;
-
-  $("#select_engine").steps({
-    headerTag: "h4",
-    bodyTag: "div",
-    transitionEffect: "slide",
-    cssClass: 'pill wizard',
-    enableKeyNavigation: false,
-    onStepChanging: updateButton,
-    labels: {finish: "Start Scan"},
-    onInit :function (event, current) {
-      $(".actions ul li:nth-child(3) a").attr('onclick', `$(this).closest('form').submit()`);
-    }
-  });
-  $("input[type=radio][name=scan_mode]").change(initTimer).keyup(initTimer);
-  disableNext();
-  $('a[role="menuitem"]').addClass('text-white');
-
-  function initTimer() {
-    if (globalTimeout) clearTimeout(globalTimeout);
-    globalTimeout = setTimeout(updateButton, 400);
-  }
-  function disableNext(){
-    var nextButton = $(".actions ul li:nth-child(2) a");
-    nextButton.attr("href", "#");
-    buttonEnabled = $(".actions ul li:nth-child(2)").addClass("disabled").attr("aria-disabled", "true");
-  }
-
-  function enableNext(){
-    var nextButton = $(".actions ul li:nth-child(2) a");
-    nextButton.attr("href", "#next");
-    buttonEnabled = $(".actions ul li:nth-child(2)").removeClass("disabled").attr("aria-disabled", "false");
-  }
-
-  function updateButton(){
-    $('a[role="menuitem"]').addClass('btn btn-primary waves-effect waves-light');
-    var text = $("input[type=radio][name=scan_mode]").val();
-    if(text === ''){
-      disableNext();
-      return false;
-    }else{
-      enableNext();
-      return true;
-    }
-  }
-
-  $('#excludedPaths').selectize({
-    persist: false,
-    createOnBlur: true,
-    create: true,
-  });
-
-});
-</script>
+<script src="{% static 'custom/start-scan-wizard-init.js' %}"></script>
 {% endblock page_level_script %}
diff --git a/web/startScan/views.py b/web/startScan/views.py
index 37d7d6858..6cb33db49 100644
--- a/web/startScan/views.py
+++ b/web/startScan/views.py
@@ -300,8 +300,8 @@ def start_scan_ui(request, slug, domain_id):
         return HttpResponseRedirect(reverse('scan_history', kwargs={'slug': slug}))
 
     # GET request
-    engine = EngineType.objects.order_by('engine_name')
-    custom_engine_count = (
+    engines = EngineType.objects.order_by('engine_name')
+    custom_engines_count = (
         EngineType.objects
         .filter(default_engine=False)
         .count()
@@ -310,8 +310,8 @@ def start_scan_ui(request, slug, domain_id):
     context = {
         'scan_history_active': 'active',
         'domain': domain,
-        'engines': engine,
-        'custom_engine_count': custom_engine_count,
+        'engines': engines,
+        'custom_engines_count': custom_engines_count,
         'excluded_paths': excluded_paths
     }
     return render(request, 'startScan/start_scan_ui.html', context)
@@ -325,11 +325,20 @@ def start_multiple_scan(request, slug):
             # if scan mode is available, then start the scan
             # get engine type
             engine_id = request.POST['scan_mode']
-            list_of_domains = request.POST['list_of_domain_id']
+            list_of_domain_ids = request.POST['domain_ids']
+            subdomains_in = request.POST['importSubdomainTextArea'].split()
+            subdomains_in = [s.rstrip() for s in subdomains_in if s]
+            subdomains_out = request.POST['outOfScopeSubdomainTextarea'].split()
+            subdomains_out = [s.rstrip() for s in subdomains_out if s]
+            starting_point_url = request.POST['startingPointUrl'].strip()
+            excluded_paths = request.POST['excludedPaths'] # string separated by ,
+
+            # split excluded paths by ,
+            excluded_paths = [path.strip() for path in excluded_paths.split(',')]
 
             grouped_scans = []
 
-            for domain_id in list_of_domains.split(","):
+            for domain_id in list_of_domain_ids.split(","):
                 # Start the celery task
                 scan_history_id = create_scan_object(
                     host_id=domain_id,
@@ -344,10 +353,11 @@ def start_multiple_scan(request, slug):
                     'engine_id': engine_id,
                     'scan_type': LIVE_SCAN,
                     'results_dir': '/usr/src/scan_results',
-                    'initiated_by_id': request.user.id
-                    # TODO: Add this to multiple scan view
-                    # 'imported_subdomains': subdomains_in,
-                    # 'out_of_scope_subdomains': subdomains_out
+                    'initiated_by_id': request.user.id,
+                    'imported_subdomains': subdomains_in,
+                    'out_of_scope_subdomains': subdomains_out,
+                    'starting_point_url': starting_point_url,
+                    'excluded_paths': excluded_paths,
                 }
 
                 _scan_task = initiate_scan.si(**kwargs)
@@ -383,12 +393,14 @@ def start_multiple_scan(request, slug):
         .filter(default_engine=False)
         .count()
     )
+    excluded_paths = ','.join(DEFAULT_EXCLUDED_PATHS)
     context = {
         'scan_history_active': 'active',
         'engines': engines,
         'domain_list': list_of_domain_name,
         'domain_ids': domain_ids,
-        'custom_engine_count': custom_engine_count
+        'custom_engine_count': custom_engine_count,
+        'excluded_paths': excluded_paths
     }
     return render(request, 'startScan/start_multiple_scan_ui.html', context)
 
diff --git a/web/static/custom/start-scan-wizard-init.js b/web/static/custom/start-scan-wizard-init.js
new file mode 100644
index 000000000..ee1ce61db
--- /dev/null
+++ b/web/static/custom/start-scan-wizard-init.js
@@ -0,0 +1,59 @@
+var buttonEnabled = true;
+var globalTimeout = 0;
+
+$("#select_engine").steps({
+  headerTag: "h4",
+  bodyTag: "div",
+  transitionEffect: "slide",
+  cssClass: "pill wizard",
+  enableKeyNavigation: false,
+  onStepChanging: updateButton,
+  labels: { finish: "Start Scan" },
+  onInit: function (event, current) {
+    $(".actions ul li:nth-child(3) a").attr(
+      "onclick",
+      `$(this).closest('form').submit()`
+    );
+  },
+});
+$("input[type=radio][name=scan_mode]").change(initTimer).keyup(initTimer);
+disableNext();
+$('a[role="menuitem"]').addClass("text-white");
+
+function initTimer() {
+  if (globalTimeout) clearTimeout(globalTimeout);
+  globalTimeout = setTimeout(updateButton, 400);
+}
+function disableNext() {
+  var nextButton = $(".actions ul li:nth-child(2) a");
+  nextButton.attr("href", "#");
+  buttonEnabled = $(".actions ul li:nth-child(2)")
+    .addClass("disabled")
+    .attr("aria-disabled", "true");
+}
+
+function enableNext() {
+  var nextButton = $(".actions ul li:nth-child(2) a");
+  nextButton.attr("href", "#next");
+  buttonEnabled = $(".actions ul li:nth-child(2)")
+    .removeClass("disabled")
+    .attr("aria-disabled", "false");
+}
+
+function updateButton() {
+  $('a[role="menuitem"]').addClass("btn btn-primary waves-effect waves-light");
+  var text = $("input[type=radio][name=scan_mode]").val();
+  if (text === "") {
+    disableNext();
+    return false;
+  } else {
+    enableNext();
+    return true;
+  }
+}
+
+$("#excludedPaths").selectize({
+  persist: false,
+  createOnBlur: true,
+  create: true,
+});

From dcf264d206317a5e31e2da10163a19d1674fafc3 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 7 Aug 2024 22:31:38 +0530
Subject: [PATCH 070/211] feat: add feature for import/export,url filter for
 organization scan

---
 .../templates/organization/start_scan.html    | 36 ++++---------------
 web/startScan/views.py                        | 23 +++++++++---
 2 files changed, 25 insertions(+), 34 deletions(-)

diff --git a/web/startScan/templates/organization/start_scan.html b/web/startScan/templates/organization/start_scan.html
index 555ca9fe0..e968ad5fb 100644
--- a/web/startScan/templates/organization/start_scan.html
+++ b/web/startScan/templates/organization/start_scan.html
@@ -7,11 +7,13 @@
 
 
 {% block custom_js_css_link %}
+<link href="{% static 'plugins/jquery-step/jquery.steps.css' %}" rel="stylesheet" type="text/css" />
 <link href="{% static 'plugins/accordions/custom-accordions.css' %}" rel="stylesheet" type="text/css" />
+<link href="{% static 'plugins/selectize/css/selectize.bootstrap3.css' %}" rel="stylesheet" type="text/css" />
 {% endblock custom_js_css_link %}
 
 {% block breadcrumb_title %}
-<li class="breadcrumb-item"><a href="{% url 'list_organization' current_project.slug">Organization</a></li>
+<li class="breadcrumb-item"><a href="{% url 'list_organization' current_project.slug %}">Organization</a></li>
 <li class="breadcrumb-item active">Initiate Scan</li>
 <li class="breadcrumb-item active" aria-current="page">{{organization.name}}</li>
 {% endblock breadcrumb_title %}
@@ -21,36 +23,12 @@
 {% endblock page_title %}
 
 {% block main_content %}
-<div class="row">
-  <div class="col-12">
-    <div class="card">
-      <div class="card-body">
-        <h4 class="heading-title">{{ domain_list|length }} Domains associated with organization {{organization.name}}</h4>
-        {% for domain in domain_list %}
-        <span class="badge bg-soft-dark text-dark m-1">{{domain.name}}</span>
-        {% endfor %}
-        <form method="POST">
-          {% csrf_token %}
-          <div class="form-row">
-            <div class="col-md-12 mb-4">
-              <h4>Select Scan Engine</h4>
-              {% if custom_engine_count == 0 %}
-              <div class="alert bg-soft-primary border-0 mb-4" role="alert">
-                <span><b>Tips! </b> You do not have any custom scan engines. Would you like to create your own scan engine?</span>
-                <a href="{% url 'add_engine' current_project.slug %}" class="text-primary">Create Custom Scan Engine</a>
-              </div>
-              {% endif %}
-              {% include "startScan/_items/scanEngine_select.html" %}
-              <button class="btn btn-primary submit-fn mt-2 float-end" type="submit"><i class="fe-zap"></i> Start Scan</button>
-            </div>
-            <input type="hidden" name="list_of_domain_id" value="{{domain_ids}}">
-          </form>
-      </div>
-    </div>
-  </div>
-</div>
+  {% include "startScan/_items/start_scan_wizard.html" %}
 {% endblock main_content %}
 
 
 {% block page_level_script %}
+<script src="{% static 'plugins/jquery-step/jquery.steps.min.js' %}"></script>
+<script src="{% static 'plugins/selectize/js/standalone/selectize.min.js' %}"></script>
+<script src="{% static 'custom/start-scan-wizard-init.js' %}"></script>
 {% endblock page_level_script %}
diff --git a/web/startScan/views.py b/web/startScan/views.py
index 6cb33db49..386df7dc2 100644
--- a/web/startScan/views.py
+++ b/web/startScan/views.py
@@ -332,7 +332,6 @@ def start_multiple_scan(request, slug):
             subdomains_out = [s.rstrip() for s in subdomains_out if s]
             starting_point_url = request.POST['startingPointUrl'].strip()
             excluded_paths = request.POST['excludedPaths'] # string separated by ,
-
             # split excluded paths by ,
             excluded_paths = [path.strip() for path in excluded_paths.split(',')]
 
@@ -732,6 +731,15 @@ def start_organization_scan(request, id, slug):
     if request.method == "POST":
         engine_id = request.POST['scan_mode']
 
+        subdomains_in = request.POST['importSubdomainTextArea'].split()
+        subdomains_in = [s.rstrip() for s in subdomains_in if s]
+        subdomains_out = request.POST['outOfScopeSubdomainTextarea'].split()
+        subdomains_out = [s.rstrip() for s in subdomains_out if s]
+        starting_point_url = request.POST['startingPointUrl'].strip()
+        excluded_paths = request.POST['excludedPaths'] # string separated by ,
+        # split excluded paths by ,
+        excluded_paths = [path.strip() for path in excluded_paths.split(',')]
+
         # Start Celery task for each organization's domains
         for domain in organization.get_domains():
             scan_history_id = create_scan_object(
@@ -748,9 +756,10 @@ def start_organization_scan(request, id, slug):
                 'scan_type': LIVE_SCAN,
                 'results_dir': '/usr/src/scan_results',
                 'initiated_by_id': request.user.id,
-                # TODO: Add this to multiple scan view
-                # 'imported_subdomains': subdomains_in,
-                # 'out_of_scope_subdomains': subdomains_out
+                'imported_subdomains': subdomains_in,
+                'out_of_scope_subdomains': subdomains_out,
+                'starting_point_url': starting_point_url,
+                'excluded_paths': excluded_paths,
             }
             initiate_scan.apply_async(kwargs=kwargs)
             scan.save()
@@ -768,13 +777,17 @@ def start_organization_scan(request, id, slug):
     engine = EngineType.objects.order_by('engine_name')
     custom_engine_count = EngineType.objects.filter(default_engine=False).count()
     domain_list = organization.get_domains()
+    excluded_paths = ','.join(DEFAULT_EXCLUDED_PATHS)
+
     context = {
         'organization_data_active': 'true',
         'list_organization_li': 'active',
         'organization': organization,
         'engines': engine,
         'domain_list': domain_list,
-        'custom_engine_count': custom_engine_count}
+        'custom_engine_count': custom_engine_count,
+        'excluded_paths': excluded_paths
+    }
     return render(request, 'organization/start_scan.html', context)
 
 

From 5162982c1bafbb05e7a6e4ea4d1471ea6ba653d9 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Thu, 8 Aug 2024 07:36:10 +0530
Subject: [PATCH 071/211] fix ui for schedule scan

---
 .../startScan/js/schedule-scan-wizard.js      |  89 +++++++++
 .../startScan/js}/start-scan-wizard-init.js   |   0
 .../organization/schedule_scan_ui.html        | 161 +---------------
 .../templates/organization/start_scan.html    |   2 +-
 ..._select.html => scanengine_accordion.html} |   0
 .../_items/schedule_scan_wizard.html          | 123 ++++++++++++
 .../startScan/_items/start_scan_wizard.html   |   2 +-
 .../templates/startScan/schedule_scan_ui.html | 180 +-----------------
 .../startScan/start_multiple_scan_ui.html     |   2 +-
 .../templates/startScan/start_scan_ui.html    |   4 +-
 10 files changed, 225 insertions(+), 338 deletions(-)
 create mode 100644 web/startScan/static/startScan/js/schedule-scan-wizard.js
 rename web/{static/custom => startScan/static/startScan/js}/start-scan-wizard-init.js (100%)
 rename web/startScan/templates/startScan/_items/{scanEngine_select.html => scanengine_accordion.html} (100%)
 create mode 100644 web/startScan/templates/startScan/_items/schedule_scan_wizard.html

diff --git a/web/startScan/static/startScan/js/schedule-scan-wizard.js b/web/startScan/static/startScan/js/schedule-scan-wizard.js
new file mode 100644
index 000000000..1f2a8ca8c
--- /dev/null
+++ b/web/startScan/static/startScan/js/schedule-scan-wizard.js
@@ -0,0 +1,89 @@
+function schedulerChanged(selectObject) {
+  selectedValue = selectObject.value;
+  if (selectedValue == "periodic") {
+    var clockedDiv = document.getElementById("clocked-div");
+    clockedDiv.classList.remove("show");
+    clockedDiv.classList.remove("active");
+    var periodicDiv = document.getElementById("periodic-div");
+    periodicDiv.classList.add("show");
+    periodicDiv.classList.add("active");
+  } else if (selectedValue == "clocked") {
+    var periodicDiv = document.getElementById("periodic-div");
+    periodicDiv.classList.remove("show");
+    periodicDiv.classList.remove("active");
+    var clockedDiv = document.getElementById("clocked-div");
+    clockedDiv.classList.add("show");
+    clockedDiv.classList.add("active");
+  }
+}
+
+var buttonEnabled = true;
+var globalTimeout = 0;
+
+function disableNext() {
+  var nextButton = $(".actions ul li:nth-child(2) a");
+  nextButton.attr("href", "#");
+  buttonEnabled = $(".actions ul li:nth-child(2)")
+    .addClass("disabled")
+    .attr("aria-disabled", "true");
+}
+
+function enableNext() {
+  var nextButton = $(".actions ul li:nth-child(2) a");
+  nextButton.attr("href", "#next");
+  buttonEnabled = $(".actions ul li:nth-child(2)")
+    .removeClass("disabled")
+    .attr("aria-disabled", "false");
+}
+
+function updateButton() {
+  var text = $("input[type=radio][name=scan_mode]").val();
+  if (text === "") {
+    disableNext();
+    return false;
+  } else {
+    enableNext();
+    return true;
+  }
+}
+
+function initTimer() {
+  if (globalTimeout) clearTimeout(globalTimeout);
+  globalTimeout = setTimeout(updateButton, 400);
+}
+
+$("#schedule_scan_steps").steps({
+  headerTag: "h3",
+  bodyTag: "div",
+  transitionEffect: "slide",
+  cssClass: "pill wizard",
+  enableKeyNavigation: false,
+  onStepChanging: updateButton,
+  labels: { finish: "Start Scan" },
+  onInit: function (event, current) {
+    $('a[role="menuitem"]').addClass("text-white");
+    $(".actions ul li:nth-child(3) a").attr(
+      "onclick",
+      `$(this).closest('form').submit()`
+    );
+    flatpickr(document.getElementById("clockedTime"), {
+      enableTime: true,
+      dateFormat: "Y-m-d H:i",
+    });
+    // $(".basic").select2({
+    //   minimumResultsForSearch: -1
+    // });
+  },
+  onStepChanged: function (event, currentIndex, priorIndex) {
+    if (currentIndex == 1) {
+      $("input[type=radio][name=scan_mode]").change(initTimer).keyup(initTimer);
+      disableNext();
+    }
+  },
+});
+
+$("#excludedPaths").selectize({
+  persist: false,
+  createOnBlur: true,
+  create: true,
+});
diff --git a/web/static/custom/start-scan-wizard-init.js b/web/startScan/static/startScan/js/start-scan-wizard-init.js
similarity index 100%
rename from web/static/custom/start-scan-wizard-init.js
rename to web/startScan/static/startScan/js/start-scan-wizard-init.js
diff --git a/web/startScan/templates/organization/schedule_scan_ui.html b/web/startScan/templates/organization/schedule_scan_ui.html
index 931c0ae46..997f5b8d3 100644
--- a/web/startScan/templates/organization/schedule_scan_ui.html
+++ b/web/startScan/templates/organization/schedule_scan_ui.html
@@ -10,6 +10,7 @@
 <link href="{% static 'plugins/jquery-step/jquery.steps.css' %}" rel="stylesheet" type="text/css" />
 <link href="{% static 'plugins/accordions/custom-accordions.css' %}" rel="stylesheet" type="text/css" />
 <link href="{% static 'plugins/flatpickr/flatpickr.min.css' %}" rel="stylesheet" type="text/css" />
+<link href="{% static 'plugins/selectize/css/selectize.bootstrap3.css' %}" rel="stylesheet" type="text/css" />
 {% endblock custom_js_css_link %}
 
 {% block breadcrumb_title %}
@@ -23,167 +24,13 @@
 {% endblock page_title %}
 
 {% block main_content %}
-<div class="row">
-  <div class="col-12">
-    <div class="card">
-      <div class="card-body">
-        <h4 class="heading-title">{{ domain_list|length }} Domains associated with organization {{organization.name}}</h4>
-        {% for domain in domain_list %}
-        <span class="badge bg-dark m-1">{{domain.name}}</span>
-        {% endfor %}
-        <form method="POST" id="start-scan-form" class="mt-2">
-          {% csrf_token %}
-          <div id="schedule_scan_steps">
-            <h4>Choose the scheduler</h4>
-            <div class="">
-              <div class="form-row">
-                <select class="form-select" onchange="schedulerChanged(this)" name="scheduled_mode" style="line-height: 2.0;">
-                  <option value="periodic">Periodic Scan</option>
-                  <option value="clocked">Clocked Scan</option>
-                </select>
-              </div>
-              <div class="tab-content" id="animateLineContent-4">
-                <div class="tab-pane fade show active" id="periodic-div" role="tabpanel" aria-labelledby="periodic-tab-tab">
-                  <div class="mb-4">
-                    <h5>Run scan every</h5>
-                    <div class="row">
-                      <div class='col-4'>
-                        <input id="t-text" type="number" name="frequency" value="30" class="form-control form-control-lg">
-                      </div>
-                      <div class="col-8">
-                        <select class="form-select" name="frequency_type" style="line-height: 2.0;">
-                          <option value="minutes">Minutes</option>
-                          <option value="hours">Hours</option>
-                          <option value="days">Days</option>
-                          <option value="weeks">Weeks</option>
-                          <option value="months">Months</option>
-                        </select>
-                      </div>
-                    </div>
-                  </div>
-                </div>
-                <div class="tab-pane fade" id="clocked-div" role="tabpanel" aria-labelledby="clocked-tab-tab">
-                  <div class="mb-4">
-                    <h5>Run scan exactly at</h5>
-                    <div class="row">
-                      <div class="col-12">
-                        <div class="form-group mb-0">
-                          <input type="text" id="clockedTime" class="form-control form-control-lg flatpickr flatpickr-input active" placeholder="Select Scheduler Date and time" name="scheduled_time">
-                        </div>
-                      </div>
-                    </div>
-                  </div>
-                </div>
-              </div>
-            </div>
-            <h4>Choose Scan Engine</h4>
-            <div class="">
-              <h4>Select Scan Engine</h4>
-              {% if custom_engine_count == 0 %}
-              <div class="alert bg-soft-primary border-0 mb-4" role="alert">
-                <span><b>Tips! </b> You do not have any custom scan engines. Would you like to create your own scan engine?</span>
-                <a href="{% url 'add_engine' current_project.slug %}" class="text-primary">Create Custom Scan Engine</a>
-              </div>
-              {% endif %}
-              {% include "startScan/_items/scanEngine_select.html" %}
-            </div>
-          </div>
-        </form>
-      </div>
-    </div>
-  </div>
-</div>
+  {% include "startScan/_items/schedule_scan_wizard.html" %}
 {% endblock main_content %}
 
 
 {% block page_level_script %}
 <script src="{% static 'plugins/jquery-step/jquery.steps.min.js' %}"></script>
 <script src="{% static 'plugins/flatpickr/flatpickr.min.js' %}"></script>
-<script type="text/javascript">
-
-function schedulerChanged(selectObject){
-  selectedValue = selectObject.value;
-  if (selectedValue == 'periodic') {
-    var clockedDiv = document.getElementById("clocked-div");
-    clockedDiv.classList.remove("show");
-    clockedDiv.classList.remove("active");
-    var periodicDiv = document.getElementById("periodic-div");
-    periodicDiv.classList.add("show");
-    periodicDiv.classList.add("active");
-  }
-  else if (selectedValue == 'clocked') {
-    var periodicDiv = document.getElementById("periodic-div");
-    periodicDiv.classList.remove("show");
-    periodicDiv.classList.remove("active");
-    var clockedDiv = document.getElementById("clocked-div");
-    clockedDiv.classList.add("show");
-    clockedDiv.classList.add("active");
-  }
-}
-
-
-var buttonEnabled = true;
-var globalTimeout = 0;
-
-
-function disableNext(){
-  var nextButton = $(".actions ul li:nth-child(2) a");
-  nextButton.attr("href", "#");
-  buttonEnabled = $(".actions ul li:nth-child(2)").addClass("disabled").attr("aria-disabled", "true");
-}
-
-function enableNext(){
-  var nextButton = $(".actions ul li:nth-child(2) a");
-  nextButton.attr("href", "#next");
-  buttonEnabled = $(".actions ul li:nth-child(2)").removeClass("disabled").attr("aria-disabled", "false");
-}
-
-
-function updateButton(){
-  var text = $("input[type=radio][name=scan_mode]").val();
-  if(text === ''){
-    disableNext();
-    return false;
-  }else{
-    enableNext();
-    return true;
-  }
-}
-
-function initTimer() {
-  if (globalTimeout) clearTimeout(globalTimeout);
-  globalTimeout = setTimeout(updateButton, 400);
-}
-
-$(function(){
-  $("#schedule_scan_steps").steps({
-    headerTag: "h4",
-    bodyTag: "div",
-    transitionEffect: "slide",
-    cssClass: 'pill wizard',
-    enableKeyNavigation: false,
-    onStepChanging: updateButton,
-    labels: {finish: "Start Scan"},
-    onInit :function (event, current) {
-      $('a[role="menuitem"]').addClass('text-white');
-      $(".actions ul li:nth-child(3) a").attr('onclick', `$(this).closest('form').submit()`);
-      flatpickr(document.getElementById('clockedTime'), {
-        enableTime: true,
-        dateFormat: "Y-m-d H:i",
-      });
-      $(".basic").select2({
-        minimumResultsForSearch: -1
-      });
-    },
-    onStepChanged: function (event, currentIndex, priorIndex) {
-      if (currentIndex == 1){
-        $("input[type=radio][name=scan_mode]").change(initTimer).keyup(initTimer);
-        disableNext();
-      }
-    }
-  });
-
-});
-
-</script>
+<script src="{% static 'plugins/selectize/js/standalone/selectize.min.js' %}"></script>
+<script src="{% static 'startScan/js/schedule-scan-wizard.js' %}"></script>
 {% endblock page_level_script %}
diff --git a/web/startScan/templates/organization/start_scan.html b/web/startScan/templates/organization/start_scan.html
index e968ad5fb..8b388fa90 100644
--- a/web/startScan/templates/organization/start_scan.html
+++ b/web/startScan/templates/organization/start_scan.html
@@ -30,5 +30,5 @@
 {% block page_level_script %}
 <script src="{% static 'plugins/jquery-step/jquery.steps.min.js' %}"></script>
 <script src="{% static 'plugins/selectize/js/standalone/selectize.min.js' %}"></script>
-<script src="{% static 'custom/start-scan-wizard-init.js' %}"></script>
+<script src="{% static 'startScan/js/start-scan-wizard-init.js' %}"></script>
 {% endblock page_level_script %}
diff --git a/web/startScan/templates/startScan/_items/scanEngine_select.html b/web/startScan/templates/startScan/_items/scanengine_accordion.html
similarity index 100%
rename from web/startScan/templates/startScan/_items/scanEngine_select.html
rename to web/startScan/templates/startScan/_items/scanengine_accordion.html
diff --git a/web/startScan/templates/startScan/_items/schedule_scan_wizard.html b/web/startScan/templates/startScan/_items/schedule_scan_wizard.html
new file mode 100644
index 000000000..d2dbf8816
--- /dev/null
+++ b/web/startScan/templates/startScan/_items/schedule_scan_wizard.html
@@ -0,0 +1,123 @@
+<div class="row">
+    <div class="col-12">
+        <div class="card">
+            <div class="card-body">
+                {% if domain_list %}
+                <h4 class="heading-title">{{ domain_list|length }} Domains associated with organization {{organization.name}}</h4> {% for domain in domain_list %}
+                <span class="badge badge-soft-primary m-1">{{domain.name}}</span> {% endfor %}
+                <br>
+                <br> {% endif %}
+                <form method="POST" id="start-scan-form">
+                    {% csrf_token %}
+                    <div id="schedule_scan_steps">
+                        <h3>Choose the scheduler</h3>
+                        <div class="">
+                            <div class="form-row">
+                                <select class="form-select" onchange="schedulerChanged(this)" name="scheduled_mode" style="line-height: 2.0;">
+                                    <option value="periodic">Periodic Scan</option>
+                                    <option value="clocked">Clocked Scan</option>
+                                </select>
+                            </div>
+                            <div class="tab-content" id="animateLineContent-4">
+                                <div class="tab-pane fade show active" id="periodic-div" role="tabpanel" aria-labelledby="periodic-tab-tab">
+                                    <div class="mb-4">
+                                        <h5>Run scan every</h5>
+                                        <div class="row">
+                                            <div class='col-4'>
+                                                <input id="t-text" type="number" name="frequency" value="30" class="form-control form-control-lg">
+                                            </div>
+                                            <div class="col-8">
+                                                <select class="form-select" name="frequency_type" style="line-height: 2.0;">
+                                                    <option value="minutes">Minutes</option>
+                                                    <option value="hours">Hours</option>
+                                                    <option value="days">Days</option>
+                                                    <option value="weeks">Weeks</option>
+                                                    <option value="months">Months</option>
+                                                </select>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </div>
+                                <div class="tab-pane fade" id="clocked-div" role="tabpanel" aria-labelledby="clocked-tab-tab">
+                                    <div class="mb-4">
+                                        <h5>Run scan exactly at</h5>
+                                        <div class="row">
+                                            <div class="col-12">
+                                                <div class="form-group mb-0">
+                                                    <!--<input id="clockedTime" value="{% now "Y-m-d H:i" %}" class="form-control flatpickr flatpickr-input active" type="text" placeholder="Select Date and time" name="scheduled_time">-->
+                                                    <input type="text" id="clockedTime" class="form-control form-control-lg flatpickr flatpickr-input active" placeholder="Select Scheduler Date and time" name="scheduled_time">
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </div>
+                            </div>
+                        </div>
+                        <h3>Choose Scan Engine</h3>
+                        <div class="">
+                            <h4>Select Scan Engine</h4> {% if custom_engine_count == 0 %}
+                            <div class="alert bg-soft-primary border-0 mb-4" role="alert">
+                                <span><b>Tips! </b> You do not have any custom scan engines. Would you like to create your own scan engine?</span>
+                                <a href="{% url 'add_engine' current_project.slug %}" class="text-primary">Create Custom Scan Engine</a>
+                            </div>
+                            {% endif %} {% include "startScan/_items/scanengine_accordion.html" %}
+                        </div>
+                        <h3>Import/Ignore Subdomains</h3>
+                        <div class="">
+                            <div class="mb-3">
+                                <h4 class="text-info">Import Subdomains(Optional)</h4>
+                                <span class="">You can import subdomains for <b>{{domain.name}}</b> using your private recon tools.</span>
+                                <br>
+                                <div class="alert bg-soft-primary border-0 mt-1 mb-1" role="alert">
+                                    <span class="">Separate the subdomains using <b>new line</b>. If the subdomain does not belong to <b>{{domain.name}}</b> it will be skipped.</span>
+                                </div>
+                                <label for="importSubdomainFormControlTextarea" class="form-label mt-1">Subdomains List</label>
+                                <textarea class="form-control" id="importSubdomainFormControlTextarea" name="importSubdomainTextArea" rows="6" spellcheck="false"></textarea>
+                            </div>
+                            <div class="mb-3">
+                                <h4 class="text-warning">Out of Scope Subdomains(Optional)</h4>
+                                <span class="">You can import subdomains for <b>{{domain.name}}</b> using your private recon tools.</span>
+                                <br>
+                                <div class="alert bg-soft-warning border-0 mt-1 mb-1" role="alert">
+                                    <span class="">Separate the out of scope subdomains/keywords using new line.(No regex currently supported.)</span>
+                                </div>
+                                <label for="outOfScopeSubdomainTextarea" class="form-label mt-1">Out of Scope Subdomains List</label>
+                                <textarea class="form-control" id="outOfScopeSubdomainTextarea" name="outOfScopeSubdomainTextarea" rows="6" spellcheck="false"></textarea>
+                            </div>
+                        </div>
+                        <h3>URL Scope and Exclusions</h3>
+                        <div class="mb-4">
+                            <div class="mb-3">
+                                <h4 class="text-info">Starting Point URL (Optional)</h4>
+                                <input type="email" class="form-control" id="startingPointUrl" placeholder="e.g. /home" name="startingPointUrl">
+                                <small class="form-text text-muted">
+                    Defines where the scan should begin. Leave blank to scan from the root (/) and include all subdomains.
+                    <br>
+                    If a path is provided (e.g., /home), the scan will focus only on that path and its subpaths,
+                    skipping subdomain scanning. For example, entering '/home' for {{domain.name}} will scan
+                    https://{{domain.name}}/home, but not other parts of {{domain.name}} or its subdomains.
+                    </small>
+                            </div>
+                            <div class="mb-3">
+                                <h4 class="text-warning">Excluded Paths (Optional)</h4>
+                                <input type="text" id="excludedPaths" value="{{excluded_paths}}" name="excludedPaths">
+                                <small class="form-text text-muted">
+                    Enter paths or regex patterns to exclude from the scan. Type a path or pattern and press Enter to add it.
+                    Supports both exact path matching and regex patterns. Examples:<br>
+                    • <code>/admin</code> excludes paths starting with '/admin'<br>
+                    • <code>/images/.*\.jpg</code> excludes all .jpg files in the images directory<br>
+                    • <code>/static/(?:css|js)/</code> excludes all contents of /static/css/ and /static/js/<br>
+                    <b>Common exclusions:</b><br>
+                    • Static assets: <code>/images/.*</code>, <code>/css/.*</code><br>
+                    <br>
+                    <b>Note: Use regex patterns carefully. While exclusions can speed up scans, be cautious not to exclude critical
+                        areas that may contain vulnerabilities. Test your patterns to ensure they match as intended.</b>
+                    </small>
+                            </div>
+                        </div>
+                    </div>
+                </form>
+            </div>
+        </div>
+    </div>
+</div>
\ No newline at end of file
diff --git a/web/startScan/templates/startScan/_items/start_scan_wizard.html b/web/startScan/templates/startScan/_items/start_scan_wizard.html
index cecb29f75..1f2af3eda 100644
--- a/web/startScan/templates/startScan/_items/start_scan_wizard.html
+++ b/web/startScan/templates/startScan/_items/start_scan_wizard.html
@@ -22,7 +22,7 @@ <h4>Select Scan Engine</h4>
                 <a href="{% url 'add_engine' current_project.slug %}" class="text-primary">Create Custom Scan Engine</a>
               </div>
               {% endif %}
-              {% include "startScan/_items/scanEngine_select.html" %}
+              {% include "startScan/_items/scanengine_accordion.html" %}
             </div>
             <h4>Import/Ignore Subdomains</h4>
             <div class="">
diff --git a/web/startScan/templates/startScan/schedule_scan_ui.html b/web/startScan/templates/startScan/schedule_scan_ui.html
index 3ffbc1f6b..662ef9d3b 100644
--- a/web/startScan/templates/startScan/schedule_scan_ui.html
+++ b/web/startScan/templates/startScan/schedule_scan_ui.html
@@ -11,6 +11,7 @@
 <link href="{% static 'plugins/jquery-step/jquery.steps.css' %}" rel="stylesheet" type="text/css" />
 <link href="{% static 'plugins/accordions/custom-accordions.css' %}" rel="stylesheet" type="text/css" />
 <link href="{% static 'plugins/flatpickr/flatpickr.min.css' %}" rel="stylesheet" type="text/css" />
+<link href="{% static 'plugins/selectize/css/selectize.bootstrap3.css' %}" rel="stylesheet" type="text/css" />
 {% endblock custom_js_css_link %}
 
 {% block breadcrumb_title %}
@@ -24,186 +25,13 @@
 {% endblock page_title %}
 
 {% block main_content %}
-<div class="row">
-  <div class="col-12">
-    <div class="card">
-      <div class="card-body">
-        <form method="POST" id="start-scan-form">
-          {% csrf_token %}
-          <div id="schedule_scan_steps">
-            <h3>Choose the scheduler</h3>
-            <div class="">
-              <div class="form-row">
-                <select class="form-select" onchange="schedulerChanged(this)" name="scheduled_mode" style="line-height: 2.0;">
-                  <option value="periodic">Periodic Scan</option>
-                  <option value="clocked">Clocked Scan</option>
-                </select>
-              </div>
-              <div class="tab-content" id="animateLineContent-4">
-                <div class="tab-pane fade show active" id="periodic-div" role="tabpanel" aria-labelledby="periodic-tab-tab">
-                  <div class="mb-4">
-                    <h5>Run scan every</h5>
-                    <div class="row">
-                      <div class='col-4'>
-                        <input id="t-text" type="number" name="frequency" value="30" class="form-control form-control-lg">
-                      </div>
-                      <div class="col-8">
-                        <select class="form-select" name="frequency_type" style="line-height: 2.0;">
-                          <option value="minutes">Minutes</option>
-                          <option value="hours">Hours</option>
-                          <option value="days">Days</option>
-                          <option value="weeks">Weeks</option>
-                          <option value="months">Months</option>
-                        </select>
-                      </div>
-                    </div>
-                  </div>
-                </div>
-                <div class="tab-pane fade" id="clocked-div" role="tabpanel" aria-labelledby="clocked-tab-tab">
-                  <div class="mb-4">
-                    <h5>Run scan exactly at</h5>
-                    <div class="row">
-                      <div class="col-12">
-                        <div class="form-group mb-0">
-                          <!--<input id="clockedTime" value="{% now "Y-m-d H:i" %}" class="form-control flatpickr flatpickr-input active" type="text" placeholder="Select Date and time" name="scheduled_time">-->
-                          <input type="text" id="clockedTime" class="form-control form-control-lg flatpickr flatpickr-input active" placeholder="Select Scheduler Date and time" name="scheduled_time">
-                        </div>
-                      </div>
-                    </div>
-                  </div>
-                </div>
-              </div>
-            </div>
-            <h3>Choose Scan Engine</h3>
-            <div class="">
-              <h4>Select Scan Engine</h4>
-              {% if custom_engine_count == 0 %}
-              <div class="alert bg-soft-primary border-0 mb-4" role="alert">
-                <span><b>Tips! </b> You do not have any custom scan engines. Would you like to create your own scan engine?</span>
-                <a href="{% url 'add_engine' current_project.slug %}" class="text-primary">Create Custom Scan Engine</a>
-              </div>
-              {% endif %}
-              {% include "startScan/_items/scanEngine_select.html" %}
-            </div>
-            <h3>Import/Ignore Subdomains</h3>
-            <div class="">
-              <div class="mb-3">
-                <h4 class="text-info">Import Subdomains(Optional)</h4>
-                <span class="">You can import subdomains for <b>{{domain.name}}</b> using your private recon tools.</span>
-                <br>
-                <div class="alert bg-soft-primary border-0 mt-1 mb-1" role="alert">
-                  <span class="">Separate the subdomains using <b>new line</b>. If the subdomain does not belong to <b>{{domain.name}}</b> it will be skipped.</span>
-                </div>
-                <label for="importSubdomainFormControlTextarea" class="form-label mt-1">Subdomains List</label>
-                <textarea class="form-control" id="importSubdomainFormControlTextarea" name="importSubdomainTextArea" rows="6" spellcheck="false"></textarea>
-              </div>
-              <div class="mb-3">
-                <h4 class="text-warning">Out of Scope Subdomains(Optional)</h4>
-                <span class="">You can import subdomains for <b>{{domain.name}}</b> using your private recon tools.</span>
-                <br>
-                <div class="alert bg-soft-warning border-0 mt-1 mb-1" role="alert">
-                  <span class="">Separate the out of scope subdomains/keywords using new line.(No regex currently supported.)</span>
-                </div>
-                <label for="outOfScopeSubdomainTextarea" class="form-label mt-1">Out of Scope Subdomains List</label>
-                <textarea class="form-control" id="outOfScopeSubdomainTextarea" name="outOfScopeSubdomainTextarea" rows="6" spellcheck="false"></textarea>
-              </div>
-            </div>
-          </div>
-        </form>
-      </div>
-    </div>
-  </div>
-</div>
+  {% include "startScan/_items/schedule_scan_wizard.html" %}
 {% endblock main_content %}
 
 
 {% block page_level_script %}
 <script src="{% static 'plugins/jquery-step/jquery.steps.min.js' %}"></script>
 <script src="{% static 'plugins/flatpickr/flatpickr.min.js' %}"></script>
-<script type="text/javascript">
-
-function schedulerChanged(selectObject){
-  selectedValue = selectObject.value;
-  if (selectedValue == 'periodic') {
-    var clockedDiv = document.getElementById("clocked-div");
-    clockedDiv.classList.remove("show");
-    clockedDiv.classList.remove("active");
-    var periodicDiv = document.getElementById("periodic-div");
-    periodicDiv.classList.add("show");
-    periodicDiv.classList.add("active");
-  }
-  else if (selectedValue == 'clocked') {
-    var periodicDiv = document.getElementById("periodic-div");
-    periodicDiv.classList.remove("show");
-    periodicDiv.classList.remove("active");
-    var clockedDiv = document.getElementById("clocked-div");
-    clockedDiv.classList.add("show");
-    clockedDiv.classList.add("active");
-  }
-}
-
-
-var buttonEnabled = true;
-var globalTimeout = 0;
-
-
-function disableNext(){
-  var nextButton = $(".actions ul li:nth-child(2) a");
-  nextButton.attr("href", "#");
-  buttonEnabled = $(".actions ul li:nth-child(2)").addClass("disabled").attr("aria-disabled", "true");
-}
-
-function enableNext(){
-  var nextButton = $(".actions ul li:nth-child(2) a");
-  nextButton.attr("href", "#next");
-  buttonEnabled = $(".actions ul li:nth-child(2)").removeClass("disabled").attr("aria-disabled", "false");
-}
-
-
-function updateButton(){
-  var text = $("input[type=radio][name=scan_mode]").val();
-  if(text === ''){
-    disableNext();
-    return false;
-  }else{
-    enableNext();
-    return true;
-  }
-}
-
-function initTimer() {
-  if (globalTimeout) clearTimeout(globalTimeout);
-  globalTimeout = setTimeout(updateButton, 400);
-}
-
-$(function(){
-  $("#schedule_scan_steps").steps({
-    headerTag: "h3",
-    bodyTag: "div",
-    transitionEffect: "slide",
-    cssClass: 'pill wizard',
-    enableKeyNavigation: false,
-    onStepChanging: updateButton,
-    labels: {finish: "Start Scan"},
-    onInit :function (event, current) {
-      $('a[role="menuitem"]').addClass('text-white');
-      $(".actions ul li:nth-child(3) a").attr('onclick', `$(this).closest('form').submit()`);
-      flatpickr(document.getElementById('clockedTime'), {
-        enableTime: true,
-        dateFormat: "Y-m-d H:i",
-      });
-      // $(".basic").select2({
-      //   minimumResultsForSearch: -1
-      // });
-    },
-    onStepChanged: function (event, currentIndex, priorIndex) {
-      if (currentIndex == 1){
-        $("input[type=radio][name=scan_mode]").change(initTimer).keyup(initTimer);
-        disableNext();
-      }
-    }
-  });
-});
-
-</script>
+<script src="{% static 'plugins/selectize/js/standalone/selectize.min.js' %}"></script>
+<script src="{% static 'startScan/js/schedule-scan-wizard.js' %}"></script>
 {% endblock page_level_script %}
diff --git a/web/startScan/templates/startScan/start_multiple_scan_ui.html b/web/startScan/templates/startScan/start_multiple_scan_ui.html
index 0230b8f38..497bf7cd5 100644
--- a/web/startScan/templates/startScan/start_multiple_scan_ui.html
+++ b/web/startScan/templates/startScan/start_multiple_scan_ui.html
@@ -30,5 +30,5 @@
 {% block page_level_script %}
 <script src="{% static 'plugins/jquery-step/jquery.steps.min.js' %}"></script>
 <script src="{% static 'plugins/selectize/js/standalone/selectize.min.js' %}"></script>
-<script src="{% static 'custom/start-scan-wizard-init.js' %}"></script>
+<script src="{% static 'startScan/js/start-scan-wizard-init.js' %}"></script>
 {% endblock page_level_script %}
diff --git a/web/startScan/templates/startScan/start_scan_ui.html b/web/startScan/templates/startScan/start_scan_ui.html
index 296a6c5f6..8260aad25 100644
--- a/web/startScan/templates/startScan/start_scan_ui.html
+++ b/web/startScan/templates/startScan/start_scan_ui.html
@@ -19,7 +19,7 @@
 {% endblock breadcrumb_title %}
 
 {% block page_title %}
-  Initiating scan for {{domain.name}}
+Initiating scan for {{domain.name}}
 {% endblock page_title %}
 
 {% block main_content %}
@@ -30,5 +30,5 @@
 {% block page_level_script %}
 <script src="{% static 'plugins/jquery-step/jquery.steps.min.js' %}"></script>
 <script src="{% static 'plugins/selectize/js/standalone/selectize.min.js' %}"></script>
-<script src="{% static 'custom/start-scan-wizard-init.js' %}"></script>
+<script src="{% static 'startScan/js/start-scan-wizard-init.js' %}"></script>
 {% endblock page_level_script %}

From b8764ca419ba61e3a6099b95bb3e6b7a7d53d741 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Thu, 8 Aug 2024 07:44:38 +0530
Subject: [PATCH 072/211] feat: add starting point URL and excluded paths to
 schedule scan

---
 web/startScan/views.py | 45 ++++++++++++++++++++++++++++++++++--------
 1 file changed, 37 insertions(+), 8 deletions(-)

diff --git a/web/startScan/views.py b/web/startScan/views.py
index 386df7dc2..94b9ef21f 100644
--- a/web/startScan/views.py
+++ b/web/startScan/views.py
@@ -250,7 +250,7 @@ def all_endpoints(request, slug):
     }
     return render(request, 'startScan/endpoints.html', context)
 
-
+@has_permission_decorator(PERM_INITATE_SCANS_SUBSCANS, redirect_url=FOUR_OH_FOUR_URL)
 def start_scan_ui(request, slug, domain_id):
     domain = get_object_or_404(Domain, id=domain_id)
     if request.method == "POST":
@@ -261,7 +261,6 @@ def start_scan_ui(request, slug, domain_id):
         subdomains_out = [s.rstrip() for s in subdomains_out if s]
         starting_point_url = request.POST['startingPointUrl'].strip()
         excluded_paths = request.POST['excludedPaths'] # string separated by ,
-
         # split excluded paths by ,
         excluded_paths = [path.strip() for path in excluded_paths.split(',')]
 
@@ -563,6 +562,10 @@ def schedule_scan(request, host_id, slug):
         subdomains_in = [s.rstrip() for s in subdomains_in if s]
         subdomains_out = request.POST['outOfScopeSubdomainTextarea'].split()
         subdomains_out = [s.rstrip() for s in subdomains_out if s]
+        starting_point_url = request.POST['startingPointUrl'].strip()
+        excluded_paths = request.POST['excludedPaths'] # string separated by ,
+        # split excluded paths by ,
+        excluded_paths = [path.strip() for path in excluded_paths.split(',')]
 
         # Get engine type
         engine = get_object_or_404(EngineType, id=engine_type)
@@ -593,6 +596,8 @@ def schedule_scan(request, host_id, slug):
                 'scan_type': SCHEDULED_SCAN,
                 'imported_subdomains': subdomains_in,
                 'out_of_scope_subdomains': subdomains_out,
+                'starting_point_url': starting_point_url,
+                'excluded_paths': excluded_paths,
                 'initiated_by_id': request.user.id
             }
             PeriodicTask.objects.create(
@@ -612,6 +617,8 @@ def schedule_scan(request, host_id, slug):
                 'scan_type': SCHEDULED_SCAN,
                 'imported_subdomains': subdomains_in,
                 'out_of_scope_subdomains': subdomains_out,
+                'starting_point_url': starting_point_url,
+                'excluded_paths': excluded_paths,
                 'initiated_by_id': request.user.id
             }
             PeriodicTask.objects.create(
@@ -635,11 +642,14 @@ def schedule_scan(request, host_id, slug):
         .filter(default_engine=False)
         .count()
     )
+    excluded_paths = ','.join(DEFAULT_EXCLUDED_PATHS)
     context = {
         'scan_history_active': 'active',
         'domain': domain,
         'engines': engines,
-        'custom_engine_count': custom_engine_count}
+        'custom_engine_count': custom_engine_count,
+        'excluded_paths': excluded_paths
+    }
     return render(request, 'startScan/schedule_scan_ui.html', context)
 
 
@@ -797,7 +807,18 @@ def schedule_organization_scan(request, slug, id):
     if request.method == "POST":
         engine_type = int(request.POST['scan_mode'])
         engine = get_object_or_404(EngineType, id=engine_type)
+
+        # post vars
         scheduled_mode = request.POST['scheduled_mode']
+        subdomains_in = request.POST['importSubdomainTextArea'].split()
+        subdomains_in = [s.rstrip() for s in subdomains_in if s]
+        subdomains_out = request.POST['outOfScopeSubdomainTextarea'].split()
+        subdomains_out = [s.rstrip() for s in subdomains_out if s]
+        starting_point_url = request.POST['startingPointUrl'].strip()
+        excluded_paths = request.POST['excludedPaths'] # string separated by ,
+        # split excluded paths by ,
+        excluded_paths = [path.strip() for path in excluded_paths.split(',')]
+
         for domain in organization.get_domains():
             timestr = str(datetime.strftime(timezone.now(), '%Y_%m_%d_%H_%M_%S'))
             task_name = f'{engine.engine_name} for {domain.name}: {timestr}'
@@ -828,8 +849,11 @@ def schedule_organization_scan(request, slug, id):
                     'engine_id': engine.id,
                     'scan_history_id': 0,
                     'scan_type': SCHEDULED_SCAN,
-                    'imported_subdomains': None,
-                    'initiated_by_id': request.user.id
+                    'initiated_by_id': request.user.id,
+                    'imported_subdomains': subdomains_in,
+                    'out_of_scope_subdomains': subdomains_out,
+                    'starting_point_url': starting_point_url,
+                    'excluded_paths': excluded_paths,
                 })
                 PeriodicTask.objects.create(
                     interval=schedule,
@@ -849,8 +873,11 @@ def schedule_organization_scan(request, slug, id):
                     'engine_id': engine.id,
                     'scan_history_id': 0,
                     'scan_type': LIVE_SCAN,
-                    'imported_subdomains': None,
-                    'initiated_by_id': request.user.id
+                    'initiated_by_id': request.user.id,
+                    'imported_subdomains': subdomains_in,
+                    'out_of_scope_subdomains': subdomains_out,
+                    'starting_point_url': starting_point_url,
+                    'excluded_paths': excluded_paths,
                 })
                 PeriodicTask.objects.create(clocked=clock,
                     one_off=True,
@@ -871,12 +898,14 @@ def schedule_organization_scan(request, slug, id):
     # GET request
     engine = EngineType.objects
     custom_engine_count = EngineType.objects.filter(default_engine=False).count()
+    excluded_paths = ','.join(DEFAULT_EXCLUDED_PATHS)
     context = {
         'scan_history_active': 'active',
         'organization': organization,
         'domain_list': organization.get_domains(),
         'engines': engine,
-        'custom_engine_count': custom_engine_count
+        'custom_engine_count': custom_engine_count,
+        'excluded_paths': excluded_paths
     }
     return render(request, 'organization/schedule_scan_ui.html', context)
 

From f237f43d952cb506c0ca8500b11e8c6535285c53 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Thu, 8 Aug 2024 07:45:53 +0530
Subject: [PATCH 073/211] fix: update label for finish button in schedule scan
 wizard

---
 web/startScan/static/startScan/js/schedule-scan-wizard.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/startScan/static/startScan/js/schedule-scan-wizard.js b/web/startScan/static/startScan/js/schedule-scan-wizard.js
index 1f2a8ca8c..ac67c8e96 100644
--- a/web/startScan/static/startScan/js/schedule-scan-wizard.js
+++ b/web/startScan/static/startScan/js/schedule-scan-wizard.js
@@ -59,7 +59,7 @@ $("#schedule_scan_steps").steps({
   cssClass: "pill wizard",
   enableKeyNavigation: false,
   onStepChanging: updateButton,
-  labels: { finish: "Start Scan" },
+  labels: { finish: "Schedule Scan" },
   onInit: function (event, current) {
     $('a[role="menuitem"]').addClass("text-white");
     $(".actions ul li:nth-child(3) a").attr(

From 413825cf15619199b381d92545e0fa13b6549724 Mon Sep 17 00:00:00 2001
From: Damian Husted <43425216+DamianHusted@users.noreply.github.com>
Date: Tue, 20 Aug 2024 09:29:27 +1200
Subject: [PATCH 074/211] Update of template.html with conditional statement

TLDR; Added boolean operator to report template. This mitigates having a listed vulnerability with the "in" preposition, when no URL/URI is present.

--
When generating reports, if a reported vulnerability does not have a specific URL/URI, the report will generate according to the following syntax (regardless of whether the URL is present or not):
<Vulnerability name> in <URL>

This often results in a report with vulnerability headings appearing incomplete like:
WAF detected in

This change updates template.html file with a conditional check, avoiding this issue.

The vulnerability headings without a URL omit the "in" preposition.
---
 web/templates/report/template.html | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/web/templates/report/template.html b/web/templates/report/template.html
index 9f353658b..4a7cf8b35 100644
--- a/web/templates/report/template.html
+++ b/web/templates/report/template.html
@@ -939,7 +939,10 @@ <h4 class="subheading">Vulnerability Breakdown by Severity</h4>
               <div>
                 <h4 class="content-heading" id="vuln_{{vulnerability.name.split|join:'_'}}">
                   <span>{{vulnerability.name}}
-                    <br>in {{vulnerabilities.grouper}}</span>
+                    {% if vulnerabilities.grouper %}
+                    <br>in {{vulnerabilities.grouper}}
+                    {% endif %}
+                  </span>
                   {% if vulnerability.severity == -1 %}
                     <span style="float: right;" class="badge bg-grey">Unknown</span>
                     <div class="grey-hr-line" ></div>

From b138ceffb7e7d07e339f822e4e8ed1b3124264f9 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 21 Aug 2024 11:23:27 +0530
Subject: [PATCH 075/211] Add util class to support both regex and string out
 of scope subdomains

---
 web/reNgine/utilities.py | 47 +++++++++++++++++++++++++++++++++++++++-
 1 file changed, 46 insertions(+), 1 deletion(-)

diff --git a/web/reNgine/utilities.py b/web/reNgine/utilities.py
index c63fef975..a3101625f 100644
--- a/web/reNgine/utilities.py
+++ b/web/reNgine/utilities.py
@@ -1,3 +1,4 @@
+import re
 import os
 import validators
 
@@ -113,4 +114,48 @@ def is_valid_url(url, validate_only_http_scheme=True):
 		if validate_only_http_scheme:
 			return url.startswith('http://') or url.startswith('https://')
 		return True
-	return False
\ No newline at end of file
+	return False
+
+
+class SubdomainScopeChecker:
+	"""
+		SubdomainScopeChecker is a utility class to check if a subdomain is in scope or not.
+		it supports both regex and string matching.
+	"""
+
+	def __init__(self, patterns):
+		self.regex_patterns = set()
+		self.plain_patterns = set()
+		self.load_patterns(patterns)
+
+	def load_patterns(self, patterns):
+		"""
+			Load patterns into the checker.
+
+			Args:
+				patterns (list): List of patterns to load.
+			Returns: 
+				None
+		"""
+		for pattern in patterns:
+			# skip empty patterns
+			if not pattern:
+				continue
+			try:
+				self.regex_patterns.add(re.compile(pattern, re.IGNORECASE))
+			except re.error:
+				self.plain_patterns.add(pattern.lower())
+
+	def is_out_of_scope(self, subdomain):
+		"""
+			Check if a subdomain is out of scope.
+
+			Args:
+				subdomain (str): The subdomain to check.
+			Returns:
+				bool: True if the subdomain is out of scope, False otherwise.
+		"""
+		subdomain = subdomain.lower() # though we wont encounter this, but just in case
+		if subdomain in self.plain_patterns:
+			return True
+		return any(pattern.search(subdomain) for pattern in self.regex_patterns)

From d44d043ba96e368a2a55db8ead88890c16ba187b Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 21 Aug 2024 11:23:49 +0530
Subject: [PATCH 076/211] add out of scope regex in ui

---
 .../startScan/_items/start_scan_wizard.html     | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/web/startScan/templates/startScan/_items/start_scan_wizard.html b/web/startScan/templates/startScan/_items/start_scan_wizard.html
index 1f2af3eda..cd0c8097f 100644
--- a/web/startScan/templates/startScan/_items/start_scan_wizard.html
+++ b/web/startScan/templates/startScan/_items/start_scan_wizard.html
@@ -28,23 +28,24 @@ <h4>Import/Ignore Subdomains</h4>
             <div class="">
               <div class="mb-3">
                 <h4 class="text-info">Import Subdomains(Optional)</h4>
-                <span class="">You can import subdomains for <b>{{domain.name}}</b> using your private recon tools.</span>
+                <p>You can import subdomains for <strong>{{domain.name}}</strong> discovered through your private reconnaissance tools.</p>
                 <br>
                 <div class="alert bg-soft-primary border-0 mt-1 mb-1" role="alert">
-                  <span class="">Separate the subdomains using <b>new line</b>. If the subdomain does not belong to <b>{{domain.name}}</b> it will be skipped.</span>
+                  <span>Enter one subdomain per line. Subdomains not belonging to <strong>{{domain.name}}</strong> will be automatically skipped.</span>
                 </div>
                 <label for="importSubdomainFormControlTextarea" class="form-label mt-1">Subdomains List</label>
                 <textarea class="form-control" id="importSubdomainFormControlTextarea" name="importSubdomainTextArea" rows="6" spellcheck="false"></textarea>
               </div>
               <div class="mb-3">
-                <h4 class="text-warning">Out of Scope Subdomains(Optional)</h4>
-                <span class="">You can import subdomains for <b>{{domain.name}}</b> using your private recon tools.</span>
-                <br>
-                <div class="alert bg-soft-warning border-0 mt-1 mb-1" role="alert">
-                  <span class="">Separate the out of scope subdomains/keywords using new line.(No regex currently supported.)</span>
+                <h4 class="text-warning">Out of Scope Subdomains (Optional)</h4>
+                <p>Specify subdomains of <strong>{{domain.name}}</strong> to exclude from scanning. These subdomains will be omitted from all subsequent scans, including URL discovery and vulnerability assessments.</p>
+                <p>Enter one subdomain or pattern per line. Both plain text and regex patterns are supported. <span class="badge bg-soft-primary text-primary ms-2">New</span></p>
+                <div class="mt-2 mb-2">
+                  <li>For plain text: <code>admin.example.com</code></li>
+                  <li>For regex: <code>^.*outofscope.*\.com$</code>, <code>admin.*</code> etc</li>
                 </div>
                 <label for="outOfScopeSubdomainTextarea" class="form-label mt-1">Out of Scope Subdomains List</label>
-                <textarea class="form-control" id="outOfScopeSubdomainTextarea" name="outOfScopeSubdomainTextarea" rows="6" spellcheck="false"></textarea>
+                <textarea class="form-control" id="outOfScopeSubdomainTextarea" name="outOfScopeSubdomainTextarea" rows="6" spellcheck="false" placeholder="Enter subdomains or patterns, one per line"></textarea>
               </div>
             </div>
 

From 9a285758024521fca5c4d92f6fd305fe66861fce Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 21 Aug 2024 11:23:59 +0530
Subject: [PATCH 077/211] Refactor subdomain out-of-scope checking logic

---
 web/reNgine/tasks.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/web/reNgine/tasks.py b/web/reNgine/tasks.py
index 33ecbae04..2e94b4daf 100644
--- a/web/reNgine/tasks.py
+++ b/web/reNgine/tasks.py
@@ -420,6 +420,7 @@ def subdomain_discovery(
 	custom_subdomain_tools = [tool.name.lower() for tool in InstalledExternalTool.objects.filter(is_default=False).filter(is_subdomain_gathering=True)]
 	send_subdomain_changes, send_interesting = False, False
 	notif = Notification.objects.first()
+	subdomain_scope_checker = SubdomainScopeChecker(self.out_of_scope_subdomains)
 	if notif:
 		send_subdomain_changes = notif.send_subdomain_changes_notif
 		send_interesting = notif.send_interesting_notif
@@ -565,7 +566,7 @@ def subdomain_discovery(
 		if valid_url:
 			subdomain_name = urlparse(subdomain_name).netloc
 
-		if subdomain_name in self.out_of_scope_subdomains:
+		if subdomain_scope_checker.is_out_of_scope(subdomain_name):
 			logger.error(f'Subdomain {subdomain_name} is out of scope. Skipping.')
 			continue
 
@@ -4421,6 +4422,7 @@ def save_subdomain(subdomain_name, ctx={}):
 	scan_id = ctx.get('scan_history_id')
 	subscan_id = ctx.get('subscan_id')
 	out_of_scope_subdomains = ctx.get('out_of_scope_subdomains', [])
+	subdomain_checker = SubdomainScopeChecker(out_of_scope_subdomains)
 	valid_domain = (
 		validators.domain(subdomain_name) or
 		validators.ipv4(subdomain_name) or
@@ -4430,7 +4432,7 @@ def save_subdomain(subdomain_name, ctx={}):
 		logger.error(f'{subdomain_name} is not an invalid domain. Skipping.')
 		return None, False
 
-	if subdomain_name in out_of_scope_subdomains:
+	if subdomain_checker.is_out_of_scope(subdomain_name):
 		logger.error(f'{subdomain_name} is out-of-scope. Skipping.')
 		return None, False
 

From 4371ea341700f11b75ee2c055958fcdd67bc04f6 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 21 Aug 2024 12:07:41 +0530
Subject: [PATCH 078/211] feat: Add endpoint to delete multiple scheduled scans

This commit adds a new endpoint `delete_multiple_scheduled_scans` to the `startScan` module. This endpoint allows users to delete multiple scheduled scans at once.
---
 .../startScan/schedule_scan_list.html         | 107 ++++++++++++++++--
 web/startScan/urls.py                         |   4 +
 web/startScan/views.py                        |  16 +++
 3 files changed, 119 insertions(+), 8 deletions(-)

diff --git a/web/startScan/templates/startScan/schedule_scan_list.html b/web/startScan/templates/startScan/schedule_scan_list.html
index 012b5427d..f575a27bc 100644
--- a/web/startScan/templates/startScan/schedule_scan_list.html
+++ b/web/startScan/templates/startScan/schedule_scan_list.html
@@ -23,9 +23,29 @@
 <div class="row">
   <div class="col-12">
     <div class="card">
+      <div class="p-2">
+        <div class="row">
+          <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
+          </div>
+          {% if user|can:'initiate_scans_subscans' %}
+          <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
+            <a class="btn btn-soft-danger float-end disabled ms-1 mt-1" href="#" onclick="deleteMultipleScheduledScan()" id="delete_multiple_scheduled_button">Delete Multiple Scheduled Scans</a>
+          </div>
+          {% endif %}
+        </div>
+      </div>
+    </div>
+  </div>
+</div>
+<div class="row">
+  <div class="col-12">
+    <div class="card">
+    <form method="POST" id="scheduled_scan_history_form">
+      {% csrf_token %}
       <table id="scheduled_scan_table" class="table dt-responsive w-100">
         <thead>
           <tr>
+            <th class="checkbox-column text-center">Serial Number</th>
             <th>Description</th>
             <th>Frequency</th>
             <th>Last Run</th>
@@ -38,6 +58,7 @@
         <tbody>
           {% for task in scheduled_tasks %}
           <tr>
+            <td class="text-center">{{ task.id }}</td>
             {% with task_name=task.name|split:":" %}
             <td>{{ task_name.0 }}</td>
             {% endwith %}
@@ -79,6 +100,7 @@
           {% endfor %}
         </tbody>
       </table>
+      </form>
     </div>
   </div>
 </div>
@@ -88,20 +110,89 @@
 // var e;
 $(document).ready(function() {
   var scheduled_scan_table = $('#scheduled_scan_table').DataTable({
+    headerCallback: function(e, a, t, n, s) {
+        e.getElementsByTagName("th")[0].innerHTML='<div class="form-check mb-2 form-check-primary"><input type="checkbox" class="float-start form-check-input chk-parent" id="head_checkbox" onclick=mainCheckBoxSelected(this)>\n<span class="new-control-indicator"></span><span style="visibility:hidden">c</span></div>\n'
+      },
     "oLanguage": {
-      "oPaginate": { "sPrevious": '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-arrow-left"><line x1="19" y1="12" x2="5" y2="12"></line><polyline points="12 19 5 12 12 5"></polyline></svg>', "sNext": '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-arrow-right"><line x1="5" y1="12" x2="19" y2="12"></line><polyline points="12 5 19 12 12 19"></polyline></svg>' },
-      "sInfo": "Showing page _PAGE_ of _PAGES_",
-      "sSearch": '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-search"><circle cx="11" cy="11" r="8"></circle><line x1="21" y1="21" x2="16.65" y2="16.65"></line></svg>',
-      "sSearchPlaceholder": "Search...",
-      "sLengthMenu": "Results :  _MENU_",
+        "oPaginate": { "sPrevious": '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" class="feather feather-arrow-left"><line x1="19" y1="12" x2="5" y2="12"></line><polyline points="12 19 5 12 12 5"></polyline></svg>', "sNext": '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" class="feather feather-arrow-right"><line x1="5" y1="12" x2="19" y2="12"></line><polyline points="12 5 19 12 12 19"></polyline></svg>' },
+        "sInfo": "Showing page _PAGE_ of _PAGES_",
+        "sSearch": '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" class="feather feather-search"><circle cx="11" cy="11" r="8"></circle><line x1="21" y1="21" x2="16.65" y2="16.65"></line></svg>',
+        "sSearchPlaceholder": "Search...",
+        "sLengthMenu": "Results :  _MENU_",
     },
+    "columnDefs":[
+        {
+          "targets":0, "width":"20px", "className":"", "orderable":!1, render:function(e, a, t, n) {
+            return'<div class="form-check mb-2 form-check-primary"><input type="checkbox" name="targets_checkbox['+ e + ']" class="float-start form-check-input targets_checkbox" value="' + e + '" onchange=toggleMultipleTargetButton()>\n<span class="new-control-indicator"></span><span style="visibility:hidden">c</span></div>'
+          },
+
+        }
+      ],
     "lengthMenu": [5, 10, 20, 30, 50, 100],
-    "pageLength": 10,
+    "pageLength": 20,
+    "order": [[3, 'desc']],
     "dom": "<'dt--top-section'<'row'<'col-12 col-sm-6 d-flex justify-content-sm-start justify-content-center mt-sm-0 mt-3'f><'col-12 col-sm-6 d-flex justify-content-sm-end justify-content-center'l>>>" +
-    "<'table-responsive'tr>" +
-    "<'dt--bottom-section d-sm-flex justify-content-sm-between text-center'<'dt--pages-count  mb-sm-0 mb-3'i><'dt--pagination'p>>",
+      "<'table-responsive'tr>" +
+      "<'dt--bottom-section d-sm-flex justify-content-sm-between text-center'<'dt--pages-count  mb-sm-0 mb-3'i><'dt--pagination'p>>",
   });
   multiCheck(scheduled_scan_table);
 });
+function mainCheckBoxSelected(checkbox) {
+  if (checkbox.checked) {
+    $("#delete_multiple_scheduled_button").removeClass("disabled");
+    $(".targets_checkbox").prop('checked', true);
+  } else {
+    $("#delete_multiple_scheduled_button").addClass("disabled");
+    $(".targets_checkbox").prop('checked', false);
+  }
+}
+
+function checkedCount() {
+  // this function will count the number of boxes checked
+  item = document.getElementsByClassName("targets_checkbox");
+  count = 0;
+  for (var i = 0; i < item.length; i++) {
+    if (item[i].checked) {
+      count++;
+    }
+  }
+  return count;
+}
+
+function toggleMultipleTargetButton() {
+  if (checkedCount() > 0) {
+    $("#delete_multiple_scheduled_button").removeClass("disabled");
+  } else {
+    $("#delete_multiple_scheduled_button").addClass("disabled");
+  }
+}
+
+function deleteMultipleScheduledScan() {
+  if (!checkedCount()) {
+    swal({
+      title: '',
+      text: "Oops! You haven't selected any scheduled scan to delete.",
+      type: 'error',
+      padding: '2em'
+    })
+  } else {
+    // atleast one target is selected
+    swal.queue([{
+      title: 'Are you sure you want to delete ' + checkedCount() + ' Scheduled Scans?',
+      text: "This action is irreversible.\nThis will stop all the selected scheduled scans.",
+      type: 'warning',
+      showCancelButton: true,
+      confirmButtonText: 'Delete',
+      padding: '2em',
+      showLoaderOnConfirm: true,
+      preConfirm: function() {
+        deleteForm = document.getElementById("scheduled_scan_history_form");
+        deleteForm.action = "../delete/multiple/scheduled";
+        deleteForm.submit();
+      }
+    }])
+  }
+}
+
 </script>
 {% endblock page_level_script %}
diff --git a/web/startScan/urls.py b/web/startScan/urls.py
index 7ff6a57d0..9ad4ab722 100644
--- a/web/startScan/urls.py
+++ b/web/startScan/urls.py
@@ -106,6 +106,10 @@
         '<slug:slug>/delete/multiple',
         views.delete_scans,
         name='delete_multiple_scans'),
+    path(
+        '<slug:slug>/delete/multiple/scheduled',
+        views.delete_scheduled_scans,
+        name='delete_multiple_scheduled_scans'),
     path(
         '<slug:slug>/stop/multiple',
         views.stop_scans,
diff --git a/web/startScan/views.py b/web/startScan/views.py
index 94b9ef21f..de1c6a378 100644
--- a/web/startScan/views.py
+++ b/web/startScan/views.py
@@ -685,6 +685,22 @@ def delete_scheduled_task(request, id):
     return JsonResponse(messageData)
 
 
+@has_permission_decorator(PERM_MODIFY_SCAN_RESULTS, redirect_url=FOUR_OH_FOUR_URL)
+def delete_scheduled_scans(request, slug):
+    if request.method == "POST":
+        for key, value in request.POST.items():
+            if key == 'csrfmiddlewaretoken':
+                continue
+            print(value)
+            scan = get_object_or_404(PeriodicTask, id=value)
+            scan.delete()
+        messages.add_message(
+            request,
+            messages.INFO,
+            'Multiple scheduled scans successfully deleted!')
+        return HttpResponseRedirect(reverse('scheduled_scan_view', kwargs={'slug': slug}))
+
+
 @has_permission_decorator(PERM_MODIFY_SCAN_RESULTS, redirect_url=FOUR_OH_FOUR_URL)
 def change_scheduled_task_status(request, id):
     if request.method == 'POST':

From 4c3302771ecc661790a3ec67072f53f48aceb163 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 21 Aug 2024 12:10:21 +0530
Subject: [PATCH 079/211] fix 404 exception and task key in checkbox values

---
 web/startScan/views.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/web/startScan/views.py b/web/startScan/views.py
index de1c6a378..b664818fd 100644
--- a/web/startScan/views.py
+++ b/web/startScan/views.py
@@ -689,11 +689,13 @@ def delete_scheduled_task(request, id):
 def delete_scheduled_scans(request, slug):
     if request.method == "POST":
         for key, value in request.POST.items():
-            if key == 'csrfmiddlewaretoken':
+            if 'task' in key or key == 'csrfmiddlewaretoken':
                 continue
-            print(value)
-            scan = get_object_or_404(PeriodicTask, id=value)
-            scan.delete()
+            try:
+                scan = get_object_or_404(PeriodicTask, id=value)
+                scan.delete()
+            except Exception as e:
+                logger.error(e)
         messages.add_message(
             request,
             messages.INFO,

From cbdeca7b788df58f221f1f502e13cecf2bd27b49 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 21 Aug 2024 12:14:16 +0530
Subject: [PATCH 080/211]  Add loading indicator when deleting scheduled scans

---
 web/startScan/templates/startScan/schedule_scan_list.html | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/web/startScan/templates/startScan/schedule_scan_list.html b/web/startScan/templates/startScan/schedule_scan_list.html
index f575a27bc..974490bb0 100644
--- a/web/startScan/templates/startScan/schedule_scan_list.html
+++ b/web/startScan/templates/startScan/schedule_scan_list.html
@@ -186,6 +186,14 @@
       padding: '2em',
       showLoaderOnConfirm: true,
       preConfirm: function() {
+        Swal.fire({
+          title: 'Deleting...',
+          text: 'Please wait while the scheduled scans are being deleted.',
+          icon: 'info',
+          allowOutsideClick: false,
+          allowEscapeKey: false,
+          showConfirmButton: false
+        });
         deleteForm = document.getElementById("scheduled_scan_history_form");
         deleteForm.action = "../delete/multiple/scheduled";
         deleteForm.submit();

From ab11e525e559d15a3a5fbd9f8d886a355bf2dc99 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 21 Aug 2024 12:16:40 +0530
Subject: [PATCH 081/211] Improve UI for specifying out of scope subdomains in
 scheduled scans

---
 .../startScan/_items/schedule_scan_wizard.html      | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/web/startScan/templates/startScan/_items/schedule_scan_wizard.html b/web/startScan/templates/startScan/_items/schedule_scan_wizard.html
index d2dbf8816..7edf9d05a 100644
--- a/web/startScan/templates/startScan/_items/schedule_scan_wizard.html
+++ b/web/startScan/templates/startScan/_items/schedule_scan_wizard.html
@@ -75,14 +75,15 @@ <h4 class="text-info">Import Subdomains(Optional)</h4>
                                 <textarea class="form-control" id="importSubdomainFormControlTextarea" name="importSubdomainTextArea" rows="6" spellcheck="false"></textarea>
                             </div>
                             <div class="mb-3">
-                                <h4 class="text-warning">Out of Scope Subdomains(Optional)</h4>
-                                <span class="">You can import subdomains for <b>{{domain.name}}</b> using your private recon tools.</span>
-                                <br>
-                                <div class="alert bg-soft-warning border-0 mt-1 mb-1" role="alert">
-                                    <span class="">Separate the out of scope subdomains/keywords using new line.(No regex currently supported.)</span>
+                                <h4 class="text-warning">Out of Scope Subdomains (Optional)</h4>
+                                <p>Specify subdomains of <strong>{{domain.name}}</strong> to exclude from scanning. These subdomains will be omitted from all subsequent scans, including URL discovery and vulnerability assessments.</p>
+                                <p>Enter one subdomain or pattern per line. Both plain text and regex patterns are supported. <span class="badge bg-soft-primary text-primary ms-2">New</span></p>
+                                <div class="mt-2 mb-2">
+                                <li>For plain text: <code>admin.example.com</code></li>
+                                <li>For regex: <code>^.*outofscope.*\.com$</code>, <code>admin.*</code> etc</li>
                                 </div>
                                 <label for="outOfScopeSubdomainTextarea" class="form-label mt-1">Out of Scope Subdomains List</label>
-                                <textarea class="form-control" id="outOfScopeSubdomainTextarea" name="outOfScopeSubdomainTextarea" rows="6" spellcheck="false"></textarea>
+                                <textarea class="form-control" id="outOfScopeSubdomainTextarea" name="outOfScopeSubdomainTextarea" rows="6" spellcheck="false" placeholder="Enter subdomains or patterns, one per line"></textarea>
                             </div>
                         </div>
                         <h3>URL Scope and Exclusions</h3>

From 763384a4d8adfe5983491803587c02eba0a460bf Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 21 Aug 2024 12:18:33 +0530
Subject: [PATCH 082/211] feat: Add loading indicator when deleting multiple
 scans

---
 web/startScan/templates/startScan/history.html | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/web/startScan/templates/startScan/history.html b/web/startScan/templates/startScan/history.html
index ff9bfba1f..3705f41d9 100644
--- a/web/startScan/templates/startScan/history.html
+++ b/web/startScan/templates/startScan/history.html
@@ -476,6 +476,14 @@ <h4 class="modal-title" id="myCenterModalLabel">Download Report</h4>
         padding: '2em',
         showLoaderOnConfirm: true,
         preConfirm: function() {
+          Swal.fire({
+          title: 'Deleting...',
+          text: 'Please wait while the scans are being deleted.',
+          icon: 'info',
+          allowOutsideClick: false,
+          allowEscapeKey: false,
+          showConfirmButton: false
+        });
           deleteForm = document.getElementById("scan_history_form");
           deleteForm.action = "../delete/multiple";
           deleteForm.submit();

From 2f539a70d13d8126ec67802cf2aff99ca2bdff9c Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 21 Aug 2024 21:11:08 +0530
Subject: [PATCH 083/211] refactor starting point url to starting point path

---
 web/reNgine/celery_custom_task.py             |  2 +-
 web/reNgine/tasks.py                          | 37 +++++++++++--------
 .../migrations/0002_auto_20240821_1518.py     | 29 +++++++++++++++
 ...url_scanhistory_cfg_starting_point_path.py | 18 +++++++++
 web/startScan/models.py                       | 14 +++++++
 .../_items/schedule_scan_wizard.html          |  4 +-
 .../startScan/_items/start_scan_wizard.html   |  4 +-
 web/startScan/views.py                        | 24 ++++++------
 8 files changed, 99 insertions(+), 33 deletions(-)
 create mode 100644 web/startScan/migrations/0002_auto_20240821_1518.py
 create mode 100644 web/startScan/migrations/0003_rename_cfg_starting_point_url_scanhistory_cfg_starting_point_path.py

diff --git a/web/reNgine/celery_custom_task.py b/web/reNgine/celery_custom_task.py
index 2c6b11f25..863f77169 100644
--- a/web/reNgine/celery_custom_task.py
+++ b/web/reNgine/celery_custom_task.py
@@ -67,7 +67,7 @@ def __call__(self, *args, **kwargs):
 		self.subscan_id = ctx.get('subscan_id')
 		self.engine_id = ctx.get('engine_id')
 		self.filename = ctx.get('filename')
-		self.starting_point_url = ctx.get('starting_point_url', '')
+		self.starting_point_path = ctx.get('starting_point_path', '')
 		self.excluded_paths = ctx.get('excluded_paths', [])
 		self.results_dir = ctx.get('results_dir', RENGINE_RESULTS)
 		self.yaml_configuration = ctx.get('yaml_configuration', {})
diff --git a/web/reNgine/tasks.py b/web/reNgine/tasks.py
index 33ecbae04..d23086c91 100644
--- a/web/reNgine/tasks.py
+++ b/web/reNgine/tasks.py
@@ -57,7 +57,7 @@ def initiate_scan(
 		imported_subdomains=[],
 		out_of_scope_subdomains=[],
 		initiated_by_id=None,
-		starting_point_url='',
+		starting_point_path='',
 		excluded_paths=[],
 	):
 	"""Initiate a new scan.
@@ -70,7 +70,7 @@ def initiate_scan(
 		results_dir (str): Results directory.
 		imported_subdomains (list): Imported subdomains.
 		out_of_scope_subdomains (list): Out-of-scope subdomains.
-		starting_point_url (str): URL path. Default: '' Defined where to start the scan.
+		starting_point_path (str): URL path. Default: '' Defined where to start the scan.
 		initiated_by (int): User ID initiating the scan.
 		excluded_paths (list): Excluded paths. Default: [], url paths to exclude from scan.
 	"""
@@ -92,7 +92,7 @@ def initiate_scan(
 		domain.save()
 
 		# Get path filter
-		starting_point_url = starting_point_url.rstrip('/')
+		starting_point_path = starting_point_path.rstrip('/')
 
 		# for live scan scan history id is passed as scan_history_id 
 		# and no need to create scan_history object
@@ -114,6 +114,11 @@ def initiate_scan(
 		scan.tasks = engine.tasks
 		scan.results_dir = f'{results_dir}/{domain.name}_{scan.id}'
 		add_gf_patterns = gf_patterns and 'fetch_url' in engine.tasks
+		# add configs to scan object, cfg_ prefix is used to avoid conflicts with other scan object fields
+		scan.cfg_starting_point_path = starting_point_path
+		scan.cfg_excluded_paths = excluded_paths
+		scan.cfg_out_of_scope_subdomains = out_of_scope_subdomains
+
 		if add_gf_patterns:
 			scan.used_gf_patterns = ','.join(gf_patterns)
 		scan.save()
@@ -127,7 +132,7 @@ def initiate_scan(
 			'engine_id': engine_id,
 			'domain_id': domain.id,
 			'results_dir': scan.results_dir,
-			'starting_point_url': starting_point_url,
+			'starting_point_path': starting_point_path,
 			'excluded_paths': excluded_paths,
 			'yaml_configuration': config,
 			'out_of_scope_subdomains': out_of_scope_subdomains
@@ -152,7 +157,7 @@ def initiate_scan(
 
 		# If enable_http_crawl is set, create an initial root HTTP endpoint so that
 		# HTTP crawling can start somewhere
-		http_url = f'{domain.name}{starting_point_url}' if starting_point_url else domain.name
+		http_url = f'{domain.name}{starting_point_path}' if starting_point_path else domain.name
 		endpoint, _ = save_endpoint(
 			http_url,
 			ctx=ctx,
@@ -228,7 +233,7 @@ def initiate_subscan(
 		engine_id=None,
 		scan_type=None,
 		results_dir=RENGINE_RESULTS,
-		starting_point_url='',
+		starting_point_path='',
 		excluded_paths=[],
 	):
 	"""Initiate a new subscan.
@@ -239,7 +244,7 @@ def initiate_subscan(
 		engine_id (int): Engine ID.
 		scan_type (int): Scan type (periodic, live).
 		results_dir (str): Results directory.
-		starting_point_url (str): URL path. Default: ''
+		starting_point_path (str): URL path. Default: ''
 		excluded_paths (list): Excluded paths. Default: [], url paths to exclude from scan.
 	"""
 
@@ -298,13 +303,13 @@ def initiate_subscan(
 		'subdomain_id': subdomain.id,
 		'yaml_configuration': config,
 		'results_dir': results_dir,
-		'starting_point_url': starting_point_url,
+		'starting_point_path': starting_point_path,
 		'excluded_paths': excluded_paths,
 	}
 
 	# Create initial endpoints in DB: find domain HTTP endpoint so that HTTP
 	# crawling can start somewhere
-	base_url = f'{subdomain.name}{starting_point_url}' if starting_point_url else subdomain.name
+	base_url = f'{subdomain.name}{starting_point_path}' if starting_point_path else subdomain.name
 	endpoint, _ = save_endpoint(
 		base_url,
 		crawl=enable_http_crawl,
@@ -406,8 +411,8 @@ def subdomain_discovery(
 	if not host:
 		host = self.subdomain.name if self.subdomain else self.domain.name
 
-	if self.starting_point_url:
-		logger.warning(f'Ignoring subdomains scan as an URL path filter was passed ({self.starting_point_url}).')
+	if self.starting_point_path:
+		logger.warning(f'Ignoring subdomains scan as an URL path filter was passed ({self.starting_point_path}).')
 		return
 
 	# Config
@@ -1929,7 +1934,7 @@ def fetch_url(self, urls=[], ctx={}, description=None):
 
 		if base_url and urlpath:
 			subdomain = urlparse(base_url)
-			url = f'{subdomain.scheme}://{subdomain.netloc}{self.starting_point_url}'
+			url = f'{subdomain.scheme}://{subdomain.netloc}{self.starting_point_path}'
 
 		if not validators.url(url):
 			logger.warning(f'Invalid URL "{url}". Skipping.')
@@ -1938,8 +1943,8 @@ def fetch_url(self, urls=[], ctx={}, description=None):
 			all_urls.append(url)
 
 	# Filter out URLs if a path filter was passed
-	if self.starting_point_url:
-		all_urls = [url for url in all_urls if self.starting_point_url in url]
+	if self.starting_point_path:
+		all_urls = [url for url in all_urls if self.starting_point_path in url]
 
 	# if exclude_paths is found, then remove urls matching those paths
 	if self.excluded_paths:
@@ -2839,8 +2844,8 @@ def http_crawl(
 	input_path = f'{self.results_dir}/httpx_input.txt'
 	history_file = f'{self.results_dir}/commands.txt'
 	if urls: # direct passing URLs to check
-		if self.starting_point_url:
-			urls = [u for u in urls if self.starting_point_url in u]
+		if self.starting_point_path:
+			urls = [u for u in urls if self.starting_point_path in u]
 
 		with open(input_path, 'w') as f:
 			f.write('\n'.join(urls))
diff --git a/web/startScan/migrations/0002_auto_20240821_1518.py b/web/startScan/migrations/0002_auto_20240821_1518.py
new file mode 100644
index 000000000..03dd158b3
--- /dev/null
+++ b/web/startScan/migrations/0002_auto_20240821_1518.py
@@ -0,0 +1,29 @@
+# Generated by Django 3.2.23 on 2024-08-21 15:18
+
+import django.contrib.postgres.fields
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('startScan', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='scanhistory',
+            name='cfg_excluded_paths',
+            field=django.contrib.postgres.fields.ArrayField(base_field=models.CharField(max_length=200), blank=True, default=list, null=True, size=None),
+        ),
+        migrations.AddField(
+            model_name='scanhistory',
+            name='cfg_out_of_scope_subdomains',
+            field=django.contrib.postgres.fields.ArrayField(base_field=models.CharField(max_length=200), blank=True, default=list, null=True, size=None),
+        ),
+        migrations.AddField(
+            model_name='scanhistory',
+            name='cfg_starting_point_url',
+            field=models.CharField(blank=True, max_length=200, null=True),
+        ),
+    ]
diff --git a/web/startScan/migrations/0003_rename_cfg_starting_point_url_scanhistory_cfg_starting_point_path.py b/web/startScan/migrations/0003_rename_cfg_starting_point_url_scanhistory_cfg_starting_point_path.py
new file mode 100644
index 000000000..e5f005bf1
--- /dev/null
+++ b/web/startScan/migrations/0003_rename_cfg_starting_point_url_scanhistory_cfg_starting_point_path.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.23 on 2024-08-21 15:40
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('startScan', '0002_auto_20240821_1518'),
+    ]
+
+    operations = [
+        migrations.RenameField(
+            model_name='scanhistory',
+            old_name='cfg_starting_point_url',
+            new_name='cfg_starting_point_path',
+        ),
+    ]
diff --git a/web/startScan/models.py b/web/startScan/models.py
index 0d44638a9..b93a0645c 100644
--- a/web/startScan/models.py
+++ b/web/startScan/models.py
@@ -48,6 +48,20 @@ class ScanHistory(models.Model):
 	dorks = models.ManyToManyField('Dork', related_name='dorks', blank=True)
 	initiated_by = models.ForeignKey(User, on_delete=models.CASCADE, related_name='initiated_scans', blank=True, null=True)
 	aborted_by = models.ForeignKey(User, on_delete=models.SET_NULL, null=True, blank=True, related_name='aborted_scans')
+	# scan related configs, append config fields with cfg_
+	cfg_out_of_scope_subdomains = ArrayField(
+		models.CharField(max_length=200),
+		blank=True,
+		null=True,
+		default=list
+	)
+	cfg_starting_point_path = models.CharField(max_length=200, blank=True, null=True)
+	cfg_excluded_paths = ArrayField(
+		models.CharField(max_length=200),
+		blank=True,
+		null=True,
+		default=list
+	)
 
 
 	def __str__(self):
diff --git a/web/startScan/templates/startScan/_items/schedule_scan_wizard.html b/web/startScan/templates/startScan/_items/schedule_scan_wizard.html
index d2dbf8816..b4e43e0f6 100644
--- a/web/startScan/templates/startScan/_items/schedule_scan_wizard.html
+++ b/web/startScan/templates/startScan/_items/schedule_scan_wizard.html
@@ -88,8 +88,8 @@ <h4 class="text-warning">Out of Scope Subdomains(Optional)</h4>
                         <h3>URL Scope and Exclusions</h3>
                         <div class="mb-4">
                             <div class="mb-3">
-                                <h4 class="text-info">Starting Point URL (Optional)</h4>
-                                <input type="email" class="form-control" id="startingPointUrl" placeholder="e.g. /home" name="startingPointUrl">
+                                <h4 class="text-info">Starting Point Path (Optional)</h4>
+                                <input type="email" class="form-control" id="startingPointPath" placeholder="e.g. /home" name="startingPointPath">
                                 <small class="form-text text-muted">
                     Defines where the scan should begin. Leave blank to scan from the root (/) and include all subdomains.
                     <br>
diff --git a/web/startScan/templates/startScan/_items/start_scan_wizard.html b/web/startScan/templates/startScan/_items/start_scan_wizard.html
index 1f2af3eda..1fb0934d7 100644
--- a/web/startScan/templates/startScan/_items/start_scan_wizard.html
+++ b/web/startScan/templates/startScan/_items/start_scan_wizard.html
@@ -51,8 +51,8 @@ <h4 class="text-warning">Out of Scope Subdomains(Optional)</h4>
             <h4>URL Scope and Exclusions</h4>
             <div class="mb-4">
               <div class="mb-3">
-                <h4 class="text-info">Starting Point URL (Optional)</h4>
-                <input type="email" class="form-control" id="startingPointUrl" placeholder="e.g. /home" name="startingPointUrl">
+                <h4 class="text-info">Starting Point Path (Optional)</h4>
+                <input type="email" class="form-control" id="startingPointPath" placeholder="e.g. /home" name="startingPointPath">
                 <small class="form-text text-muted">
                   Defines where the scan should begin. Leave blank to scan from the root (/) and include all subdomains. 
                   </br>
diff --git a/web/startScan/views.py b/web/startScan/views.py
index 94b9ef21f..d6908f9c6 100644
--- a/web/startScan/views.py
+++ b/web/startScan/views.py
@@ -259,7 +259,7 @@ def start_scan_ui(request, slug, domain_id):
         subdomains_in = [s.rstrip() for s in subdomains_in if s]
         subdomains_out = request.POST['outOfScopeSubdomainTextarea'].split()
         subdomains_out = [s.rstrip() for s in subdomains_out if s]
-        starting_point_url = request.POST['startingPointUrl'].strip()
+        starting_point_path = request.POST['startingPointPath'].strip()
         excluded_paths = request.POST['excludedPaths'] # string separated by ,
         # split excluded paths by ,
         excluded_paths = [path.strip() for path in excluded_paths.split(',')]
@@ -284,7 +284,7 @@ def start_scan_ui(request, slug, domain_id):
             'results_dir': '/usr/src/scan_results',
             'imported_subdomains': subdomains_in,
             'out_of_scope_subdomains': subdomains_out,
-            'starting_point_url': starting_point_url,
+            'starting_point_path': starting_point_path,
             'excluded_paths': excluded_paths,
             'initiated_by_id': request.user.id
         }
@@ -329,7 +329,7 @@ def start_multiple_scan(request, slug):
             subdomains_in = [s.rstrip() for s in subdomains_in if s]
             subdomains_out = request.POST['outOfScopeSubdomainTextarea'].split()
             subdomains_out = [s.rstrip() for s in subdomains_out if s]
-            starting_point_url = request.POST['startingPointUrl'].strip()
+            starting_point_path = request.POST['startingPointPath'].strip()
             excluded_paths = request.POST['excludedPaths'] # string separated by ,
             # split excluded paths by ,
             excluded_paths = [path.strip() for path in excluded_paths.split(',')]
@@ -354,7 +354,7 @@ def start_multiple_scan(request, slug):
                     'initiated_by_id': request.user.id,
                     'imported_subdomains': subdomains_in,
                     'out_of_scope_subdomains': subdomains_out,
-                    'starting_point_url': starting_point_url,
+                    'starting_point_path': starting_point_path,
                     'excluded_paths': excluded_paths,
                 }
 
@@ -562,7 +562,7 @@ def schedule_scan(request, host_id, slug):
         subdomains_in = [s.rstrip() for s in subdomains_in if s]
         subdomains_out = request.POST['outOfScopeSubdomainTextarea'].split()
         subdomains_out = [s.rstrip() for s in subdomains_out if s]
-        starting_point_url = request.POST['startingPointUrl'].strip()
+        starting_point_path = request.POST['startingPointPath'].strip()
         excluded_paths = request.POST['excludedPaths'] # string separated by ,
         # split excluded paths by ,
         excluded_paths = [path.strip() for path in excluded_paths.split(',')]
@@ -596,7 +596,7 @@ def schedule_scan(request, host_id, slug):
                 'scan_type': SCHEDULED_SCAN,
                 'imported_subdomains': subdomains_in,
                 'out_of_scope_subdomains': subdomains_out,
-                'starting_point_url': starting_point_url,
+                'starting_point_path': starting_point_path,
                 'excluded_paths': excluded_paths,
                 'initiated_by_id': request.user.id
             }
@@ -617,7 +617,7 @@ def schedule_scan(request, host_id, slug):
                 'scan_type': SCHEDULED_SCAN,
                 'imported_subdomains': subdomains_in,
                 'out_of_scope_subdomains': subdomains_out,
-                'starting_point_url': starting_point_url,
+                'starting_point_path': starting_point_path,
                 'excluded_paths': excluded_paths,
                 'initiated_by_id': request.user.id
             }
@@ -745,7 +745,7 @@ def start_organization_scan(request, id, slug):
         subdomains_in = [s.rstrip() for s in subdomains_in if s]
         subdomains_out = request.POST['outOfScopeSubdomainTextarea'].split()
         subdomains_out = [s.rstrip() for s in subdomains_out if s]
-        starting_point_url = request.POST['startingPointUrl'].strip()
+        starting_point_path = request.POST['startingPointPath'].strip()
         excluded_paths = request.POST['excludedPaths'] # string separated by ,
         # split excluded paths by ,
         excluded_paths = [path.strip() for path in excluded_paths.split(',')]
@@ -768,7 +768,7 @@ def start_organization_scan(request, id, slug):
                 'initiated_by_id': request.user.id,
                 'imported_subdomains': subdomains_in,
                 'out_of_scope_subdomains': subdomains_out,
-                'starting_point_url': starting_point_url,
+                'starting_point_path': starting_point_path,
                 'excluded_paths': excluded_paths,
             }
             initiate_scan.apply_async(kwargs=kwargs)
@@ -814,7 +814,7 @@ def schedule_organization_scan(request, slug, id):
         subdomains_in = [s.rstrip() for s in subdomains_in if s]
         subdomains_out = request.POST['outOfScopeSubdomainTextarea'].split()
         subdomains_out = [s.rstrip() for s in subdomains_out if s]
-        starting_point_url = request.POST['startingPointUrl'].strip()
+        starting_point_path = request.POST['startingPointPath'].strip()
         excluded_paths = request.POST['excludedPaths'] # string separated by ,
         # split excluded paths by ,
         excluded_paths = [path.strip() for path in excluded_paths.split(',')]
@@ -852,7 +852,7 @@ def schedule_organization_scan(request, slug, id):
                     'initiated_by_id': request.user.id,
                     'imported_subdomains': subdomains_in,
                     'out_of_scope_subdomains': subdomains_out,
-                    'starting_point_url': starting_point_url,
+                    'starting_point_path': starting_point_path,
                     'excluded_paths': excluded_paths,
                 })
                 PeriodicTask.objects.create(
@@ -876,7 +876,7 @@ def schedule_organization_scan(request, slug, id):
                     'initiated_by_id': request.user.id,
                     'imported_subdomains': subdomains_in,
                     'out_of_scope_subdomains': subdomains_out,
-                    'starting_point_url': starting_point_url,
+                    'starting_point_path': starting_point_path,
                     'excluded_paths': excluded_paths,
                 })
                 PeriodicTask.objects.create(clocked=clock,

From 4af8226098ca1c21f6052f4336166b45b9909e52 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Thu, 22 Aug 2024 10:59:16 +0530
Subject: [PATCH 084/211] Add imported subdomains in scan config

---
 web/reNgine/tasks.py    | 1 +
 web/startScan/models.py | 8 +++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/web/reNgine/tasks.py b/web/reNgine/tasks.py
index d23086c91..35f8aa85f 100644
--- a/web/reNgine/tasks.py
+++ b/web/reNgine/tasks.py
@@ -118,6 +118,7 @@ def initiate_scan(
 		scan.cfg_starting_point_path = starting_point_path
 		scan.cfg_excluded_paths = excluded_paths
 		scan.cfg_out_of_scope_subdomains = out_of_scope_subdomains
+		scan.cfg_imported_subdomains = imported_subdomains
 
 		if add_gf_patterns:
 			scan.used_gf_patterns = ','.join(gf_patterns)
diff --git a/web/startScan/models.py b/web/startScan/models.py
index b93a0645c..fcfbafa20 100644
--- a/web/startScan/models.py
+++ b/web/startScan/models.py
@@ -48,7 +48,7 @@ class ScanHistory(models.Model):
 	dorks = models.ManyToManyField('Dork', related_name='dorks', blank=True)
 	initiated_by = models.ForeignKey(User, on_delete=models.CASCADE, related_name='initiated_scans', blank=True, null=True)
 	aborted_by = models.ForeignKey(User, on_delete=models.SET_NULL, null=True, blank=True, related_name='aborted_scans')
-	# scan related configs, append config fields with cfg_
+	# scan related configs, prefix config fields with cfg_
 	cfg_out_of_scope_subdomains = ArrayField(
 		models.CharField(max_length=200),
 		blank=True,
@@ -62,6 +62,12 @@ class ScanHistory(models.Model):
 		null=True,
 		default=list
 	)
+	cfg_imported_subdomains = ArrayField(
+		models.CharField(max_length=200),
+		blank=True,
+		null=True,
+		default=list
+	)
 
 
 	def __str__(self):

From b5846c6199509ad4ff7df0f800380c78b54fe1db Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Thu, 22 Aug 2024 10:59:36 +0530
Subject: [PATCH 085/211] fix icon and log view as code

---
 web/startScan/static/startScan/js/detail_scan.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/web/startScan/static/startScan/js/detail_scan.js b/web/startScan/static/startScan/js/detail_scan.js
index a7a972d7d..8e2da5b20 100644
--- a/web/startScan/static/startScan/js/detail_scan.js
+++ b/web/startScan/static/startScan/js/detail_scan.js
@@ -1039,12 +1039,12 @@ function create_log_element(log) {
 	let logElement = document.createElement("p");
 	innerHTML = `
 	<p>
-	  <p data-bs-toggle="collapse" data-bs-target="#collapse${log.id}">
-		<b>${log.command}</b>
+	  <p data-bs-toggle="collapse" data-bs-target="#collapse${log.id}" class="text-primary">
+		<i class="fe-terminal"></i>${log.command}
 	  </p>
 	</p>`
 	if (log.output != ''){
-		innerHTML += `<div class="collapse" id="collapse${log.id}"><div style="white-space: pre-line" class="card card-body">${log.output}</div></div>`;
+		innerHTML += `<div class="collapse" id="collapse${log.id}"><code style="white-space: pre-line" class="card card-body">${log.output}</code></div>`;
 	}
 	logElement.innerHTML = innerHTML;
 	return logElement;

From ce80595a0164e31b9eb11124c7e339fba433d296 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Thu, 22 Aug 2024 11:00:31 +0530
Subject: [PATCH 086/211] show scan config in ui

---
 ...004_scanhistory_cfg_imported_subdomains.py | 19 +++++++
 .../templates/startScan/detail_scan.html      | 56 ++++++++++++++++---
 web/static/custom/custom.js                   |  2 +-
 3 files changed, 67 insertions(+), 10 deletions(-)
 create mode 100644 web/startScan/migrations/0004_scanhistory_cfg_imported_subdomains.py

diff --git a/web/startScan/migrations/0004_scanhistory_cfg_imported_subdomains.py b/web/startScan/migrations/0004_scanhistory_cfg_imported_subdomains.py
new file mode 100644
index 000000000..992199df5
--- /dev/null
+++ b/web/startScan/migrations/0004_scanhistory_cfg_imported_subdomains.py
@@ -0,0 +1,19 @@
+# Generated by Django 3.2.23 on 2024-08-22 04:26
+
+import django.contrib.postgres.fields
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('startScan', '0003_rename_cfg_starting_point_url_scanhistory_cfg_starting_point_path'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='scanhistory',
+            name='cfg_imported_subdomains',
+            field=django.contrib.postgres.fields.ArrayField(base_field=models.CharField(max_length=200), blank=True, default=list, null=True, size=None),
+        ),
+    ]
diff --git a/web/startScan/templates/startScan/detail_scan.html b/web/startScan/templates/startScan/detail_scan.html
index c7fad04d1..f704affd4 100644
--- a/web/startScan/templates/startScan/detail_scan.html
+++ b/web/startScan/templates/startScan/detail_scan.html
@@ -146,11 +146,51 @@ <h5 class="mt-0 mb-0 font-15">
 							<p class="text-danger">Scan failed due to ERROR: {{history.error_message}}</p>
 						{% endif %}
 						{% endif %}
-						<h6 class="font-13 text-muted text-uppercase">Scan Logs</h6>
-						<span><a href="javascript:get_logs_modal({{history.id}})"><i class="fe-file"></i> Logs</a></span>
-						<h6 class="font-13 text-muted text-uppercase">Scan Engine</h6>
+						<h6 class="font-13 text-muted text-uppercase"><i class="fe-settings"></i> Scan Configurations</h6>
+						<span>Starting Path: {% if history.cfg_starting_point_path %} {{history.cfg_starting_point_path}} {% else %}/ {% endif %}</span><i class="fa fa-info-circle text-muted float-end" data-bs-container="#tooltip-container" data-bs-toggle="tooltip" data-bs-placement="bottom" title="Scan path where the scan began"></i><br>
+						<div class="accordion custom-accordion" id="custom-accordion-one">
+							<div>
+								<a class="custom-accordion-title text-reset d-block collapsed" data-bs-toggle="collapse" href="#collapseImported" aria-expanded="true" aria-controls="collapseImported">
+									{{history.cfg_imported_subdomains|length}} Imported Subdomains <i class="mdi mdi-chevron-down accordion-arrow"></i>
+								</a>
+								<div id="collapseImported" class="collapse" data-bs-parent="#custom-accordion-one" style="">
+									<ul>
+										{% for subdomain in history.cfg_imported_subdomains %}
+										<li><code>{{subdomain}}</code></li>
+										{% endfor %}
+									</ul>
+								</div>
+							</div>
+							<div>
+								<a class="custom-accordion-title text-reset d-block collapsed" data-bs-toggle="collapse" href="#collapseOutofScope" aria-expanded="true" aria-controls="collapseImported">
+									{{history.cfg_out_of_scope_subdomains|length}} out of scope Subdomains <i class="mdi mdi-chevron-down accordion-arrow"></i>
+								</a>
+								<div id="collapseOutofScope" class="collapse" data-bs-parent="#custom-accordion-one" style="">
+									<ul>
+										{% for subdomain in history.cfg_out_of_scope_subdomains %}
+										<li><code>{{subdomain}}</code></li>
+										{% endfor %}
+									</ul>
+								</div>
+							</div>
+							<div>
+								<a class="custom-accordion-title text-reset d-block collapsed" data-bs-toggle="collapse" href="#collapsePath" aria-expanded="true" aria-controls="collapseImported">
+									{{history.cfg_excluded_paths|length}} Excluded Paths <i class="mdi mdi-chevron-down accordion-arrow"></i>
+								</a>
+								<div id="collapsePath" class="collapse" data-bs-parent="#custom-accordion-one" style="">
+									<ul>
+										{% for path in history.cfg_excluded_paths %}
+										<li><code>{{path}}</code></li>
+										{% endfor %}
+									</ul>
+								</div>
+							</div>
+						</div>
+						<h6 class="font-13 text-muted text-uppercase mt-3"><i class="fe-file"></i> Scan Logs</h6>
+						<span><a href="javascript:get_logs_modal({{history.id}})"><i class="fe-terminal"></i> Logs</a></span>
+						<h6 class="font-13 text-muted text-uppercase mt-3"><i class="fe-cpu"></i> Scan Engine</h6>
 						<span class="badge badge-soft-primary">{{history.scan_type.engine_name}}</span>
-						<h6 class="font-13 text-muted text-uppercase mt-3">Scan Duration </h6>
+						<h6 class="font-13 text-muted text-uppercase mt-3"><i class="fe-clock"></i> Scan Duration </h6>
 						{% if history.scan_status == -1 %}
 						<p class="mt-1 mb-0 text-warning font-14"><small class="text-center text-muted">Scan not yet started.</small></p>
 						{% elif history.scan_status == 0 %}
@@ -166,9 +206,7 @@ <h6 class="font-13 text-muted text-uppercase mt-3">Scan Duration </h6>
 						{% elif history.scan_status == 3 %}
 						<span class="mt-1 mb-0 text-danger font-14">Aborted in {{ history.start_scan_date|timesince:history.stop_scan_date }}</span>
 						{% endif %}
-
-
-						<h3 class="font-13 text-muted text-uppercase mb-2">Scan Progress</h3>
+						<h3 class="font-13 text-muted text-uppercase mt-3"><i class="fe-loader"></i> Scan Progress</h3>
 						<div class="progress mb-2 progress-md">
 							{% if history.scan_status == -1 %}
 							<div class="progress-bar bg-warning" role="progressbar" style="width: 10%" aria-valuemin="0" aria-valuemax="100">
@@ -200,7 +238,7 @@ <h3 class="font-13 text-muted text-uppercase mb-2">Tagged to Organization</h3>
 						{% endfor %}
 						{% endif %}
 
-						<h6 class="font-13 text-muted text-uppercase mt-4 mb-2">Scan Timeline</h6>
+						<h6 class="font-13 text-muted text-uppercase mt-4 mb-2"><i class="fe-activity"></i> Timeline</h6>
 						<div data-simplebar style="max-height: 410px;" class="p-2">
 							<div class="track-order-list">
 								<ul class="list-unstyled">
@@ -220,7 +258,7 @@ <h5 class="mt-0 mb-1">{{activity.title}}
 												<p class="badge badge-soft-danger">Error: {{activity.error_message}}</p>
 											{% endif %}
 										{% endif %}
-										<span><a href="javascript:get_logs_modal(null, {{activity.id}})"><i class="fe-file"></i> Logs</a></span>
+										<span><a href="javascript:get_logs_modal(null, {{activity.id}})"><i class="fe-terminal"></i> Logs</a></span>
 									</li>
 									{% endfor %}
 								</ul>
diff --git a/web/static/custom/custom.js b/web/static/custom/custom.js
index b5f58bf1e..9dfd313ef 100644
--- a/web/static/custom/custom.js
+++ b/web/static/custom/custom.js
@@ -3328,4 +3328,4 @@ function handleHashInUrl(){
 			}, 100);
 		}
 	}
-}
+}
\ No newline at end of file

From 8b7b577fac97cc121c1736603822f977bd511da3 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Thu, 22 Aug 2024 20:51:50 +0530
Subject: [PATCH 087/211] Add show config modal in scan history

---
 .../templates/startScan/history.html          |   5 +
 web/static/custom/custom.css                  |  14 +-
 web/static/custom/custom.js                   | 246 +++++++++++-------
 3 files changed, 165 insertions(+), 100 deletions(-)

diff --git a/web/startScan/templates/startScan/history.html b/web/startScan/templates/startScan/history.html
index ff9bfba1f..0f4fe1257 100644
--- a/web/startScan/templates/startScan/history.html
+++ b/web/startScan/templates/startScan/history.html
@@ -97,6 +97,10 @@ <h4 class="headline-title">Filters</h4>
               <td class="">
                 {{ scan_history.domain.name }}
                 <br>
+                {% if scan_history.cfg_starting_point_path %}
+                  <span><i class=""></i>Path: <code>{{scan_history.cfg_starting_point_path}}</code></span>
+                {% endif %}
+                <br>
                 {% for organization in scan_history.domain.get_organization %}
                 <span class="badge badge-soft-dark mt-1 me-1" data-toggle="tooltip" data-placement="top" title="Domain {{domain.name}} belongs to organization {{organization.name}}">{{ organization.name }}</span>
                 {% endfor %}
@@ -173,6 +177,7 @@ <h4 class="headline-title">Filters</h4>
                         <i class="mdi mdi-chevron-right"></i>
                       </button>
                       <div class="dropdown-menu" style="">
+                        <a class="dropdown-item text-primary" href="javascript:show_scan_configuration('{{scan_history.cfg_starting_point_path}}', {{scan_history.cfg_out_of_scope_subdomains}}, {{scan_history.cfg_excluded_paths}}, {{scan_history.cfg_imported_subdomains}})"><i class="fe-settings"></i>&nbsp;Show Configurations</a>
                         {% if user|can:'initiate_scans_subscans' %}
                           {% if scan_history.scan_status == 0 or scan_history.scan_status == 2 or scan_history.scan_status == 3 %}
                           <a class="dropdown-item text-primary" href="/scan/{{current_project.slug}}/start/{{scan_history.domain.id}}">
diff --git a/web/static/custom/custom.css b/web/static/custom/custom.css
index 03373be25..52835d872 100644
--- a/web/static/custom/custom.css
+++ b/web/static/custom/custom.css
@@ -394,4 +394,16 @@ mark{
 .tab-content .card-body {
   padding-left: 0.8rem !important;
   padding-right: 0.8rem !important;
-}
\ No newline at end of file
+}
+
+.scan-config-modal .config-list {
+  max-height: 300px;
+  overflow-y: auto;
+  padding-left: 20px;
+}
+.scan-config-modal .config-list li {
+  padding: 5px 0;
+}
+.scan-config-modal .badge {
+  margin-left: 5px;
+}
diff --git a/web/static/custom/custom.js b/web/static/custom/custom.js
index 9dfd313ef..570d72332 100644
--- a/web/static/custom/custom.js
+++ b/web/static/custom/custom.js
@@ -1460,107 +1460,107 @@ function fetch_whois(domain_name, force_reload_whois=false) {
 }
 
 function get_target_whois(domain_name) {
-    const url = `/api/tools/whois/?format=json&target=${domain_name}`;
-    
-    Swal.fire({
-        title: `Fetching WHOIS details for ${domain_name}...`,
-        allowOutsideClick: false,
-        showConfirmButton: false,
-        willOpen: () => {
-            Swal.showLoading();
-        }
-    });
-
-    fetch(url, {
-        method: 'GET',
-        credentials: "same-origin",
-        headers: {
-            "X-CSRFToken": getCookie("csrftoken"),
-            'Content-Type': 'application/json'
-        },
-    })
-    .then(response => {
-        if (!response.ok) {
-            throw new Error(`HTTP error! status: ${response.status}`);
-        }
-        return response.json();
-    })
-    .then(data => {
-        console.log(data);
-        if (data.status) {
-            Swal.close();
-            display_whois_on_modal(data);
-        } else {
-            throw new Error(data.result || 'Failed to fetch WHOIS data');
-        }
-    })
-    .catch(error => {
-        console.error('Error:', error);
-        let errorMessage = error.message;
-        if (errorMessage.includes('Netlas limit exceeded')) {
-            errorMessage = 'Rate limit exceeded. Please try again later.';
-        } else if (errorMessage.includes('Invalid domain')) {
-            errorMessage = 'Invalid domain or no WHOIS data available.';
-        }
-        Swal.fire({
-            title: 'Error!',
-            text: `Failed to fetch WHOIS records for ${domain_name}: ${errorMessage}`,
-            icon: 'error'
-        });
-    });
+	const url = `/api/tools/whois/?format=json&target=${domain_name}`;
+	
+	Swal.fire({
+		title: `Fetching WHOIS details for ${domain_name}...`,
+		allowOutsideClick: false,
+		showConfirmButton: false,
+		willOpen: () => {
+			Swal.showLoading();
+		}
+	});
+
+	fetch(url, {
+		method: 'GET',
+		credentials: "same-origin",
+		headers: {
+			"X-CSRFToken": getCookie("csrftoken"),
+			'Content-Type': 'application/json'
+		},
+	})
+	.then(response => {
+		if (!response.ok) {
+			throw new Error(`HTTP error! status: ${response.status}`);
+		}
+		return response.json();
+	})
+	.then(data => {
+		console.log(data);
+		if (data.status) {
+			Swal.close();
+			display_whois_on_modal(data);
+		} else {
+			throw new Error(data.result || 'Failed to fetch WHOIS data');
+		}
+	})
+	.catch(error => {
+		console.error('Error:', error);
+		let errorMessage = error.message;
+		if (errorMessage.includes('Netlas limit exceeded')) {
+			errorMessage = 'Rate limit exceeded. Please try again later.';
+		} else if (errorMessage.includes('Invalid domain')) {
+			errorMessage = 'Invalid domain or no WHOIS data available.';
+		}
+		Swal.fire({
+			title: 'Error!',
+			text: `Failed to fetch WHOIS records for ${domain_name}: ${errorMessage}`,
+			icon: 'error'
+		});
+	});
 }
 
 function get_domain_whois(domain_name, show_add_target_btn = false) {
-    const url = `/api/tools/whois/?format=json&target=${domain_name}`;
-    
-    Swal.fire({
-        title: `Fetching WHOIS details for ${domain_name}...`,
-        allowOutsideClick: false,
-        showConfirmButton: false,
-        willOpen: () => {
-            Swal.showLoading();
-        }
-    });
-
-    $('.modal').modal('hide');
-
-    fetch(url, {
-        method: 'GET',
-        credentials: "same-origin",
-        headers: {
-            "X-CSRFToken": getCookie("csrftoken"),
-            'Content-Type': 'application/json'
-        },
-    })
-    .then(response => {
-        if (!response.ok) {
-            throw new Error(`HTTP error! status: ${response.status}`);
-        }
-        return response.json();
-    })
-    .then(data => {
-        console.log(data);
-        Swal.close();
-        if (data.status) {
-            display_whois_on_modal(data, show_add_target_btn);
-        } else {
-            throw new Error(data.result || 'Failed to fetch WHOIS data');
-        }
-    })
-    .catch(error => {
-        console.error('Error:', error);
-        let errorMessage = error.message;
-        if (errorMessage.includes('Netlas limit exceeded')) {
-            errorMessage = 'Rate limit exceeded. Please try again later.';
-        } else if (errorMessage.includes('Invalid domain')) {
-            errorMessage = 'Invalid domain or no WHOIS data available.';
-        }
-        Swal.fire({
-            title: 'Error!',
-            text: `Failed to fetch WHOIS records for ${domain_name}: ${errorMessage}`,
-            icon: 'error'
-        });
-    });
+	const url = `/api/tools/whois/?format=json&target=${domain_name}`;
+	
+	Swal.fire({
+		title: `Fetching WHOIS details for ${domain_name}...`,
+		allowOutsideClick: false,
+		showConfirmButton: false,
+		willOpen: () => {
+			Swal.showLoading();
+		}
+	});
+
+	$('.modal').modal('hide');
+
+	fetch(url, {
+		method: 'GET',
+		credentials: "same-origin",
+		headers: {
+			"X-CSRFToken": getCookie("csrftoken"),
+			'Content-Type': 'application/json'
+		},
+	})
+	.then(response => {
+		if (!response.ok) {
+			throw new Error(`HTTP error! status: ${response.status}`);
+		}
+		return response.json();
+	})
+	.then(data => {
+		console.log(data);
+		Swal.close();
+		if (data.status) {
+			display_whois_on_modal(data, show_add_target_btn);
+		} else {
+			throw new Error(data.result || 'Failed to fetch WHOIS data');
+		}
+	})
+	.catch(error => {
+		console.error('Error:', error);
+		let errorMessage = error.message;
+		if (errorMessage.includes('Netlas limit exceeded')) {
+			errorMessage = 'Rate limit exceeded. Please try again later.';
+		} else if (errorMessage.includes('Invalid domain')) {
+			errorMessage = 'Invalid domain or no WHOIS data available.';
+		}
+		Swal.fire({
+			title: 'Error!',
+			text: `Failed to fetch WHOIS records for ${domain_name}: ${errorMessage}`,
+			icon: 'error'
+		});
+	});
 }
 
 
@@ -3328,4 +3328,52 @@ function handleHashInUrl(){
 			}, 100);
 		}
 	}
-}
\ No newline at end of file
+}
+
+function show_scan_configuration(starting_path, out_of_scope_subdomains, excluded_paths, imported_subdomains) {
+	$('#modal_title').html('Scan Configuration');
+	$('#modal-content').empty();
+	var content = `
+	<div class="scan-config-modal">
+		<div class="starting-path mb-3">
+			<h5>Starting Path: <code>${starting_path || '/'}</code></h5>
+		</div>
+		<ul class="nav nav-tabs nav-bordered" role="tablist">
+			<li class="nav-item" role="presentation">
+				<a href="#outofscope" data-bs-toggle="tab" aria-expanded="true" class="nav-link active" role="tab">
+					Out of Scope Subdomains <span class="badge bg-secondary">${out_of_scope_subdomains.length}</span>
+				</a>
+			</li>
+			<li class="nav-item" role="presentation">
+				<a href="#imported" data-bs-toggle="tab" aria-expanded="false" class="nav-link" role="tab">
+					Imported Subdomains <span class="badge bg-secondary">${imported_subdomains.length}</span>
+				</a>
+			</li>
+			<li class="nav-item" role="presentation">
+				<a href="#excluded" data-bs-toggle="tab" aria-expanded="false" class="nav-link" role="tab">
+					Excluded Paths <span class="badge bg-secondary">${excluded_paths.length}</span>
+				</a>
+			</li>
+		</ul>
+		<div class="tab-content">
+			<div class="tab-pane fade show active" id="outofscope" role="tabpanel">
+				<ul class="config-list">
+					${out_of_scope_subdomains.map(domain => `<li><code>${domain}</code></li>`).join('')}
+				</ul>
+			</div>
+			<div class="tab-pane fade" id="imported" role="tabpanel">
+				<ul class="config-list">
+					${imported_subdomains.map(domain => `<li><code>${domain}</code></li>`).join('')}
+				</ul>
+			</div>
+			<div class="tab-pane fade" id="excluded" role="tabpanel">
+				<ul class="config-list">
+					${excluded_paths.map(path => `<li><code>${path}</code></li>`).join('')}
+				</ul>
+			</div>
+		</div>
+	</div>
+	`;
+	$('#modal-content').append(content);
+	$('#modal_dialog').modal('show');
+}

From 6481b2e9f43b7662e6c87b0442de4b3953b77f49 Mon Sep 17 00:00:00 2001
From: Damian Husted <43425216+DamianHusted@users.noreply.github.com>
Date: Fri, 23 Aug 2024 10:39:11 +1200
Subject: [PATCH 088/211] Update to uninstall.sh

TLDR; Script updated to abort uninstall process if anything other than the specified "y/Y/Yes/yes/YES" is entered. Fixes uninstall on user inputs like "no" or blank input.
---
The uninstall.sh script does not abort if any user input is provided.

The following user-input scenarios were tested, confirmed and fixed:
- no input
- "n"
- "N"
- "No"
- "1"
- "q"
- "
- (
- '
- <
- [
- {
- /
---
 scripts/uninstall.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/uninstall.sh b/scripts/uninstall.sh
index cc177285d..761738b5c 100755
--- a/scripts/uninstall.sh
+++ b/scripts/uninstall.sh
@@ -30,8 +30,8 @@ read -p "$(echo -e ${WARNING}"Are you sure you want to proceed? (y/Y/yes/YES to
 # change answer to lowecase for comparison
 ANSWER_LC=$(echo "$CONFIRM" | tr '[:upper:]' '[:lower:]')
 
-if [[ "$ANSWER_LC" != "y" && "$ANSWER_LC" != "yes" ]]; then
-    print_status "${YELLOW}Uninstall aborted by user.${RESET}"
+if [ -z "$CONFIRM" ] || { [ "$CONFIRM" != "y" ] && [ "$CONFIRM" != "Y" ] && [ "$CONFIRM" != "yes" ] && [ "$CONFIRM" != "Yes" ] && [ "$CONFIRM" != "YES" ]; }; then
+    print_status "${WARNING}Uninstall aborted by user.${RESET}"
     exit 0
 fi
 

From 36b6da29a64c7c61bc32c80f05154360b4bd697c Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 23 Aug 2024 11:00:05 +0530
Subject: [PATCH 089/211] added prefill in views.py for rescans

---
 .../templates/startScan/history.html          |  5 ++--
 web/startScan/views.py                        | 29 +++++++++++++++++--
 2 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/web/startScan/templates/startScan/history.html b/web/startScan/templates/startScan/history.html
index d15529372..bb78cf07c 100644
--- a/web/startScan/templates/startScan/history.html
+++ b/web/startScan/templates/startScan/history.html
@@ -180,8 +180,9 @@ <h4 class="headline-title">Filters</h4>
                         <a class="dropdown-item text-primary" href="javascript:show_scan_configuration('{{scan_history.cfg_starting_point_path}}', {{scan_history.cfg_out_of_scope_subdomains}}, {{scan_history.cfg_excluded_paths}}, {{scan_history.cfg_imported_subdomains}})"><i class="fe-settings"></i>&nbsp;Show Configurations</a>
                         {% if user|can:'initiate_scans_subscans' %}
                           {% if scan_history.scan_status == 0 or scan_history.scan_status == 2 or scan_history.scan_status == 3 %}
-                          <a class="dropdown-item text-primary" href="/scan/{{current_project.slug}}/start/{{scan_history.domain.id}}">
-                          <i class="fe-refresh-ccw"></i>&nbsp;Rescan </a>
+                          <a class="dropdown-item text-primary" href="{% url 'start_scan' current_project.slug scan_history.domain.id %}?rescan=true&history_id={{ scan_history.id }}">
+                            <i class="fe-refresh-ccw"></i>&nbsp;Rescan
+                          </a>
                           {% endif %}
 
                           {% if scan_history.scan_status == 1 or scan_history.scan_status == -1%}
diff --git a/web/startScan/views.py b/web/startScan/views.py
index 0f5f57abb..1528230b7 100644
--- a/web/startScan/views.py
+++ b/web/startScan/views.py
@@ -299,19 +299,44 @@ def start_scan_ui(request, slug, domain_id):
         return HttpResponseRedirect(reverse('scan_history', kwargs={'slug': slug}))
 
     # GET request
+
+    is_rescan = request.GET.get('rescan', 'false').lower() == 'true'
+    history_id = request.GET.get('history_id', None)
+
+    # default values
+    subdomains_in = []
+    subdomains_out = []
+    starting_point_path = None
+    excluded_paths = []
+    selected_engine_id = None
+
+    if is_rescan and history_id:
+        previous_scan = get_object_or_404(ScanHistory, id=history_id)
+        selected_engine_id = getattr(previous_scan.scan_type, 'id', None)
+        subdomains_in = getattr(previous_scan, 'cfg_imported_subdomains', None)
+        subdomains_out = getattr(previous_scan, 'cfg_out_of_scope_subdomains', None)
+        starting_point_path = getattr(previous_scan, 'cfg_starting_point_path', None)
+        excluded_paths = getattr(previous_scan, 'cfg_excluded_paths', None)
+
     engines = EngineType.objects.order_by('engine_name')
     custom_engines_count = (
         EngineType.objects
         .filter(default_engine=False)
         .count()
     )
-    excluded_paths = ','.join(DEFAULT_EXCLUDED_PATHS)
+    excluded_paths = ','.join(DEFAULT_EXCLUDED_PATHS) if not excluded_paths else ','.join(excluded_paths)
+
+    # context values
     context = {
         'scan_history_active': 'active',
         'domain': domain,
         'engines': engines,
         'custom_engines_count': custom_engines_count,
-        'excluded_paths': excluded_paths
+        'excluded_paths': excluded_paths,
+        'subdomains_in': subdomains_in,
+        'subdomains_out': subdomains_out,
+        'starting_point_path': starting_point_path,
+        'selected_engine_id': selected_engine_id,
     }
     return render(request, 'startScan/start_scan_ui.html', context)
 

From d7dd06366312d717f54ff27bcbee6978d985e9a0 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 23 Aug 2024 11:00:22 +0530
Subject: [PATCH 090/211] modify wizard to accomodate prefilled engines

---
 .../startScan/js/start-scan-wizard-init.js    | 48 ++++++++++++++-----
 1 file changed, 35 insertions(+), 13 deletions(-)

diff --git a/web/startScan/static/startScan/js/start-scan-wizard-init.js b/web/startScan/static/startScan/js/start-scan-wizard-init.js
index ee1ce61db..8c3403b6b 100644
--- a/web/startScan/static/startScan/js/start-scan-wizard-init.js
+++ b/web/startScan/static/startScan/js/start-scan-wizard-init.js
@@ -10,24 +10,32 @@ $("#select_engine").steps({
   onStepChanging: updateButton,
   labels: { finish: "Start Scan" },
   onInit: function (event, current) {
-    $(".actions ul li:nth-child(3) a").attr(
-      "onclick",
-      `$(this).closest('form').submit()`
+    $(".actions ul li:nth-child(3) a")
+      .attr("onclick", `$(this).closest('form').submit()`)
+      .addClass("text-white");
+    $(".actions ul li:nth-child(1) a[href='#previous']").removeClass(
+      "btn btn-primary waves-effect waves-light"
     );
+    disableNext();
+    updateButton();
+    updatePreviousButton();
   },
 });
+
 $("input[type=radio][name=scan_mode]").change(initTimer).keyup(initTimer);
-disableNext();
-$('a[role="menuitem"]').addClass("text-white");
+// $('a[role="menuitem"]').addClass("text-white");
 
 function initTimer() {
   if (globalTimeout) clearTimeout(globalTimeout);
   globalTimeout = setTimeout(updateButton, 400);
 }
+
 function disableNext() {
   var nextButton = $(".actions ul li:nth-child(2) a");
   nextButton.attr("href", "#");
-  buttonEnabled = $(".actions ul li:nth-child(2)")
+  nextButton.removeClass("btn btn-primary waves-effect waves-light text-white");
+  buttonEnabled = false;
+  $(".actions ul li:nth-child(2)")
     .addClass("disabled")
     .attr("aria-disabled", "true");
 }
@@ -35,23 +43,37 @@ function disableNext() {
 function enableNext() {
   var nextButton = $(".actions ul li:nth-child(2) a");
   nextButton.attr("href", "#next");
-  buttonEnabled = $(".actions ul li:nth-child(2)")
+  buttonEnabled = true;
+  nextButton.addClass("btn btn-primary waves-effect waves-light text-white");
+  $(".actions ul li:nth-child(2)")
     .removeClass("disabled")
     .attr("aria-disabled", "false");
 }
 
 function updateButton() {
-  $('a[role="menuitem"]').addClass("btn btn-primary waves-effect waves-light");
-  var text = $("input[type=radio][name=scan_mode]").val();
-  if (text === "") {
+  var selectedEngine = $("input[type=radio][name=scan_mode]:checked").val();
+  if (selectedEngine) {
+    enableNext();
+  } else {
     disableNext();
-    return false;
+  }
+  updatePreviousButton();
+  return buttonEnabled;
+}
+
+function updatePreviousButton() {
+  var previousButton = $("a[href='#previous']");
+  if (previousButton.parent().hasClass("disabled")) {
+    previousButton.removeClass("text-white");
   } else {
-    enableNext();
-    return true;
+    previousButton.addClass("text-white");
   }
 }
 
+$("#select_engine").on("steps.change", function (e, currentIndex, newIndex) {
+  setTimeout(updatePreviousButton, 0);
+});
+
 $("#excludedPaths").selectize({
   persist: false,
   createOnBlur: true,

From df9afac63b623881ea4724e124a897db900ca05d Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 23 Aug 2024 11:00:36 +0530
Subject: [PATCH 091/211] prefill values for scan engine andf other scan
 configurations

---
 .../startScan/_items/scanengine_accordion.html |  2 +-
 .../startScan/_items/start_scan_wizard.html    | 18 ++++++++++++++++--
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/web/startScan/templates/startScan/_items/scanengine_accordion.html b/web/startScan/templates/startScan/_items/scanengine_accordion.html
index 745c315f3..b16dc753c 100644
--- a/web/startScan/templates/startScan/_items/scanengine_accordion.html
+++ b/web/startScan/templates/startScan/_items/scanengine_accordion.html
@@ -4,7 +4,7 @@
       <h2 class="accordion-header" id="heading_{{engine.id}}">
         <button class="accordion-button collapsed" type="button" data-bs-toggle="collapse" data-bs-target="#collapse_{{engine.id}}" aria-expanded="false" aria-controls="collapse_{{engine.id}}">
           <div class="form-check form-check-primary">
-            <input class="form-check-input rounded-circle" type="radio" id="accordion_{{engine.id}}" name="scan_mode" value="{{engine.id}}" required>
+            <input class="form-check-input rounded-circle" type="radio" id="accordion_{{engine.id}}" name="scan_mode" value="{{engine.id}}" required {% if engine.id == selected_engine_id %}checked{% endif %}>
             <label class="form-check-label lead" for="accordion_{{engine.id}}">{{engine.engine_name}}
               &nbsp;&nbsp;&nbsp;
               {% if engine.default_engine %}
diff --git a/web/startScan/templates/startScan/_items/start_scan_wizard.html b/web/startScan/templates/startScan/_items/start_scan_wizard.html
index 2dc67c757..bc8545b8d 100644
--- a/web/startScan/templates/startScan/_items/start_scan_wizard.html
+++ b/web/startScan/templates/startScan/_items/start_scan_wizard.html
@@ -34,7 +34,12 @@ <h4 class="text-info">Import Subdomains(Optional)</h4>
                   <span>Enter one subdomain per line. Subdomains not belonging to <strong>{{domain.name}}</strong> will be automatically skipped.</span>
                 </div>
                 <label for="importSubdomainFormControlTextarea" class="form-label mt-1">Subdomains List</label>
+                {% if subdomains_in %}
+                <textarea class="form-control" id="importSubdomainFormControlTextarea" name="importSubdomainTextArea" rows="6" spellcheck="false">{% for subdomain in subdomains_in %}{{ subdomain }}{% if not forloop.last %}
+{% endif %}{% endfor %}</textarea>
+                {% else %}
                 <textarea class="form-control" id="importSubdomainFormControlTextarea" name="importSubdomainTextArea" rows="6" spellcheck="false"></textarea>
+                {% endif %}
               </div>
               <div class="mb-3">
                 <h4 class="text-warning">Out of Scope Subdomains (Optional)</h4>
@@ -45,7 +50,12 @@ <h4 class="text-warning">Out of Scope Subdomains (Optional)</h4>
                   <li>For regex: <code>^.*outofscope.*\.com$</code>, <code>admin.*</code> etc</li>
                 </div>
                 <label for="outOfScopeSubdomainTextarea" class="form-label mt-1">Out of Scope Subdomains List</label>
-                <textarea class="form-control" id="outOfScopeSubdomainTextarea" name="outOfScopeSubdomainTextarea" rows="6" spellcheck="false" placeholder="Enter subdomains or patterns, one per line"></textarea>
+                {% if subdomains_out %}
+                <textarea class="form-control" id="outOfScopeSubdomainTextarea" name="importSubdomainTextArea" rows="6" spellcheck="false">{% for subdomain in subdomains_out %}{{ subdomain }}{% if not forloop.last %}
+{% endif %}{% endfor %}</textarea>
+                {% else %}
+                <textarea class="form-control" id="outOfScopeSubdomainTextarea" name="importSubdomainTextArea" rows="6" spellcheck="false" placeholder="Enter subdomains or patterns, one per line"></textarea>
+                {% endif %}
               </div>
             </div>
 
@@ -53,7 +63,11 @@ <h4>URL Scope and Exclusions</h4>
             <div class="mb-4">
               <div class="mb-3">
                 <h4 class="text-info">Starting Point Path (Optional)</h4>
-                <input type="email" class="form-control" id="startingPointPath" placeholder="e.g. /home" name="startingPointPath">
+                {% if starting_point_path %}
+                  <input type="email" class="form-control" id="startingPointPath" placeholder="e.g. /home" name="startingPointPath" value="{{starting_point_path}}">
+                {% else %}
+                  <input type="email" class="form-control" id="startingPointPath" placeholder="e.g. /home" name="startingPointPath">
+                {% endif %}
                 <small class="form-text text-muted">
                   Defines where the scan should begin. Leave blank to scan from the root (/) and include all subdomains. 
                   </br>

From 855d4a53a3334b7832fe4858ab6d43ef006b6129 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sat, 24 Aug 2024 11:14:09 +0530
Subject: [PATCH 092/211] rename older to default template, and add new
 template modern

---
 web/templates/report/default.html | 1049 +++++++++++++++++++++++++++++
 web/templates/report/modern.html  |  388 +++++++++++
 2 files changed, 1437 insertions(+)
 create mode 100644 web/templates/report/default.html
 create mode 100644 web/templates/report/modern.html

diff --git a/web/templates/report/default.html b/web/templates/report/default.html
new file mode 100644
index 000000000..a129de3c3
--- /dev/null
+++ b/web/templates/report/default.html
@@ -0,0 +1,1049 @@
+<html>
+  <head>
+    <meta charset="utf-8">
+    <title>Report</title>
+    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500&display=swap" rel="stylesheet">
+    <style>
+      @page {
+        size: A4;
+
+        @top-left {
+          background: {{primary_color}};
+          content: counter(page);
+          height: 1cm;
+          text-align: center;
+          width: 1cm;
+        }
+
+        @top-center {
+          background: {{primary_color}};
+          content: '';
+          display: block;
+          height: .05cm;
+          opacity: .5;
+          width: 100%;
+        }
+
+        @top-right {
+          content: string(heading);
+          font-size: 9pt;
+          height: 1cm;
+          vertical-align: middle;
+          width: 100%;
+        }
+
+        {% if show_footer %}
+          @bottom-left {
+            content: "{{footer_text}}";
+            font-size: 9pt;
+            height: 1cm;
+            vertical-align: middle;
+            width: 100%;
+          }
+        {% endif %}
+      }
+
+      @page :blank {
+        @top-left {
+          background: none;
+          content: ''
+        }
+
+        @top-center {
+          content: none
+        }
+
+        @top-right {
+          content: none
+        }
+      }
+
+      @page no-chapter {
+        @top-left {
+          background: none;
+          content: none
+        }
+
+        @top-center {
+          content: none
+        }
+
+        @top-right {
+          content: none
+        }
+      }
+
+      @page :first {
+        background-color: {{secondary_color}};
+        background-size: cover;
+        margin: 0;
+      }
+
+      @page chapter {
+        background: {{primary_color}};
+        margin: 0;
+
+        @top-left {
+          content: none
+        }
+
+        @top-center {
+          content: none
+        }
+
+        @top-right {
+          content: none
+        }
+      }
+
+      html {
+        color: #393939;
+        font-family: 'Inter';
+        font-weight: 300;
+        font-size: 11pt;
+        line-height: 1.5;
+      }
+
+      h1 {
+        font-family: 'Inter';
+        font-weight: 200;
+        font-size: 38pt;
+        margin: 5cm 2cm 0 2cm;
+        page: no-chapter;
+        width: 100%;
+        line-height: normal;
+      }
+
+      h2,
+      h3,
+      h4 {
+        font-family: 'Inter';
+        font-weight: 200;
+        color: black;
+        font-weight: 400;
+        line-height: normal;
+      }
+
+      #cover {
+        align-content: space-between;
+        display: flex;
+        flex-wrap: wrap;
+        height: 297mm;
+      }
+
+      #cover-subheading {
+        font-family: 'Inter';
+        font-weight: 200;
+        font-size: 22pt;
+        width: 100%;
+      }
+
+      #cover footer {
+        background: {{primary_color}};
+        flex: 1 33%;
+        margin: 0 -2cm;
+        padding: 1cm 0;
+        white-space: pre-wrap;
+      }
+
+      #cover footer:first-of-type {
+        padding-left: 3cm;
+      }
+
+      #cover-line {
+        margin-top: 6px;
+        border-bottom: 1px double {{primary_color}};
+      }
+
+      #summary {
+        display: flex;
+        flex-wrap: wrap;
+        justify-content: space-between;
+      }
+
+      #contents {
+        page: no-chapter;
+      }
+
+      #contents h2 {
+        font-size: 20pt;
+        Intereight: 400;
+        margin-bottom: 3cm;
+      }
+
+      #contents h3 {
+        font-weight: 400;
+        margin: 3em 0 1em;
+      }
+
+      #contents h3::before {
+        background: {{primary_color}};
+        content: '';
+        display: block;
+        height: .08cm;
+        margin-bottom: .25cm;
+        width: 2cm;
+      }
+
+      #contents ul {
+        list-style: none;
+        padding-left: 0;
+      }
+
+      #contents ul li {
+        border-top: .25pt solid #c1c1c1;
+        margin: .25cm 0;
+        padding-top: .25cm;
+      }
+
+      #contents ul li::before {
+        color: {{primary_color}};
+        content: '• ';
+        font-size: 30pt;
+        line-height: 16pt;
+        vertical-align: bottom;
+      }
+
+      #contents ul li a {
+        color: inherit;
+        text-decoration-line: inherit;
+      }
+
+      #contents ul li a::before {
+        content: target-text(attr(href));
+      }
+
+      #contents ul li a::after {
+        color: {{primary_color}};
+        content: target-counter(attr(href), page);
+        float: right;
+      }
+
+      #columns section {
+        columns: 2;
+        column-gap: 1cm;
+        padding-top: 1cm;
+      }
+
+      #columns section p {
+        text-align: justify;
+      }
+
+      #columns section p:first-of-type {
+        font-weight: 700;
+      }
+
+      #chapter {
+        align-items: center;
+        display: flex;
+        height: 297mm;
+        justify-content: center;
+        page: chapter;
+      }
+
+      #boxes {
+        display: flex;
+        flex-wrap: wrap;
+        justify-content: space-between;
+      }
+
+      #boxes section h4 {
+        margin-bottom: 0;
+      }
+
+      #boxes section p {
+        background: {{primary_color}};
+        display: block;
+        font-size: 15pt;
+        margin-bottom: 0;
+        padding: .25cm 0;
+        text-align: center;
+        height: 85px;
+        color: #37474F;
+      }
+
+      .bg-critical {
+        background: #EF9A9A !important;
+      }
+
+      .bg-high {
+        background: #FFAB91 !important;
+      }
+
+      .bg-medium {
+        background: #FFCC80 !important;
+      }
+
+      .bg-low {
+        background: #FFE082 !important;
+      }
+
+      .bg-success {
+        background-color: #A5D6A7 !important;
+      }
+
+      .bg-grey {
+        background-color: #B0BEC5 !important;
+      }
+
+      .bg-info {
+        background-color: #90CAF9 !important;
+      }
+
+      .critical-color {
+        color: #EF9A9A;
+      }
+
+      .high-color {
+        color: #dc3545;
+      }
+
+      .medium-color {
+        color: #FFCC80;
+      }
+
+      .low-color {
+        color: #FFE082;
+      }
+
+      .success-color {
+        color: #A5D6A7;
+      }
+
+      .grey-color {
+        color: #212121;
+      }
+
+      .info-color {
+        color: #90CAF9;
+      }
+
+      .primary-color {
+        color: {{primary_color}};
+      }
+
+      .text-blue{
+        color: #007bff!important;
+      }
+
+      .badge {
+        display: inline-block;
+        padding-left: 12px;
+        padding-right: 12px;
+        text-align: center
+      }
+
+      .critical-hr-line {
+        border-bottom: 3px solid #EF9A9A !important;
+      }
+
+      .high-hr-line {
+        border-bottom: 3px solid #FFAB91 !important;
+      }
+
+      .medium-hr-line {
+        border-bottom: 3px solid #FFCC80 !important;
+      }
+
+      .low-hr-line {
+        border-bottom: 3px solid #FFE082 !important;
+      }
+
+      .info-hr-line {
+        border-bottom: 3px solid #90CAF9 !important;
+      }
+
+      .grey-hr-line {
+        border-bottom: 3px solid #212121 !important;
+      }
+
+      .inside-box-counter {
+        font-size: 28pt;
+      }
+
+      .table {
+        margin: 0 0 40px 0;
+        width: 100%;
+        box-shadow: 0 1px 3px rgba(0, 0, 0, 0.2);
+        display: table;
+        border-spacing: 0 0.4em;
+      }
+
+      .row {
+        display: table-row;
+        background: #f6f6f6;
+      }
+
+      .cell {
+        padding: 6px 6px 6px 6px;
+        display: table-cell;
+      }
+
+      .header {
+        Intereight: 900;
+        color: #ffffff;
+      }
+
+      .page_title{
+        font-weight: 300;
+        font-size: 20pt;
+      }
+
+      .subheading{
+        font-weight: 300;
+        font-size: 14pt;
+      }
+
+      .content-heading{
+        font-weight: 300;
+        font-size: 12pt;
+      }
+
+      .mini-heading{
+        font-weight: 400;
+        font-size: 11pt;
+      }
+
+      .table-border{
+        border-style:solid;
+        border-width: 1px;
+        border-color: #90CAF9 !important;
+      }
+
+      a{
+        color: #007bff;
+        text-decoration: none;
+      }
+
+      .ml-8{
+        margin-left: 8px;
+      }
+
+    </style>
+  </head>
+
+  <body>
+    <article id="cover">
+      <h1 style="color:{{primary_color}}">{{report_name}}
+        <br>
+        {{scan_object.domain.name}}
+        <div id="cover-line"></div>
+        {# generated date #}
+        <span id="cover-subheading">{% now "F j, Y" %}</span>
+      </h1>
+      <footer>
+        {{company_name}}
+        {{company_address}}
+      </footer>
+      <footer>
+        {{company_email}}
+        {{company_website}}
+      </footer>
+      <footer>
+        {% if show_rengine_banner %}Generated by reNgine
+        https://github.com/yogeshojha/rengine
+        {% endif %}
+      </footer>
+    </article>
+
+    <article id="contents">
+      <h2>&nbsp;</h2>
+      <h3>Table of contents</h3>
+      <ul>
+        {% if show_executive_summary %}
+          <li><a href="#executive-summary"></a></li>
+        {% endif %}
+
+        <li><a href="#quick-summary"></a></li>
+        <li><a href="#assessment-timeline"></a></li>
+
+        {% if interesting_subdomains and show_recon %}
+          <li><a href="#interesting-recon-data"></a></li>
+        {% endif %}
+
+        {% if all_vulnerabilities.count > 0 and show_vuln %}
+          <li><a href="#vulnerability-summary"></a></li>
+        {% endif %}
+
+        {% if show_recon %}
+          <li><a href="#reconnaissance-results"></a></li>
+        {% endif %}
+
+        {% if all_vulnerabilities.count > 0 and show_vuln %}
+          <li><a href="#vulnerabilities-discovered"></a></li>
+        {% endif %}
+      </ul>
+    </article>
+
+    {% if show_executive_summary %}
+      <article id="summary" style="page-break-before: always">
+        <h2 id="executive-summary" class="page_title">Executive summary</h2>
+        <br>
+        {{executive_summary_description | safe }}
+      </article>
+    {% endif %}
+
+    <article id="summary" style="page-break-before: always">
+      <h2 id="quick-summary" class="page_title">Quick Summary</h2>
+      <p>This section contains quick summary of scan performed on <span class="primary-color">{{scan_object.domain.name}}</span></p>
+      <br>
+    </article>
+
+    {# recon section #}
+    {% if show_recon %}
+      <h4 id="reconnaissance-summary" class="subheading">Reconnaissance</h4>
+      <div id="boxes">
+        <section style="width: 30%">
+          <p class="bg-success">Subdomains
+            <br>
+            <span class="inside-box-counter">
+              {{scan_object.get_subdomain_count}}
+            </span>
+          </p>
+        </section>
+        <section style="width: 30%">
+          <p class="bg-grey">Endpoints
+            <br>
+            <span class="inside-box-counter">
+              {{scan_object.get_endpoint_count}}
+            </span>
+          </p>
+        </section>
+        <section style="width: 30%">
+          <p class="bg-critical">Vulnerabilities
+            <br>
+            <span class="inside-box-counter">
+              {{all_vulnerabilities_count}}
+            </span>
+          </p>
+        </section>
+      </div>
+    {% endif %}
+
+    <!-- vulnerability section, hide if only recon report -->
+    {% if show_vuln %}
+      <article>
+        <br>
+        <h4 id="vulnerability-summary" class="subheading">Vulnerability Summary</h4>
+        <div id="boxes">
+          <section style="width: 30%">
+            <p class="bg-critical">Critical
+              <br>
+              <span class="inside-box-counter">
+                {{scan_object.get_critical_vulnerability_count}}
+              </span>
+            </p>
+          </section>
+          <section style="width: 30%">
+            <p class="bg-high">High
+              <br>
+              <span class="inside-box-counter">
+                {{scan_object.get_high_vulnerability_count}}
+              </span>
+            </p>
+          </section>
+          <section style="width: 30%">
+            <p class="bg-medium">Medium
+              <br>
+              <span class="inside-box-counter">
+                {{scan_object.get_medium_vulnerability_count}}
+              </span>
+            </p>
+          </section>
+          <section style="width:30%">
+            <p class="bg-low">Low
+              <br>
+              <span class="inside-box-counter">
+                {{scan_object.get_low_vulnerability_count}}
+              </span>
+            </p>
+          </section>
+          <section style="width: 30%">
+            <p class="bg-info">Info
+              <br>
+              <span class="inside-box-counter">
+                {% if is_ignore_info_vuln %}
+                  0
+                {% else %}
+                  {{scan_object.get_info_vulnerability_count}}
+                {% endif %}
+              </span>
+            </p>
+          </section>
+          <section style="width: 30%">
+            <p class="bg-grey">Unknown
+              <br>
+              <span class="inside-box-counter">
+                {{scan_object.get_unknown_vulnerability_count}}
+              </span>
+            </p>
+          </section>
+        </div>
+      </article>
+    {% endif %}
+
+    <article>
+      <h3 id="assessment-timeline" class="page_title">Timeline of the Assessment</h3>
+      <p>
+        Scan started on: {{scan_object.start_scan_date|date:"F j, Y h:i"}}
+        <br>
+        Total time taken:
+        {% if scan_object.scan_status == 0 %}
+          {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }}
+        {% elif scan_object.scan_status == 1 %}
+          {{ scan_object.get_elapsed_time }}
+        {% elif scan_object.scan_status == 2 %}
+          {% if scan_object.get_completed_time_in_sec < 60 %}
+            Completed in < 1 minutes {% else %} Completed in {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }} {% endif %} {% elif scan_object.scan_status == 3 %} Aborted in
+          {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }} {% endif %} <br>
+        Report Generated on: {% now "F j, Y" %}
+      </p>
+    </article>
+
+    {# show interesting_subdomains section only when show_recon result is there #}
+    {% if interesting_subdomains and show_recon %}
+      <article style="page-break-before: always" class="summary">
+        <h3 id="interesting-recon-data" class="page_title">Interesting Recon Data</h3>
+        <p>Listed below are the {{interesting_subdomains.count}} interesting subdomains identified on <span class="primary-color">{{scan_object.domain.name}}</span></p>
+        <div class="table">
+          <div class="row header bg-success">
+            <div class="cell grey-color" style="width: 5%">
+              #
+            </div>
+            <div class="cell grey-color" style="width: 33%">
+              Subdomain
+            </div>
+            <div class="cell grey-color" style="width: 33%">
+              Page title
+            </div>
+            <div class="cell grey-color" style="width: 15%">
+              HTTP Status
+            </div>
+          </div>
+          {% for subdomain in interesting_subdomains %}
+            <div class="row">
+              <div class="cell" style="width: 5%">
+                {{ forloop.counter }}
+              </div>
+              <div class="cell" style="width: 35%">
+                {{subdomain.name}}
+              </div>
+              <div class="cell" style="width: 35%">
+                {% if subdomain.page_title %}
+                  {{subdomain.page_title}}
+                {% else %}
+                  &nbsp;&nbsp;&nbsp;
+                {% endif %}
+              </div>
+              <div class="cell" style="width: 15%;">
+                {% if subdomain.http_status %}
+                  {{subdomain.http_status}}
+                {% else %}
+                  &nbsp;&nbsp;&nbsp;
+                {% endif %}
+              </div>
+            </div>
+          {% endfor %}
+        </div>
+      </article>
+    {% endif %}
+
+    {# vulnerability_summary only when vuln_report #}
+    {% if show_vuln %}
+      <article style="page-break-before: always" class="summary">
+        <h3 id="vulnerability-summary" class="page_title">Summary of Vulnerabilities Identified</h3>
+        {% if all_vulnerabilities.count > 0 %}
+        <p>Listed below are the vulnerabilities identified on <span class="primary-color">{{scan_object.domain.name}}</span></p>
+        <div class="table">
+          <div class="row header bg-critical">
+            <div class="cell grey-color" style="width: 5%">
+              #
+            </div>
+            <div class="cell grey-color" style="width: 50%;">
+              Vulnerability Name
+            </div>
+            <div class="cell grey-color" style="width: 19%;">
+              Times Identified
+            </div>
+            <div class="cell grey-color" style="width: 15%">
+              Severity
+            </div>
+          </div>
+          {% for vulnerability in unique_vulnerabilities %}
+            <div class="row">
+              <div class="cell" style="width: 5%">
+                {{ forloop.counter }}
+              </div>
+              <div class="cell" style="width: 50%">
+                <a href="#vuln_{{vulnerability.name.split|join:'_'}}">{{vulnerability.name}}</a>
+              </div>
+              <div class="cell" style="float: right; width: 19%;">
+                {{vulnerability.count}}
+              </div>
+              {% if vulnerability.severity == -1 %}
+                <div class="cell bg-grey" style="width: 15%">
+                  <span class="severity-title-box">Unknown</span>
+              {% elif vulnerability.severity == 0 %}
+                <div class="cell bg-info" style="width: 15%">
+                  <span class="severity-title-box">Informational</span>
+              {% elif vulnerability.severity == 1 %}
+                <div class="cell bg-low" style="width: 15%">
+                  <span class="severity-title-box">Low</span>
+              {% elif vulnerability.severity == 2 %}
+                <div class="cell bg-medium" style="width: 15%">
+                  <span class="severity-title-box">Medium</span>
+              {% elif vulnerability.severity == 3 %}
+                <div class="cell bg-high" style="width: 15%">
+                  <span class="severity-title-box">High</span>
+              {% elif vulnerability.severity == 4 %}
+                <div class="cell bg-critical" style="width: 15%">
+                  <span class="severity-title-box">Critical</span>
+              {% endif %}
+            </div>
+            </div>
+          {% endfor %}
+        {% else %}
+        <h3 class='info-color'>No Vulnerabilities were Discovered.</h3>
+        {% endif %}
+      </div>
+
+      </article>
+    {% endif %}
+
+    {# show discovered assets only for show_recon report #}
+    {% if show_recon %}
+      <article class="summary" style="page-break-before: always">
+        <h3 id="reconnaissance-results" class="page_title">Discovered Assets</h3>
+        <h4 class="subheading">Subdomains</h4>
+        <p>
+          During the reconnaissance phase, {{scan_object.get_subdomain_count}} subdomains were discovered.
+          Out of {{scan_object.get_subdomain_count}} subdomains, {{subdomain_alive_count}} returned HTTP status 200.
+          {{interesting_subdomains.count}} interesting subdomains were also identified based on the interesting keywords used.
+        </p>
+        <h4>{{scan_object.get_subdomain_count}} subdomains identified on <span class="primary-color">{{scan_object.domain.name}}</span></h4>
+        <div class="table">
+          <div class="row header bg-info">
+            <div class="cell grey-color" style="width: 38%">
+              Subdomain
+            </div>
+            <div class="cell grey-color" style="width: 38%">
+              Page title
+            </div>
+            <div class="cell grey-color" style="width: 18%">
+              HTTP Status
+            </div>
+          </div>
+          {% for subdomain in subdomains %}
+            <div class="row">
+              <div class="cell" style="width: 38%">
+                {{subdomain.name}}
+              </div>
+              <div class="cell" style="width: 38%">
+                {% if subdomain.page_title %}
+                  {{subdomain.page_title}}
+                {% endif %}
+              </div>
+              <div class="cell" style="width: 18%">
+                {{subdomain.http_status}}
+              </div>
+            </div>
+          {% endfor %}
+        </div>
+        {% if ip_addresses.count %}
+          <h4 class="subheading" style="margin-top: 10px;">IP Addresses</h4>
+          <h4>{{ip_addresses.count}} IP Addresses were identified on <span class="primary-color">{{scan_object.domain.name}}</span></h4>
+          <div class="table">
+            <div class="row header bg-info">
+              <div class="cell grey-color" style="width: 38%">
+                IP
+              </div>
+              <div class="cell grey-color" style="width: 38%">
+                Open Ports
+              </div>
+              <div class="cell grey-color" style="width: 18%">
+                Remarks
+              </div>
+            </div>
+            {% for ip in ip_addresses %}
+              <div class="row">
+                <div class="cell" style="width: 38%">
+                  {{ip.address}}
+                </div>
+                <div class="cell" style="width: 38%">
+                  {% for port in ip.ports.all %}
+                    {{port.number}}/{{port.service_name}}{% if not forloop.last %},{% endif %}
+                  {% endfor %}
+                </div>
+                {% if ip.is_cdn %}
+                  <div class="cell medium" style="width: 18%">
+                    CDN IP Address
+                {% else %}
+                  <div class="cell" style="width: 18%">
+                {% endif %}
+              </div>
+              </div>
+            {% endfor %}
+          </div>
+        {% endif %}
+      </article>
+      <br>
+    {% endif %}
+
+    {# reconnaissance finding only when show_recon #}
+    {% if show_recon %}
+      <article class="summary" style="page-break-before: always">
+        <h3 class="page_title">Reconnaissance Findings</h3>
+        {% for subdomain in subdomains %}
+          <table class="table" cellspacing="0" style="border-collapse: collapse;">
+            <tr>
+              <td style="width: 2%" class="cell table-border">{{ forloop.counter }}.</td>
+              <td style="width: 80%" class="cell table-border">{{subdomain.name}}</td>
+              {% if subdomain.http_status == 200 %}
+                <td style="width: 10%" class="cell table-border bg-success">{{subdomain.http_status}}</td>
+              {% elif subdomain.http_status >= 300 and subdomain.http_status < 400 %}
+                <td style="width: 10%" class="cell table-border bg-medium">{{subdomain.http_status}}</td>
+              {% elif subdomain.http_status >= 400 %}
+                <td style="width: 10%" class="cell table-border bg-high">{{subdomain.http_status}}</td>
+              {% elif subdomain.http_status == 0 %}
+                <td style="width: 10%" class="cell table-border">N/A</td>
+              {% else %}
+                <td style="width: 10%" class="cell table-border">{{subdomain.http_status}}</td>
+              {% endif %}
+            </tr>
+            {% if subdomain.page_title %}
+              <tr>
+                <td colspan="3" class="cell table-border"><strong>Page Title: </strong>{{subdomain.page_title}}</td>
+              </tr>
+            {% endif %}
+            {% if subdomain.ip_addresses.all %}
+              <tr>
+                <td colspan="3" class="cell table-border">
+                  IP Address:
+                  <ul>
+                    {% for ip in subdomain.ip_addresses.all %}
+                      <li>{{ip.address}}
+                        {% if ip.ports.all %}
+                          <ul>
+                            <li>Open Ports: &nbsp;
+                              {% for port in ip.ports.all %}
+                                {{port.number}}/{{port.service_name}}{% if not forloop.last %},{% endif %}
+                              {% endfor %}
+                            </li>
+                          </ul>
+                        {% endif %}
+                      </li>
+                    {% endfor %}
+                  </ul>
+                </td>
+              </tr>
+            {% endif %}
+            {% if subdomain.get_vulnerabilities_without_info %}
+              <tr>
+                <td colspan="3" class="cell table-border">
+                  Vulnerabilities
+                  {% regroup subdomain.get_vulnerabilities_without_info by name as vuln_list %}
+                  <ul>
+                    {% for vulnerability in vuln_list %}
+                      <li>
+                        <a href="#vuln_{{vulnerability.list.0.name.split|join:'_'}}">{{ vulnerability.grouper }}</a>
+                      </li>
+                    {% endfor %}
+                  </ul>
+                </td>
+              </tr>
+            {% endif %}
+          </table>
+        {% endfor %}
+      </article>
+    {% endif %}
+
+    {% if all_vulnerabilities.count > 0 and show_vuln %}
+      <article style="page-break-before: always" class="summary">
+        <h3 id="vulnerabilities-discovered" class="page_title">Vulnerabilities Discovered</h3>
+        <p>
+          This section reports the security issues found during the audit.
+          <br>
+          A Total of {{scan_object.get_vulnerability_count}} were discovered in {{scan_object.domain.name}},
+          {{scan_object.get_critical_vulnerability_count}} of them were Critical,
+          {{scan_object.get_high_vulnerability_count}} of them were High Severity,
+          {{scan_object.get_medium_vulnerability_count}} of them were Medium severity,
+          {% if is_ignore_info_vuln %}0{% else %}{{scan_object.get_info_vulnerability_count}}{% endif %} of them were Low severity, and
+          {{scan_object.get_info_vulnerability_count}} of them were Informational.
+          {{scan_object.get_unknown_vulnerability_count}} of them were Unknown Severity.
+        </p>
+        <h4 class="subheading">Vulnerability Breakdown by Severity</h4>
+        <div id="boxes">
+          <section style="width: 30%">
+            <p class="bg-critical">Critical
+              <br>
+              <span class="inside-box-counter">
+                {{scan_object.get_critical_vulnerability_count}}
+              </span>
+            </p>
+          </section>
+          <section style="width: 30%">
+            <p class="bg-high">High
+              <br>
+              <span class="inside-box-counter">
+                {{scan_object.get_high_vulnerability_count}}
+              </span>
+            </p>
+          </section>
+          <section style="width: 30%">
+            <p class="bg-medium">Medium
+              <br>
+              <span class="inside-box-counter">
+                {{scan_object.get_medium_vulnerability_count}}
+              </span>
+            </p>
+          </section>
+          <section style="width: 30%">
+            <p class="bg-low">Low
+              <br>
+              <span class="inside-box-counter">
+                {{scan_object.get_low_vulnerability_count}}
+              </span>
+            </p>
+          </section>
+          <section style="width: 30%">
+            <p class="bg-info">Info
+              <br>
+              <span class="inside-box-counter">
+                {% if is_ignore_info_vuln %}
+                  0
+                {% else %}
+                  {{scan_object.get_info_vulnerability_count}}
+                {% endif %}
+              </span>
+            </p>
+          </section>
+          <section style="width: 30%">
+            <p class="bg-grey">Unknown
+              <br>
+              <span class="inside-box-counter">
+                {{scan_object.get_unknown_vulnerability_count}}
+              </span>
+            </p>
+          </section>
+        </div>
+      </article>
+
+
+      {# start vulnerability #}
+      {% if show_vuln %}
+        <article class="">
+          {% regroup all_vulnerabilities by get_path as grouped_vulnerabilities %}
+          {% for vulnerabilities in grouped_vulnerabilities %}
+            {% for vulnerability in vulnerabilities.list %}
+              <div>
+                <h4 class="content-heading" id="vuln_{{vulnerability.name.split|join:'_'}}">
+                  <span>{{vulnerability.name}}
+                    {% if vulnerabilities.grouper %}
+                    <br>in {{vulnerabilities.grouper}}
+                    {% endif %}
+                  </span>
+                  {% if vulnerability.severity == -1 %}
+                    <span style="float: right;" class="badge bg-grey">Unknown</span>
+                    <div class="grey-hr-line" ></div>
+                  {% elif vulnerability.severity == 0 %}
+                    <span style="float: right;" class="badge bg-info">INFO</span>
+                    <div class="info-hr-line" ></div>
+                  {% elif vulnerability.severity == 1 %}
+                    <span style="float: right;" class="badge bg-low">LOW</span>
+                    <div class="low-hr-line" ></div>
+                  {% elif vulnerability.severity == 2 %}
+                    <span style="float: right;" class="badge bg-medium">MEDIUM</span>
+                    <div class="medium-hr-line" ></div>
+                  {% elif vulnerability.severity == 3 %}
+                    <span style="float: right;" class="badge bg-high">HIGH</span>
+                    <div class="high-hr-line" ></div>
+                  {% elif vulnerability.severity == 4 %}
+                    <span style="float: right;" class="badge bg-critical">CRITICAL</span>
+                    <div class="critical-hr-line" ></div>
+                  {% endif %}
+                </h4>
+                <!-- show vulnerability classification -->
+                <span class="mini-heading">Vulnerability Source: {{vulnerability.source|upper}}</span><br>
+                {% if vulnerability.cvss_metrics or vulnerability.cvss_score or vulnerability.cve_ids.all or vulnerability.cve_ids.all %}
+                  <span class="mini-heading">Vulnerability Classification</span><br>
+                  {% if vulnerability.cvss_metrics %}
+                    <span class="mini-heading ml-8">CVSS Metrics: {{vulnerability.cvss_metrics}}</span>
+                  {% endif %}
+                  {% if vulnerability.cvss_score %}
+                  <br>
+                    <span class="mini-heading ml-8">CVSS Score:</span>&nbsp;<span class="high-color">{{vulnerability.cvss_score}}</span>
+                  {% endif %}
+                  {% if vulnerability.cve_ids.all %}
+                  <br>
+                  <span class="mini-heading ml-8">CVE IDs</span><br>
+                    &nbsp;&nbsp;&nbsp;&nbsp;{% for cve in vulnerability.cve_ids.all %} {{cve}}{% if not forloop.last %}, {% endif %} {% endfor %}
+                  {% endif %}
+                  {% if vulnerability.cwe_ids.all %}
+                  <br>
+                  <span class="mini-heading ml-8">CWE IDs</span><br>
+                    &nbsp;&nbsp;&nbsp;&nbsp;{% for cwe in vulnerability.cwe_ids.all %} {{cwe}}{% if not forloop.last %}, {% endif %} {% endfor %}
+                  {% endif %}
+                  <br>
+                {% endif %}
+                {% if vulnerability.description %}
+                  <br>
+                  <span class="mini-heading">Description</span><br>
+                  {{vulnerability.description|linebreaks}}
+                {% endif %}
+                {% if vulnerability.impact %}
+                  <br>
+                  <span class="mini-heading">Impact</span><br>
+                  {{vulnerability.impact|linebreaks}}
+                {% endif %}
+                {% if vulnerability.remediation %}
+                  <br>
+                  <span class="mini-heading">Remediation</span><br>
+                  {{vulnerability.remediation|linebreaks}}
+                {% endif %}
+                <br>
+                <span class="mini-heading">Vulnerable URL(s)</span><br>
+                <ul>
+                    <li class="text-blue"><a href="{{vulnerability.http_url}}" target="_blank" rel="noopener noreferrer">{{vulnerability.http_url}}</a></li>
+                </ul>
+                <!-- {% regroup vulnerability.list by http_url as vuln_http_url_list %} -->
+                <!-- <ul>
+                  {% for vuln_urls in vuln_http_url_list %}
+                    <li>{{vuln_urls.grouper}}</li>
+                    <span class="mini-heading">Result/Findings</span><br>
+                    {% for vuln in vuln_urls.list %}
+                      {% if vuln.matcher_name %}
+                        {% if not forloop.first %} • {% endif %} {{vuln.matcher_name}}
+                      {% endif %}
+                      {% if vuln.extracted_results %}
+                        {% for res in vuln.extracted_results %}
+                          {% if not forloop.first %} • {% endif %} {{res}}
+                        {% endfor %}
+                      {% endif %}
+                    {% endfor %}
+                  {% endfor %}
+                </ul> -->
+                {% if vulnerability.references.all %}
+                  <span class="mini-heading">References</span><br>
+                  <ul>
+                    {% for ref in vulnerability.references.all %}
+                    <li>
+                      <span class="text-blue"><a href="{{ref}}" target="_blank" rel="noopener noreferrer">{{ref}}</a></span>
+                    </li>
+                    {% endfor %}
+                  </ul>
+                {% endif %}
+                <br>
+                <br>
+              </div>
+            {% endfor %}
+          {% endfor %}
+        </article>
+      {% endif %}
+
+    {% endif %}
+    <article id="chapter">
+      <h2 id="chapter-title">END OF REPORT</h2>
+    </article>
+  </body>
+
+</html>
diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html
new file mode 100644
index 000000000..fb3295ad6
--- /dev/null
+++ b/web/templates/report/modern.html
@@ -0,0 +1,388 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Penetration Testing Report</title>
+    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500&display=swap" rel="stylesheet">
+    <style>
+        @page {
+            size: A4;
+            margin: 0;
+
+            {% if show_footer %}
+                @bottom-left {
+                    content: "{{footer_text}}";
+                    font-size: 9pt;
+                    height: 1cm;
+                    vertical-align: middle;
+                    width: 100%;
+                }
+            {% endif %}
+            
+        }
+
+         html {
+            color: #696969;
+            font-family: 'Inter';
+            font-weight: 300;
+            font-size: 11pt;
+            line-height: 1.5;
+        }
+        
+        body {
+            margin: 0;
+            padding: 0;
+            width: 210mm;
+            height: 297mm;
+            font-family: 'Inter', sans-serif;
+        }
+
+        * {
+            font-family: inherit;
+        }
+        
+        #cover {
+            position: relative;
+            width: 100%;
+            height: 100%;
+            overflow: hidden;
+            background-color: {{secondary_color}};
+        }
+        
+        .background-element {
+            position: absolute;
+            background: linear-gradient(15deg, {{primary_color}}, {{secondary_color}});
+            opacity: 0.4;
+        }
+        
+        .circle {
+            width: 300mm;
+            height: 300mm;
+            border-radius: 50%;
+            top: -100mm;
+            left: -100mm;
+        }
+        
+        .rectangle {
+            width: 200mm;
+            height: 100mm;
+            transform: rotate(40deg);
+            bottom: -50mm;
+            right: -50mm;
+        }
+        
+        .content {
+            position: absolute;
+            top: 20%;
+            left: 15%;
+            right: 15%;
+        }
+        
+        h1 {
+            font-weight: 200;
+            font-size: 38pt;
+            color: {{primary_color}};
+            margin: 0 0 10mm 0;
+            text-transform: uppercase;
+            letter-spacing: 2px;
+            font-family: 'Inter';
+            position: relative;
+            display: block;
+        }
+
+        h2,
+        h3,
+        h4 {
+            font-family: 'Inter';
+            font-weight: 200;
+            color: black;
+            font-weight: 400;
+            line-height: normal;
+            position: relative;
+            display: block;
+        }
+
+        h1::after, h2::after {
+            content: '';
+            display: block;
+            height: 1.2px;
+            width: 100%;
+            position: absolute;
+            bottom: -2mm;
+            left: 0;
+            background: linear-gradient(to right, {{primary_color}}, rgba(255, 255, 255, 0));
+        }
+
+        .no-fade-line::after {
+            content: none;
+        }
+        
+        .subheading {
+            font-weight: 200;
+            font-size: 24pt;
+            color: {{primary_color}};
+            margin: 0 0 5mm 0;
+        }
+        
+        .date {
+            font-weight: 300;
+            font-size: 14pt;
+            color: {{primary_color}};
+            margin: 0 0 20mm 0;
+        }
+        
+        .cover-line {
+            width: 95%;
+            height: 1.5px;
+            background: linear-gradient(to right, {{primary_color}}, {{secondary_color}});
+            margin: 0 0 20mm 0;
+        }
+        
+        .abstract-shape {
+            position: absolute;
+            border: 2px solid {{primary_color}};
+            opacity: 0.3;
+        }
+        
+        .shape1 {
+            width: 40mm;
+            height: 40mm;
+            border-radius: 30% 70% 70% 30% / 30% 30% 70% 70%;
+            top: 10%;
+            right: 10%;
+        }
+        
+        .shape2 {
+            width: 60mm;
+            height: 60mm;
+            border-radius: 63% 37% 54% 46% / 55% 48% 52% 45%;
+            bottom: 20%;
+            left: 5%;
+        }
+        
+        .footer {
+            position: absolute;
+            bottom: 0;
+            left: 0;
+            right: 0;
+            background-color: {{primary_color}};
+            color: {{secondary_color}};
+            padding: 10mm;
+            font-size: 10pt;
+            text-align: center;
+        }
+        
+        .rengine-banner {
+            margin-top: 5mm;
+            font-size: 8pt;
+            opacity: 0.8;
+        }
+
+        {% comment %} table of content page {% endcomment %}
+        .toc-modern {
+            background-color: white;
+            padding: 20mm;
+            font-family: 'Inter', sans-serif;
+        }
+
+        .toc-title {
+            font-size: 24pt;
+            font-weight: 400;
+            text-transform: uppercase;
+            letter-spacing: 2px;
+            color: {{primary_color}};
+            padding: 5mm 0;
+        }
+
+        .toc-list {
+            display: flex;
+            flex-direction: column;
+            gap: 10mm;
+        }
+
+        .toc-item {
+            display: flex;
+            align-items: center;
+            padding: 5mm 0;
+            border-bottom: 1px solid rgba(0, 0, 0, 0.1);
+        }
+
+        .toc-number {
+            font-size: 14pt;
+            font-weight: 700;
+            color: {{primary_color}};
+            margin-left: auto;
+            float: none;
+        }
+
+        .toc-number::after {
+            content: target-counter(attr(data-href), page);
+            margin-left: 5mm;
+        }
+
+        .toc-link::before {
+            margin-right: 20px;
+            margin-left: 50px;
+            color: {{primary_color}};
+            font-size: 30pt;
+        }
+
+        .toc-link {
+            color: {{secondary_color}};
+            text-decoration: none;
+            font-size: 15pt;
+            font-weight: 500;
+        }
+
+        #executive-summary-page {
+            justify-content: space-between;
+            background-color: white;
+            padding: 20mm;
+            font-family: 'Inter', sans-serif;
+        }
+
+        #executive-summary-page h2 {
+            font-size: 24pt;
+            color: {{primary_color}};
+        }
+
+        @page end-of-report {
+            background: {{primary_color}};
+            margin: 0;
+
+            @top-left {
+            content: none
+            }
+
+            @top-center {
+            content: none
+            }
+
+            @top-right {
+            content: none
+            }
+        }
+
+        .content-wrapper {
+            text-align: center;
+        }
+
+        #end-of-report {
+            align-items: center;
+            display: flex;
+            height: 297mm;
+            justify-content: center;
+            page: end-of-report;
+            background-color: {{secondary_color}};
+        }
+
+        #end-of-report h1 {
+            color: {{primary_color}};
+            font-size: 48pt;
+            font-weight: 200;
+            margin: 0 0 20mm 0;
+        }
+
+
+        {% comment %} this line fades from both sides {% endcomment %}
+        .fading-line-both {
+            width: 180mm;
+            height: 1px;
+            margin: 0 auto;
+            background: linear-gradient(to right, 
+                transparent, 
+                {{primary_color}} 20%, 
+                {{primary_color}} 80%, 
+                transparent
+            );
+        }
+
+    </style>
+</head>
+<body>
+
+    {% comment %} cover page {% endcomment %}
+    <article id="cover">
+        <div class="background-element circle"></div>
+        <div class="background-element rectangle"></div>
+        <div class="abstract-shape shape1"></div>
+        <div class="abstract-shape shape2"></div>
+        <div class="content">
+            <h1 class="no-fade-line">{{report_name}}</h1>
+            <div class="subheading">{{scan_object.domain.name}}</div>
+            <div class="date">{% now "F j, Y" %}</div>
+            <div class="cover-line"></div>
+        </div>
+        <div class="footer">
+            {{company_name}} | {{company_address}} | {{company_email}} | {{company_website}}
+            {% if show_rengine_banner %}
+                <div class="rengine-banner">
+                    Generated by reNgine<br>
+                    https://github.com/yogeshojha/rengine
+                </div>
+            {% endif %}
+        </div>
+    </article>
+
+    {% comment %} table of contents {% endcomment %}
+    <article class="toc-modern">
+        <h1 class="toc-title page-title">Table of Contents</h1>
+        <div class="toc-list">
+            {% if show_executive_summary %}
+            <div class="toc-item">
+                <a href="#executive-summary" class="toc-link">Executive Summary</a>
+                <span class="toc-number" data-href="#executive-summary"></span>
+            </div>
+            {% endif %}
+            <div class="toc-item">
+                <a href="#quick-summary" class="toc-link">Quick Summary</a>
+                <span class="toc-number" data-href="#quick-summary"></span>
+            </div>
+            <div class="toc-item">
+                <a href="#assessment-timeline" class="toc-link">Assessment Timeline</a>
+                <span class="toc-number" data-href="#assessment-timeline"></span>
+            </div>
+            {% if show_vuln %}
+            <div class="toc-item">
+                <a href="#vulnerability-summary" class="toc-link">Vulnerability Summary</a>
+                <span class="toc-number" data-href="#vulnerability-summary"></span>
+            </div>
+            {% endif %}
+            {% if show_recon %}
+            <div class="toc-item">
+                <a href="#reconnaissance-results" class="toc-link">Reconnaissance Results</a>
+                <span class="toc-number" data-href="#reconnaissance-results"></span>
+            </div>
+            {% endif %}
+            {% if show_vuln %}
+            <div class="toc-item">
+                <a href="#vulnerabilities-discovered" class="toc-link">Vulnerabilities Discovered</a>
+                <span class="toc-number" data-href="#vulnerabilities-discovered"></span>
+            </div>
+            {% endif %}
+        </div>
+    </article>
+
+    {% if show_executive_summary %}
+      <article id="executive-summary-page" style="page-break-before: always">
+        <h2 id="executive-summary" class="page_title">Executive Summary</h2>
+        <br>
+        {{executive_summary_description | safe }}
+      </article>
+    {% endif %}
+
+    <article id="summary" style="page-break-before: always">
+      <h2 id="quick-summary" class="page-title">Quick Summary</h2>
+      <p>This section contains quick summary of scan performed on <span class="primary-color">{{scan_object.domain.name}}</span></p>
+      <br>
+    </article>
+
+    <article id="end-of-report">
+        <div class="content-wrapper">
+            <h1>END OF REPORT</h1>
+            <div class="fading-line-both"></div>
+        </div>
+    </article>
+
+</body>
+</html>
\ No newline at end of file

From 323aadd81b1688e38f166184b6f3e73561320b32 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sat, 24 Aug 2024 12:53:55 +0530
Subject: [PATCH 093/211] added quick summary grid boxes

---
 web/templates/report/modern.html | 874 ++++++++++++++++++-------------
 1 file changed, 509 insertions(+), 365 deletions(-)

diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html
index fb3295ad6..bda33e450 100644
--- a/web/templates/report/modern.html
+++ b/web/templates/report/modern.html
@@ -1,388 +1,532 @@
 <!DOCTYPE html>
 <html lang="en">
-<head>
-    <meta charset="UTF-8">
+  <head>
+    <meta charset="UTF-8" />
     <title>Penetration Testing Report</title>
-    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500&display=swap" rel="stylesheet">
+    <link
+      href="https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500&display=swap"
+      rel="stylesheet"
+    />
     <style>
-        @page {
-            size: A4;
-            margin: 0;
-
-            {% if show_footer %}
-                @bottom-left {
-                    content: "{{footer_text}}";
-                    font-size: 9pt;
-                    height: 1cm;
-                    vertical-align: middle;
-                    width: 100%;
-                }
-            {% endif %}
-            
-        }
-
-         html {
-            color: #696969;
-            font-family: 'Inter';
-            font-weight: 300;
-            font-size: 11pt;
-            line-height: 1.5;
-        }
-        
-        body {
-            margin: 0;
-            padding: 0;
-            width: 210mm;
-            height: 297mm;
-            font-family: 'Inter', sans-serif;
-        }
-
-        * {
-            font-family: inherit;
-        }
-        
-        #cover {
-            position: relative;
-            width: 100%;
-            height: 100%;
-            overflow: hidden;
-            background-color: {{secondary_color}};
-        }
-        
-        .background-element {
-            position: absolute;
-            background: linear-gradient(15deg, {{primary_color}}, {{secondary_color}});
-            opacity: 0.4;
-        }
-        
-        .circle {
-            width: 300mm;
-            height: 300mm;
-            border-radius: 50%;
-            top: -100mm;
-            left: -100mm;
-        }
-        
-        .rectangle {
-            width: 200mm;
-            height: 100mm;
-            transform: rotate(40deg);
-            bottom: -50mm;
-            right: -50mm;
-        }
-        
-        .content {
-            position: absolute;
-            top: 20%;
-            left: 15%;
-            right: 15%;
-        }
-        
-        h1 {
-            font-weight: 200;
-            font-size: 38pt;
-            color: {{primary_color}};
-            margin: 0 0 10mm 0;
-            text-transform: uppercase;
-            letter-spacing: 2px;
-            font-family: 'Inter';
-            position: relative;
-            display: block;
-        }
-
-        h2,
-        h3,
-        h4 {
-            font-family: 'Inter';
-            font-weight: 200;
-            color: black;
-            font-weight: 400;
-            line-height: normal;
-            position: relative;
-            display: block;
-        }
-
-        h1::after, h2::after {
-            content: '';
-            display: block;
-            height: 1.2px;
-            width: 100%;
-            position: absolute;
-            bottom: -2mm;
-            left: 0;
-            background: linear-gradient(to right, {{primary_color}}, rgba(255, 255, 255, 0));
-        }
-
-        .no-fade-line::after {
-            content: none;
-        }
-        
-        .subheading {
-            font-weight: 200;
-            font-size: 24pt;
-            color: {{primary_color}};
-            margin: 0 0 5mm 0;
-        }
-        
-        .date {
-            font-weight: 300;
-            font-size: 14pt;
-            color: {{primary_color}};
-            margin: 0 0 20mm 0;
-        }
-        
-        .cover-line {
-            width: 95%;
-            height: 1.5px;
-            background: linear-gradient(to right, {{primary_color}}, {{secondary_color}});
-            margin: 0 0 20mm 0;
-        }
-        
-        .abstract-shape {
-            position: absolute;
-            border: 2px solid {{primary_color}};
-            opacity: 0.3;
-        }
-        
-        .shape1 {
-            width: 40mm;
-            height: 40mm;
-            border-radius: 30% 70% 70% 30% / 30% 30% 70% 70%;
-            top: 10%;
-            right: 10%;
-        }
-        
-        .shape2 {
-            width: 60mm;
-            height: 60mm;
-            border-radius: 63% 37% 54% 46% / 55% 48% 52% 45%;
-            bottom: 20%;
-            left: 5%;
-        }
-        
-        .footer {
-            position: absolute;
-            bottom: 0;
-            left: 0;
-            right: 0;
-            background-color: {{primary_color}};
-            color: {{secondary_color}};
-            padding: 10mm;
-            font-size: 10pt;
-            text-align: center;
-        }
-        
-        .rengine-banner {
-            margin-top: 5mm;
-            font-size: 8pt;
-            opacity: 0.8;
-        }
-
-        {% comment %} table of content page {% endcomment %}
-        .toc-modern {
-            background-color: white;
-            padding: 20mm;
-            font-family: 'Inter', sans-serif;
-        }
-
-        .toc-title {
-            font-size: 24pt;
-            font-weight: 400;
-            text-transform: uppercase;
-            letter-spacing: 2px;
-            color: {{primary_color}};
-            padding: 5mm 0;
-        }
-
-        .toc-list {
-            display: flex;
-            flex-direction: column;
-            gap: 10mm;
-        }
-
-        .toc-item {
-            display: flex;
-            align-items: center;
-            padding: 5mm 0;
-            border-bottom: 1px solid rgba(0, 0, 0, 0.1);
-        }
-
-        .toc-number {
-            font-size: 14pt;
-            font-weight: 700;
-            color: {{primary_color}};
-            margin-left: auto;
-            float: none;
-        }
-
-        .toc-number::after {
-            content: target-counter(attr(data-href), page);
-            margin-left: 5mm;
-        }
-
-        .toc-link::before {
-            margin-right: 20px;
-            margin-left: 50px;
-            color: {{primary_color}};
-            font-size: 30pt;
-        }
-
-        .toc-link {
-            color: {{secondary_color}};
-            text-decoration: none;
-            font-size: 15pt;
-            font-weight: 500;
-        }
-
-        #executive-summary-page {
-            justify-content: space-between;
-            background-color: white;
-            padding: 20mm;
-            font-family: 'Inter', sans-serif;
-        }
-
-        #executive-summary-page h2 {
-            font-size: 24pt;
-            color: {{primary_color}};
-        }
-
-        @page end-of-report {
-            background: {{primary_color}};
-            margin: 0;
-
-            @top-left {
-            content: none
-            }
-
-            @top-center {
-            content: none
-            }
-
-            @top-right {
-            content: none
-            }
-        }
-
-        .content-wrapper {
-            text-align: center;
-        }
-
-        #end-of-report {
-            align-items: center;
-            display: flex;
-            height: 297mm;
-            justify-content: center;
-            page: end-of-report;
-            background-color: {{secondary_color}};
-        }
-
-        #end-of-report h1 {
-            color: {{primary_color}};
-            font-size: 48pt;
-            font-weight: 200;
-            margin: 0 0 20mm 0;
-        }
-
-
-        {% comment %} this line fades from both sides {% endcomment %}
-        .fading-line-both {
-            width: 180mm;
-            height: 1px;
-            margin: 0 auto;
-            background: linear-gradient(to right, 
-                transparent, 
-                {{primary_color}} 20%, 
-                {{primary_color}} 80%, 
-                transparent
-            );
-        }
-
+      @page {
+          size: A4;
+          margin: 0;
+
+          {% if show_footer %}
+              @bottom-left {
+                  content: "{{footer_text}}";
+                  font-size: 9pt;
+                  height: 1cm;
+                  vertical-align: middle;
+                  width: 100%;
+              }
+          {% endif %}
+
+      }
+
+       html {
+          color: #696969;
+          font-family: 'Inter';
+          font-weight: 300;
+          font-size: 11pt;
+          line-height: 1.5;
+      }
+
+      body {
+          margin: 0;
+          padding: 0;
+          width: 210mm;
+          height: 297mm;
+          font-family: 'Inter', sans-serif;
+      }
+
+      * {
+          font-family: inherit;
+      }
+
+      .container {
+          width: 170mm;
+          height: 257mm;
+      }
+
+      #cover {
+          position: relative;
+          width: 100%;
+          height: 100%;
+          overflow: hidden;
+          background-color: {{secondary_color}};
+      }
+
+      .background-element {
+          position: absolute;
+          background: linear-gradient(15deg, {{primary_color}}, {{secondary_color}});
+          opacity: 0.4;
+      }
+
+      .circle {
+          width: 300mm;
+          height: 300mm;
+          border-radius: 50%;
+          top: -100mm;
+          left: -100mm;
+      }
+
+      .rectangle {
+          width: 200mm;
+          height: 100mm;
+          transform: rotate(40deg);
+          bottom: -50mm;
+          right: -50mm;
+      }
+
+      .content {
+          position: absolute;
+          top: 20%;
+          left: 15%;
+          right: 15%;
+      }
+
+      h1 {
+          font-weight: 200;
+          font-size: 38pt;
+          color: {{primary_color}};
+          margin: 0 0 10mm 0;
+          text-transform: uppercase;
+          letter-spacing: 2px;
+          font-family: 'Inter';
+          position: relative;
+          display: block;
+      }
+
+      h2,
+      h3,
+      h4 {
+          font-family: 'Inter';
+          font-weight: 200;
+          color: black;
+          font-weight: 400;
+          line-height: normal;
+          position: relative;
+          display: block;
+          color: #696969;
+      }
+
+      h1::after, h2::after {
+          content: '';
+          display: block;
+          height: 1.2px;
+          width: 100%;
+          position: absolute;
+          bottom: -2mm;
+          left: 0;
+          background: linear-gradient(to right, {{primary_color}}, rgba(255, 255, 255, 0));
+      }
+
+      .no-fade-line::after {
+          content: none;
+      }
+
+      .subheading {
+          font-weight: 200;
+          font-size: 24pt;
+          color: {{primary_color}};
+          margin: 0 0 5mm 0;
+      }
+
+      .date {
+          font-weight: 300;
+          font-size: 14pt;
+          color: {{primary_color}};
+          margin: 0 0 20mm 0;
+      }
+
+      .cover-line {
+          width: 95%;
+          height: 1.5px;
+          background: linear-gradient(to right, {{primary_color}}, {{secondary_color}});
+          margin: 0 0 20mm 0;
+      }
+
+      .abstract-shape {
+          position: absolute;
+          border: 2px solid {{primary_color}};
+          opacity: 0.3;
+      }
+
+      .shape1 {
+          width: 40mm;
+          height: 40mm;
+          border-radius: 30% 70% 70% 30% / 30% 30% 70% 70%;
+          top: 10%;
+          right: 10%;
+      }
+
+      .shape2 {
+          width: 60mm;
+          height: 60mm;
+          border-radius: 63% 37% 54% 46% / 55% 48% 52% 45%;
+          bottom: 20%;
+          left: 5%;
+      }
+
+      .footer {
+          position: absolute;
+          bottom: 0;
+          left: 0;
+          right: 0;
+          background-color: {{primary_color}};
+          color: {{secondary_color}};
+          padding: 10mm;
+          font-size: 10pt;
+          text-align: center;
+      }
+
+      .rengine-banner {
+          margin-top: 5mm;
+          font-size: 8pt;
+          opacity: 0.8;
+      }
+
+      {% comment %} table of content page {% endcomment %}
+      .toc-modern {
+          background-color: white;
+          padding: 20mm;
+          font-family: 'Inter', sans-serif;
+      }
+
+      .toc-title {
+          font-size: 24pt;
+          font-weight: 400;
+          text-transform: uppercase;
+          letter-spacing: 2px;
+          color: {{primary_color}};
+          padding: 5mm 0;
+      }
+
+      .toc-list {
+          display: flex;
+          flex-direction: column;
+          gap: 10mm;
+      }
+
+      .toc-item {
+          display: flex;
+          align-items: center;
+          padding: 5mm 0;
+          border-bottom: 1px solid rgba(0, 0, 0, 0.1);
+      }
+
+      .toc-number {
+          font-size: 14pt;
+          font-weight: 700;
+          color: {{primary_color}};
+          margin-left: auto;
+          float: none;
+      }
+
+      .toc-number::after {
+          content: target-counter(attr(data-href), page);
+          margin-left: 5mm;
+      }
+
+      .toc-link {
+          color: #696969;
+          text-decoration: none;
+          font-size: 14pt;
+          font-weight: 400;
+      }
+
+      #executive-summary-page {
+          justify-content: space-between;
+          background-color: white;
+          padding: 20mm;
+          font-family: 'Inter', sans-serif;
+      }
+
+      #quick-summary-page {
+          justify-content: space-between;
+          background-color: white;
+          padding: 20mm;
+          font-family: 'Inter', sans-serif;
+      }
+
+      #executive-summary-page h2 {
+          font-size: 24pt;
+          color: {{primary_color}};
+      }
+
+      #quick-summary-page h2 {
+          font-size: 24pt;
+          color: {{primary_color}};
+      }
+
+      @page end-of-report {
+          background: {{primary_color}};
+          margin: 0;
+
+          @top-left {
+          content: none
+          }
+
+          @top-center {
+          content: none
+          }
+
+          @top-right {
+          content: none
+          }
+      }
+
+      .content-wrapper {
+          text-align: center;
+      }
+
+      #end-of-report {
+          align-items: center;
+          display: flex;
+          height: 297mm;
+          justify-content: center;
+          page: end-of-report;
+          background-color: {{secondary_color}};
+      }
+
+      #end-of-report h1 {
+          color: {{primary_color}};
+          font-size: 48pt;
+          font-weight: 200;
+          margin: 0 0 20mm 0;
+      }
+
+
+      {% comment %} this line fades from both sides {% endcomment %}
+      .fading-line-both {
+          width: 180mm;
+          height: 1px;
+          margin: 0 auto;
+          background: linear-gradient(to right,
+              transparent,
+              {{primary_color}} 20%,
+              {{primary_color}} 80%,
+              transparent
+          );
+      }
+
+      {% comment %} for the quick summary boxes {% endcomment %}
+      {% comment %} .section {
+          margin-bottom: 15mm;
+      } {% endcomment %}
+      .grid {
+          display: flex;
+          justify-content: space-between;
+          width: 170mm;
+          margin-bottom: 8mm;
+      }
+      .box {
+          width: 50mm;
+          height: 20mm;
+          background-color: #f8f9fa;
+          border-radius: 2mm;
+          padding: 2mm;
+          position: relative;
+          overflow: hidden;
+          box-shadow: 0 1mm 2mm rgba(0,0,0,0.1);
+      }
+      .box::before {
+          content: '';
+          position: absolute;
+          top: 0;
+          right: 0;
+          border-style: solid;
+          border-width: 0 6mm 6mm 0;
+          border-color: transparent #3498db transparent transparent;
+      }
+      .box h4 {
+          font-size: 9pt;
+          margin: 0 0 1mm 0;
+          display: flex;
+          align-items: center;
+      }
+      .box .number {
+          font-size: 25pt;
+          font-weight: 200;
+          position: absolute;
+          bottom: 2mm;
+          right: 2mm;
+      }
+      .icon {
+          width: 3mm;
+          height: 3mm;
+          margin-right: 1mm;
+          display: inline-block;
+          vertical-align: middle;
+      }
+      .critical { border-left: 1mm solid #e74c3c; }
+      .high { border-left: 1mm solid #e67e22; }
+      .medium { border-left: 1mm solid #f39c12; }
+      .low { border-left: 1mm solid #27ae60; }
+      .info { border-left: 1mm solid #3498db; }
+      .unknown { border-left: 1mm solid #95a5a6; }
+      .critical .number, .critical::before { color: #e74c3c; border-right-color: #e74c3c; }
+      .high .number, .high::before { color: #e67e22; border-right-color: #e67e22; }
+      .medium .number, .medium::before { color: #f39c12; border-right-color: #f39c12; }
+      .low .number, .low::before { color: #27ae60; border-right-color: #27ae60; }
+      .info .number, .info::before { color: #3498db; border-right-color: #3498db; }
+      .unknown .number, .unknown::before { color: #95a5a6; border-right-color: #95a5a6; }
+      .primary { color: {{primary_color}}; }
     </style>
-</head>
-<body>
-
+  </head>
+  <body>
     {% comment %} cover page {% endcomment %}
     <article id="cover">
-        <div class="background-element circle"></div>
-        <div class="background-element rectangle"></div>
-        <div class="abstract-shape shape1"></div>
-        <div class="abstract-shape shape2"></div>
-        <div class="content">
-            <h1 class="no-fade-line">{{report_name}}</h1>
-            <div class="subheading">{{scan_object.domain.name}}</div>
-            <div class="date">{% now "F j, Y" %}</div>
-            <div class="cover-line"></div>
-        </div>
-        <div class="footer">
-            {{company_name}} | {{company_address}} | {{company_email}} | {{company_website}}
-            {% if show_rengine_banner %}
-                <div class="rengine-banner">
-                    Generated by reNgine<br>
-                    https://github.com/yogeshojha/rengine
-                </div>
-            {% endif %}
+      <div class="background-element circle"></div>
+      <div class="background-element rectangle"></div>
+      <div class="abstract-shape shape1"></div>
+      <div class="abstract-shape shape2"></div>
+      <div class="content">
+        <h1 class="no-fade-line">{{report_name}}</h1>
+        <div class="subheading">{{scan_object.domain.name}}</div>
+        <div class="date">{% now "F j, Y" %}</div>
+        <div class="cover-line"></div>
+      </div>
+      <div class="footer">
+        {{company_name}} | {{company_address}} | {{company_email}} |
+        {{company_website}} {% if show_rengine_banner %}
+        <div class="rengine-banner">
+          Generated by reNgine<br />
+          https://github.com/yogeshojha/rengine
         </div>
+        {% endif %}
+      </div>
     </article>
 
     {% comment %} table of contents {% endcomment %}
     <article class="toc-modern">
-        <h1 class="toc-title page-title">Table of Contents</h1>
-        <div class="toc-list">
-            {% if show_executive_summary %}
-            <div class="toc-item">
-                <a href="#executive-summary" class="toc-link">Executive Summary</a>
-                <span class="toc-number" data-href="#executive-summary"></span>
-            </div>
-            {% endif %}
-            <div class="toc-item">
-                <a href="#quick-summary" class="toc-link">Quick Summary</a>
-                <span class="toc-number" data-href="#quick-summary"></span>
-            </div>
-            <div class="toc-item">
-                <a href="#assessment-timeline" class="toc-link">Assessment Timeline</a>
-                <span class="toc-number" data-href="#assessment-timeline"></span>
-            </div>
-            {% if show_vuln %}
-            <div class="toc-item">
-                <a href="#vulnerability-summary" class="toc-link">Vulnerability Summary</a>
-                <span class="toc-number" data-href="#vulnerability-summary"></span>
-            </div>
-            {% endif %}
-            {% if show_recon %}
-            <div class="toc-item">
-                <a href="#reconnaissance-results" class="toc-link">Reconnaissance Results</a>
-                <span class="toc-number" data-href="#reconnaissance-results"></span>
-            </div>
-            {% endif %}
-            {% if show_vuln %}
-            <div class="toc-item">
-                <a href="#vulnerabilities-discovered" class="toc-link">Vulnerabilities Discovered</a>
-                <span class="toc-number" data-href="#vulnerabilities-discovered"></span>
-            </div>
-            {% endif %}
+      <h1 class="toc-title page-title">Table of Contents</h1>
+      <div class="toc-list">
+        {% if show_executive_summary %}
+        <div class="toc-item">
+          <a href="#executive-summary" class="toc-link">Executive Summary</a>
+          <span class="toc-number" data-href="#executive-summary"></span>
+        </div>
+        {% endif %}
+        <div class="toc-item">
+          <a href="#quick-summary" class="toc-link">Quick Summary</a>
+          <span class="toc-number" data-href="#quick-summary"></span>
+        </div>
+        <div class="toc-item">
+          <a href="#assessment-timeline" class="toc-link"
+            >Assessment Timeline</a
+          >
+          <span class="toc-number" data-href="#assessment-timeline"></span>
+        </div>
+        {% if show_vuln %}
+        <div class="toc-item">
+          <a href="#vulnerability-summary" class="toc-link"
+            >Vulnerability Summary</a
+          >
+          <span class="toc-number" data-href="#vulnerability-summary"></span>
         </div>
+        {% endif %} {% if show_recon %}
+        <div class="toc-item">
+          <a href="#reconnaissance-results" class="toc-link"
+            >Reconnaissance Results</a
+          >
+          <span class="toc-number" data-href="#reconnaissance-results"></span>
+        </div>
+        {% endif %} {% if show_vuln %}
+        <div class="toc-item">
+          <a href="#vulnerabilities-discovered" class="toc-link"
+            >Vulnerabilities Discovered</a
+          >
+          <span
+            class="toc-number"
+            data-href="#vulnerabilities-discovered"
+          ></span>
+        </div>
+        {% endif %}
+      </div>
     </article>
 
     {% if show_executive_summary %}
-      <article id="executive-summary-page" style="page-break-before: always">
-        <h2 id="executive-summary" class="page_title">Executive Summary</h2>
-        <br>
-        {{executive_summary_description | safe }}
-      </article>
+    <article id="executive-summary-page" style="page-break-before: always">
+      <h2 id="executive-summary" class="page-title">Executive Summary</h2>
+      <br />
+      {{executive_summary_description | safe }}
+    </article>
     {% endif %}
 
-    <article id="summary" style="page-break-before: always">
+    <article id="quick-summary-page" style="page-break-before: always">
       <h2 id="quick-summary" class="page-title">Quick Summary</h2>
-      <p>This section contains quick summary of scan performed on <span class="primary-color">{{scan_object.domain.name}}</span></p>
-      <br>
+      <p>
+        This section contains quick summary of scan performed on
+        <span class="primary-color">{{scan_object.domain.name}}</span>
+      </p>
+      <br />
+      {% if show_recon %}
+      <div class="section">
+        <h3 class="primary">Reconnaissance</h3>
+        <div class="grid">
+          <div class="box info">
+            <h3>Subdomains</h3>
+            <div class="number">{{scan_object.get_subdomain_count}}</div>
+          </div>
+          <div class="box info">
+            <h3>Endpoints</h3>
+            <div class="number">{{scan_object.get_endpoint_count}}</div>
+          </div>
+          <div class="box critical">
+            <h3>Vulnerabilities</h3>
+            <div class="number">{{all_vulnerabilities_count}}</div>
+          </div>
+        </div>
+      </div>
+      {% endif %} 
+      {% if show_vuln %}
+      <div class="section">
+        <h3 class="primary">Vulnerability Summary</h3>
+        <div class="grid">
+          <div class="box critical">
+            <h3>Critical</h3>
+            <div class="number">{{scan_object.get_critical_vulnerability_count}}</div>
+          </div>
+          <div class="box high">
+            <h3>High</h3>
+            <div class="number">{{scan_object.get_high_vulnerability_count}}</div>
+          </div>
+          <div class="box medium">
+            <h3>Medium</h3>
+            <div class="number">{{scan_object.get_medium_vulnerability_count}}</div>
+          </div>
+        </div>
+        <div class="grid">
+          <div class="box low">
+            <h3>Low</h3>
+            <div class="number">{{scan_object.get_low_vulnerability_count}}</div>
+          </div>
+          <div class="box info">
+            <h3>Info</h3>
+            <div class="number">
+            {% if is_ignore_info_vuln %}
+            0
+            {% else %}
+            {{scan_object.get_info_vulnerability_count}}
+            {% endif %}
+            </div>
+          </div>
+          <div class="box unknown">
+            <h3>Unknown</h3>
+            <div class="number">{{scan_object.get_unknown_vulnerability_count}}</div>
+          </div>
+        </div>
+      </div>
+      {% endif %}
     </article>
 
     <article id="end-of-report">
-        <div class="content-wrapper">
-            <h1>END OF REPORT</h1>
-            <div class="fading-line-both"></div>
-        </div>
+      <div class="content-wrapper">
+        <h1 class="no-fade-line">END OF REPORT</h1>
+        <div class="fading-line-both"></div>
+      </div>
     </article>
-
-</body>
-</html>
\ No newline at end of file
+  </body>
+</html>

From 005d215f54b802ac8850380542e15973b085313b Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sat, 24 Aug 2024 13:26:18 +0530
Subject: [PATCH 094/211] added scan timeline

---
 web/templates/report/modern.html | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html
index bda33e450..c77feab83 100644
--- a/web/templates/report/modern.html
+++ b/web/templates/report/modern.html
@@ -520,6 +520,25 @@ <h3>Unknown</h3>
         </div>
       </div>
       {% endif %}
+
+      <div class="section">
+      <h2 id="assessment-timeline" class="page-title">Assessment Timeline</h2>
+      <p>
+        Scan started on: {{scan_object.start_scan_date|date:"F j, Y h:i"}}
+        <br>
+        Total time taken:
+        {% if scan_object.scan_status == 0 %}
+          {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }}
+        {% elif scan_object.scan_status == 1 %}
+          {{ scan_object.get_elapsed_time }}
+        {% elif scan_object.scan_status == 2 %}
+          {% if scan_object.get_completed_time_in_sec < 60 %}
+            Completed in < 1 minutes {% else %} Completed in {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }} {% endif %} {% elif scan_object.scan_status == 3 %} Aborted in
+          {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }} {% endif %} <br>
+        Report Generated on: {% now "F j, Y" %}
+      </p>
+      </div>
+
     </article>
 
     <article id="end-of-report">

From e4aa74315a4e36db8790884d62e80e5a8c574284 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sat, 24 Aug 2024 15:11:05 +0530
Subject: [PATCH 095/211] feat: Add subdomain HTTP status breakdown chart to
 modern report template

---
 web/reNgine/charts.py            | 104 +++++++++++++++++++++++++++++++
 web/templates/report/modern.html |  41 ++++++++++--
 2 files changed, 141 insertions(+), 4 deletions(-)
 create mode 100644 web/reNgine/charts.py

diff --git a/web/reNgine/charts.py b/web/reNgine/charts.py
new file mode 100644
index 000000000..df215a4aa
--- /dev/null
+++ b/web/reNgine/charts.py
@@ -0,0 +1,104 @@
+import base64
+import colorsys
+
+import plotly.graph_objs as go
+from plotly.io import to_image
+from django.db.models import Count
+
+from startScan.models import *
+
+
+
+"""
+    This file is used to generate the charts for the pdf report.
+"""
+
+def generate_subdomain_chart_by_http_status(subdomains):
+    """
+        Generates a donut chart using plotly for the subdomains based on the http status.
+        Args:
+            sobdomains: List of subdomains.
+        Returns:
+            Image as base64 encoded string.
+    """
+    http_statuses = (
+        subdomains
+        .exclude(http_status=0)
+        .values('http_status')
+        .annotate(count=Count('http_status'))
+        .order_by('-count')
+    )
+    http_status_count = [{'http_status': entry['http_status'], 'count': entry['count']} for entry in http_statuses]
+
+    labels = [f"{entry['http_status']} ({entry['count']})" for entry in http_status_count]
+    sizes = [entry['count'] for entry in http_status_count]
+    colors = [get_color_by_http_status(entry['http_status']) for entry in http_status_count]
+
+    fig = go.Figure(data=[go.Pie(
+            labels=labels, 
+            values=sizes, 
+            marker=dict(colors=colors),
+            hole=0.4,
+            textinfo="value",
+            textfont=dict(size=18),
+            hoverinfo="none"
+        )])
+    
+    fig.update_layout(
+        title_text="",
+        annotations=[dict(text='HTTP Status', x=0.5, y=0.5, font_size=14, showarrow=False)],
+        showlegend=True,
+        margin=dict(t=50, b=50, l=50, r=50),
+        width=450,
+        height=450,
+    )
+
+    img_bytes = to_image(fig, format="png")
+    img_base64 = base64.b64encode(img_bytes).decode('utf-8')
+    return img_base64
+
+
+def generate_color(base_color, offset):
+    r, g, b = int(base_color[1:3], 16), int(base_color[3:5], 16), int(base_color[5:7], 16)
+    factor = 1 + (offset * 0.03)
+    r, g, b = [min(255, int(c * factor)) for c in (r, g, b)]
+    return f"#{r:02x}{g:02x}{b:02x}"
+
+
+def get_color_by_http_status(http_status):
+    """
+        Returns the color based on the http status.
+        Args:
+            http_status: HTTP status code.
+        Returns:
+            Color code.
+    """
+
+    status = int(http_status)
+    
+    colors = {
+        200: "#36a2eb",
+        300: "#4bc0c0",
+        400: "#ff6384",
+        401: "#ff9f40",
+        403: "#f27474",
+        404: "#ffa1b5",
+        429: "#bf7bff",
+        500: "#9966ff",
+        502: "#8a4fff",
+        503: "#c39bd3",
+    }
+
+
+    if status in colors:
+        return colors[status]
+    elif 200 <= status < 300:
+        return generate_color(colors[200], status - 200)
+    elif 300 <= status < 400:
+        return generate_color(colors[300], status - 300)
+    elif 400 <= status < 500:
+        return generate_color(colors[400], status - 400)
+    elif 500 <= status < 600:
+        return generate_color(colors[500], status - 500)
+    else:
+        return "#c9cbcf"
\ No newline at end of file
diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html
index c77feab83..6e7f22bb7 100644
--- a/web/templates/report/modern.html
+++ b/web/templates/report/modern.html
@@ -190,7 +190,7 @@
       {% comment %} table of content page {% endcomment %}
       .toc-modern {
           background-color: white;
-          padding: 20mm;
+          padding: 15mm;
           font-family: 'Inter', sans-serif;
       }
 
@@ -239,17 +239,29 @@
       #executive-summary-page {
           justify-content: space-between;
           background-color: white;
-          padding: 20mm;
+          padding: 15mm;
           font-family: 'Inter', sans-serif;
       }
 
       #quick-summary-page {
           justify-content: space-between;
           background-color: white;
-          padding: 20mm;
+          padding: 15mm;
           font-family: 'Inter', sans-serif;
       }
 
+      #summary-of-finding-page {
+          justify-content: space-between;
+          background-color: white;
+          padding: 15mm;
+          font-family: 'Inter', sans-serif;
+      }
+
+      #summary-of-finding-page h2 {
+          font-size: 24pt;
+          color: {{primary_color}};
+      }
+
       #executive-summary-page h2 {
           font-size: 24pt;
           color: {{primary_color}};
@@ -373,6 +385,13 @@
       .info .number, .info::before { color: #3498db; border-right-color: #3498db; }
       .unknown .number, .unknown::before { color: #95a5a6; border-right-color: #95a5a6; }
       .primary { color: {{primary_color}}; }
+
+      .center-img {
+        display: block;
+        margin-left: auto;
+        margin-right: auto;
+        width: 50%;
+    }
     </style>
   </head>
   <body>
@@ -522,6 +541,8 @@ <h3>Unknown</h3>
       {% endif %}
 
       <div class="section">
+      <br>
+      <br>
       <h2 id="assessment-timeline" class="page-title">Assessment Timeline</h2>
       <p>
         Scan started on: {{scan_object.start_scan_date|date:"F j, Y h:i"}}
@@ -538,7 +559,17 @@ <h2 id="assessment-timeline" class="page-title">Assessment Timeline</h2>
         Report Generated on: {% now "F j, Y" %}
       </p>
       </div>
-
+    </article>
+    
+    <article id="summary-of-finding-page" style="page-break-before: always">
+        <h2 class="page-title">Summary of Findings</h2>
+        <div class="">
+            <p>
+                This section provides a summary of the findings.
+            </p>
+        </div>
+        <h3 class="primary">Subdomain Breakdown by HTTP Status</h3>
+        <img class="center-img" src="data:image/png;base64,{{ subdomain_http_status_chart }}"/>
     </article>
 
     <article id="end-of-report">
@@ -547,5 +578,7 @@ <h1 class="no-fade-line">END OF REPORT</h1>
         <div class="fading-line-both"></div>
       </div>
     </article>
+
+
   </body>
 </html>

From 72489043af0251f4608f00a4f9a72cfc3135e4b0 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sat, 24 Aug 2024 20:34:16 +0530
Subject: [PATCH 096/211] add vuln chart

---
 web/reNgine/charts.py            | 108 ++++++++++++++++++++++++++-----
 web/startScan/views.py           |  11 +++-
 web/templates/report/modern.html |  11 +++-
 3 files changed, 109 insertions(+), 21 deletions(-)

diff --git a/web/reNgine/charts.py b/web/reNgine/charts.py
index df215a4aa..87ecd44fa 100644
--- a/web/reNgine/charts.py
+++ b/web/reNgine/charts.py
@@ -4,6 +4,7 @@
 import plotly.graph_objs as go
 from plotly.io import to_image
 from django.db.models import Count
+from reNgine.definitions import NUCLEI_SEVERITY_MAP
 
 from startScan.models import *
 
@@ -15,11 +16,12 @@
 
 def generate_subdomain_chart_by_http_status(subdomains):
     """
-        Generates a donut chart using plotly for the subdomains based on the http status.
-        Args:
-            sobdomains: List of subdomains.
-        Returns:
-            Image as base64 encoded string.
+    Generates a donut chart using plotly for the subdomains based on the http status.
+    Includes label, count, and percentage inside the chart segments and in the legend.
+    Args:
+        subdomains: QuerySet of subdomains.
+    Returns:
+        Image as base64 encoded string.
     """
     http_statuses = (
         subdomains
@@ -30,34 +32,106 @@ def generate_subdomain_chart_by_http_status(subdomains):
     )
     http_status_count = [{'http_status': entry['http_status'], 'count': entry['count']} for entry in http_statuses]
 
-    labels = [f"{entry['http_status']} ({entry['count']})" for entry in http_status_count]
+    total = sum(entry['count'] for entry in http_status_count)
+    
+    labels = [str(entry['http_status']) for entry in http_status_count]
     sizes = [entry['count'] for entry in http_status_count]
     colors = [get_color_by_http_status(entry['http_status']) for entry in http_status_count]
 
+    text = [f"{label}<br>{size}<br>({size/total:.1%})" for label, size in zip(labels, sizes)]
+
     fig = go.Figure(data=[go.Pie(
-            labels=labels, 
-            values=sizes, 
-            marker=dict(colors=colors),
-            hole=0.4,
-            textinfo="value",
-            textfont=dict(size=18),
-            hoverinfo="none"
-        )])
+        labels=labels,
+        values=sizes,
+        marker=dict(colors=colors),
+        hole=0.4,
+        textinfo="text",
+        text=text,
+        textposition="inside",
+        textfont=dict(size=10),
+        hoverinfo="label+percent+value"
+    )])
     
     fig.update_layout(
         title_text="",
         annotations=[dict(text='HTTP Status', x=0.5, y=0.5, font_size=14, showarrow=False)],
         showlegend=True,
-        margin=dict(t=50, b=50, l=50, r=50),
-        width=450,
-        height=450,
+        margin=dict(t=60, b=60, l=60, r=60),
+        width=700,
+        height=700,
+    )
+
+    img_bytes = to_image(fig, format="png")
+    img_base64 = base64.b64encode(img_bytes).decode('utf-8')
+    return img_base64
+
+
+
+def get_color_by_severity(severity_int):
+    """
+    Returns a color based on the severity level using a modern color scheme.
+    """
+    color_map = {
+        4: '#FF4D6A',
+        3: '#FF9F43',
+        2: '#FFCA3A',
+        1: '#4ADE80',
+        0: '#4ECDC4',
+        -1: '#A8A9AD',
+    }
+    return color_map.get(severity_int, '#A8A9AD')  # Default to gray if severity is unknown
+
+def generate_vulnerability_chart_by_severity(vulnerabilities):
+    """
+    Generates a donut chart using plotly for the vulnerabilities based on the severity.
+    Args:
+        vulnerabilities: QuerySet of Vulnerability objects.
+    Returns:
+        Image as base64 encoded string.
+    """
+    severity_counts = (
+        vulnerabilities
+        .values('severity')
+        .annotate(count=Count('severity'))
+        .order_by('-severity')
+    )
+    
+    total = sum(entry['count'] for entry in severity_counts)
+    
+    labels = [NUCLEI_REVERSE_SEVERITY_MAP[entry['severity']].capitalize() for entry in severity_counts]
+    values = [entry['count'] for entry in severity_counts]
+    colors = [get_color_by_severity(entry['severity']) for entry in severity_counts]
+    
+    text = [f"{label}<br>{value}<br>({value/total:.1%})" for label, value in zip(labels, values)]
+
+    fig = go.Figure(data=[go.Pie(
+        labels=labels, 
+        values=values,
+        marker=dict(colors=colors),
+        hole=0.4,
+        textinfo="text",
+        text=text,
+        textposition="inside",
+        textfont=dict(size=12),
+        hoverinfo="label+percent+value",
+    )])
+    
+    fig.update_layout(
+        title_text="",
+        annotations=[dict(text='Severity', x=0.5, y=0.5, font_size=14, showarrow=False)],
+        showlegend=True,
+        margin=dict(t=60, b=60, l=60, r=60),
+        width=700,
+        height=700,
     )
 
+
     img_bytes = to_image(fig, format="png")
     img_base64 = base64.b64encode(img_bytes).decode('utf-8')
     return img_base64
 
 
+
 def generate_color(base_color, offset):
     r, g, b = int(base_color[1:3], 16), int(base_color[3:5], 16), int(base_color[5:7], 16)
     factor = 1 + (offset * 0.03)
diff --git a/web/startScan/views.py b/web/startScan/views.py
index 0f5f57abb..3e88d2a03 100644
--- a/web/startScan/views.py
+++ b/web/startScan/views.py
@@ -1,7 +1,7 @@
 import markdown
 
 from celery import group
-from weasyprint import HTML
+from weasyprint import HTML, CSS
 from datetime import datetime
 from django.contrib import messages
 from django.db.models import Count
@@ -14,6 +14,7 @@
 from rolepermissions.decorators import has_permission_decorator
 
 from reNgine.celery import app
+from reNgine.charts import *
 from reNgine.common_func import *
 from reNgine.definitions import ABORTED_TASK, SUCCESS_TASK
 from reNgine.tasks import create_scan_activity, initiate_scan, run_command
@@ -1074,13 +1075,17 @@ def create_report(request, id):
     data['primary_color'] = primary_color
     data['secondary_color'] = secondary_color
 
-    template = get_template('report/template.html')
+    data['subdomain_http_status_chart'] = generate_subdomain_chart_by_http_status(subdomains)
+    data['vulns_severity_chart'] = generate_vulnerability_chart_by_severity(vulns) if vulns else ''
+
+    template = get_template('report/modern.html')
     html = template.render(data)
     pdf = HTML(string=html).write_pdf()
+    # pdf = HTML(string=html).write_pdf(stylesheets=[CSS(string='@page { size: A4; margin: 0; }')])
 
     if 'download' in request.GET:
         response = HttpResponse(pdf, content_type='application/octet-stream')
     else:
         response = HttpResponse(pdf, content_type='application/pdf')
 
-    return response
+    return response
\ No newline at end of file
diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html
index 6e7f22bb7..2505ce6e5 100644
--- a/web/templates/report/modern.html
+++ b/web/templates/report/modern.html
@@ -568,8 +568,17 @@ <h2 class="page-title">Summary of Findings</h2>
                 This section provides a summary of the findings.
             </p>
         </div>
-        <h3 class="primary">Subdomain Breakdown by HTTP Status</h3>
+        <h3 class="primary">Subdomains Breakdown by HTTP Status</h3>
         <img class="center-img" src="data:image/png;base64,{{ subdomain_http_status_chart }}"/>
+        {% if show_vuln and unique_vulnerabilities %}
+        <h3 class="primary">Vulnerabilities Breakdown by Severity</h3>
+        <img class="center-img" src="data:image/png;base64,{{ vulns_severity_chart }}"/>
+        {% endif %}
+    </article>
+
+    <article id="vulnerability-breakdown-chart-page" style="page-break-before: always">
+        <h2 class="page-title">Vulnerabilities Breakdown by Severity</h2>
+        
     </article>
 
     <article id="end-of-report">

From 9ab1d9f4ea2f781fb5963a817299051a7295ea58 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sun, 25 Aug 2024 12:28:12 +0530
Subject: [PATCH 097/211] add vuln list table

---
 web/reNgine/charts.py            |  16 +++++
 web/templates/report/modern.html | 116 +++++++++++++++++++++++++++++--
 2 files changed, 128 insertions(+), 4 deletions(-)

diff --git a/web/reNgine/charts.py b/web/reNgine/charts.py
index 87ecd44fa..546f09a62 100644
--- a/web/reNgine/charts.py
+++ b/web/reNgine/charts.py
@@ -59,6 +59,14 @@ def generate_subdomain_chart_by_http_status(subdomains):
         margin=dict(t=60, b=60, l=60, r=60),
         width=700,
         height=700,
+        legend=dict(
+            font=dict(size=18),
+            orientation="v",
+            yanchor="middle",
+            y=0.5,
+            xanchor="left",
+            x=1.05
+        ),
     )
 
     img_bytes = to_image(fig, format="png")
@@ -123,6 +131,14 @@ def generate_vulnerability_chart_by_severity(vulnerabilities):
         margin=dict(t=60, b=60, l=60, r=60),
         width=700,
         height=700,
+        legend=dict(
+            font=dict(size=18),
+            orientation="v",
+            yanchor="middle",
+            y=0.5,
+            xanchor="left",
+            x=1.05
+        ),
     )
 
 
diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html
index 2505ce6e5..58c06b977 100644
--- a/web/templates/report/modern.html
+++ b/web/templates/report/modern.html
@@ -257,6 +257,13 @@
           font-family: 'Inter', sans-serif;
       }
 
+      #vulnerability-breakdown-chart-page {
+          justify-content: space-between;
+          background-color: white;
+          padding: 15mm;
+          font-family: 'Inter', sans-serif;
+      }
+
       #summary-of-finding-page h2 {
           font-size: 24pt;
           color: {{primary_color}};
@@ -272,6 +279,11 @@
           color: {{primary_color}};
       }
 
+      #vulnerability-breakdown-chart-page h2 {
+          font-size: 24pt;
+          color: {{primary_color}};
+      }
+
       @page end-of-report {
           background: {{primary_color}};
           margin: 0;
@@ -386,6 +398,63 @@
       .unknown .number, .unknown::before { color: #95a5a6; border-right-color: #95a5a6; }
       .primary { color: {{primary_color}}; }
 
+      {% comment %} table related {% endcomment %}
+      .vuln-summary-table-container {
+        width: 100%;
+        margin: auto auto;
+        background-color: #ffffff;
+        border-radius: 4mm;
+        overflow: hidden;
+      }
+      .vuln-summary-table {
+        width: 100%;
+        border-collapse: separate;
+        border-spacing: 0.5mm;
+        background-color: #ffffff;
+      }
+      .vuln-summary-table th, .vuln-summary-table td {
+        padding: 2.5mm 3mm;
+        text-align: center;
+        vertical-align: middle;
+      }
+      .vuln-summary-table th {
+        background-color: #4a5568;
+        color: white;
+        font-weight: bold;
+      }
+      .vuln-summary-table .vulnerability-td {
+        text-align: left !important;
+      }
+      .vulnerability-td a {
+        color: inherit;
+        text-decoration: none;
+        font-weight: inherit;
+      }
+      .number-td {
+        width: 5mm;
+        text-align: center;
+        color: rgba(0, 0, 0, 0.5);
+        font-weight: normal;
+      }
+      .vulnerability-td {
+        width: 100mm;
+        text-align: left;
+      }
+      .instances-td {
+        width: 10mm;
+        text-align: center;
+      }
+      .severity-td {
+        width: 10mm;
+        text-align: center;
+        font-weight: bold;
+      }
+      .unknown-td { background-color: #f7f7f7; color: #777777; }
+      .info-td { background-color: #e3f2fd; color: #1565c0; }
+      .low-td { background-color: #e8f5e9; color: #2e7d32; }
+      .medium-td { background-color: #fff3e0; color: #ef6c00; }
+      .high-td { background-color: #fbe9e7; color: #d84315; }
+      .critical-td { background-color: #ffebee; color: #c62828; }
       .center-img {
         display: block;
         margin-left: auto;
@@ -440,10 +509,10 @@ <h1 class="toc-title page-title">Table of Contents</h1>
         </div>
         {% if show_vuln %}
         <div class="toc-item">
-          <a href="#vulnerability-summary" class="toc-link"
+          <a href="#vulnerability-breakdown-chart-page" class="toc-link"
             >Vulnerability Summary</a
           >
-          <span class="toc-number" data-href="#vulnerability-summary"></span>
+          <span class="toc-number" data-href="#vulnerability-breakdown-chart-page"></span>
         </div>
         {% endif %} {% if show_recon %}
         <div class="toc-item">
@@ -577,8 +646,47 @@ <h3 class="primary">Vulnerabilities Breakdown by Severity</h3>
     </article>
 
     <article id="vulnerability-breakdown-chart-page" style="page-break-before: always">
-        <h2 class="page-title">Vulnerabilities Breakdown by Severity</h2>
-        
+        <h2 class="page-title">Summary of Vulnerabilities Identified</h2>
+        <p>Listed below are the vulnerabilities identified on <span class="primary-color">{{scan_object.domain.name}}</span></p>
+        <div class="vuln-summary-table-container">
+        <table class="vuln-summary-table">
+            <tr>
+                <th class="number-td">#</th>
+                <th class="vulnerability-td">Vulnerability Name</th>
+                <th class="instances-td">Instances</th>
+                <th class="severity-td">Severity</th>
+            </tr>
+            {% for vulnerability in unique_vulnerabilities %}
+            <tr class="{% if vulnerability.severity == -1 %}unknown-td
+                {% elif vulnerability.severity == 0 %}info-td
+                {% elif vulnerability.severity == 1 %}low-td
+                {% elif vulnerability.severity == 2 %}medium-td
+                {% elif vulnerability.severity == 3 %}high-td
+                {% elif vulnerability.severity == 4 %}critical-td
+                {% else %}unknown-td{% endif %}">
+                <td class="number-td">{{ forloop.counter }}</td>
+                <td class="vulnerability-td"><a href="#vuln_{{vulnerability.name.split|join:'_'}}">{{vulnerability.name}}</a></td>
+                <td class="instances-td">{{vulnerability.count}}</td>
+                <td class="severity-td">
+                    {% if vulnerability.severity == -1 %}
+                        Unknown
+                    {% elif vulnerability.severity == 0 %}
+                        Informational
+                    {% elif vulnerability.severity == 1 %}
+                        Low
+                    {% elif vulnerability.severity == 2 %}
+                        Medium
+                    {% elif vulnerability.severity == 3 %}
+                        High
+                    {% elif vulnerability.severity == 4 %}
+                        Critical
+                    {% endif %}
+                </td>
+            </tr>
+            {% endfor %}
+        </table>
+    </div>
+
     </article>
 
     <article id="end-of-report">

From 3e8f4be2a9da2f5ffb173a94446b82a4ca4fa934 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sun, 25 Aug 2024 13:20:13 +0530
Subject: [PATCH 098/211] fix page margin

---
 web/templates/report/modern.html | 127 +++++++++++++++++--------------
 1 file changed, 70 insertions(+), 57 deletions(-)

diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html
index 58c06b977..cb77e1181 100644
--- a/web/templates/report/modern.html
+++ b/web/templates/report/modern.html
@@ -10,7 +10,7 @@
     <style>
       @page {
           size: A4;
-          margin: 0;
+          margin: 25mm 15mm;
 
           {% if show_footer %}
               @bottom-left {
@@ -22,6 +22,16 @@
               }
           {% endif %}
 
+          @page :first {
+            padding: 0;
+            margin: 0;
+        }
+
+        @page end-of-report {
+            padding: 0;
+            margin: 0;
+        }
+
       }
 
        html {
@@ -35,8 +45,6 @@
       body {
           margin: 0;
           padding: 0;
-          width: 210mm;
-          height: 297mm;
           font-family: 'Inter', sans-serif;
       }
 
@@ -44,17 +52,25 @@
           font-family: inherit;
       }
 
-      .container {
-          width: 170mm;
-          height: 257mm;
-      }
+      .page-content-wrapper {
+            width: 186mm;
+            height: 273mm;
+            padding: 0;
+            margin: 0 auto;
+            box-sizing: border-box;
+            max-width: 186mm;
+        }
 
       #cover {
           position: relative;
-          width: 100%;
-          height: 100%;
           overflow: hidden;
           background-color: {{secondary_color}};
+          width: 210mm;
+          height: 297mm;
+      }
+
+      @page :first {
+        margin: 0 !important;
       }
 
       .background-element {
@@ -190,7 +206,6 @@
       {% comment %} table of content page {% endcomment %}
       .toc-modern {
           background-color: white;
-          padding: 15mm;
           font-family: 'Inter', sans-serif;
       }
 
@@ -200,7 +215,6 @@
           text-transform: uppercase;
           letter-spacing: 2px;
           color: {{primary_color}};
-          padding: 5mm 0;
       }
 
       .toc-list {
@@ -239,28 +253,24 @@
       #executive-summary-page {
           justify-content: space-between;
           background-color: white;
-          padding: 15mm;
           font-family: 'Inter', sans-serif;
       }
 
       #quick-summary-page {
           justify-content: space-between;
           background-color: white;
-          padding: 15mm;
           font-family: 'Inter', sans-serif;
       }
 
       #summary-of-finding-page {
           justify-content: space-between;
           background-color: white;
-          padding: 15mm;
           font-family: 'Inter', sans-serif;
       }
 
       #vulnerability-breakdown-chart-page {
           justify-content: space-between;
           background-color: white;
-          padding: 15mm;
           font-family: 'Inter', sans-serif;
       }
 
@@ -303,6 +313,7 @@
 
       .content-wrapper {
           text-align: center;
+          width: 100%;
       }
 
       #end-of-report {
@@ -489,49 +500,51 @@ <h1 class="no-fade-line">{{report_name}}</h1>
 
     {% comment %} table of contents {% endcomment %}
     <article class="toc-modern">
-      <h1 class="toc-title page-title">Table of Contents</h1>
-      <div class="toc-list">
-        {% if show_executive_summary %}
-        <div class="toc-item">
-          <a href="#executive-summary" class="toc-link">Executive Summary</a>
-          <span class="toc-number" data-href="#executive-summary"></span>
-        </div>
-        {% endif %}
-        <div class="toc-item">
-          <a href="#quick-summary" class="toc-link">Quick Summary</a>
-          <span class="toc-number" data-href="#quick-summary"></span>
-        </div>
-        <div class="toc-item">
-          <a href="#assessment-timeline" class="toc-link"
-            >Assessment Timeline</a
-          >
-          <span class="toc-number" data-href="#assessment-timeline"></span>
-        </div>
-        {% if show_vuln %}
-        <div class="toc-item">
-          <a href="#vulnerability-breakdown-chart-page" class="toc-link"
-            >Vulnerability Summary</a
-          >
-          <span class="toc-number" data-href="#vulnerability-breakdown-chart-page"></span>
-        </div>
-        {% endif %} {% if show_recon %}
-        <div class="toc-item">
-          <a href="#reconnaissance-results" class="toc-link"
-            >Reconnaissance Results</a
-          >
-          <span class="toc-number" data-href="#reconnaissance-results"></span>
-        </div>
-        {% endif %} {% if show_vuln %}
-        <div class="toc-item">
-          <a href="#vulnerabilities-discovered" class="toc-link"
-            >Vulnerabilities Discovered</a
-          >
-          <span
-            class="toc-number"
-            data-href="#vulnerabilities-discovered"
-          ></span>
+      <div class="page-content-wrapper">
+        <h1 class="toc-title page-title">Table of Contents</h1>
+        <div class="toc-list">
+            {% if show_executive_summary %}
+            <div class="toc-item">
+            <a href="#executive-summary" class="toc-link">Executive Summary</a>
+            <span class="toc-number" data-href="#executive-summary"></span>
+            </div>
+            {% endif %}
+            <div class="toc-item">
+            <a href="#quick-summary" class="toc-link">Quick Summary</a>
+            <span class="toc-number" data-href="#quick-summary"></span>
+            </div>
+            <div class="toc-item">
+            <a href="#assessment-timeline" class="toc-link"
+                >Assessment Timeline</a
+            >
+            <span class="toc-number" data-href="#assessment-timeline"></span>
+            </div>
+            {% if show_vuln %}
+            <div class="toc-item">
+            <a href="#vulnerability-breakdown-chart-page" class="toc-link"
+                >Vulnerability Summary</a
+            >
+            <span class="toc-number" data-href="#vulnerability-breakdown-chart-page"></span>
+            </div>
+            {% endif %} {% if show_recon %}
+            <div class="toc-item">
+            <a href="#reconnaissance-results" class="toc-link"
+                >Reconnaissance Results</a
+            >
+            <span class="toc-number" data-href="#reconnaissance-results"></span>
+            </div>
+            {% endif %} {% if show_vuln %}
+            <div class="toc-item">
+            <a href="#vulnerabilities-discovered" class="toc-link"
+                >Vulnerabilities Discovered</a
+            >
+            <span
+                class="toc-number"
+                data-href="#vulnerabilities-discovered"
+            ></span>
+            </div>
+            {% endif %}
         </div>
-        {% endif %}
       </div>
     </article>
 

From b50f992368b983b4b5661132f1be164c9ea0ee71 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sun, 25 Aug 2024 13:36:13 +0530
Subject: [PATCH 099/211] fix page number

---
 web/templates/report/modern.html | 503 +++++++++++++++----------------
 1 file changed, 245 insertions(+), 258 deletions(-)

diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html
index cb77e1181..7af7e3bc9 100644
--- a/web/templates/report/modern.html
+++ b/web/templates/report/modern.html
@@ -1,26 +1,34 @@
 <!DOCTYPE html>
 <html lang="en">
-  <head>
-    <meta charset="UTF-8" />
-    <title>Penetration Testing Report</title>
-    <link
-      href="https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500&display=swap"
-      rel="stylesheet"
-    />
-    <style>
+    <head>
+        <meta charset="UTF-8" />
+        <title>Penetration Testing Report</title>
+        <link href="https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500&display=swap"
+              rel="stylesheet" />
+        <style>
       @page {
           size: A4;
           margin: 25mm 15mm;
 
-          {% if show_footer %}
-              @bottom-left {
-                  content: "{{footer_text}}";
-                  font-size: 9pt;
-                  height: 1cm;
-                  vertical-align: middle;
-                  width: 100%;
-              }
-          {% endif %}
+          @bottom-left {
+            {% if show_footer %}
+            content: "{{footer_text}}";
+            {% else %}
+            content: '';
+            {% endif %}
+            width: 100%;
+            border-top: 1px dashed #696969;
+            position: absolute;
+            bottom: 5mm;
+            left: 0;
+        }
+
+          @bottom-right {
+            content: counter(page);
+            font-family: 'Inter', sans-serif;
+            font-size: 10pt;
+            padding-right: 10mm;
+        }
 
           @page :first {
             padding: 0;
@@ -51,16 +59,6 @@
       * {
           font-family: inherit;
       }
-
-      .page-content-wrapper {
-            width: 186mm;
-            height: 273mm;
-            padding: 0;
-            margin: 0 auto;
-            box-sizing: border-box;
-            max-width: 186mm;
-        }
-
       #cover {
           position: relative;
           overflow: hidden;
@@ -349,7 +347,7 @@
       {% comment %} for the quick summary boxes {% endcomment %}
       {% comment %} .section {
           margin-bottom: 15mm;
-      } {% endcomment %}
+} {% endcomment %}
       .grid {
           display: flex;
           justify-content: space-between;
@@ -472,243 +470,232 @@
         margin-right: auto;
         width: 50%;
     }
-    </style>
-  </head>
-  <body>
-    {% comment %} cover page {% endcomment %}
-    <article id="cover">
-      <div class="background-element circle"></div>
-      <div class="background-element rectangle"></div>
-      <div class="abstract-shape shape1"></div>
-      <div class="abstract-shape shape2"></div>
-      <div class="content">
-        <h1 class="no-fade-line">{{report_name}}</h1>
-        <div class="subheading">{{scan_object.domain.name}}</div>
-        <div class="date">{% now "F j, Y" %}</div>
-        <div class="cover-line"></div>
-      </div>
-      <div class="footer">
-        {{company_name}} | {{company_address}} | {{company_email}} |
-        {{company_website}} {% if show_rengine_banner %}
-        <div class="rengine-banner">
-          Generated by reNgine<br />
-          https://github.com/yogeshojha/rengine
-        </div>
-        {% endif %}
-      </div>
-    </article>
-
-    {% comment %} table of contents {% endcomment %}
-    <article class="toc-modern">
-      <div class="page-content-wrapper">
-        <h1 class="toc-title page-title">Table of Contents</h1>
-        <div class="toc-list">
-            {% if show_executive_summary %}
-            <div class="toc-item">
-            <a href="#executive-summary" class="toc-link">Executive Summary</a>
-            <span class="toc-number" data-href="#executive-summary"></span>
+        </style>
+    </head>
+    <body>
+        {% comment %} cover page {% endcomment %}
+        <article id="cover">
+            <div class="background-element circle"></div>
+            <div class="background-element rectangle"></div>
+            <div class="abstract-shape shape1"></div>
+            <div class="abstract-shape shape2"></div>
+            <div class="content">
+                <h1 class="no-fade-line">{{ report_name }}</h1>
+                <div class="subheading">{{ scan_object.domain.name }}</div>
+                <div class="date">{% now "F j, Y" %}</div>
+                <div class="cover-line"></div>
             </div>
-            {% endif %}
-            <div class="toc-item">
-            <a href="#quick-summary" class="toc-link">Quick Summary</a>
-            <span class="toc-number" data-href="#quick-summary"></span>
+            <div class="footer">
+                {{ company_name }} | {{ company_address }} | {{ company_email }} |
+                {{ company_website }}
+                {% if show_rengine_banner %}
+                    <div class="rengine-banner">
+                        Generated by reNgine
+                        <br />
+                        https://github.com/yogeshojha/rengine
+                    </div>
+                {% endif %}
             </div>
-            <div class="toc-item">
-            <a href="#assessment-timeline" class="toc-link"
-                >Assessment Timeline</a
-            >
-            <span class="toc-number" data-href="#assessment-timeline"></span>
+        </article>
+        {% comment %} table of contents {% endcomment %}
+        <article class="toc-modern">
+            <div class="page-content-wrapper">
+                <h1 class="toc-title page-title">Table of Contents</h1>
+                <div class="toc-list">
+                    {% if show_executive_summary %}
+                        <div class="toc-item">
+                            <a href="#executive-summary" class="toc-link">Executive Summary</a>
+                            <span class="toc-number" data-href="#executive-summary"></span>
+                        </div>
+                    {% endif %}
+                    <div class="toc-item">
+                        <a href="#quick-summary" class="toc-link">Quick Summary</a>
+                        <span class="toc-number" data-href="#quick-summary"></span>
+                    </div>
+                    <div class="toc-item">
+                        <a href="#assessment-timeline" class="toc-link">Assessment Timeline</a>
+                        <span class="toc-number" data-href="#assessment-timeline"></span>
+                    </div>
+                    {% if show_vuln %}
+                        <div class="toc-item">
+                            <a href="#vulnerability-breakdown-chart-page" class="toc-link">Vulnerability Summary</a>
+                            <span class="toc-number" data-href="#vulnerability-breakdown-chart-page"></span>
+                        </div>
+                    {% endif %}
+                    {% if show_recon %}
+                        <div class="toc-item">
+                            <a href="#reconnaissance-results" class="toc-link">Reconnaissance Results</a>
+                            <span class="toc-number" data-href="#reconnaissance-results"></span>
+                        </div>
+                    {% endif %}
+                    {% if show_vuln %}
+                        <div class="toc-item">
+                            <a href="#vulnerabilities-discovered" class="toc-link">Vulnerabilities Discovered</a>
+                            <span class="toc-number" data-href="#vulnerabilities-discovered"></span>
+                        </div>
+                    {% endif %}
+                </div>
             </div>
+        </article>
+        {% if show_executive_summary %}
+            <article id="executive-summary-page" style="page-break-before: always">
+                <h2 id="executive-summary" class="page-title">Executive Summary</h2>
+                <br />
+                {{ executive_summary_description | safe }}
+            </article>
+        {% endif %}
+        <article id="quick-summary-page" style="page-break-before: always">
+            <h2 id="quick-summary" class="page-title">Quick Summary</h2>
+            <p>
+                This section contains quick summary of scan performed on
+                <span class="primary-color">{{ scan_object.domain.name }}</span>
+            </p>
+            <br />
+            {% if show_recon %}
+                <div class="section">
+                    <h3 class="primary">Reconnaissance</h3>
+                    <div class="grid">
+                        <div class="box info">
+                            <h3>Subdomains</h3>
+                            <div class="number">{{ scan_object.get_subdomain_count }}</div>
+                        </div>
+                        <div class="box info">
+                            <h3>Endpoints</h3>
+                            <div class="number">{{ scan_object.get_endpoint_count }}</div>
+                        </div>
+                        <div class="box critical">
+                            <h3>Vulnerabilities</h3>
+                            <div class="number">{{ all_vulnerabilities_count }}</div>
+                        </div>
+                    </div>
+                </div>
+            {% endif %}
             {% if show_vuln %}
-            <div class="toc-item">
-            <a href="#vulnerability-breakdown-chart-page" class="toc-link"
-                >Vulnerability Summary</a
-            >
-            <span class="toc-number" data-href="#vulnerability-breakdown-chart-page"></span>
-            </div>
-            {% endif %} {% if show_recon %}
-            <div class="toc-item">
-            <a href="#reconnaissance-results" class="toc-link"
-                >Reconnaissance Results</a
-            >
-            <span class="toc-number" data-href="#reconnaissance-results"></span>
+                <div class="section">
+                    <h3 class="primary">Vulnerability Summary</h3>
+                    <div class="grid">
+                        <div class="box critical">
+                            <h3>Critical</h3>
+                            <div class="number">{{ scan_object.get_critical_vulnerability_count }}</div>
+                        </div>
+                        <div class="box high">
+                            <h3>High</h3>
+                            <div class="number">{{ scan_object.get_high_vulnerability_count }}</div>
+                        </div>
+                        <div class="box medium">
+                            <h3>Medium</h3>
+                            <div class="number">{{ scan_object.get_medium_vulnerability_count }}</div>
+                        </div>
+                    </div>
+                    <div class="grid">
+                        <div class="box low">
+                            <h3>Low</h3>
+                            <div class="number">{{ scan_object.get_low_vulnerability_count }}</div>
+                        </div>
+                        <div class="box info">
+                            <h3>Info</h3>
+                            <div class="number">
+                                {% if is_ignore_info_vuln %}
+                                    0
+                                {% else %}
+                                    {{ scan_object.get_info_vulnerability_count }}
+                                {% endif %}
+                            </div>
+                        </div>
+                        <div class="box unknown">
+                            <h3>Unknown</h3>
+                            <div class="number">{{ scan_object.get_unknown_vulnerability_count }}</div>
+                        </div>
+                    </div>
+                </div>
+            {% endif %}
+            <div class="section">
+                <br>
+                <br>
+                <h2 id="assessment-timeline" class="page-title">Assessment Timeline</h2>
+                <p>
+                    Scan started on: {{ scan_object.start_scan_date|date:"F j, Y h:i" }}
+                    <br>
+                    Total time taken:
+                    {% if scan_object.scan_status == 0 %}
+                        {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }}
+                    {% elif scan_object.scan_status == 1 %}
+                        {{ scan_object.get_elapsed_time }}
+                    {% elif scan_object.scan_status == 2 %}
+                        {% if scan_object.get_completed_time_in_sec < 60 %}
+                            Completed in < 1 minutes
+                        {% else %}
+                            Completed in {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }}
+                        {% endif %}
+                    {% elif scan_object.scan_status == 3 %}
+                        Aborted in
+                        {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }}
+                    {% endif %}
+                    <br>
+                    Report Generated on: {% now "F j, Y" %}
+                </p>
             </div>
-            {% endif %} {% if show_vuln %}
-            <div class="toc-item">
-            <a href="#vulnerabilities-discovered" class="toc-link"
-                >Vulnerabilities Discovered</a
-            >
-            <span
-                class="toc-number"
-                data-href="#vulnerabilities-discovered"
-            ></span>
+        </article>
+        <article id="summary-of-finding-page" style="page-break-before: always">
+            <h2 class="page-title">Summary of Findings</h2>
+            <div class="">
+                <p>This section provides a summary of the findings.</p>
             </div>
+            <h3 class="primary">Subdomains Breakdown by HTTP Status</h3>
+            <img class="center-img"
+                 src="data:image/png;base64,{{ subdomain_http_status_chart }}" />
+            {% if show_vuln and unique_vulnerabilities %}
+                <h3 class="primary">Vulnerabilities Breakdown by Severity</h3>
+                <img class="center-img"
+                     src="data:image/png;base64,{{ vulns_severity_chart }}" />
             {% endif %}
-        </div>
-      </div>
-    </article>
-
-    {% if show_executive_summary %}
-    <article id="executive-summary-page" style="page-break-before: always">
-      <h2 id="executive-summary" class="page-title">Executive Summary</h2>
-      <br />
-      {{executive_summary_description | safe }}
-    </article>
-    {% endif %}
-
-    <article id="quick-summary-page" style="page-break-before: always">
-      <h2 id="quick-summary" class="page-title">Quick Summary</h2>
-      <p>
-        This section contains quick summary of scan performed on
-        <span class="primary-color">{{scan_object.domain.name}}</span>
-      </p>
-      <br />
-      {% if show_recon %}
-      <div class="section">
-        <h3 class="primary">Reconnaissance</h3>
-        <div class="grid">
-          <div class="box info">
-            <h3>Subdomains</h3>
-            <div class="number">{{scan_object.get_subdomain_count}}</div>
-          </div>
-          <div class="box info">
-            <h3>Endpoints</h3>
-            <div class="number">{{scan_object.get_endpoint_count}}</div>
-          </div>
-          <div class="box critical">
-            <h3>Vulnerabilities</h3>
-            <div class="number">{{all_vulnerabilities_count}}</div>
-          </div>
-        </div>
-      </div>
-      {% endif %} 
-      {% if show_vuln %}
-      <div class="section">
-        <h3 class="primary">Vulnerability Summary</h3>
-        <div class="grid">
-          <div class="box critical">
-            <h3>Critical</h3>
-            <div class="number">{{scan_object.get_critical_vulnerability_count}}</div>
-          </div>
-          <div class="box high">
-            <h3>High</h3>
-            <div class="number">{{scan_object.get_high_vulnerability_count}}</div>
-          </div>
-          <div class="box medium">
-            <h3>Medium</h3>
-            <div class="number">{{scan_object.get_medium_vulnerability_count}}</div>
-          </div>
-        </div>
-        <div class="grid">
-          <div class="box low">
-            <h3>Low</h3>
-            <div class="number">{{scan_object.get_low_vulnerability_count}}</div>
-          </div>
-          <div class="box info">
-            <h3>Info</h3>
-            <div class="number">
-            {% if is_ignore_info_vuln %}
-            0
-            {% else %}
-            {{scan_object.get_info_vulnerability_count}}
-            {% endif %}
-            </div>
-          </div>
-          <div class="box unknown">
-            <h3>Unknown</h3>
-            <div class="number">{{scan_object.get_unknown_vulnerability_count}}</div>
-          </div>
-        </div>
-      </div>
-      {% endif %}
-
-      <div class="section">
-      <br>
-      <br>
-      <h2 id="assessment-timeline" class="page-title">Assessment Timeline</h2>
-      <p>
-        Scan started on: {{scan_object.start_scan_date|date:"F j, Y h:i"}}
-        <br>
-        Total time taken:
-        {% if scan_object.scan_status == 0 %}
-          {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }}
-        {% elif scan_object.scan_status == 1 %}
-          {{ scan_object.get_elapsed_time }}
-        {% elif scan_object.scan_status == 2 %}
-          {% if scan_object.get_completed_time_in_sec < 60 %}
-            Completed in < 1 minutes {% else %} Completed in {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }} {% endif %} {% elif scan_object.scan_status == 3 %} Aborted in
-          {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }} {% endif %} <br>
-        Report Generated on: {% now "F j, Y" %}
-      </p>
-      </div>
-    </article>
-    
-    <article id="summary-of-finding-page" style="page-break-before: always">
-        <h2 class="page-title">Summary of Findings</h2>
-        <div class="">
+        </article>
+        <article id="vulnerability-breakdown-chart-page"
+                 style="page-break-before: always">
+            <h2 class="page-title">Summary of Vulnerabilities Identified</h2>
             <p>
-                This section provides a summary of the findings.
+                Listed below are the vulnerabilities identified on <span class="primary-color">{{ scan_object.domain.name }}</span>
             </p>
-        </div>
-        <h3 class="primary">Subdomains Breakdown by HTTP Status</h3>
-        <img class="center-img" src="data:image/png;base64,{{ subdomain_http_status_chart }}"/>
-        {% if show_vuln and unique_vulnerabilities %}
-        <h3 class="primary">Vulnerabilities Breakdown by Severity</h3>
-        <img class="center-img" src="data:image/png;base64,{{ vulns_severity_chart }}"/>
-        {% endif %}
-    </article>
-
-    <article id="vulnerability-breakdown-chart-page" style="page-break-before: always">
-        <h2 class="page-title">Summary of Vulnerabilities Identified</h2>
-        <p>Listed below are the vulnerabilities identified on <span class="primary-color">{{scan_object.domain.name}}</span></p>
-        <div class="vuln-summary-table-container">
-        <table class="vuln-summary-table">
-            <tr>
-                <th class="number-td">#</th>
-                <th class="vulnerability-td">Vulnerability Name</th>
-                <th class="instances-td">Instances</th>
-                <th class="severity-td">Severity</th>
-            </tr>
-            {% for vulnerability in unique_vulnerabilities %}
-            <tr class="{% if vulnerability.severity == -1 %}unknown-td
-                {% elif vulnerability.severity == 0 %}info-td
-                {% elif vulnerability.severity == 1 %}low-td
-                {% elif vulnerability.severity == 2 %}medium-td
-                {% elif vulnerability.severity == 3 %}high-td
-                {% elif vulnerability.severity == 4 %}critical-td
-                {% else %}unknown-td{% endif %}">
-                <td class="number-td">{{ forloop.counter }}</td>
-                <td class="vulnerability-td"><a href="#vuln_{{vulnerability.name.split|join:'_'}}">{{vulnerability.name}}</a></td>
-                <td class="instances-td">{{vulnerability.count}}</td>
-                <td class="severity-td">
-                    {% if vulnerability.severity == -1 %}
-                        Unknown
-                    {% elif vulnerability.severity == 0 %}
-                        Informational
-                    {% elif vulnerability.severity == 1 %}
-                        Low
-                    {% elif vulnerability.severity == 2 %}
-                        Medium
-                    {% elif vulnerability.severity == 3 %}
-                        High
-                    {% elif vulnerability.severity == 4 %}
-                        Critical
-                    {% endif %}
-                </td>
-            </tr>
-            {% endfor %}
-        </table>
-    </div>
-
-    </article>
-
-    <article id="end-of-report">
-      <div class="content-wrapper">
-        <h1 class="no-fade-line">END OF REPORT</h1>
-        <div class="fading-line-both"></div>
-      </div>
-    </article>
-
-
-  </body>
+            <div class="vuln-summary-table-container">
+                <table class="vuln-summary-table">
+                    <tr>
+                        <th class="number-td">#</th>
+                        <th class="vulnerability-td">Vulnerability Name</th>
+                        <th class="instances-td">Instances</th>
+                        <th class="severity-td">Severity</th>
+                    </tr>
+                    {% for vulnerability in unique_vulnerabilities %}
+                        <tr class="{% if vulnerability.severity == -1 %}unknown-td {% elif vulnerability.severity == 0 %}info-td {% elif vulnerability.severity == 1 %}low-td {% elif vulnerability.severity == 2 %}medium-td {% elif vulnerability.severity == 3 %}high-td {% elif vulnerability.severity == 4 %}critical-td {% else %}unknown-td{% endif %}">
+                            <td class="number-td">{{ forloop.counter }}</td>
+                            <td class="vulnerability-td">
+                                <a href="#vuln_{{ vulnerability.name.split|join:'_' }}">{{ vulnerability.name }}</a>
+                            </td>
+                            <td class="instances-td">{{ vulnerability.count }}</td>
+                            <td class="severity-td">
+                                {% if vulnerability.severity == -1 %}
+                                    Unknown
+                                {% elif vulnerability.severity == 0 %}
+                                    Informational
+                                {% elif vulnerability.severity == 1 %}
+                                    Low
+                                {% elif vulnerability.severity == 2 %}
+                                    Medium
+                                {% elif vulnerability.severity == 3 %}
+                                    High
+                                {% elif vulnerability.severity == 4 %}
+                                    Critical
+                                {% endif %}
+                            </td>
+                        </tr>
+                    {% endfor %}
+                </table>
+            </div>
+        </article>
+        <article id="end-of-report">
+            <div class="content-wrapper">
+                <h1 class="no-fade-line">END OF REPORT</h1>
+                <div class="fading-line-both"></div>
+            </div>
+        </article>
+    </body>
 </html>

From 8a44b11db87ad656bc6c15684b3d80bede332cb2 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sun, 25 Aug 2024 13:53:23 +0530
Subject: [PATCH 100/211] show interesting subdomain

---
 web/templates/report/modern.html | 124 +++++++++++++++++++++++--------
 1 file changed, 94 insertions(+), 30 deletions(-)

diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html
index 7af7e3bc9..ed50ef394 100644
--- a/web/templates/report/modern.html
+++ b/web/templates/report/modern.html
@@ -469,7 +469,43 @@
         margin-left: auto;
         margin-right: auto;
         width: 50%;
-    }
+      }
+
+      {% comment %} interesting-subdomain-table {% endcomment %}
+      .interesting-subdomain-table-container {
+        width: 100%;
+        margin: auto auto;
+        background-color: #ffffff;
+        border-radius: 4mm;
+        overflow: hidden;
+      }
+      .interesting-subdomain-table {
+        width: 100%;
+        border-collapse: separate;
+        border-spacing: 0.5mm;
+        background-color: #ffffff;
+      }
+      .interesting-subdomain-table th, .interesting-subdomain-table td {
+        padding: 2.5mm 3mm;
+        text-align: center;
+        vertical-align: middle;
+      }
+      .interesting-subdomain-table th {
+        background-color: #696969;
+        color: white;
+        font-weight: bold;
+      }
+      .interesting-subdomain-table .page-title-td {
+        text-align: left !important;
+      }
+      .interesting-subdomain-table .subdomain-name-td {
+        text-align: left !important;
+      }
+      .status-td {
+        width: 10mm;
+        text-align: center;
+        font-weight: bold;
+      }
         </style>
     </head>
     <body>
@@ -650,47 +686,75 @@ <h3 class="primary">Vulnerabilities Breakdown by Severity</h3>
                      src="data:image/png;base64,{{ vulns_severity_chart }}" />
             {% endif %}
         </article>
-        <article id="vulnerability-breakdown-chart-page"
-                 style="page-break-before: always">
-            <h2 class="page-title">Summary of Vulnerabilities Identified</h2>
+        <article id="interesting-subdomains-page">
+            <h2 class="page-title">Interesting Subdomains</h2>
             <p>
-                Listed below are the vulnerabilities identified on <span class="primary-color">{{ scan_object.domain.name }}</span>
+                Listed below are the interesting subdomains identified on <span class="primary-color">{{ scan_object.domain.name }}</span>
             </p>
-            <div class="vuln-summary-table-container">
-                <table class="vuln-summary-table">
+            <div class="interesting-subdomain-table-container">
+                <table class="interesting-subdomain-table">
                     <tr>
                         <th class="number-td">#</th>
-                        <th class="vulnerability-td">Vulnerability Name</th>
-                        <th class="instances-td">Instances</th>
-                        <th class="severity-td">Severity</th>
+                        <th class="interesting-subdomain-td">Subdomain</th>
+                        <th class="page-title-td">Page Title</th>
+                        <th class="status-td">HTTP Status</th>
                     </tr>
-                    {% for vulnerability in unique_vulnerabilities %}
-                        <tr class="{% if vulnerability.severity == -1 %}unknown-td {% elif vulnerability.severity == 0 %}info-td {% elif vulnerability.severity == 1 %}low-td {% elif vulnerability.severity == 2 %}medium-td {% elif vulnerability.severity == 3 %}high-td {% elif vulnerability.severity == 4 %}critical-td {% else %}unknown-td{% endif %}">
+                    {% for subdomain in interesting_subdomains %}
+                        <tr>
                             <td class="number-td">{{ forloop.counter }}</td>
-                            <td class="vulnerability-td">
-                                <a href="#vuln_{{ vulnerability.name.split|join:'_' }}">{{ vulnerability.name }}</a>
-                            </td>
-                            <td class="instances-td">{{ vulnerability.count }}</td>
-                            <td class="severity-td">
-                                {% if vulnerability.severity == -1 %}
-                                    Unknown
-                                {% elif vulnerability.severity == 0 %}
-                                    Informational
-                                {% elif vulnerability.severity == 1 %}
-                                    Low
-                                {% elif vulnerability.severity == 2 %}
-                                    Medium
-                                {% elif vulnerability.severity == 3 %}
-                                    High
-                                {% elif vulnerability.severity == 4 %}
-                                    Critical
-                                {% endif %}
+                            <td class="subdomain-name-td">{{ subdomain.name }}</td>
+                            <td class="page-title-td">{{ subdomain.ip_address }}</td>
+                            <td class="status-td">
+                                {% if subdomain.http_status %}{{ subdomain.http_status }}{% endif %}
                             </td>
                         </tr>
                     {% endfor %}
                 </table>
             </div>
         </article>
+        {% if show_vuln %}
+            <article id="vulnerability-breakdown-chart-page"
+                     style="page-break-before: always">
+                <h2 class="page-title">Summary of Vulnerabilities Identified</h2>
+                <p>
+                    Listed below are the vulnerabilities identified on <span class="primary-color">{{ scan_object.domain.name }}</span>
+                </p>
+                <div class="vuln-summary-table-container">
+                    <table class="vuln-summary-table">
+                        <tr>
+                            <th class="number-td">#</th>
+                            <th class="vulnerability-td">Vulnerability Name</th>
+                            <th class="instances-td">Instances</th>
+                            <th class="severity-td">Severity</th>
+                        </tr>
+                        {% for vulnerability in unique_vulnerabilities %}
+                            <tr class="{% if vulnerability.severity == -1 %}unknown-td {% elif vulnerability.severity == 0 %}info-td {% elif vulnerability.severity == 1 %}low-td {% elif vulnerability.severity == 2 %}medium-td {% elif vulnerability.severity == 3 %}high-td {% elif vulnerability.severity == 4 %}critical-td {% else %}unknown-td{% endif %}">
+                                <td class="number-td">{{ forloop.counter }}</td>
+                                <td class="vulnerability-td">
+                                    <a href="#vuln_{{ vulnerability.name.split|join:'_' }}">{{ vulnerability.name }}</a>
+                                </td>
+                                <td class="instances-td">{{ vulnerability.count }}</td>
+                                <td class="severity-td">
+                                    {% if vulnerability.severity == -1 %}
+                                        Unknown
+                                    {% elif vulnerability.severity == 0 %}
+                                        Informational
+                                    {% elif vulnerability.severity == 1 %}
+                                        Low
+                                    {% elif vulnerability.severity == 2 %}
+                                        Medium
+                                    {% elif vulnerability.severity == 3 %}
+                                        High
+                                    {% elif vulnerability.severity == 4 %}
+                                        Critical
+                                    {% endif %}
+                                </td>
+                            </tr>
+                        {% endfor %}
+                    </table>
+                </div>
+            </article>
+        {% endif %}
         <article id="end-of-report">
             <div class="content-wrapper">
                 <h1 class="no-fade-line">END OF REPORT</h1>

From d0cab4144ff5383517dde5f7dcff92e517cb1f04 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sun, 25 Aug 2024 19:33:21 +0530
Subject: [PATCH 101/211] Add summary of findings section to modern report
 template

---
 web/templates/report/modern.html | 91 ++++++++++++++++----------------
 1 file changed, 46 insertions(+), 45 deletions(-)

diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html
index ed50ef394..644340b57 100644
--- a/web/templates/report/modern.html
+++ b/web/templates/report/modern.html
@@ -552,6 +552,10 @@ <h1 class="toc-title page-title">Table of Contents</h1>
                         <a href="#assessment-timeline" class="toc-link">Assessment Timeline</a>
                         <span class="toc-number" data-href="#assessment-timeline"></span>
                     </div>
+                    <div class="toc-item">
+                        <a href="#summary-of-finding-page" class="toc-link">Summary of Findings</a>
+                        <span class="toc-number" data-href="#summary-of-finding-page"></span>
+                    </div>
                     {% if show_vuln %}
                         <div class="toc-item">
                             <a href="#vulnerability-breakdown-chart-page" class="toc-link">Vulnerability Summary</a>
@@ -685,9 +689,7 @@ <h3 class="primary">Vulnerabilities Breakdown by Severity</h3>
                 <img class="center-img"
                      src="data:image/png;base64,{{ vulns_severity_chart }}" />
             {% endif %}
-        </article>
-        <article id="interesting-subdomains-page">
-            <h2 class="page-title">Interesting Subdomains</h2>
+            <h3 class="primary">Interesting Subdomains</h3>
             <p>
                 Listed below are the interesting subdomains identified on <span class="primary-color">{{ scan_object.domain.name }}</span>
             </p>
@@ -700,10 +702,12 @@ <h2 class="page-title">Interesting Subdomains</h2>
                         <th class="status-td">HTTP Status</th>
                     </tr>
                     {% for subdomain in interesting_subdomains %}
-                        <tr>
+                        <tr class=" {% if subdomain.http_status >= 200 and subdomain.http_status < 300 %} low-td {% elif subdomain.http_status >= 300 and subdomain.http_status < 400 %} medium-td {% elif subdomain.http_status >= 400 and subdomain.http_status < 500 %} high-td {% else %} unknown-td {% endif %} ">
                             <td class="number-td">{{ forloop.counter }}</td>
                             <td class="subdomain-name-td">{{ subdomain.name }}</td>
-                            <td class="page-title-td">{{ subdomain.ip_address }}</td>
+                            <td class="page-title-td">
+                                {% if subdomain.page_title %}{{ subdomain.page_title }}{% endif %}
+                            </td>
                             <td class="status-td">
                                 {% if subdomain.http_status %}{{ subdomain.http_status }}{% endif %}
                             </td>
@@ -713,47 +717,44 @@ <h2 class="page-title">Interesting Subdomains</h2>
             </div>
         </article>
         {% if show_vuln %}
-            <article id="vulnerability-breakdown-chart-page"
-                     style="page-break-before: always">
-                <h2 class="page-title">Summary of Vulnerabilities Identified</h2>
-                <p>
-                    Listed below are the vulnerabilities identified on <span class="primary-color">{{ scan_object.domain.name }}</span>
-                </p>
-                <div class="vuln-summary-table-container">
-                    <table class="vuln-summary-table">
-                        <tr>
-                            <th class="number-td">#</th>
-                            <th class="vulnerability-td">Vulnerability Name</th>
-                            <th class="instances-td">Instances</th>
-                            <th class="severity-td">Severity</th>
+            <h3 class="primary">Summary of Vulnerabilities Identified</h3>
+            <p>
+                Listed below are the vulnerabilities identified on <span class="primary-color">{{ scan_object.domain.name }}</span>
+            </p>
+            <div class="vuln-summary-table-container">
+                <table class="vuln-summary-table">
+                    <tr>
+                        <th class="number-td">#</th>
+                        <th class="vulnerability-td">Vulnerability Name</th>
+                        <th class="instances-td">Instances</th>
+                        <th class="severity-td">Severity</th>
+                    </tr>
+                    {% for vulnerability in unique_vulnerabilities %}
+                        <tr class="{% if vulnerability.severity == -1 %}unknown-td {% elif vulnerability.severity == 0 %}info-td {% elif vulnerability.severity == 1 %}low-td {% elif vulnerability.severity == 2 %}medium-td {% elif vulnerability.severity == 3 %}high-td {% elif vulnerability.severity == 4 %}critical-td {% else %}unknown-td{% endif %}">
+                            <td class="number-td">{{ forloop.counter }}</td>
+                            <td class="vulnerability-td">
+                                <a href="#vuln_{{ vulnerability.name.split|join:'_' }}">{{ vulnerability.name }}</a>
+                            </td>
+                            <td class="instances-td">{{ vulnerability.count }}</td>
+                            <td class="severity-td">
+                                {% if vulnerability.severity == -1 %}
+                                    Unknown
+                                {% elif vulnerability.severity == 0 %}
+                                    Informational
+                                {% elif vulnerability.severity == 1 %}
+                                    Low
+                                {% elif vulnerability.severity == 2 %}
+                                    Medium
+                                {% elif vulnerability.severity == 3 %}
+                                    High
+                                {% elif vulnerability.severity == 4 %}
+                                    Critical
+                                {% endif %}
+                            </td>
                         </tr>
-                        {% for vulnerability in unique_vulnerabilities %}
-                            <tr class="{% if vulnerability.severity == -1 %}unknown-td {% elif vulnerability.severity == 0 %}info-td {% elif vulnerability.severity == 1 %}low-td {% elif vulnerability.severity == 2 %}medium-td {% elif vulnerability.severity == 3 %}high-td {% elif vulnerability.severity == 4 %}critical-td {% else %}unknown-td{% endif %}">
-                                <td class="number-td">{{ forloop.counter }}</td>
-                                <td class="vulnerability-td">
-                                    <a href="#vuln_{{ vulnerability.name.split|join:'_' }}">{{ vulnerability.name }}</a>
-                                </td>
-                                <td class="instances-td">{{ vulnerability.count }}</td>
-                                <td class="severity-td">
-                                    {% if vulnerability.severity == -1 %}
-                                        Unknown
-                                    {% elif vulnerability.severity == 0 %}
-                                        Informational
-                                    {% elif vulnerability.severity == 1 %}
-                                        Low
-                                    {% elif vulnerability.severity == 2 %}
-                                        Medium
-                                    {% elif vulnerability.severity == 3 %}
-                                        High
-                                    {% elif vulnerability.severity == 4 %}
-                                        Critical
-                                    {% endif %}
-                                </td>
-                            </tr>
-                        {% endfor %}
-                    </table>
-                </div>
-            </article>
+                    {% endfor %}
+                </table>
+            </div>
         {% endif %}
         <article id="end-of-report">
             <div class="content-wrapper">

From e763db4c9c33afef2df37307b98215f2fceb1f09 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sun, 25 Aug 2024 19:58:26 +0530
Subject: [PATCH 102/211] Added discovered assets

---
 web/templates/report/modern.html | 144 +++++++++++++++++++++++--------
 1 file changed, 108 insertions(+), 36 deletions(-)

diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html
index 644340b57..e9f877955 100644
--- a/web/templates/report/modern.html
+++ b/web/templates/report/modern.html
@@ -718,43 +718,115 @@ <h3 class="primary">Interesting Subdomains</h3>
         </article>
         {% if show_vuln %}
             <h3 class="primary">Summary of Vulnerabilities Identified</h3>
-            <p>
-                Listed below are the vulnerabilities identified on <span class="primary-color">{{ scan_object.domain.name }}</span>
-            </p>
-            <div class="vuln-summary-table-container">
-                <table class="vuln-summary-table">
-                    <tr>
-                        <th class="number-td">#</th>
-                        <th class="vulnerability-td">Vulnerability Name</th>
-                        <th class="instances-td">Instances</th>
-                        <th class="severity-td">Severity</th>
-                    </tr>
-                    {% for vulnerability in unique_vulnerabilities %}
-                        <tr class="{% if vulnerability.severity == -1 %}unknown-td {% elif vulnerability.severity == 0 %}info-td {% elif vulnerability.severity == 1 %}low-td {% elif vulnerability.severity == 2 %}medium-td {% elif vulnerability.severity == 3 %}high-td {% elif vulnerability.severity == 4 %}critical-td {% else %}unknown-td{% endif %}">
-                            <td class="number-td">{{ forloop.counter }}</td>
-                            <td class="vulnerability-td">
-                                <a href="#vuln_{{ vulnerability.name.split|join:'_' }}">{{ vulnerability.name }}</a>
-                            </td>
-                            <td class="instances-td">{{ vulnerability.count }}</td>
-                            <td class="severity-td">
-                                {% if vulnerability.severity == -1 %}
-                                    Unknown
-                                {% elif vulnerability.severity == 0 %}
-                                    Informational
-                                {% elif vulnerability.severity == 1 %}
-                                    Low
-                                {% elif vulnerability.severity == 2 %}
-                                    Medium
-                                {% elif vulnerability.severity == 3 %}
-                                    High
-                                {% elif vulnerability.severity == 4 %}
-                                    Critical
-                                {% endif %}
-                            </td>
+            {% if all_vulnerabilities.count == 0 %}
+                <p>
+                    No vulnerabilities were identified on <span class="primary">{{ scan_object.domain.name }}</span>
+                </p>
+            {% else %}
+                <p>
+                    Listed below are the vulnerabilities identified on <span class="primary-color">{{ scan_object.domain.name }}</span>
+                </p>
+                <div class="vuln-summary-table-container">
+                    <table class="vuln-summary-table">
+                        <tr>
+                            <th class="number-td">#</th>
+                            <th class="vulnerability-td">Vulnerability Name</th>
+                            <th class="instances-td">Instances</th>
+                            <th class="severity-td">Severity</th>
                         </tr>
-                    {% endfor %}
-                </table>
-            </div>
+                        {% for vulnerability in unique_vulnerabilities %}
+                            <tr class="{% if vulnerability.severity == -1 %}unknown-td {% elif vulnerability.severity == 0 %}info-td {% elif vulnerability.severity == 1 %}low-td {% elif vulnerability.severity == 2 %}medium-td {% elif vulnerability.severity == 3 %}high-td {% elif vulnerability.severity == 4 %}critical-td {% else %}unknown-td{% endif %}">
+                                <td class="number-td">{{ forloop.counter }}</td>
+                                <td class="vulnerability-td">
+                                    <a href="#vuln_{{ vulnerability.name.split|join:'_' }}">{{ vulnerability.name }}</a>
+                                </td>
+                                <td class="instances-td">{{ vulnerability.count }}</td>
+                                <td class="severity-td">
+                                    {% if vulnerability.severity == -1 %}
+                                        Unknown
+                                    {% elif vulnerability.severity == 0 %}
+                                        Informational
+                                    {% elif vulnerability.severity == 1 %}
+                                        Low
+                                    {% elif vulnerability.severity == 2 %}
+                                        Medium
+                                    {% elif vulnerability.severity == 3 %}
+                                        High
+                                    {% elif vulnerability.severity == 4 %}
+                                        Critical
+                                    {% endif %}
+                                </td>
+                            </tr>
+                        {% endfor %}
+                    </table>
+                </div>
+            {% endif %}
+        {% endif %}
+        {% if show_recon %}
+            <article style="page-break-before: always">
+                <h2 class="page-title">Discovered Assets</h2>
+                <p>This section provides a list of assets discovered during the reconnaissance phase.</p>
+                <h3 class="primary">Subdomains</h3>
+                <p>During the reconnaissance phase, our subdomain enumeration process revealed:</p>
+                <ol>
+                    <li>
+                        <strong>Total Subdomains:</strong> {{ scan_object.get_subdomain_count }}
+                        <ul>
+                            <li>This extensive list provides a comprehensive view of the target's online footprint.</li>
+                        </ul>
+                    </li>
+                    <li>
+                        <strong>Active Subdomains:</strong> {{ subdomain_alive_count }}
+                        <ul>
+                            <li>These subdomains returned an HTTP status 200 (OK), indicating live web assets.</li>
+                        </ul>
+                    </li>
+                    <li>
+                        <strong>Interesting Subdomains:</strong> {{ interesting_subdomains.count }}
+                        <ul>
+                            <li>High-priority subdomains identified through keyword analysis (e.g., admin, api, test), suggesting a focused investigation.</li>
+                        </ul>
+                    </li>
+                </ol>
+                <h4>
+                    {{ scan_object.get_subdomain_count }} subdomains identified on <span class="primary">{{ scan_object.domain.name }}</span>
+                </h4>
+                <div class="interesting-subdomain-table-container">
+                    <table class="interesting-subdomain-table">
+                        <tr>
+                            <th class="number-td">#</th>
+                            <th class="interesting-subdomain-td">Subdomain</th>
+                            <th class="page-title-td">Page Title</th>
+                            <th class="status-td">HTTP Status</th>
+                            {% comment %} if show vuln is there we may also show total vulnerbaility count {% endcomment %}
+                            {% if show_vuln %}
+                                <th class="status-td">Vulnerabilities Count</th>
+                            {% endif %}
+                        </tr>
+                        {% for subdomain in subdomains %}
+                            <tr class=" {% if subdomain.http_status >= 200 and subdomain.http_status < 300 %} low-td {% elif subdomain.http_status >= 300 and subdomain.http_status < 400 %} medium-td {% elif subdomain.http_status >= 400 and subdomain.http_status < 500 %} high-td {% else %} unknown-td {% endif %} ">
+                                <td class="number-td">{{ forloop.counter }}</td>
+                                <td class="subdomain-name-td">{{ subdomain.name }}</td>
+                                <td class="page-title-td">
+                                    {% if subdomain.page_title %}{{ subdomain.page_title }}{% endif %}
+                                </td>
+                                <td class="status-td">
+                                    {% if subdomain.http_status %}{{ subdomain.http_status }}{% endif %}
+                                </td>
+                                {% if show_vuln %}
+                                    <td class="status-td">
+                                        {% if subdomain.get_total_vulnerability_count %}
+                                            {{ subdomain.get_total_vulnerability_count }}
+                                        {% else %}
+                                            0
+                                        {% endif %}
+                                    </td>
+                                {% endif %}
+                            </tr>
+                        {% endfor %}
+                    </table>
+                </div>
+            </article>
         {% endif %}
         <article id="end-of-report">
             <div class="content-wrapper">

From 3f3da99c184f52df9152997d444362dea16baff4 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sun, 25 Aug 2024 20:17:32 +0530
Subject: [PATCH 103/211] show ip assets

---
 web/templates/report/modern.html | 96 ++++++++++++++++++++++----------
 1 file changed, 67 insertions(+), 29 deletions(-)

diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html
index e9f877955..209c19964 100644
--- a/web/templates/report/modern.html
+++ b/web/templates/report/modern.html
@@ -272,22 +272,7 @@
           font-family: 'Inter', sans-serif;
       }
 
-      #summary-of-finding-page h2 {
-          font-size: 24pt;
-          color: {{primary_color}};
-      }
-
-      #executive-summary-page h2 {
-          font-size: 24pt;
-          color: {{primary_color}};
-      }
-
-      #quick-summary-page h2 {
-          font-size: 24pt;
-          color: {{primary_color}};
-      }
-
-      #vulnerability-breakdown-chart-page h2 {
+      .page-title {
           font-size: 24pt;
           color: {{primary_color}};
       }
@@ -470,6 +455,13 @@
         margin-right: auto;
         width: 50%;
       }
+      {% comment %} stripped table {% endcomment %}
+        .table-stripped tr:nth-child(odd) {
+            background-color: #f9f9f9;
+        }
+        .table-stripped tr:nth-child(even) {
+           background-color: #f2f2f2;
+        }
 
       {% comment %} interesting-subdomain-table {% endcomment %}
       .interesting-subdomain-table-container {
@@ -505,6 +497,10 @@
         width: 10mm;
         text-align: center;
         font-weight: bold;
+      }
+      .normal-td {
+        width: 10mm;
+        text-align: center;
       }
         </style>
     </head>
@@ -784,7 +780,9 @@ <h3 class="primary">Subdomains</h3>
                     <li>
                         <strong>Interesting Subdomains:</strong> {{ interesting_subdomains.count }}
                         <ul>
-                            <li>High-priority subdomains identified through keyword analysis (e.g., admin, api, test), suggesting a focused investigation.</li>
+                            <li>
+                                High-priority subdomains identified through keyword analysis (e.g., admin, api, test), suggesting a focused investigation.
+                            </li>
                         </ul>
                     </li>
                 </ol>
@@ -799,9 +797,7 @@ <h4>
                             <th class="page-title-td">Page Title</th>
                             <th class="status-td">HTTP Status</th>
                             {% comment %} if show vuln is there we may also show total vulnerbaility count {% endcomment %}
-                            {% if show_vuln %}
-                                <th class="status-td">Vulnerabilities Count</th>
-                            {% endif %}
+                            {% if show_vuln %}<th class="status-td">Vulnerabilities Count</th>{% endif %}
                         </tr>
                         {% for subdomain in subdomains %}
                             <tr class=" {% if subdomain.http_status >= 200 and subdomain.http_status < 300 %} low-td {% elif subdomain.http_status >= 300 and subdomain.http_status < 400 %} medium-td {% elif subdomain.http_status >= 400 and subdomain.http_status < 500 %} high-td {% else %} unknown-td {% endif %} ">
@@ -826,13 +822,55 @@ <h4>
                         {% endfor %}
                     </table>
                 </div>
+                {% if ip_addresses.count > 0 %}
+                    <h3 class="primary">IP Assets</h3>
+                    <p>In addition to subdomains, various IP assets associated with the target infrastructure were also identified:</p>
+                    <ol>
+                        <li>
+                            <strong>Total IP Addresses:</strong> {{ ip_addresses.count }}
+                            <ul>
+                                <li>
+                                    This represents the range of unique IP addresses associated with the discovered subdomains and other network assets.
+                                </li>
+                            </ul>
+                        </li>
+                    </ol>
+                    <div class="interesting-subdomain-table-container">
+                        <table class="interesting-subdomain-table table-stripped">
+                            <tr>
+                                <th class="number-td">#</th>
+                                <th class="interesting-subdomain-td">IP</th>
+                                <th class="page-title-td">Open Ports</th>
+                                <th class="normal-td">Geo Location</th>
+                                <th class="normal-td">Remarks</th>
+                            </tr>
+                            {% for ip in ip_addresses %}
+                                <tr>
+                                    <td class="number-td">{{ forloop.counter }}</td>
+                                    <td class="subdomain-name-td">{{ ip.address }}</td>
+                                    <td class="page-title-td">
+                                        {% for port in ip.ports.all %}
+                                            {{ port.number }}/{{ port.service_name }}
+                                            {% if not forloop.last %},{% endif %}
+                                        {% endfor %}
+                                    </td>
+                                    <td class="normal-td">
+                                        {% if ip.geo_iso %}{{ ip.geo_iso }}{% endif %}
+                                        <td class="normal-td">
+                                            {% if ip.is_cdn %}CDN{% endif %}
+                                        </td>
+                                    </tr>
+                                {% endfor %}
+                            </table>
+                        </div>
+                    {% endif %}
+                </article>
+            {% endif %}
+            <article id="end-of-report">
+                <div class="content-wrapper">
+                    <h1 class="no-fade-line">END OF REPORT</h1>
+                    <div class="fading-line-both"></div>
+                </div>
             </article>
-        {% endif %}
-        <article id="end-of-report">
-            <div class="content-wrapper">
-                <h1 class="no-fade-line">END OF REPORT</h1>
-                <div class="fading-line-both"></div>
-            </div>
-        </article>
-    </body>
-</html>
+        </body>
+    </html>

From 3046c2e436bfc687ec60758b1dadf504e6908feb Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sun, 25 Aug 2024 20:52:48 +0530
Subject: [PATCH 104/211] Added Recon result cards

---
 web/templates/report/modern.html | 145 ++++++++++++++++++++++++++-----
 1 file changed, 121 insertions(+), 24 deletions(-)

diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html
index 209c19964..602434415 100644
--- a/web/templates/report/modern.html
+++ b/web/templates/report/modern.html
@@ -502,6 +502,42 @@
         width: 10mm;
         text-align: center;
       }
+        /* recon finding card table */
+        .subdomain-card {
+            width: 100%;
+            margin-bottom: 3mm;
+            border: 1px solid #ddd;
+            border-radius: 4mm;
+            overflow: hidden;
+            box-shadow: 0 1mm 2mm rgba(0, 0, 0, 0.1);
+        }
+        .subdomain-card-header {
+            background-color: #f0f0f0;
+            padding: 2mm;
+            border-bottom: 1px solid #ddd;
+            display: flex;
+            justify-content: space-between;
+            align-items: center;
+        }
+        .subdomain-card-name {
+            font-weight: bold;
+            color: #2c3e50;
+            font-size: 11pt;
+        }
+        .subdomain-card-http-status {
+            padding: 1mm 2mm;
+            border-radius: 1mm;
+            font-size: 13pt;
+        }
+        .subdomain-card-content {
+            padding: 3mm;
+        }
+        .subdomain-card-page-title {
+            font-style: italic !important;
+            color: #7f8c8d;
+            margin-bottom: 1mm;
+            font-size: 10pt;
+        }
         </style>
     </head>
     <body>
@@ -686,31 +722,37 @@ <h3 class="primary">Vulnerabilities Breakdown by Severity</h3>
                      src="data:image/png;base64,{{ vulns_severity_chart }}" />
             {% endif %}
             <h3 class="primary">Interesting Subdomains</h3>
-            <p>
-                Listed below are the interesting subdomains identified on <span class="primary-color">{{ scan_object.domain.name }}</span>
-            </p>
-            <div class="interesting-subdomain-table-container">
-                <table class="interesting-subdomain-table">
-                    <tr>
-                        <th class="number-td">#</th>
-                        <th class="interesting-subdomain-td">Subdomain</th>
-                        <th class="page-title-td">Page Title</th>
-                        <th class="status-td">HTTP Status</th>
-                    </tr>
-                    {% for subdomain in interesting_subdomains %}
-                        <tr class=" {% if subdomain.http_status >= 200 and subdomain.http_status < 300 %} low-td {% elif subdomain.http_status >= 300 and subdomain.http_status < 400 %} medium-td {% elif subdomain.http_status >= 400 and subdomain.http_status < 500 %} high-td {% else %} unknown-td {% endif %} ">
-                            <td class="number-td">{{ forloop.counter }}</td>
-                            <td class="subdomain-name-td">{{ subdomain.name }}</td>
-                            <td class="page-title-td">
-                                {% if subdomain.page_title %}{{ subdomain.page_title }}{% endif %}
-                            </td>
-                            <td class="status-td">
-                                {% if subdomain.http_status %}{{ subdomain.http_status }}{% endif %}
-                            </td>
+            {% if interesting_subdomains %}
+                <p>
+                    Listed below are the interesting subdomains identified on <span class="primary-color">{{ scan_object.domain.name }}</span>
+                </p>
+                <div class="interesting-subdomain-table-container">
+                    <table class="interesting-subdomain-table">
+                        <tr>
+                            <th class="number-td">#</th>
+                            <th class="interesting-subdomain-td">Subdomain</th>
+                            <th class="page-title-td">Page Title</th>
+                            <th class="status-td">HTTP Status</th>
                         </tr>
-                    {% endfor %}
-                </table>
-            </div>
+                        {% for subdomain in interesting_subdomains %}
+                            <tr class=" {% if subdomain.http_status >= 200 and subdomain.http_status < 300 %} low-td {% elif subdomain.http_status >= 300 and subdomain.http_status < 400 %} medium-td {% elif subdomain.http_status >= 400 and subdomain.http_status < 500 %} high-td {% else %} unknown-td {% endif %} ">
+                                <td class="number-td">{{ forloop.counter }}</td>
+                                <td class="subdomain-name-td">{{ subdomain.name }}</td>
+                                <td class="page-title-td">
+                                    {% if subdomain.page_title %}{{ subdomain.page_title }}{% endif %}
+                                </td>
+                                <td class="status-td">
+                                    {% if subdomain.http_status %}{{ subdomain.http_status }}{% endif %}
+                                </td>
+                            </tr>
+                        {% endfor %}
+                    </table>
+                </div>
+            {% else %}
+                <p>
+                    No interesting subdomains were identified on <span class="primary">{{ scan_object.domain.name }}</span>
+                </p>
+            {% endif %}
         </article>
         {% if show_vuln %}
             <h3 class="primary">Summary of Vulnerabilities Identified</h3>
@@ -866,6 +908,61 @@ <h3 class="primary">IP Assets</h3>
                     {% endif %}
                 </article>
             {% endif %}
+             {% if show_recon %}
+                <article style="page-break-before: always">
+                <h2 class="page-title">Reconnaissance Findings</h2>
+                <p>
+                    This section contains list of all the subdomains identified during the reconnaissance phase.
+                </p>
+                {% for subdomain in subdomains %}
+                    <div class="subdomain-card">
+                        <div class="subdomain-card-header">
+                            <span class="subdomain-card-name">{{ subdomain.name }}</span>
+                            {% if subdomain.http_status %}
+                                <span class="subdomain-card-http-status {% if subdomain.http_status >= 200 and subdomain.http_status < 300 %} low-td {% elif subdomain.http_status >= 300 and subdomain.http_status < 400 %} medium-td {% elif subdomain.http_status >= 400 and subdomain.http_status < 500 %} high-td {% else %} unknown-td {% endif %}">{{ subdomain.http_status }}</span>
+                            {% endif %}
+                        </div>
+                        <div class="subdomain-card-content">
+                            {% if subdomain.page_title %}
+                                <div class="subdomain-card-page-title">{{ subdomain.page_title }}</div>
+                            {% endif %}
+                            {% if subdomain.ip_addresses.all %}
+                            <div>
+                                <h4>IP Addresses:</h4>
+                                <ul>
+                                    {% for ip in subdomain.ip_addresses.all %}
+                                    <li>
+                                        {{ip.address}}
+                                        {% if ip.ports.all %}
+                                        <ul>
+                                            {% for port in ip.ports.all %}
+                                            <li>{{ port.number }}/{{ port.service_name }}</li>
+                                            {% endfor %}
+                                        </ul>
+                                        {% endif %}
+                                    </li>
+                                    {% endfor %}
+                                </ul>
+                            </div>
+                            {% endif %}
+                            {% if subdomain.get_vulnerabilities_without_info %}
+                            <div>
+                                <h4>Vulnerabilities:</h4>
+                                {% regroup subdomain.get_vulnerabilities_without_info by name as vuln_list %}
+                                <ul>
+                                    {% for vulnerability in vuln_list %}
+                                    <li>
+                                        <a href="#vuln_{{vulnerability.list.0.name.split|join:'_'}}" class="primary">{{ vulnerability.grouper }}</a>
+                                    </li>
+                                    {% endfor %}
+                                </ul>
+                            </div>
+                            {% endif %}
+                        </div>
+                    </div>
+                {% endfor %}
+                </article>
+                {% endif %}
             <article id="end-of-report">
                 <div class="content-wrapper">
                     <h1 class="no-fade-line">END OF REPORT</h1>

From d9ed236537b3c972423554217fd8fe11ec20c808 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 28 Aug 2024 08:39:23 +0530
Subject: [PATCH 105/211] add vuln summary section with badges

---
 web/templates/report/modern.html | 298 ++++++++++++++++++++++++++-----
 1 file changed, 250 insertions(+), 48 deletions(-)

diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html
index 602434415..10c54d42c 100644
--- a/web/templates/report/modern.html
+++ b/web/templates/report/modern.html
@@ -449,6 +449,16 @@
       .medium-td { background-color: #fff3e0; color: #ef6c00; }
       .high-td { background-color: #fbe9e7; color: #d84315; }
       .critical-td { background-color: #ffebee; color: #c62828; }
+
+      .unknown-severity-badge { background-color: rgba(200, 200, 200, 0.2); }
+      .info-severity-badge { background-color: rgba(144, 202, 249, 0.2); }
+      .low-severity-badge { background-color: rgba(165, 214, 167, 0.2); }
+      .medium-severity-badge { background-color: rgba(255, 204, 128, 0.2); }
+      .high-severity-badge { background-color: rgba(239, 154, 154, 0.2); }
+      .critical-severity-badge { background-color: rgba(239, 154, 154, 0.2); }
+
+
+
       .center-img {
         display: block;
         margin-left: auto;
@@ -538,6 +548,96 @@
             margin-bottom: 1mm;
             font-size: 10pt;
         }
+        {% comment %} vuln finding related css {% endcomment %}
+        .vuln-card {
+            background-color: #ffffff;
+            margin-bottom: 7mm;
+            border-radius: 4mm;
+            box-shadow: 0 2mm 4mm rgba(0,0,0,0.1);
+            overflow: hidden;
+        }
+        .vuln-card-header {
+            padding: 1mm 4mm;
+            position: relative;
+            display: flex;
+            align-items: center;
+            justify-content: space-between;
+        }
+        .card-header h4 {
+            font-size: 14pt;
+            margin: 0;
+            font-weight: 500;
+        }
+        .vuln-severity {
+            font-size: 11pt;
+            font-weight: bold;
+            padding: 1mm 3mm;
+            border-radius: 2mm;
+        }
+        .vuln-badge {
+            display: inline-block;
+            padding: 1mm 3mm;
+            border-radius: 2mm;
+            font-size: 9pt;
+            font-weight: bold;
+            text-transform: uppercase;
+            margin-right: 3mm;
+            margin-top: 1mm;
+        }
+        .badge-source {
+            background-color: #2ecc71;
+            color: white;
+        }
+        .badge-cvss {
+            background-color: #e74c3c;
+            color: white;
+        }
+        .badge-cve {
+            background-color: #3498db;
+            color: white;
+        }
+
+        .badge-cwe {
+            background-color: #9b59b6;
+            color: white;
+        }
+        .vuln-card-body {
+            padding: 5mm 2mm;
+        }
+        .vuln-section {
+            margin-bottom: 4mm;
+            padding-bottom: 4mm;
+            border-bottom: 1pt solid #e0e0e0;
+        }
+        .vuln-section:last-child {
+            border-bottom: none;
+        }
+        .section-title {
+            font-weight: bold;
+            color: #2c3e50;
+            font-size: 11pt;
+            margin-bottom: 2mm;
+            text-transform: uppercase;
+        }
+        .vuln-cvss-details {
+            background-color: #f8f9fa;
+            padding: 4mm;
+            border-radius: 2mm;
+            font-family: monospace;
+            font-size: 9pt;
+        }
+        .vulnerable-url-li {
+            background-color: #fff3cd;
+            padding: 2mm 4mm;
+            margin-bottom: 2mm;
+            border-radius: 2mm;
+            font-family: monospace;
+            font-size: 9pt;
+        }
+        .references-li a {
+            color: #3498db;
+            text-decoration: none;
+        }
         </style>
     </head>
     <body>
@@ -908,61 +1008,163 @@ <h3 class="primary">IP Assets</h3>
                     {% endif %}
                 </article>
             {% endif %}
-             {% if show_recon %}
+            {% if show_recon %}
                 <article style="page-break-before: always">
-                <h2 class="page-title">Reconnaissance Findings</h2>
-                <p>
-                    This section contains list of all the subdomains identified during the reconnaissance phase.
-                </p>
-                {% for subdomain in subdomains %}
-                    <div class="subdomain-card">
-                        <div class="subdomain-card-header">
-                            <span class="subdomain-card-name">{{ subdomain.name }}</span>
-                            {% if subdomain.http_status %}
-                                <span class="subdomain-card-http-status {% if subdomain.http_status >= 200 and subdomain.http_status < 300 %} low-td {% elif subdomain.http_status >= 300 and subdomain.http_status < 400 %} medium-td {% elif subdomain.http_status >= 400 and subdomain.http_status < 500 %} high-td {% else %} unknown-td {% endif %}">{{ subdomain.http_status }}</span>
-                            {% endif %}
-                        </div>
-                        <div class="subdomain-card-content">
-                            {% if subdomain.page_title %}
-                                <div class="subdomain-card-page-title">{{ subdomain.page_title }}</div>
-                            {% endif %}
-                            {% if subdomain.ip_addresses.all %}
-                            <div>
-                                <h4>IP Addresses:</h4>
-                                <ul>
-                                    {% for ip in subdomain.ip_addresses.all %}
-                                    <li>
-                                        {{ip.address}}
-                                        {% if ip.ports.all %}
+                    <h2 class="page-title" id="reconnaissance-findings">Reconnaissance Findings</h2>
+                    <p>This section contains list of all the subdomains identified during the reconnaissance phase.</p>
+                    {% for subdomain in subdomains %}
+                        <div class="subdomain-card">
+                            <div class="subdomain-card-header">
+                                <span class="subdomain-card-name">{{ subdomain.name }}</span>
+                                {% if subdomain.http_status %}
+                                    <span class="subdomain-card-http-status {% if subdomain.http_status >= 200 and subdomain.http_status < 300 %} low-td {% elif subdomain.http_status >= 300 and subdomain.http_status < 400 %} medium-td {% elif subdomain.http_status >= 400 and subdomain.http_status < 500 %} high-td {% else %} unknown-td {% endif %}">{{ subdomain.http_status }}</span>
+                                {% endif %}
+                            </div>
+                            <div class="subdomain-card-content">
+                                {% if subdomain.page_title %}<div class="subdomain-card-page-title">{{ subdomain.page_title }}</div>{% endif %}
+                                {% if subdomain.ip_addresses.all %}
+                                    <div>
+                                        <h4>IP Addresses:</h4>
                                         <ul>
-                                            {% for port in ip.ports.all %}
-                                            <li>{{ port.number }}/{{ port.service_name }}</li>
+                                            {% for ip in subdomain.ip_addresses.all %}
+                                                <li>
+                                                    {{ ip.address }}
+                                                    {% if ip.ports.all %}
+                                                        <ul>
+                                                            {% for port in ip.ports.all %}<li>{{ port.number }}/{{ port.service_name }}</li>{% endfor %}
+                                                        </ul>
+                                                    {% endif %}
+                                                </li>
                                             {% endfor %}
                                         </ul>
-                                        {% endif %}
-                                    </li>
-                                    {% endfor %}
-                                </ul>
-                            </div>
-                            {% endif %}
-                            {% if subdomain.get_vulnerabilities_without_info %}
-                            <div>
-                                <h4>Vulnerabilities:</h4>
-                                {% regroup subdomain.get_vulnerabilities_without_info by name as vuln_list %}
-                                <ul>
-                                    {% for vulnerability in vuln_list %}
-                                    <li>
-                                        <a href="#vuln_{{vulnerability.list.0.name.split|join:'_'}}" class="primary">{{ vulnerability.grouper }}</a>
-                                    </li>
-                                    {% endfor %}
-                                </ul>
+                                    </div>
+                                {% endif %}
+                                {% if show_vuln %}
+                                    {% if subdomain.get_vulnerabilities_without_info %}
+                                        <div>
+                                            <h4>Vulnerabilities:</h4>
+                                            {% regroup subdomain.get_vulnerabilities_without_info by name as vuln_list %}
+                                            <ul>
+                                                {% for vulnerability in vuln_list %}
+                                                    <li>
+                                                        <a href="#vuln_{{ vulnerability.list.0.name.split|join:'_' }}"
+                                                           class="primary">{{ vulnerability.grouper }}</a>
+                                                    </li>
+                                                {% endfor %}
+                                            </ul>
+                                        </div>
+                                    {% endif %}
+                                {% endif %}
                             </div>
-                            {% endif %}
                         </div>
-                    </div>
-                {% endfor %}
+                    {% endfor %}
                 </article>
-                {% endif %}
+            {% endif %}
+            {% if show_vuln %}
+                <article id="vulnerabilities-discovered" style="page-break-before: always">
+                    <h2 class="page-title primary">Vulnerabilities Discovered</h2>
+                    <p>
+                    This section details the security vulnerabilities identified during our penetration testing engagement. Each finding is documented with its description, potential impact, and recommended remediation steps.
+                    <br>
+                    Vulnerabilities are categorized by severity (Critical, High, Medium, Low, Info) to prioritize remediation efforts. This assessment is based on the potential impact to confidentiality, integrity, and availability of the systems and data.
+                    <br>
+                    The information presented here is crucial for understanding your current security posture and should guide your remediation strategy to enhance overall security.</p>
+                    <br>
+                    {% regroup all_vulnerabilities by get_path as grouped_vulnerabilities %}
+                    {% for vulnerabilities in grouped_vulnerabilities %}
+                        {% for vulnerability in vulnerabilities.list %}
+                            <div class="vuln-card">
+                                <div class="vuln-card-header {% if vulnerability.severity == 0 %}info-td{% elif vulnerability.severity == 1 %}low-td{% elif vulnerability.severity == 2 %}medium-td{% elif vulnerability.severity == 3 %}high-td{% elif vulnerability.severity == 4 %}critical-td{% endif %}">
+                                    <h4>
+                                        {{ vulnerability.name }}
+                                        {% if vulnerabilities.grouper %}
+                                            <br>
+                                            in {{ vulnerabilities.grouper }}
+                                        {% endif %}
+                                    </h4>
+                                    <div class="vuln-severity {% if vulnerability.severity == -1 %}unknown-severity-badge{% elif vulnerability.severity == 0 %}info-severity-badge{% elif vulnerability.severity == 1 %}low-severity-badge{% elif vulnerability.severity == 2 %}medium-severity-badge{% elif vulnerability.severity == 3 %}high-severity-badge{% elif vulnerability.severity == 4 %}critical-severity-badge{% endif %}">
+                                        {% if vulnerability.severity == -1 %}
+                                            Unknown
+                                        {% elif vulnerability.severity == 0 %}
+                                            INFO
+                                        {% elif vulnerability.severity == 1 %}
+                                            LOW
+                                        {% elif vulnerability.severity == 2 %}
+                                            MEDIUM
+                                        {% elif vulnerability.severity == 3 %}
+                                            HIGH
+                                        {% elif vulnerability.severity == 4 %}
+                                            CRITICAL
+                                        {% endif %}
+                                    </div>
+                                </div>
+                                <div class="vuln-card-body">
+                                    <div class="vuln-section">
+                                        <span class="vuln-badge badge-source">{{vulnerability.source|upper}}</span>
+                                        {% if vulnerability.cvss_score %}
+                                            <span class="vuln-badge badge-cvss">CVSS: {{vulnerability.cvss_score}}</span>
+                                        {% endif %}
+                                        {% if vulnerability.cve_ids.all %}
+                                        {% for cve in vulnerability.cve_ids.all %}<span class="vuln-badge badge-cvss">{{cve}}</span>{% endfor %}
+                                        {% endif %}
+                                        {% if vulnerability.cwe_ids.all %}
+                                        {% for cwe in vulnerability.cwe_ids.all %}<span class="vuln-badge badge-cwe">{{cwe}}</span>{% endfor %}
+                                        {% endif %}
+                                    </div>
+                                    <div class="vuln-section">
+                                        <p class="section-title">CVSS</p>
+                                        <div class="vuln-cvss-details">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</div>
+                                    </div>
+                                    <div class="vuln-section">
+                                        <p class="section-title">Description</p>
+                                        <p>
+                                            A SQL injection vulnerability was discovered in the login form, allowing potential attackers to manipulate database queries. This vulnerability arises from improper input validation and could potentially affect multiple areas of the application where user input interacts with database operations.
+                                        </p>
+                                    </div>
+                                    <div class="vuln-section">
+                                        <p class="section-title">Impact</p>
+                                        <p>
+                                            This vulnerability could lead to unauthorized access, data theft, or manipulation of the database. An attacker could potentially:
+                                        </p>
+                                        <ul>
+                                            <li>Bypass authentication mechanisms</li>
+                                            <li>Read, modify, or delete sensitive data</li>
+                                            <li>Execute administration operations on the database</li>
+                                            <li>Issue commands to the operating system</li>
+                                        </ul>
+                                    </div>
+                                    <div class="vuln-section">
+                                        <p class="section-title">Remediation</p>
+                                        <p>To address this vulnerability, implement the following measures:</p>
+                                        <ul>
+                                            <li>Use prepared statements or parameterized queries to prevent SQL injection attacks</li>
+                                            <li>Implement proper input validation and sanitization for all user inputs</li>
+                                            <li>Apply the principle of least privilege to database accounts used by the application</li>
+                                            <li>Regularly update and patch the database management system</li>
+                                        </ul>
+                                    </div>
+                                    <div class="vuln-section">
+                                        <p class="section-title">Vulnerable URLs</p>
+                                        <div class="vulnerable-url-li">https://example.com/login.php</div>
+                                        <div class="vulnerable-url-li">https://example.com/user.php?id=1</div>
+                                    </div>
+                                    <div class="vuln-section references-li">
+                                        <p class="section-title">References</p>
+                                        <ul>
+                                            <li>
+                                                <a href="#">OWASP SQL Injection</a>
+                                            </li>
+                                            <li>
+                                                <a href="#">CWE-89: Improper Neutralization of Special Elements used in an SQL Command</a>
+                                            </li>
+                                        </ul>
+                                    </div>
+                                </div>
+                            </div>
+                        {% endfor %}
+                    {% endfor %}
+                </article>
+            {% endif %}
             <article id="end-of-report">
                 <div class="content-wrapper">
                     <h1 class="no-fade-line">END OF REPORT</h1>

From fd30b2745a17c9c41bee598dda816037350a92b2 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 28 Aug 2024 08:55:11 +0530
Subject: [PATCH 106/211] finish all the href links inside page

---
 web/templates/report/modern.html | 78 +++++++++++++++-----------------
 1 file changed, 36 insertions(+), 42 deletions(-)

diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html
index 10c54d42c..a471ccdb7 100644
--- a/web/templates/report/modern.html
+++ b/web/templates/report/modern.html
@@ -582,7 +582,7 @@
             font-weight: bold;
             text-transform: uppercase;
             margin-right: 3mm;
-            margin-top: 1mm;
+            margin-bottom: 2mm;
         }
         .badge-source {
             background-color: #2ecc71;
@@ -638,6 +638,10 @@
             color: #3498db;
             text-decoration: none;
         }
+        .no-style-a{
+            color: #3498db;
+            text-decoration: none;
+        }
         </style>
     </head>
     <body>
@@ -688,16 +692,10 @@ <h1 class="toc-title page-title">Table of Contents</h1>
                         <a href="#summary-of-finding-page" class="toc-link">Summary of Findings</a>
                         <span class="toc-number" data-href="#summary-of-finding-page"></span>
                     </div>
-                    {% if show_vuln %}
-                        <div class="toc-item">
-                            <a href="#vulnerability-breakdown-chart-page" class="toc-link">Vulnerability Summary</a>
-                            <span class="toc-number" data-href="#vulnerability-breakdown-chart-page"></span>
-                        </div>
-                    {% endif %}
                     {% if show_recon %}
                         <div class="toc-item">
-                            <a href="#reconnaissance-results" class="toc-link">Reconnaissance Results</a>
-                            <span class="toc-number" data-href="#reconnaissance-results"></span>
+                            <a href="#reconnaissance-findings" class="toc-link">Reconnaissance Findings</a>
+                            <span class="toc-number" data-href="#reconnaissance-findings"></span>
                         </div>
                     {% endif %}
                     {% if show_vuln %}
@@ -944,7 +942,7 @@ <h4>
                         {% for subdomain in subdomains %}
                             <tr class=" {% if subdomain.http_status >= 200 and subdomain.http_status < 300 %} low-td {% elif subdomain.http_status >= 300 and subdomain.http_status < 400 %} medium-td {% elif subdomain.http_status >= 400 and subdomain.http_status < 500 %} high-td {% else %} unknown-td {% endif %} ">
                                 <td class="number-td">{{ forloop.counter }}</td>
-                                <td class="subdomain-name-td">{{ subdomain.name }}</td>
+                                <td class="subdomain-name-td"><a href="#subdomain_{{subdomain.name}}" class="no-style-a">{{ subdomain.name }}</a></td>
                                 <td class="page-title-td">
                                     {% if subdomain.page_title %}{{ subdomain.page_title }}{% endif %}
                                 </td>
@@ -1013,7 +1011,7 @@ <h3 class="primary">IP Assets</h3>
                     <h2 class="page-title" id="reconnaissance-findings">Reconnaissance Findings</h2>
                     <p>This section contains list of all the subdomains identified during the reconnaissance phase.</p>
                     {% for subdomain in subdomains %}
-                        <div class="subdomain-card">
+                        <div class="subdomain-card" id="subdomain_{{subdomain.name}}">
                             <div class="subdomain-card-header">
                                 <span class="subdomain-card-name">{{ subdomain.name }}</span>
                                 {% if subdomain.http_status %}
@@ -1073,7 +1071,7 @@ <h2 class="page-title primary">Vulnerabilities Discovered</h2>
                     {% regroup all_vulnerabilities by get_path as grouped_vulnerabilities %}
                     {% for vulnerabilities in grouped_vulnerabilities %}
                         {% for vulnerability in vulnerabilities.list %}
-                            <div class="vuln-card">
+                            <div class="vuln-card" id="vuln_{{ vulnerability.name.split|join:'_' }}">
                                 <div class="vuln-card-header {% if vulnerability.severity == 0 %}info-td{% elif vulnerability.severity == 1 %}low-td{% elif vulnerability.severity == 2 %}medium-td{% elif vulnerability.severity == 3 %}high-td{% elif vulnerability.severity == 4 %}critical-td{% endif %}">
                                     <h4>
                                         {{ vulnerability.name }}
@@ -1102,63 +1100,59 @@ <h4>
                                     <div class="vuln-section">
                                         <span class="vuln-badge badge-source">{{vulnerability.source|upper}}</span>
                                         {% if vulnerability.cvss_score %}
-                                            <span class="vuln-badge badge-cvss">CVSS: {{vulnerability.cvss_score}}</span>
+                                            <span class="vuln-badge badge-cvss">CVSS: {{vulnerability.cvss_score|upper}}</span>
                                         {% endif %}
                                         {% if vulnerability.cve_ids.all %}
-                                        {% for cve in vulnerability.cve_ids.all %}<span class="vuln-badge badge-cvss">{{cve}}</span>{% endfor %}
+                                        {% for cve in vulnerability.cve_ids.all %}<span class="vuln-badge badge-cvss">{{cve|upper}}</span>{% endfor %}
                                         {% endif %}
                                         {% if vulnerability.cwe_ids.all %}
-                                        {% for cwe in vulnerability.cwe_ids.all %}<span class="vuln-badge badge-cwe">{{cwe}}</span>{% endfor %}
+                                        {% for cwe in vulnerability.cwe_ids.all %}<span class="vuln-badge badge-cwe">{{cwe|upper}}</span>{% endfor %}
                                         {% endif %}
                                     </div>
+                                    {% if vulnerability.cvss_metrics %}
                                     <div class="vuln-section">
                                         <p class="section-title">CVSS</p>
-                                        <div class="vuln-cvss-details">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</div>
+                                        <div class="vuln-cvss-details">{{vulnerability.cvss_metrics}}</div>
                                     </div>
+                                    {% endif %}
+                                    {% if vulnerability.description %}
                                     <div class="vuln-section">
                                         <p class="section-title">Description</p>
                                         <p>
-                                            A SQL injection vulnerability was discovered in the login form, allowing potential attackers to manipulate database queries. This vulnerability arises from improper input validation and could potentially affect multiple areas of the application where user input interacts with database operations.
-                                        </p>
-                                    </div>
-                                    <div class="vuln-section">
-                                        <p class="section-title">Impact</p>
-                                        <p>
-                                            This vulnerability could lead to unauthorized access, data theft, or manipulation of the database. An attacker could potentially:
+                                            {{vulnerability.description|linebreaks}}
                                         </p>
-                                        <ul>
-                                            <li>Bypass authentication mechanisms</li>
-                                            <li>Read, modify, or delete sensitive data</li>
-                                            <li>Execute administration operations on the database</li>
-                                            <li>Issue commands to the operating system</li>
-                                        </ul>
                                     </div>
+                                    {% endif %}
+                                     {% if vulnerability.impact %}
+                                        <div class="vuln-section">
+                                            <p class="section-title">Impact</p>
+                                            <p>
+                                                {{vulnerability.impact|linebreaks}}
+                                            </p>
+                                        </div>
+                                    {% endif %}
+                                    {% if vulnerability.remediation %}
                                     <div class="vuln-section">
                                         <p class="section-title">Remediation</p>
-                                        <p>To address this vulnerability, implement the following measures:</p>
-                                        <ul>
-                                            <li>Use prepared statements or parameterized queries to prevent SQL injection attacks</li>
-                                            <li>Implement proper input validation and sanitization for all user inputs</li>
-                                            <li>Apply the principle of least privilege to database accounts used by the application</li>
-                                            <li>Regularly update and patch the database management system</li>
-                                        </ul>
+                                        <p>{{vulnerability.remediation|linebreaks}}</p>
                                     </div>
+                                    {% endif %}
                                     <div class="vuln-section">
                                         <p class="section-title">Vulnerable URLs</p>
-                                        <div class="vulnerable-url-li">https://example.com/login.php</div>
-                                        <div class="vulnerable-url-li">https://example.com/user.php?id=1</div>
+                                        <div class="vulnerable-url-li">{{vulnerability.http_url}}</div>
                                     </div>
+                                    {% if vulnerability.references.all %}
                                     <div class="vuln-section references-li">
                                         <p class="section-title">References</p>
                                         <ul>
+                                            {% for ref in vulnerability.references.all %}
                                             <li>
-                                                <a href="#">OWASP SQL Injection</a>
-                                            </li>
-                                            <li>
-                                                <a href="#">CWE-89: Improper Neutralization of Special Elements used in an SQL Command</a>
+                                                <a href="{{ref}}" target="_blank" rel="noopener noreferrer">{{ref}}</a>
                                             </li>
+                                            {% endfor %}
                                         </ul>
                                     </div>
+                                    {% endif %}
                                 </div>
                             </div>
                         {% endfor %}

From 30f84f77be3cb4ba380d7f981d35b80902c11769 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 28 Aug 2024 09:05:07 +0530
Subject: [PATCH 107/211] Update dependencies for charts and sort interesting
 subdomains by HTTP status code util function

---
 web/reNgine/utilities.py           |   13 +
 web/requirements.txt               |    2 +
 web/startScan/views.py             |   26 +-
 web/templates/report/modern.html   |    2 +-
 web/templates/report/template.html | 1050 ----------------------------
 5 files changed, 41 insertions(+), 1052 deletions(-)
 delete mode 100644 web/templates/report/template.html

diff --git a/web/reNgine/utilities.py b/web/reNgine/utilities.py
index a3101625f..58a4503b0 100644
--- a/web/reNgine/utilities.py
+++ b/web/reNgine/utilities.py
@@ -159,3 +159,16 @@ def is_out_of_scope(self, subdomain):
 		if subdomain in self.plain_patterns:
 			return True
 		return any(pattern.search(subdomain) for pattern in self.regex_patterns)
+
+
+def sorting_key(subdomain):
+	# sort subdomains based on their http status code with priority 200 < 300 < 400 < rest
+	status = subdomain['http_status']
+	if 200 <= status <= 299:
+		return 1
+	elif 300 <= status <= 399:
+		return 2
+	elif 400 <= status <= 499:
+		return 3
+	else:
+		return 4
\ No newline at end of file
diff --git a/web/requirements.txt b/web/requirements.txt
index 9b53e163f..6fff50162 100644
--- a/web/requirements.txt
+++ b/web/requirements.txt
@@ -40,3 +40,5 @@ weasyprint==53.3
 wafw00f==2.2.0
 xmltodict==0.13.0
 django-environ==0.11.2
+plotly==5.23.0
+kaleido
\ No newline at end of file
diff --git a/web/startScan/views.py b/web/startScan/views.py
index 3e88d2a03..4e163060b 100644
--- a/web/startScan/views.py
+++ b/web/startScan/views.py
@@ -4,7 +4,7 @@
 from weasyprint import HTML, CSS
 from datetime import datetime
 from django.contrib import messages
-from django.db.models import Count
+from django.db.models import Count, Case, When, IntegerField
 from django.http import HttpResponse, HttpResponseRedirect, JsonResponse
 from django.shortcuts import get_object_or_404, render
 from django.template.loader import get_template
@@ -13,6 +13,7 @@
 from django_celery_beat.models import (ClockedSchedule, IntervalSchedule, PeriodicTask)
 from rolepermissions.decorators import has_permission_decorator
 
+
 from reNgine.celery import app
 from reNgine.charts import *
 from reNgine.common_func import *
@@ -1017,6 +1018,29 @@ def create_report(request, id):
         .count()
     )
     interesting_subdomains = get_interesting_subdomains(scan_history=id)
+    interesting_subdomains = interesting_subdomains.annotate(
+        sort_order=Case(
+            When(http_status__gte=200, http_status__lt=300, then=1),
+            When(http_status__gte=300, http_status__lt=400, then=2),
+            When(http_status__gte=400, http_status__lt=500, then=3),
+            default=4,
+            output_field=IntegerField(),
+        )
+    ).order_by('sort_order', 'http_status')
+
+    subdomains = subdomains.annotate(
+        sort_order=Case(
+            When(http_status__gte=200, http_status__lt=300, then=1),
+            When(http_status__gte=300, http_status__lt=400, then=2),
+            When(http_status__gte=400, http_status__lt=500, then=3),
+            default=4,
+            output_field=IntegerField(),
+        )
+    ).order_by('sort_order', 'http_status')
+
+
+
+
     ip_addresses = (
         IpAddress.objects
         .filter(ip_addresses__in=subdomains)
diff --git a/web/templates/report/modern.html b/web/templates/report/modern.html
index a471ccdb7..eb13345ed 100644
--- a/web/templates/report/modern.html
+++ b/web/templates/report/modern.html
@@ -2,7 +2,7 @@
 <html lang="en">
     <head>
         <meta charset="UTF-8" />
-        <title>Penetration Testing Report</title>
+        <title>Report</title>
         <link href="https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500&display=swap"
               rel="stylesheet" />
         <style>
diff --git a/web/templates/report/template.html b/web/templates/report/template.html
deleted file mode 100644
index 4a7cf8b35..000000000
--- a/web/templates/report/template.html
+++ /dev/null
@@ -1,1050 +0,0 @@
-<html>
-  <head>
-    <meta charset="utf-8">
-    <title>Report</title>
-    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500&display=swap" rel="stylesheet">
-    <style>
-      @page {
-        size: A4;
-
-        @top-left {
-          background: {{primary_color}};
-          content: counter(page);
-          height: 1cm;
-          text-align: center;
-          width: 1cm;
-        }
-
-        @top-center {
-          background: {{primary_color}};
-          content: '';
-          display: block;
-          height: .05cm;
-          opacity: .5;
-          width: 100%;
-        }
-
-        @top-right {
-          content: string(heading);
-          font-size: 9pt;
-          height: 1cm;
-          vertical-align: middle;
-          width: 100%;
-        }
-
-        {% if show_footer %}
-          @bottom-left {
-            content: "{{footer_text}}";
-            font-size: 9pt;
-            height: 1cm;
-            vertical-align: middle;
-            width: 100%;
-          }
-        {% endif %}
-      }
-
-      @page :blank {
-        @top-left {
-          background: none;
-          content: ''
-        }
-
-        @top-center {
-          content: none
-        }
-
-        @top-right {
-          content: none
-        }
-      }
-
-      @page no-chapter {
-        @top-left {
-          background: none;
-          content: none
-        }
-
-        @top-center {
-          content: none
-        }
-
-        @top-right {
-          content: none
-        }
-      }
-
-      @page :first {
-        background-color: {{secondary_color}};
-        background-size: cover;
-        margin: 0;
-      }
-
-      @page chapter {
-        background: {{primary_color}};
-        margin: 0;
-
-        @top-left {
-          content: none
-        }
-
-        @top-center {
-          content: none
-        }
-
-        @top-right {
-          content: none
-        }
-      }
-
-      html {
-        color: #393939;
-        font-family: 'Inter';
-        font-weight: 300;
-        font-size: 11pt;
-        font-weight: 300;
-        line-height: 1.5;
-      }
-
-      h1 {
-        font-family: 'Inter';
-        font-weight: 200;
-        font-size: 38pt;
-        margin: 5cm 2cm 0 2cm;
-        page: no-chapter;
-        width: 100%;
-        line-height: normal;
-      }
-
-      h2,
-      h3,
-      h4 {
-        font-family: 'Inter';
-        font-weight: 200;
-        color: black;
-        font-weight: 400;
-        line-height: normal;
-      }
-
-      #cover {
-        align-content: space-between;
-        display: flex;
-        flex-wrap: wrap;
-        height: 297mm;
-      }
-
-      #cover-subheading {
-        font-family: 'Inter';
-        font-weight: 200;
-        font-size: 22pt;
-        width: 100%;
-      }
-
-      #cover footer {
-        background: {{primary_color}};
-        flex: 1 33%;
-        margin: 0 -2cm;
-        padding: 1cm 0;
-        white-space: pre-wrap;
-      }
-
-      #cover footer:first-of-type {
-        padding-left: 3cm;
-      }
-
-      #cover-line {
-        margin-top: 6px;
-        border-bottom: 1px double {{primary_color}};
-      }
-
-      #summary {
-        display: flex;
-        flex-wrap: wrap;
-        justify-content: space-between;
-      }
-
-      #contents {
-        page: no-chapter;
-      }
-
-      #contents h2 {
-        font-size: 20pt;
-        Intereight: 400;
-        margin-bottom: 3cm;
-      }
-
-      #contents h3 {
-        font-weight: 400;
-        margin: 3em 0 1em;
-      }
-
-      #contents h3::before {
-        background: {{primary_color}};
-        content: '';
-        display: block;
-        height: .08cm;
-        margin-bottom: .25cm;
-        width: 2cm;
-      }
-
-      #contents ul {
-        list-style: none;
-        padding-left: 0;
-      }
-
-      #contents ul li {
-        border-top: .25pt solid #c1c1c1;
-        margin: .25cm 0;
-        padding-top: .25cm;
-      }
-
-      #contents ul li::before {
-        color: {{primary_color}};
-        content: '• ';
-        font-size: 30pt;
-        line-height: 16pt;
-        vertical-align: bottom;
-      }
-
-      #contents ul li a {
-        color: inherit;
-        text-decoration-line: inherit;
-      }
-
-      #contents ul li a::before {
-        content: target-text(attr(href));
-      }
-
-      #contents ul li a::after {
-        color: {{primary_color}};
-        content: target-counter(attr(href), page);
-        float: right;
-      }
-
-      #columns section {
-        columns: 2;
-        column-gap: 1cm;
-        padding-top: 1cm;
-      }
-
-      #columns section p {
-        text-align: justify;
-      }
-
-      #columns section p:first-of-type {
-        font-weight: 700;
-      }
-
-      #chapter {
-        align-items: center;
-        display: flex;
-        height: 297mm;
-        justify-content: center;
-        page: chapter;
-      }
-
-      #boxes {
-        display: flex;
-        flex-wrap: wrap;
-        justify-content: space-between;
-      }
-
-      #boxes section h4 {
-        margin-bottom: 0;
-      }
-
-      #boxes section p {
-        background: {{primary_color}};
-        display: block;
-        font-size: 15pt;
-        margin-bottom: 0;
-        padding: .25cm 0;
-        text-align: center;
-        height: 85px;
-        color: #37474F;
-      }
-
-      .bg-critical {
-        background: #EF9A9A !important;
-      }
-
-      .bg-high {
-        background: #FFAB91 !important;
-      }
-
-      .bg-medium {
-        background: #FFCC80 !important;
-      }
-
-      .bg-low {
-        background: #FFE082 !important;
-      }
-
-      .bg-success {
-        background-color: #A5D6A7 !important;
-      }
-
-      .bg-grey {
-        background-color: #B0BEC5 !important;
-      }
-
-      .bg-info {
-        background-color: #90CAF9 !important;
-      }
-
-      .critical-color {
-        color: #EF9A9A;
-      }
-
-      .high-color {
-        color: #dc3545;
-      }
-
-      .medium-color {
-        color: #FFCC80;
-      }
-
-      .low-color {
-        color: #FFE082;
-      }
-
-      .success-color {
-        color: #A5D6A7;
-      }
-
-      .grey-color {
-        color: #212121;
-      }
-
-      .info-color {
-        color: #90CAF9;
-      }
-
-      .primary-color {
-        color: {{primary_color}};
-      }
-
-      .text-blue{
-        color: #007bff!important;
-      }
-
-      .badge {
-        display: inline-block;
-        padding-left: 12px;
-        padding-right: 12px;
-        text-align: center
-      }
-
-      .critical-hr-line {
-        border-bottom: 3px solid #EF9A9A !important;
-      }
-
-      .high-hr-line {
-        border-bottom: 3px solid #FFAB91 !important;
-      }
-
-      .medium-hr-line {
-        border-bottom: 3px solid #FFCC80 !important;
-      }
-
-      .low-hr-line {
-        border-bottom: 3px solid #FFE082 !important;
-      }
-
-      .info-hr-line {
-        border-bottom: 3px solid #90CAF9 !important;
-      }
-
-      .grey-hr-line {
-        border-bottom: 3px solid #212121 !important;
-      }
-
-      .inside-box-counter {
-        font-size: 28pt;
-      }
-
-      .table {
-        margin: 0 0 40px 0;
-        width: 100%;
-        box-shadow: 0 1px 3px rgba(0, 0, 0, 0.2);
-        display: table;
-        border-spacing: 0 0.4em;
-      }
-
-      .row {
-        display: table-row;
-        background: #f6f6f6;
-      }
-
-      .cell {
-        padding: 6px 6px 6px 6px;
-        display: table-cell;
-      }
-
-      .header {
-        Intereight: 900;
-        color: #ffffff;
-      }
-
-      .page_title{
-        font-weight: 300;
-        font-size: 20pt;
-      }
-
-      .subheading{
-        font-weight: 300;
-        font-size: 14pt;
-      }
-
-      .content-heading{
-        font-weight: 300;
-        font-size: 12pt;
-      }
-
-      .mini-heading{
-        font-weight: 400;
-        font-size: 11pt;
-      }
-
-      .table-border{
-        border-style:solid;
-        border-width: 1px;
-        border-color: #90CAF9 !important;
-      }
-
-      a{
-        color: #007bff;
-        text-decoration: none;
-      }
-
-      .ml-8{
-        margin-left: 8px;
-      }
-
-    </style>
-  </head>
-
-  <body>
-    <article id="cover">
-      <h1 style="color:{{primary_color}}">{{report_name}}
-        <br>
-        {{scan_object.domain.name}}
-        <div id="cover-line"></div>
-        {# generated date #}
-        <span id="cover-subheading">{% now "F j, Y" %}</span>
-      </h1>
-      <footer>
-        {{company_name}}
-        {{company_address}}
-      </footer>
-      <footer>
-        {{company_email}}
-        {{company_website}}
-      </footer>
-      <footer>
-        {% if show_rengine_banner %}Generated by reNgine
-        https://github.com/yogeshojha/rengine
-        {% endif %}
-      </footer>
-    </article>
-
-    <article id="contents">
-      <h2>&nbsp;</h2>
-      <h3>Table of contents</h3>
-      <ul>
-        {% if show_executive_summary %}
-          <li><a href="#executive-summary"></a></li>
-        {% endif %}
-
-        <li><a href="#quick-summary"></a></li>
-        <li><a href="#assessment-timeline"></a></li>
-
-        {% if interesting_subdomains and show_recon %}
-          <li><a href="#interesting-recon-data"></a></li>
-        {% endif %}
-
-        {% if all_vulnerabilities.count > 0 and show_vuln %}
-          <li><a href="#vulnerability-summary"></a></li>
-        {% endif %}
-
-        {% if show_recon %}
-          <li><a href="#reconnaissance-results"></a></li>
-        {% endif %}
-
-        {% if all_vulnerabilities.count > 0 and show_vuln %}
-          <li><a href="#vulnerabilities-discovered"></a></li>
-        {% endif %}
-      </ul>
-    </article>
-
-    {% if show_executive_summary %}
-      <article id="summary" style="page-break-before: always">
-        <h2 id="executive-summary" class="page_title">Executive summary</h2>
-        <br>
-        {{executive_summary_description | safe }}
-      </article>
-    {% endif %}
-
-    <article id="summary" style="page-break-before: always">
-      <h2 id="quick-summary" class="page_title">Quick Summary</h2>
-      <p>This section contains quick summary of scan performed on <span class="primary-color">{{scan_object.domain.name}}</span></p>
-      <br>
-    </article>
-
-    {# recon section #}
-    {% if show_recon %}
-      <h4 id="reconnaissance-summary" class="subheading">Reconnaissance</h4>
-      <div id="boxes">
-        <section style="width: 30%">
-          <p class="bg-success">Subdomains
-            <br>
-            <span class="inside-box-counter">
-              {{scan_object.get_subdomain_count}}
-            </span>
-          </p>
-        </section>
-        <section style="width: 30%">
-          <p class="bg-grey">Endpoints
-            <br>
-            <span class="inside-box-counter">
-              {{scan_object.get_endpoint_count}}
-            </span>
-          </p>
-        </section>
-        <section style="width: 30%">
-          <p class="bg-critical">Vulnerabilities
-            <br>
-            <span class="inside-box-counter">
-              {{all_vulnerabilities_count}}
-            </span>
-          </p>
-        </section>
-      </div>
-    {% endif %}
-
-    <!-- vulnerability section, hide if only recon report -->
-    {% if show_vuln %}
-      <article>
-        <br>
-        <h4 id="vulnerability-summary" class="subheading">Vulnerability Summary</h4>
-        <div id="boxes">
-          <section style="width: 30%">
-            <p class="bg-critical">Critical
-              <br>
-              <span class="inside-box-counter">
-                {{scan_object.get_critical_vulnerability_count}}
-              </span>
-            </p>
-          </section>
-          <section style="width: 30%">
-            <p class="bg-high">High
-              <br>
-              <span class="inside-box-counter">
-                {{scan_object.get_high_vulnerability_count}}
-              </span>
-            </p>
-          </section>
-          <section style="width: 30%">
-            <p class="bg-medium">Medium
-              <br>
-              <span class="inside-box-counter">
-                {{scan_object.get_medium_vulnerability_count}}
-              </span>
-            </p>
-          </section>
-          <section style="width:30%">
-            <p class="bg-low">Low
-              <br>
-              <span class="inside-box-counter">
-                {{scan_object.get_low_vulnerability_count}}
-              </span>
-            </p>
-          </section>
-          <section style="width: 30%">
-            <p class="bg-info">Info
-              <br>
-              <span class="inside-box-counter">
-                {% if is_ignore_info_vuln %}
-                  0
-                {% else %}
-                  {{scan_object.get_info_vulnerability_count}}
-                {% endif %}
-              </span>
-            </p>
-          </section>
-          <section style="width: 30%">
-            <p class="bg-grey">Unknown
-              <br>
-              <span class="inside-box-counter">
-                {{scan_object.get_unknown_vulnerability_count}}
-              </span>
-            </p>
-          </section>
-        </div>
-      </article>
-    {% endif %}
-
-    <article>
-      <h3 id="assessment-timeline" class="page_title">Timeline of the Assessment</h3>
-      <p>
-        Scan started on: {{scan_object.start_scan_date|date:"F j, Y h:i"}}
-        <br>
-        Total time taken:
-        {% if scan_object.scan_status == 0 %}
-          {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }}
-        {% elif scan_object.scan_status == 1 %}
-          {{ scan_object.get_elapsed_time }}
-        {% elif scan_object.scan_status == 2 %}
-          {% if scan_object.get_completed_time_in_sec < 60 %}
-            Completed in < 1 minutes {% else %} Completed in {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }} {% endif %} {% elif scan_object.scan_status == 3 %} Aborted in
-          {{ scan_object.start_scan_date|timesince:scan_object.stop_scan_date }} {% endif %} <br>
-        Report Generated on: {% now "F j, Y" %}
-      </p>
-    </article>
-
-    {# show interesting_subdomains section only when show_recon result is there #}
-    {% if interesting_subdomains and show_recon %}
-      <article style="page-break-before: always" class="summary">
-        <h3 id="interesting-recon-data" class="page_title">Interesting Recon Data</h3>
-        <p>Listed below are the {{interesting_subdomains.count}} interesting subdomains identified on <span class="primary-color">{{scan_object.domain.name}}</span></p>
-        <div class="table">
-          <div class="row header bg-success">
-            <div class="cell grey-color" style="width: 5%">
-              #
-            </div>
-            <div class="cell grey-color" style="width: 33%">
-              Subdomain
-            </div>
-            <div class="cell grey-color" style="width: 33%">
-              Page title
-            </div>
-            <div class="cell grey-color" style="width: 15%">
-              HTTP Status
-            </div>
-          </div>
-          {% for subdomain in interesting_subdomains %}
-            <div class="row">
-              <div class="cell" style="width: 5%">
-                {{ forloop.counter }}
-              </div>
-              <div class="cell" style="width: 35%">
-                {{subdomain.name}}
-              </div>
-              <div class="cell" style="width: 35%">
-                {% if subdomain.page_title %}
-                  {{subdomain.page_title}}
-                {% else %}
-                  &nbsp;&nbsp;&nbsp;
-                {% endif %}
-              </div>
-              <div class="cell" style="width: 15%;">
-                {% if subdomain.http_status %}
-                  {{subdomain.http_status}}
-                {% else %}
-                  &nbsp;&nbsp;&nbsp;
-                {% endif %}
-              </div>
-            </div>
-          {% endfor %}
-        </div>
-      </article>
-    {% endif %}
-
-    {# vulnerability_summary only when vuln_report #}
-    {% if show_vuln %}
-      <article style="page-break-before: always" class="summary">
-        <h3 id="vulnerability-summary" class="page_title">Summary of Vulnerabilities Identified</h3>
-        {% if all_vulnerabilities.count > 0 %}
-        <p>Listed below are the vulnerabilities identified on <span class="primary-color">{{scan_object.domain.name}}</span></p>
-        <div class="table">
-          <div class="row header bg-critical">
-            <div class="cell grey-color" style="width: 5%">
-              #
-            </div>
-            <div class="cell grey-color" style="width: 50%;">
-              Vulnerability Name
-            </div>
-            <div class="cell grey-color" style="width: 19%;">
-              Times Identified
-            </div>
-            <div class="cell grey-color" style="width: 15%">
-              Severity
-            </div>
-          </div>
-          {% for vulnerability in unique_vulnerabilities %}
-            <div class="row">
-              <div class="cell" style="width: 5%">
-                {{ forloop.counter }}
-              </div>
-              <div class="cell" style="width: 50%">
-                <a href="#vuln_{{vulnerability.name.split|join:'_'}}">{{vulnerability.name}}</a>
-              </div>
-              <div class="cell" style="float: right; width: 19%;">
-                {{vulnerability.count}}
-              </div>
-              {% if vulnerability.severity == -1 %}
-                <div class="cell bg-grey" style="width: 15%">
-                  <span class="severity-title-box">Unknown</span>
-              {% elif vulnerability.severity == 0 %}
-                <div class="cell bg-info" style="width: 15%">
-                  <span class="severity-title-box">Informational</span>
-              {% elif vulnerability.severity == 1 %}
-                <div class="cell bg-low" style="width: 15%">
-                  <span class="severity-title-box">Low</span>
-              {% elif vulnerability.severity == 2 %}
-                <div class="cell bg-medium" style="width: 15%">
-                  <span class="severity-title-box">Medium</span>
-              {% elif vulnerability.severity == 3 %}
-                <div class="cell bg-high" style="width: 15%">
-                  <span class="severity-title-box">High</span>
-              {% elif vulnerability.severity == 4 %}
-                <div class="cell bg-critical" style="width: 15%">
-                  <span class="severity-title-box">Critical</span>
-              {% endif %}
-            </div>
-            </div>
-          {% endfor %}
-        {% else %}
-        <h3 class='info-color'>No Vulnerabilities were Discovered.</h3>
-        {% endif %}
-      </div>
-
-      </article>
-    {% endif %}
-
-    {# show discovered assets only for show_recon report #}
-    {% if show_recon %}
-      <article class="summary" style="page-break-before: always">
-        <h3 id="reconnaissance-results" class="page_title">Discovered Assets</h3>
-        <h4 class="subheading">Subdomains</h4>
-        <p>
-          During the reconnaissance phase, {{scan_object.get_subdomain_count}} subdomains were discovered.
-          Out of {{scan_object.get_subdomain_count}} subdomains, {{subdomain_alive_count}} returned HTTP status 200.
-          {{interesting_subdomains.count}} interesting subdomains were also identified based on the interesting keywords used.
-        </p>
-        <h4>{{scan_object.get_subdomain_count}} subdomains identified on <span class="primary-color">{{scan_object.domain.name}}</span></h4>
-        <div class="table">
-          <div class="row header bg-info">
-            <div class="cell grey-color" style="width: 38%">
-              Subdomain
-            </div>
-            <div class="cell grey-color" style="width: 38%">
-              Page title
-            </div>
-            <div class="cell grey-color" style="width: 18%">
-              HTTP Status
-            </div>
-          </div>
-          {% for subdomain in subdomains %}
-            <div class="row">
-              <div class="cell" style="width: 38%">
-                {{subdomain.name}}
-              </div>
-              <div class="cell" style="width: 38%">
-                {% if subdomain.page_title %}
-                  {{subdomain.page_title}}
-                {% endif %}
-              </div>
-              <div class="cell" style="width: 18%">
-                {{subdomain.http_status}}
-              </div>
-            </div>
-          {% endfor %}
-        </div>
-        {% if ip_addresses.count %}
-          <h4 class="subheading" style="margin-top: 10px;">IP Addresses</h4>
-          <h4>{{ip_addresses.count}} IP Addresses were identified on <span class="primary-color">{{scan_object.domain.name}}</span></h4>
-          <div class="table">
-            <div class="row header bg-info">
-              <div class="cell grey-color" style="width: 38%">
-                IP
-              </div>
-              <div class="cell grey-color" style="width: 38%">
-                Open Ports
-              </div>
-              <div class="cell grey-color" style="width: 18%">
-                Remarks
-              </div>
-            </div>
-            {% for ip in ip_addresses %}
-              <div class="row">
-                <div class="cell" style="width: 38%">
-                  {{ip.address}}
-                </div>
-                <div class="cell" style="width: 38%">
-                  {% for port in ip.ports.all %}
-                    {{port.number}}/{{port.service_name}}{% if not forloop.last %},{% endif %}
-                  {% endfor %}
-                </div>
-                {% if ip.is_cdn %}
-                  <div class="cell medium" style="width: 18%">
-                    CDN IP Address
-                {% else %}
-                  <div class="cell" style="width: 18%">
-                {% endif %}
-              </div>
-              </div>
-            {% endfor %}
-          </div>
-        {% endif %}
-      </article>
-      <br>
-    {% endif %}
-
-    {# reconnaissance finding only when show_recon #}
-    {% if show_recon %}
-      <article class="summary" style="page-break-before: always">
-        <h3 class="page_title">Reconnaissance Findings</h3>
-        {% for subdomain in subdomains %}
-          <table class="table" cellspacing="0" style="border-collapse: collapse;">
-            <tr>
-              <td style="width: 2%" class="cell table-border">{{ forloop.counter }}.</td>
-              <td style="width: 80%" class="cell table-border">{{subdomain.name}}</td>
-              {% if subdomain.http_status == 200 %}
-                <td style="width: 10%" class="cell table-border bg-success">{{subdomain.http_status}}</td>
-              {% elif subdomain.http_status >= 300 and subdomain.http_status < 400 %}
-                <td style="width: 10%" class="cell table-border bg-medium">{{subdomain.http_status}}</td>
-              {% elif subdomain.http_status >= 400 %}
-                <td style="width: 10%" class="cell table-border bg-high">{{subdomain.http_status}}</td>
-              {% elif subdomain.http_status == 0 %}
-                <td style="width: 10%" class="cell table-border">N/A</td>
-              {% else %}
-                <td style="width: 10%" class="cell table-border">{{subdomain.http_status}}</td>
-              {% endif %}
-            </tr>
-            {% if subdomain.page_title %}
-              <tr>
-                <td colspan="3" class="cell table-border"><strong>Page Title: </strong>{{subdomain.page_title}}</td>
-              </tr>
-            {% endif %}
-            {% if subdomain.ip_addresses.all %}
-              <tr>
-                <td colspan="3" class="cell table-border">
-                  IP Address:
-                  <ul>
-                    {% for ip in subdomain.ip_addresses.all %}
-                      <li>{{ip.address}}
-                        {% if ip.ports.all %}
-                          <ul>
-                            <li>Open Ports: &nbsp;
-                              {% for port in ip.ports.all %}
-                                {{port.number}}/{{port.service_name}}{% if not forloop.last %},{% endif %}
-                              {% endfor %}
-                            </li>
-                          </ul>
-                        {% endif %}
-                      </li>
-                    {% endfor %}
-                  </ul>
-                </td>
-              </tr>
-            {% endif %}
-            {% if subdomain.get_vulnerabilities_without_info %}
-              <tr>
-                <td colspan="3" class="cell table-border">
-                  Vulnerabilities
-                  {% regroup subdomain.get_vulnerabilities_without_info by name as vuln_list %}
-                  <ul>
-                    {% for vulnerability in vuln_list %}
-                      <li>
-                        <a href="#vuln_{{vulnerability.list.0.name.split|join:'_'}}">{{ vulnerability.grouper }}</a>
-                      </li>
-                    {% endfor %}
-                  </ul>
-                </td>
-              </tr>
-            {% endif %}
-          </table>
-        {% endfor %}
-      </article>
-    {% endif %}
-
-    {% if all_vulnerabilities.count > 0 and show_vuln %}
-      <article style="page-break-before: always" class="summary">
-        <h3 id="vulnerabilities-discovered" class="page_title">Vulnerabilities Discovered</h3>
-        <p>
-          This section reports the security issues found during the audit.
-          <br>
-          A Total of {{scan_object.get_vulnerability_count}} were discovered in {{scan_object.domain.name}},
-          {{scan_object.get_critical_vulnerability_count}} of them were Critical,
-          {{scan_object.get_high_vulnerability_count}} of them were High Severity,
-          {{scan_object.get_medium_vulnerability_count}} of them were Medium severity,
-          {% if is_ignore_info_vuln %}0{% else %}{{scan_object.get_info_vulnerability_count}}{% endif %} of them were Low severity, and
-          {{scan_object.get_info_vulnerability_count}} of them were Informational.
-          {{scan_object.get_unknown_vulnerability_count}} of them were Unknown Severity.
-        </p>
-        <h4 class="subheading">Vulnerability Breakdown by Severity</h4>
-        <div id="boxes">
-          <section style="width: 30%">
-            <p class="bg-critical">Critical
-              <br>
-              <span class="inside-box-counter">
-                {{scan_object.get_critical_vulnerability_count}}
-              </span>
-            </p>
-          </section>
-          <section style="width: 30%">
-            <p class="bg-high">High
-              <br>
-              <span class="inside-box-counter">
-                {{scan_object.get_high_vulnerability_count}}
-              </span>
-            </p>
-          </section>
-          <section style="width: 30%">
-            <p class="bg-medium">Medium
-              <br>
-              <span class="inside-box-counter">
-                {{scan_object.get_medium_vulnerability_count}}
-              </span>
-            </p>
-          </section>
-          <section style="width: 30%">
-            <p class="bg-low">Low
-              <br>
-              <span class="inside-box-counter">
-                {{scan_object.get_low_vulnerability_count}}
-              </span>
-            </p>
-          </section>
-          <section style="width: 30%">
-            <p class="bg-info">Info
-              <br>
-              <span class="inside-box-counter">
-                {% if is_ignore_info_vuln %}
-                  0
-                {% else %}
-                  {{scan_object.get_info_vulnerability_count}}
-                {% endif %}
-              </span>
-            </p>
-          </section>
-          <section style="width: 30%">
-            <p class="bg-grey">Unknown
-              <br>
-              <span class="inside-box-counter">
-                {{scan_object.get_unknown_vulnerability_count}}
-              </span>
-            </p>
-          </section>
-        </div>
-      </article>
-
-
-      {# start vulnerability #}
-      {% if show_vuln %}
-        <article class="">
-          {% regroup all_vulnerabilities by get_path as grouped_vulnerabilities %}
-          {% for vulnerabilities in grouped_vulnerabilities %}
-            {% for vulnerability in vulnerabilities.list %}
-              <div>
-                <h4 class="content-heading" id="vuln_{{vulnerability.name.split|join:'_'}}">
-                  <span>{{vulnerability.name}}
-                    {% if vulnerabilities.grouper %}
-                    <br>in {{vulnerabilities.grouper}}
-                    {% endif %}
-                  </span>
-                  {% if vulnerability.severity == -1 %}
-                    <span style="float: right;" class="badge bg-grey">Unknown</span>
-                    <div class="grey-hr-line" ></div>
-                  {% elif vulnerability.severity == 0 %}
-                    <span style="float: right;" class="badge bg-info">INFO</span>
-                    <div class="info-hr-line" ></div>
-                  {% elif vulnerability.severity == 1 %}
-                    <span style="float: right;" class="badge bg-low">LOW</span>
-                    <div class="low-hr-line" ></div>
-                  {% elif vulnerability.severity == 2 %}
-                    <span style="float: right;" class="badge bg-medium">MEDIUM</span>
-                    <div class="medium-hr-line" ></div>
-                  {% elif vulnerability.severity == 3 %}
-                    <span style="float: right;" class="badge bg-high">HIGH</span>
-                    <div class="high-hr-line" ></div>
-                  {% elif vulnerability.severity == 4 %}
-                    <span style="float: right;" class="badge bg-critical">CRITICAL</span>
-                    <div class="critical-hr-line" ></div>
-                  {% endif %}
-                </h4>
-                <!-- show vulnerability classification -->
-                <span class="mini-heading">Vulnerability Source: {{vulnerability.source|upper}}</span><br>
-                {% if vulnerability.cvss_metrics or vulnerability.cvss_score or vulnerability.cve_ids.all or vulnerability.cve_ids.all %}
-                  <span class="mini-heading">Vulnerability Classification</span><br>
-                  {% if vulnerability.cvss_metrics %}
-                    <span class="mini-heading ml-8">CVSS Metrics: {{vulnerability.cvss_metrics}}</span>
-                  {% endif %}
-                  {% if vulnerability.cvss_score %}
-                  <br>
-                    <span class="mini-heading ml-8">CVSS Score:</span>&nbsp;<span class="high-color">{{vulnerability.cvss_score}}</span>
-                  {% endif %}
-                  {% if vulnerability.cve_ids.all %}
-                  <br>
-                  <span class="mini-heading ml-8">CVE IDs</span><br>
-                    &nbsp;&nbsp;&nbsp;&nbsp;{% for cve in vulnerability.cve_ids.all %} {{cve}}{% if not forloop.last %}, {% endif %} {% endfor %}
-                  {% endif %}
-                  {% if vulnerability.cwe_ids.all %}
-                  <br>
-                  <span class="mini-heading ml-8">CWE IDs</span><br>
-                    &nbsp;&nbsp;&nbsp;&nbsp;{% for cwe in vulnerability.cwe_ids.all %} {{cwe}}{% if not forloop.last %}, {% endif %} {% endfor %}
-                  {% endif %}
-                  <br>
-                {% endif %}
-                {% if vulnerability.description %}
-                  <br>
-                  <span class="mini-heading">Description</span><br>
-                  {{vulnerability.description|linebreaks}}
-                {% endif %}
-                {% if vulnerability.impact %}
-                  <br>
-                  <span class="mini-heading">Impact</span><br>
-                  {{vulnerability.impact|linebreaks}}
-                {% endif %}
-                {% if vulnerability.remediation %}
-                  <br>
-                  <span class="mini-heading">Remediation</span><br>
-                  {{vulnerability.remediation|linebreaks}}
-                {% endif %}
-                <br>
-                <span class="mini-heading">Vulnerable URL(s)</span><br>
-                <ul>
-                    <li class="text-blue"><a href="{{vulnerability.http_url}}" target="_blank" rel="noopener noreferrer">{{vulnerability.http_url}}</a></li>
-                </ul>
-                <!-- {% regroup vulnerability.list by http_url as vuln_http_url_list %} -->
-                <!-- <ul>
-                  {% for vuln_urls in vuln_http_url_list %}
-                    <li>{{vuln_urls.grouper}}</li>
-                    <span class="mini-heading">Result/Findings</span><br>
-                    {% for vuln in vuln_urls.list %}
-                      {% if vuln.matcher_name %}
-                        {% if not forloop.first %} • {% endif %} {{vuln.matcher_name}}
-                      {% endif %}
-                      {% if vuln.extracted_results %}
-                        {% for res in vuln.extracted_results %}
-                          {% if not forloop.first %} • {% endif %} {{res}}
-                        {% endfor %}
-                      {% endif %}
-                    {% endfor %}
-                  {% endfor %}
-                </ul> -->
-                {% if vulnerability.references.all %}
-                  <span class="mini-heading">References</span><br>
-                  <ul>
-                    {% for ref in vulnerability.references.all %}
-                    <li>
-                      <span class="text-blue"><a href="{{ref}}" target="_blank" rel="noopener noreferrer">{{ref}}</a></span>
-                    </li>
-                    {% endfor %}
-                  </ul>
-                {% endif %}
-                <br>
-                <br>
-              </div>
-            {% endfor %}
-          {% endfor %}
-        </article>
-      {% endif %}
-
-    {% endif %}
-    <article id="chapter">
-      <h2 id="chapter-title">END OF REPORT</h2>
-    </article>
-  </body>
-
-</html>

From 0a634e72b70eba3fbbb372910aad4fa8646095d7 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 28 Aug 2024 19:34:36 +0530
Subject: [PATCH 108/211] remove unused svg files

---
 web/templates/report/heading.svg       | 26 -----------------------
 web/templates/report/style.svg         | 29 --------------------------
 web/templates/report/table-content.svg | 21 -------------------
 3 files changed, 76 deletions(-)
 delete mode 100644 web/templates/report/heading.svg
 delete mode 100644 web/templates/report/style.svg
 delete mode 100644 web/templates/report/table-content.svg

diff --git a/web/templates/report/heading.svg b/web/templates/report/heading.svg
deleted file mode 100644
index 7e6bbb79a..000000000
--- a/web/templates/report/heading.svg
+++ /dev/null
@@ -1,26 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!-- Generator: Adobe Illustrator 22.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
-<svg version="1.1" id="Calque_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
-	 viewBox="0 0 56.7 56.7" style="enable-background:new 0 0 56.7 56.7;" xml:space="preserve">
-<style type="text/css">
-	.st0{fill:none;stroke:#231F20;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:10;}
-</style>
-<rect x="12.4" y="6.1" class="st0" width="31.9" height="44.5"/>
-<line class="st0" x1="16.4" y1="10.8" x2="26.8" y2="10.8"/>
-<line class="st0" x1="37" y1="10.8" x2="40.2" y2="10.8"/>
-<g>
-	<rect x="-85.5" y="-13" class="st0" width="31.9" height="44.5"/>
-	<line class="st0" x1="-81.4" y1="-6.3" x2="-71.1" y2="-6.3"/>
-	<line class="st0" x1="-81.4" y1="-0.1" x2="-71.1" y2="-0.1"/>
-	<line class="st0" x1="-81.4" y1="6.1" x2="-71.1" y2="6.1"/>
-	<line class="st0" x1="-81.4" y1="12.3" x2="-71.1" y2="12.3"/>
-	<line class="st0" x1="-81.4" y1="18.6" x2="-71.1" y2="18.6"/>
-	<line class="st0" x1="-81.4" y1="24.8" x2="-71.1" y2="24.8"/>
-	<line class="st0" x1="-60.8" y1="-6.3" x2="-57.6" y2="-6.3"/>
-	<line class="st0" x1="-60.8" y1="-0.1" x2="-57.6" y2="-0.1"/>
-	<line class="st0" x1="-60.8" y1="6.1" x2="-57.6" y2="6.1"/>
-	<line class="st0" x1="-60.8" y1="12.3" x2="-57.6" y2="12.3"/>
-	<line class="st0" x1="-60.8" y1="18.6" x2="-57.6" y2="18.6"/>
-	<line class="st0" x1="-60.8" y1="24.8" x2="-57.6" y2="24.8"/>
-</g>
-</svg>
diff --git a/web/templates/report/style.svg b/web/templates/report/style.svg
deleted file mode 100644
index 3930090fe..000000000
--- a/web/templates/report/style.svg
+++ /dev/null
@@ -1,29 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!-- Generator: Adobe Illustrator 22.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
-<svg version="1.1" id="Calque_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
-	 viewBox="0 0 56.7 56.7" style="enable-background:new 0 0 56.7 56.7;" xml:space="preserve">
-<style type="text/css">
-	.st0{fill:none;stroke:#231F20;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:10;}
-</style>
-<rect x="12.4" y="6.1" class="st0" width="31.9" height="44.5"/>
-<line class="st0" x1="16.4" y1="13.8" x2="40.2" y2="13.8"/>
-<g>
-	<rect x="-85.5" y="-13" class="st0" width="31.9" height="44.5"/>
-	<line class="st0" x1="-81.4" y1="-6.3" x2="-71.1" y2="-6.3"/>
-	<line class="st0" x1="-81.4" y1="-0.1" x2="-71.1" y2="-0.1"/>
-	<line class="st0" x1="-81.4" y1="6.1" x2="-71.1" y2="6.1"/>
-	<line class="st0" x1="-81.4" y1="12.3" x2="-71.1" y2="12.3"/>
-	<line class="st0" x1="-81.4" y1="18.6" x2="-71.1" y2="18.6"/>
-	<line class="st0" x1="-81.4" y1="24.8" x2="-71.1" y2="24.8"/>
-	<line class="st0" x1="-60.8" y1="-6.3" x2="-57.6" y2="-6.3"/>
-	<line class="st0" x1="-60.8" y1="-0.1" x2="-57.6" y2="-0.1"/>
-	<line class="st0" x1="-60.8" y1="6.1" x2="-57.6" y2="6.1"/>
-	<line class="st0" x1="-60.8" y1="12.3" x2="-57.6" y2="12.3"/>
-	<line class="st0" x1="-60.8" y1="18.6" x2="-57.6" y2="18.6"/>
-	<line class="st0" x1="-60.8" y1="24.8" x2="-57.6" y2="24.8"/>
-</g>
-<line class="st0" x1="16.4" y1="20.9" x2="40.2" y2="20.9"/>
-<line class="st0" x1="16.4" y1="28" x2="40.2" y2="28"/>
-<line class="st0" x1="16.4" y1="35" x2="40.2" y2="35"/>
-<line class="st0" x1="16.4" y1="42.1" x2="40.2" y2="42.1"/>
-</svg>
diff --git a/web/templates/report/table-content.svg b/web/templates/report/table-content.svg
deleted file mode 100644
index 9961a203b..000000000
--- a/web/templates/report/table-content.svg
+++ /dev/null
@@ -1,21 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!-- Generator: Adobe Illustrator 22.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
-<svg version="1.1" id="Calque_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
-	 viewBox="0 0 56.7 56.7" style="enable-background:new 0 0 56.7 56.7;" xml:space="preserve">
-<style type="text/css">
-	.st0{fill:none;stroke:#231F20;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:10;}
-</style>
-<rect x="12.4" y="6.1" class="st0" width="31.9" height="44.5"/>
-<line class="st0" x1="16.4" y1="12.8" x2="26.8" y2="12.8"/>
-<line class="st0" x1="16.4" y1="19" x2="26.8" y2="19"/>
-<line class="st0" x1="16.4" y1="25.2" x2="26.8" y2="25.2"/>
-<line class="st0" x1="16.4" y1="31.5" x2="26.8" y2="31.5"/>
-<line class="st0" x1="16.4" y1="37.7" x2="26.8" y2="37.7"/>
-<line class="st0" x1="16.4" y1="43.9" x2="26.8" y2="43.9"/>
-<line class="st0" x1="37" y1="12.8" x2="40.2" y2="12.8"/>
-<line class="st0" x1="37" y1="19" x2="40.2" y2="19"/>
-<line class="st0" x1="37" y1="25.2" x2="40.2" y2="25.2"/>
-<line class="st0" x1="37" y1="31.5" x2="40.2" y2="31.5"/>
-<line class="st0" x1="37" y1="37.7" x2="40.2" y2="37.7"/>
-<line class="st0" x1="37" y1="43.9" x2="40.2" y2="43.9"/>
-</svg>

From e3e6409d700c28fd328234d796ebc6cc93b4fbfd Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 28 Aug 2024 20:37:30 +0530
Subject: [PATCH 109/211] change modal for downloading report

---
 .../templates/startScan/history.html          | 183 +++++++++++-------
 1 file changed, 109 insertions(+), 74 deletions(-)

diff --git a/web/startScan/templates/startScan/history.html b/web/startScan/templates/startScan/history.html
index d15529372..7ed670269 100644
--- a/web/startScan/templates/startScan/history.html
+++ b/web/startScan/templates/startScan/history.html
@@ -197,7 +197,7 @@ <h4 class="headline-title">Filters</h4>
                           <div class="dropdown-divider"></div>
                         {% endif %}
                         {% if scan.scan_status != -1%}
-                          <a href="#" class="dropdown-item text-dark" onclick="initiate_report({{scan_history.id}}, '{% if 'subdomain_discovery' in scan_history.scan_type.tasks %}True{% endif %}', '{% if 'vulnerability_scan' in scan_history.scan_type.tasks %}True{% endif %}', '{{ scan_history.domain.name }}')">
+                          <a href="#" class="dropdown-item text-dark" onclick="initiate_report(id={{scan_history.id}}, has_subdomain_scan={% if 'subdomain_discovery' in scan_history.scan_type.tasks %}true{% else %}false{% endif %}, has_vulnerability_scan={% if 'vulnerability_scan' in scan_history.scan_type.tasks %}true{% else %}false{% endif %}, domain_name='{{ scan_history.domain.name }}')">
                           <i class="fe-download"></i>&nbsp;Scan Report</a>
                         {% endif %}
                         </div>
@@ -213,30 +213,87 @@ <h4 class="headline-title">Filters</h4>
     </div>
   </div>
 </div>
-<div class="modal fade" id="generateReportModal" tabindex="-1" style="display: none;" aria-hidden="true">
-  <div class="modal-dialog modal-dialog-centered">
-    <div class="modal-content">
-      <div class="modal-header">
-        <h4 class="modal-title" id="myCenterModalLabel">Download Report</h4>
+<div class="modal fade" id="generateReportModal" tabindex="-1" aria-labelledby="modalLabel" aria-hidden="true">
+  <div class="modal-dialog modal-lg modal-dialog-centered">
+    <div class="modal-content border-0 shadow">
+      <div class="modal-header bg-light border-bottom-0">
+        <h5 class="modal-title" id="modalLabel">Generate Report</h5>
         <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
       </div>
       <div class="modal-body">
-        <div class="alert alert-light-primary border-0 mb-4" role="alert">
-          <div id='report_alert_message'></div>
-        </div>
-        <div class="form-group mb-4">
-          <label for="reportTypeForm">Report Type</label>
-          <select class="form-control" id="report_type_select" name="report_type">
-          </select>
+        <div class="container-fluid">
+          <h6 class="text-primary mb-3">Select Report Type</h6>
+          <div class="row g-3 mb-4">
+            <div class="col-md-4">
+              <div class="card h-100 border-0 shadow-sm">
+                <div class="card-body">
+                  <div class="form-check">
+                    <input class="form-check-input" type="radio" name="reportType" id="report_type_checkbox" value="full" checked>
+                      <label class="form-check-label w-100" for="fullScan">
+                      <h6 class="mb-2">Full Scan</h6>
+                      <p class="text-muted small mb-0">Comprehensive analysis including Recon and Vulnerabilities</p>
+                    </label>
+                  </div>
+                </div>
+                <div class="card-footer border-0 text-primary bg-soft-primary"> Complete Overview </div>
+              </div>
+            </div>
+            <div class="col-md-4">
+              <div class="card h-100 border-0 shadow-sm">
+                <div class="card-body">
+                  <div class="form-check">
+                    <input class="form-check-input" type="radio" name="reportType" id="report_type_checkbox" value="recon" disabled>
+                    <label class="form-check-label w-100" for="reconReport">
+                      <h6 class="mb-2">Reconnaissance</h6>
+                      <p class="text-muted small mb-0">Report containing detailed overview of discovered assets only</p>
+                    </label>
+                  </div>
+                </div>
+                <div class="card-footer border-0 text-info bg-soft-info"> Asset Mapping </div>
+              </div>
+            </div>
+            <div class="col-md-4">
+              <div class="card h-100 border-0 shadow-sm">
+                <div class="card-body">
+                  <div class="form-check">
+                    <input class="form-check-input" type="radio" name="reportType" id="report_type_checkbox" value="vuln" disabled>
+                    <label class="form-check-label w-100" for="vulnReport">
+                      <h6 class="mb-2">Vulnerability</h6>
+                      <p class="text-muted small mb-0">Report focused on the identified vulnerabilities and remediation</p>
+                    </label>
+                  </div>
+                </div>
+                <div class="card-footer border-0 text-danger bg-soft-danger"> Risk Assessment </div>
+              </div>
+            </div>
+          </div>
+          <div class="row g-3">
+            <div class="col-md-6">
+              <h6 class="text-primary mb-3">Report Template</h6>
+              <select id="templateSelect" class="form-select" aria-label="Select report template">
+                <option value="modern">Modern Template</option>
+                <option value="default">Default Template</option>
+              </select>
+            </div>
+            <div class="col-md-6">
+              <h6 class="text-primary mb-3">Additional Options</h6>
+              <div class="form-check form-switch" id="report_info_vuln_div">
+                <input class="form-check-input" type="checkbox" id="excludeInfoFindings" name="excludeInfoFindings" checked>
+                <label class="form-check-label" for="excludeInfoFindings"> Exclude Informational Findings </label>
+              </div>
+            </div>
+          </div>
         </div>
-        <div class="form-group mb-4">
-          <div class="form-check" id="report_info_vuln_div">
-            <input type="checkbox" class="form-check-input" id="report_ignore_info_vuln" checked="">
-            <label class="form-check-label" for="report_ignore_info_vuln">Ignore Informational Vulnerabilities</label>
+      </div>
+      <div class="modal-footer bg-light border-top-0">
+        <div class="container-fluid">
+          <div class="row justify-content-end">
+            <div class="col-auto">
+              <button type="button" class="btn btn-outline-primary me-2" id="previewReportBtn">Preview Report</button>
+              <button type="button" class="btn btn-primary" id="generateReportBtn">Download Report</button>
+            </div>
           </div>
         </div>
-        <a id='generateReportButton' href="#" class="btn btn-primary float-end m-2">Download Report</a>
-        <a id='previewReportButton' href="#" class="btn btn-secondary float-end m-2">Preview Report</a>
       </div>
     </div>
   </div>
@@ -572,67 +629,45 @@ <h4 class="modal-title" id="myCenterModalLabel">Download Report</h4>
     }
   }
 
-  // select option listener for report_type_select
-  var report_type = document.getElementById("report_type_select");
-  report_type.addEventListener("change", function() {
-    if(report_type.value == "recon")
-    {
-      $("#report_info_vuln_div").hide();
-    }
-    else{
-      $("#report_info_vuln_div").show();
-    }
+$('input[name="reportType"]').on('change', function() {
+  if (this.value === 'recon') {
+    $('input[name="excludeInfoFindings"]').prop('disabled', true);
+  } else {
+    $('input[name="excludeInfoFindings"]').prop('disabled', false);
+  }
 });
 
-  function initiate_report(id, is_subdomain_scan, is_vulnerability_scan, domain_name) {
-    $('#generateReportModal').modal('show');
-    $('#report_alert_message').empty();
-    $('#report_type_select').empty();
-    if (is_subdomain_scan == 'True'  && is_vulnerability_scan == 'True') {
-      $('#report_alert_message').append(`
-        <b>Full Scan</b> will include both Reconnaissance and Vulnerability Report.<br>
-        `);
-
-        $('#report_type_select').append($('<option>', {
-          value: 'full',
-          text: 'Full Scan Report'
-        }));
-    }
-
-    if (is_subdomain_scan == 'True') {
-      // eligible for reconnaissance report
-      $('#report_alert_message').append(`
-        <b>Reconnaissance Report</b> will only include Assets Discovered Section.<br>
-        `);
-        $('#report_type_select').append($('<option>', {
-          value: 'recon',
-          text: 'Reconnaissance Report'
-        }));
-      }
+function initiate_report(id, has_subdomain_scan, has_vulnerability_scan, domain_name) {
+  console.log(has_subdomain_scan, has_vulnerability_scan, domain_name);
+  //select full report type by default
+  $('input[name="reportType"][value="full"]').prop('checked', true);
+  $('input[name="excludeInfoFindings"]').prop('checked', true);
+  $('#generateReportModal').modal('show');
+  if (has_subdomain_scan) {
+    $('input[name="reportType"][value="recon"]').prop('disabled', false);
+  } else {
+    $('input[name="reportType"][value="recon"]').prop('disabled', true);
+  }
 
-    if (is_vulnerability_scan == 'True'){
-      // eligible for vulnerability report
-      $('#report_alert_message').append(`
-        <b>Vulnerability Report</b> will only include details of Vulnerabilities Identified.
-        `);
-        $('#report_type_select').append($('<option>', {
-          value: 'vulnerability',
-          text: 'Vulnerability Report'
-        }));
-    }
-    $('#generateReportButton').attr('onClick', `generate_report(${id}, '${domain_name}')`);
-    $('#previewReportButton').attr('onClick', `preview_report(${id}, '${domain_name}')`);
+  if (has_vulnerability_scan) {
+    $('input[name="reportType"][value="vuln"]').prop('disabled', false);
+  } else {
+    $('input[name="reportType"][value="vuln"]').prop('disabled', true);
   }
 
-  function preview_report(id, domain_name){
-    var report_type = $("#report_type_select option:selected").val();
-    var url = `/scan/create_report/${id}?report_type=${report_type}`;
-    if ($('#report_ignore_info_vuln').is(":checked")) {
-      url += `&ignore_info_vuln`
-    }
-    $('#generateReportModal').modal('hide');
-    window.open(url, '_blank').focus();
+  $('#generateReportBtn').attr('onClick', `generate_report(${id}, '${domain_name}')`);
+  $('#previewReportBtn').attr('onClick', `preview_report(${id}, '${domain_name}')`);
+}
+
+function preview_report(id, domain_name){
+  var report_type = $("#report_type_select option:selected").val();
+  var url = `/scan/create_report/${id}?report_type=${report_type}`;
+  if ($('#report_ignore_info_vuln').is(":checked")) {
+    url += `&ignore_info_vuln`
   }
+  $('#generateReportModal').modal('hide');
+  window.open(url, '_blank').focus();
+}
 
   function generate_report(id, domain_name) {
     var report_type = $("#report_type_select option:selected").val();

From ff28990a3739d65df7768f868b8419b397f4559d Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 28 Aug 2024 20:42:16 +0530
Subject: [PATCH 110/211] fix radio value fetch

---
 web/startScan/templates/startScan/history.html | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/web/startScan/templates/startScan/history.html b/web/startScan/templates/startScan/history.html
index 7ed670269..d643710be 100644
--- a/web/startScan/templates/startScan/history.html
+++ b/web/startScan/templates/startScan/history.html
@@ -660,9 +660,10 @@ <h6 class="text-primary mb-3">Additional Options</h6>
 }
 
 function preview_report(id, domain_name){
-  var report_type = $("#report_type_select option:selected").val();
+  var report_type = $('input[name="reportType"]:checked').val();
+  var is_ignore_info_vuln = $('#excludeInfoFindings').is(":checked");
   var url = `/scan/create_report/${id}?report_type=${report_type}`;
-  if ($('#report_ignore_info_vuln').is(":checked")) {
+  if (is_ignore_info_vuln) {
     url += `&ignore_info_vuln`
   }
   $('#generateReportModal').modal('hide');
@@ -670,9 +671,10 @@ <h6 class="text-primary mb-3">Additional Options</h6>
 }
 
   function generate_report(id, domain_name) {
-    var report_type = $("#report_type_select option:selected").val();
+    var report_type = $('input[name="reportType"]:checked').val();
+    var is_ignore_info_vuln = $('#excludeInfoFindings').is(":checked");
     var url = `/scan/create_report/${id}?report_type=${report_type}&download`;
-    if ($('#report_ignore_info_vuln').is(":checked")) {
+    if (is_ignore_info_vuln) {
       url += `&ignore_info_vuln`
     }
     $('#generateReportModal').modal('hide');

From 3b9b00d1202092d1f0f57a2e7f32238748984657 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 28 Aug 2024 20:51:54 +0530
Subject: [PATCH 111/211] allow choosing report template

---
 web/startScan/templates/startScan/history.html | 5 +++++
 web/startScan/views.py                         | 8 +++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/web/startScan/templates/startScan/history.html b/web/startScan/templates/startScan/history.html
index d643710be..9c8dcb69b 100644
--- a/web/startScan/templates/startScan/history.html
+++ b/web/startScan/templates/startScan/history.html
@@ -642,6 +642,7 @@ <h6 class="text-primary mb-3">Additional Options</h6>
   //select full report type by default
   $('input[name="reportType"][value="full"]').prop('checked', true);
   $('input[name="excludeInfoFindings"]').prop('checked', true);
+  $('#templateSelect').val('modern');
   $('#generateReportModal').modal('show');
   if (has_subdomain_scan) {
     $('input[name="reportType"][value="recon"]').prop('disabled', false);
@@ -662,7 +663,9 @@ <h6 class="text-primary mb-3">Additional Options</h6>
 function preview_report(id, domain_name){
   var report_type = $('input[name="reportType"]:checked').val();
   var is_ignore_info_vuln = $('#excludeInfoFindings').is(":checked");
+  var report_template = $('#templateSelect').val();
   var url = `/scan/create_report/${id}?report_type=${report_type}`;
+  url += `&report_template=${report_template}`;
   if (is_ignore_info_vuln) {
     url += `&ignore_info_vuln`
   }
@@ -673,7 +676,9 @@ <h6 class="text-primary mb-3">Additional Options</h6>
   function generate_report(id, domain_name) {
     var report_type = $('input[name="reportType"]:checked').val();
     var is_ignore_info_vuln = $('#excludeInfoFindings').is(":checked");
+    var report_template = $('#templateSelect').val();
     var url = `/scan/create_report/${id}?report_type=${report_type}&download`;
+    url += `&report_template=${report_template}`;
     if (is_ignore_info_vuln) {
       url += `&ignore_info_vuln`
     }
diff --git a/web/startScan/views.py b/web/startScan/views.py
index 4e163060b..d4af80239 100644
--- a/web/startScan/views.py
+++ b/web/startScan/views.py
@@ -963,6 +963,8 @@ def create_report(request, id):
     secondary_color = '#212121'
     # get report type
     report_type = request.GET['report_type'] if 'report_type' in request.GET  else 'full'
+    report_template = request.GET['report_template'] if 'report_template' in request.GET else 'default'
+
     is_ignore_info_vuln = True if 'ignore_info_vuln' in request.GET else False
     if report_type == 'recon':
         show_recon = True
@@ -1102,7 +1104,11 @@ def create_report(request, id):
     data['subdomain_http_status_chart'] = generate_subdomain_chart_by_http_status(subdomains)
     data['vulns_severity_chart'] = generate_vulnerability_chart_by_severity(vulns) if vulns else ''
 
-    template = get_template('report/modern.html')
+    if report_template == 'modern':
+        template = get_template('report/modern.html')
+    else:
+        template = get_template('report/default.html')
+
     html = template.render(data)
     pdf = HTML(string=html).write_pdf()
     # pdf = HTML(string=html).write_pdf(stylesheets=[CSS(string='@page { size: A4; margin: 0; }')])

From 8fc06aa4875bf4926cdc14068d7392f0db996230 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Thu, 29 Aug 2024 20:08:26 +0530
Subject: [PATCH 112/211] fix typo

---
 .../templates/startScan/_items/start_scan_wizard.html         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/web/startScan/templates/startScan/_items/start_scan_wizard.html b/web/startScan/templates/startScan/_items/start_scan_wizard.html
index bc8545b8d..61d894811 100644
--- a/web/startScan/templates/startScan/_items/start_scan_wizard.html
+++ b/web/startScan/templates/startScan/_items/start_scan_wizard.html
@@ -51,10 +51,10 @@ <h4 class="text-warning">Out of Scope Subdomains (Optional)</h4>
                 </div>
                 <label for="outOfScopeSubdomainTextarea" class="form-label mt-1">Out of Scope Subdomains List</label>
                 {% if subdomains_out %}
-                <textarea class="form-control" id="outOfScopeSubdomainTextarea" name="importSubdomainTextArea" rows="6" spellcheck="false">{% for subdomain in subdomains_out %}{{ subdomain }}{% if not forloop.last %}
+                <textarea class="form-control" id="outOfScopeSubdomainTextarea" name="outOfScopeSubdomainTextarea" rows="6" spellcheck="false">{% for subdomain in subdomains_out %}{{ subdomain }}{% if not forloop.last %}
 {% endif %}{% endfor %}</textarea>
                 {% else %}
-                <textarea class="form-control" id="outOfScopeSubdomainTextarea" name="importSubdomainTextArea" rows="6" spellcheck="false" placeholder="Enter subdomains or patterns, one per line"></textarea>
+                <textarea class="form-control" id="outOfScopeSubdomainTextarea" name="outOfScopeSubdomainTextarea" rows="6" spellcheck="false" placeholder="Enter subdomains or patterns, one per line"></textarea>
                 {% endif %}
               </div>
             </div>

From a60559096d7c31c1b2191cbea6f32fd1de0dbd5b Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Thu, 29 Aug 2024 20:53:20 +0530
Subject: [PATCH 113/211] added dummy notifications on top bar

---
 web/static/custom/custom.css           | 104 +++++++++++++++++++++++++
 web/templates/base/_items/top_bar.html |  57 +++++++++++++-
 2 files changed, 160 insertions(+), 1 deletion(-)

diff --git a/web/static/custom/custom.css b/web/static/custom/custom.css
index 52835d872..c47eebea3 100644
--- a/web/static/custom/custom.css
+++ b/web/static/custom/custom.css
@@ -407,3 +407,107 @@ mark{
 .scan-config-modal .badge {
   margin-left: 5px;
 }
+
+/*.notification-a-icon {
+  
+}*/
+
+.badge-notif-count {
+  font-size: 10px !important;
+}
+
+.notif-counter {
+  top: 9px !important;
+  right: 5px !important;
+}
+
+.notification-panel-dropdown {
+  width: 380px;
+  border: none;
+  border-radius: 8px;
+  box-shadow: 0 10px 30px rgba(0, 0, 0, 0.1);
+  padding: 0;
+  overflow: hidden;
+}
+
+.notification-panel-header {
+  background-color: #f8f9fa;
+  border-bottom: 1px solid rgba(0, 0, 0, 0.05);
+}
+
+.notification-panel-clear-link {
+  color: #6c757d;
+  text-decoration: none;
+  font-size: 0.875rem;
+  transition: color 0.2s ease;
+}
+
+.notification-panel-clear-link:hover {
+  color: #495057;
+}
+
+.notification-panel-body {
+  max-height: 400px;
+  /* overflow-y: auto; */
+}
+
+.notification-panel-item {
+  border-bottom: 1px solid rgba(0, 0, 0, 0.05);
+  transition: background-color 0.2s ease;
+}
+
+.notification-panel-item:last-child {
+  border-bottom: none;
+}
+
+.notification-panel-item:hover {
+  background-color: #f8f9fa;
+}
+
+.notification-panel-unread {
+  background-color: #fafbff;
+  border-left: 3px solid #4a90e2;
+}
+
+.notification-panel-unread:hover {
+  background-color: #f0f4ff;
+}
+
+.notification-panel-icon {
+  font-size: 1.25rem;
+}
+
+.notification-panel-title {
+  color: #212529;
+  font-size: 0.95rem;
+  font-weight: 600;
+}
+
+.notification-panel-description {
+  color: #6c757d;
+  font-size: 0.875rem;
+  margin-bottom: 0.25rem;
+  line-height: 1.4;
+}
+
+.notification-panel-time {
+  color: #adb5bd;
+  font-size: 0.75rem;
+}
+
+.notification-panel-footer {
+  background-color: #f8f9fa;
+  border-top: 1px solid rgba(0, 0, 0, 0.05);
+}
+
+.notification-panel-view-all {
+  color: #007bff;
+  text-decoration: none;
+  font-size: 0.875rem;
+  font-weight: 600;
+  transition: color 0.2s ease;
+}
+
+.notification-panel-view-all:hover {
+  color: #0056b3;
+}
\ No newline at end of file
diff --git a/web/templates/base/_items/top_bar.html b/web/templates/base/_items/top_bar.html
index 8b3d3c074..4ab10ad55 100644
--- a/web/templates/base/_items/top_bar.html
+++ b/web/templates/base/_items/top_bar.html
@@ -160,10 +160,65 @@ <h6 class="text-overflow m-0">Welcome {{user.get_username}}!</h6>
           </div>
         </a>
       </li>
+      <li class="dropdown notification-list">
+        <a class="nav-link dropdown-toggle waves-effect waves-light arrow-none notification-a-icon" data-bs-toggle="dropdown" href="#" role="button" aria-haspopup="false" aria-expanded="false">
+          <i class="fe-bell font-22"></i>
+          <span class="badge bg-danger rounded-circle noti-icon-badge badge-notif-count notif-counter">3</span>
+        </a>
+        <div class="dropdown-menu dropdown-menu-end notification-panel-dropdown">
+          <div class="notification-panel-header d-flex justify-content-between align-items-center p-3">
+            <h6 class="m-0">Notifications</h6>
+            <a href="javascript: void(0);" class="notification-panel-clear-link">Clear All</a>
+          </div>
+          <div class="px-1" style="max-height: 400px;" data-simplebar>
+            <div class="notification-panel-body">
+              <div class="notification-panel-item d-flex align-items-start p-3 notification-panel-unread">
+                <div class="notification-panel-content flex-grow-1">
+                  <div class="d-flex justify-content-between align-items-center mb-2">
+                    <h6 class="notification-panel-title mb-0">Scan Completed</h6>
+                    <span class="notification-panel-icon">
+                      <i class="mdi mdi-check-circle text-success"></i>
+                    </span>
+                  </div>
+                  <p class="notification-panel-description mb-1">Subdomain scan finished for target example.com</p>
+                  <small class="notification-panel-time">2 min ago</small>
+                </div>
+              </div>
+              <div class="notification-panel-item d-flex align-items-start p-3 notification-panel-unread">
+                <div class="notification-panel-content flex-grow-1">
+                  <div class="d-flex justify-content-between align-items-center mb-2">
+                    <h6 class="notification-panel-title mb-0">reNgine Update Available</h6>
+                    <span class="notification-panel-icon">
+                      <i class="mdi mdi-update text-primary"></i>
+                    </span>
+                  </div>
+                  <p class="notification-panel-description mb-1">A new version (v1.2.0) of reNgine is available. Click to update.</p>
+                  <small class="notification-panel-time">1 hour ago</small>
+                </div>
+              </div>
+              <div class="notification-panel-item d-flex align-items-start p-3">
+                <div class="notification-panel-content flex-grow-1">
+                  <div class="d-flex justify-content-between align-items-center mb-2">
+                    <h6 class="notification-panel-title mb-0">Scan Configuration Changed</h6>
+                    <span class="notification-panel-icon">
+                      <i class="mdi mdi-cog text-warning"></i>
+                    </span>
+                  </div>
+                  <p class="notification-panel-description mb-1">Default scan configuration updated. Please review the changes.</p>
+                  <small class="notification-panel-time">1 day ago</small>
+                </div>
+              </div>
+            </div>
+          </div>
+          <div class="notification-panel-footer text-center p-2">
+            <a href="javascript:void(0);" class="notification-panel-view-all">View All</a>
+          </div>
+        </div>
+      </li>
       <li class="dropdown top-activity-counter">
         <a class="nav-link dropdown-toggle waves-effect waves-light right-bar-toggle" href="javascript:getScanStatusSidebar(project='{{current_project.slug}}', reload=false)">
           <i class="fe-activity noti-icon"></i>
-          <span class="badge bg-danger noti-icon-badge"><span id="current_scan_counter">0</span></span>
+          <span class="badge bg-danger noti-icon-badge badge-notif-count"><span id="current_scan_counter">0</span></span>
         </a>
       </li>
     </ul>

From 37e5b215cfb0d0e364c5ab6a00b8461cffcc08a6 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 30 Aug 2024 06:11:25 +0530
Subject: [PATCH 114/211] added buzzing effect on notification

---
 web/static/custom/custom.css           | 15 +++++++++++++++
 web/templates/base/_items/top_bar.html |  4 +++-
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/web/static/custom/custom.css b/web/static/custom/custom.css
index c47eebea3..227243885 100644
--- a/web/static/custom/custom.css
+++ b/web/static/custom/custom.css
@@ -510,4 +510,19 @@ mark{
 
 .notification-panel-view-all:hover {
   color: #0056b3;
+}
+
+@keyframes notification-buzz {
+  0% { transform: translateX(0) rotate(0); }
+  15% { transform: translateX(-5px) rotate(-5deg); }
+  30% { transform: translateX(5px) rotate(5deg); }
+  45% { transform: translateX(-4px) rotate(-4deg); }
+  60% { transform: translateX(4px) rotate(4deg); }
+  75% { transform: translateX(-2px) rotate(-2deg); }
+  90% { transform: translateX(2px) rotate(2deg); }
+  100% { transform: translateX(0) rotate(0); }
+}
+
+.notification-bell-icon.buzz {
+  animation: notification-buzz 0.8s ease-out;
 }
\ No newline at end of file
diff --git a/web/templates/base/_items/top_bar.html b/web/templates/base/_items/top_bar.html
index 4ab10ad55..092e752c2 100644
--- a/web/templates/base/_items/top_bar.html
+++ b/web/templates/base/_items/top_bar.html
@@ -162,7 +162,9 @@ <h6 class="text-overflow m-0">Welcome {{user.get_username}}!</h6>
       </li>
       <li class="dropdown notification-list">
         <a class="nav-link dropdown-toggle waves-effect waves-light arrow-none notification-a-icon" data-bs-toggle="dropdown" href="#" role="button" aria-haspopup="false" aria-expanded="false">
-          <i class="fe-bell font-22"></i>
+          <div class="notification-bell-icon">
+            <i class="fe-bell font-22"></i>
+          </div>
           <span class="badge bg-danger rounded-circle noti-icon-badge badge-notif-count notif-counter">3</span>
         </a>
         <div class="dropdown-menu dropdown-menu-end notification-panel-dropdown">

From 12f1a646cdda30407ddd73d77e9c8066f52efb32 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 30 Aug 2024 06:30:59 +0530
Subject: [PATCH 115/211] created serializers for notification model

---
 web/api/serializers.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/web/api/serializers.py b/web/api/serializers.py
index 1fd0b7e91..08dc1899c 100644
--- a/web/api/serializers.py
+++ b/web/api/serializers.py
@@ -1,6 +1,5 @@
 from dashboard.models import *
-from django.contrib.humanize.templatetags.humanize import (naturalday,
-														   naturaltime)
+from django.contrib.humanize.templatetags.humanize import (naturalday, naturaltime)
 from django.db.models import F, JSONField, Value
 from recon_note.models import *
 from reNgine.common_func import *
@@ -8,6 +7,14 @@
 from scanEngine.models import *
 from startScan.models import *
 from targetApp.models import *
+from dashboard.models import Notification
+
+
+class NotificationSerializer(serializers.ModelSerializer):
+	class Meta:
+		model = Notification
+		fields = ['id', 'title', 'description', 'icon', 'is_read', 'created_at']
+		read_only_fields = ['id', 'created_at']
 
 
 class SearchHistorySerializer(serializers.ModelSerializer):

From 4a853537006aeb076dce721795ef110f96abc698 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 30 Aug 2024 06:31:14 +0530
Subject: [PATCH 116/211] created model for notification and migrations

---
 web/dashboard/migrations/0002_notification.py | 27 +++++++++++++++++++
 web/dashboard/models.py                       | 14 ++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 web/dashboard/migrations/0002_notification.py

diff --git a/web/dashboard/migrations/0002_notification.py b/web/dashboard/migrations/0002_notification.py
new file mode 100644
index 000000000..6e9faf78d
--- /dev/null
+++ b/web/dashboard/migrations/0002_notification.py
@@ -0,0 +1,27 @@
+# Generated by Django 3.2.23 on 2024-08-30 00:47
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dashboard', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Notification',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('title', models.CharField(max_length=255)),
+                ('description', models.TextField()),
+                ('icon', models.CharField(max_length=50)),
+                ('is_read', models.BooleanField(default=False)),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+            ],
+            options={
+                'ordering': ['-created_at'],
+            },
+        ),
+    ]
diff --git a/web/dashboard/models.py b/web/dashboard/models.py
index 8ed77dd43..b5e218579 100644
--- a/web/dashboard/models.py
+++ b/web/dashboard/models.py
@@ -41,3 +41,17 @@ class NetlasAPIKey(models.Model):
 
 	def __str__(self):
 		return self.key
+
+
+class Notification(models.Model):
+	title = models.CharField(max_length=255)
+	description = models.TextField()
+	icon = models.CharField(max_length=50)
+	is_read = models.BooleanField(default=False)
+	created_at = models.DateTimeField(auto_now_add=True)
+
+	class Meta:
+		ordering = ['-created_at']
+
+	def __str__(self):
+		return f"Notif {self.title}"

From e5e9e4d672a2a3cb31ae6d5e909faa9b51557ff2 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 30 Aug 2024 06:31:33 +0530
Subject: [PATCH 117/211] feat: Add notification management API endpoints

---
 web/api/urls.py  |  1 +
 web/api/views.py | 42 +++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/web/api/urls.py b/web/api/urls.py
index cfdd8f265..757a70b6a 100644
--- a/web/api/urls.py
+++ b/web/api/urls.py
@@ -19,6 +19,7 @@
 router.register(r'listIps', IpAddressViewSet)
 router.register(r'listActivityLogs', ListActivityLogsViewSet)
 router.register(r'listScanLogs', ListScanLogsViewSet)
+router.register(r'notifications', NotificationManagerViewSet, basename='notification')
 
 urlpatterns = [
     url('^', include(router.urls)),
diff --git a/web/api/views.py b/web/api/views.py
index 8f23e1e18..63f41fb9e 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -14,7 +14,8 @@
 from rest_framework import viewsets
 from rest_framework.response import Response
 from rest_framework.views import APIView
-from rest_framework.status import HTTP_400_BAD_REQUEST
+from rest_framework.status import HTTP_400_BAD_REQUEST, HTTP_204_NO_CONTENT
+from rest_framework.decorators import action
 
 from recon_note.models import *
 from reNgine.celery import app
@@ -33,6 +34,45 @@
 logger = logging.getLogger(__name__)
 
 
+class NotificationManagerViewSet(viewsets.ModelViewSet):
+	"""
+		This class manages the notification model, provided CRUD operation on notif model
+		such as read notif, clear all, fetch all notifications etc
+	"""
+	serializer_class = NotificationSerializer
+
+	def get_queryset(self):
+		# we will see later if user based notif is needed
+		# return Notification.objects.filter(user=self.request.user)
+		return Notification.objects.all()
+
+	@action(detail=False, methods=['post'])
+	def mark_all_read(self, request):
+		# marks all notification read
+		self.get_queryset().update(is_read=True)
+		return Response(status=HTTP_204_NO_CONTENT)
+
+	@action(detail=True, methods=['post'])
+	def mark_read(self, request, pk=None):
+		# mark individual notification read when cliked
+		notification = self.get_object()
+		notification.is_read = True
+		notification.save()
+		return Response(status=HTTP_204_NO_CONTENT)
+
+	@action(detail=False, methods=['get'])
+	def unread_count(self, request):
+		# this fetches the count for unread notif mainly for the badge
+		count = self.get_queryset().filter(is_read=False).count()
+		return Response({'count': count})
+
+	@action(detail=False, methods=['post'])
+	def clear_all(self, request):
+		# when clicked on the clear button this must be called to clear all notif
+		self.get_queryset().delete()
+		return Response(status=HTTP_204_NO_CONTENT)
+
+
 class OllamaManager(APIView):
 	def get(self, request):
 		"""

From d995efedab081d7f02df829c4253bbcb0f04c7fb Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 30 Aug 2024 06:47:59 +0530
Subject: [PATCH 118/211] disable pagination

---
 web/api/views.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/web/api/views.py b/web/api/views.py
index 63f41fb9e..cf388fbcd 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -40,6 +40,7 @@ class NotificationManagerViewSet(viewsets.ModelViewSet):
 		such as read notif, clear all, fetch all notifications etc
 	"""
 	serializer_class = NotificationSerializer
+	pagination_class = None
 
 	def get_queryset(self):
 		# we will see later if user based notif is needed

From 7a16fc183f43d5a6f5d9b09a4697e324f4032810 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 30 Aug 2024 06:48:15 +0530
Subject: [PATCH 119/211] created all notification related js classes

---
 web/static/custom/notification.js | 104 ++++++++++++++++++++++++++++++
 1 file changed, 104 insertions(+)
 create mode 100644 web/static/custom/notification.js

diff --git a/web/static/custom/notification.js b/web/static/custom/notification.js
new file mode 100644
index 000000000..57d062c53
--- /dev/null
+++ b/web/static/custom/notification.js
@@ -0,0 +1,104 @@
+// notifications.js
+// all the functions and event listeners for the notification panel
+
+function updateNotifications() {
+  fetch("/api/notifications/", {
+    method: "GET",
+    credentials: "same-origin",
+    headers: {
+      "X-CSRFToken": getCookie("csrftoken"),
+    },
+  })
+    .then((response) => response.json())
+    .then((data) => {
+      const notificationPanel = document.querySelector(
+        ".notification-panel-body"
+      );
+      notificationPanel.innerHTML = "";
+
+      data.forEach((notification) => {
+        const notificationItem = document.createElement("div");
+        notificationItem.className = `notification-panel-item d-flex align-items-start p-3 ${
+          notification.is_read ? "" : "notification-panel-unread"
+        }`;
+        notificationItem.innerHTML = `
+                    <div class="notification-panel-content flex-grow-1">
+                        <div class="d-flex justify-content-between align-items-center mb-2">
+                            <h6 class="notification-panel-title mb-0">${
+                              notification.title
+                            }</h6>
+                            <span class="notification-panel-icon">
+                                <i class="mdi ${notification.icon}"></i>
+                            </span>
+                        </div>
+                        <p class="notification-panel-description mb-1">${
+                          notification.description
+                        }</p>
+                        <small class="notification-panel-time">${new Date(
+                          notification.created_at
+                        ).toLocaleString()}</small>
+                    </div>
+                `;
+        notificationItem.addEventListener("click", () =>
+          notificationAction(notification.id)
+        );
+        notificationPanel.appendChild(notificationItem);
+      });
+
+      updateUnreadCount();
+    });
+}
+
+function updateUnreadCount() {
+  fetch("/api/notifications/unread_count/", {
+    method: "GET",
+    credentials: "same-origin",
+    headers: {
+      "X-CSRFToken": getCookie("csrftoken"),
+    },
+  })
+    .then((response) => response.json())
+    .then((data) => {
+      const badge = document.querySelector("#notification-counter");
+      badge.textContent = data.count;
+      badge.style.display = data.count > 0 ? "inline-block" : "none";
+    });
+}
+
+function notificationAction(notificationId) {
+  // depending on notification we may also need to redirect to a specific page
+  // for example if the notification is related to scan, we may take to scan detail page
+
+  // eithrways mark the notification as read
+  fetch(`/api/notifications/${notificationId}/mark_read/`, {
+    method: "POST",
+    credentials: "same-origin",
+    headers: {
+      "X-CSRFToken": getCookie("csrftoken"),
+    },
+  }).then(() => {
+    updateNotifications();
+  });
+}
+
+function clearAllNotifications() {
+  fetch("/api/notifications/clear_all/", {
+    method: "POST",
+    credentials: "same-origin",
+    headers: {
+      "X-CSRFToken": getCookie("csrftoken"),
+    },
+  }).then(() => {
+    updateNotifications();
+  });
+}
+
+// Set up event listeners
+document.addEventListener("DOMContentLoaded", () => {
+  const clearAllLink = document.querySelector("#clear-notif-btn");
+  clearAllLink.addEventListener("click", clearAllNotifications);
+
+  // Update notifications every 30 seconds
+  updateNotifications();
+  setInterval(updateNotifications, 30000);
+});

From 4d31b4b52f2bcab5a3d5402180e73e9becb07b3b Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 30 Aug 2024 06:48:29 +0530
Subject: [PATCH 120/211] update notification with real contents

---
 web/templates/base/_items/top_bar.html | 44 +++-----------------------
 web/templates/base/base.html           |  1 +
 2 files changed, 5 insertions(+), 40 deletions(-)

diff --git a/web/templates/base/_items/top_bar.html b/web/templates/base/_items/top_bar.html
index 092e752c2..114773b53 100644
--- a/web/templates/base/_items/top_bar.html
+++ b/web/templates/base/_items/top_bar.html
@@ -165,55 +165,19 @@ <h6 class="text-overflow m-0">Welcome {{user.get_username}}!</h6>
           <div class="notification-bell-icon">
             <i class="fe-bell font-22"></i>
           </div>
-          <span class="badge bg-danger rounded-circle noti-icon-badge badge-notif-count notif-counter">3</span>
+          <span class="badge bg-danger rounded-circle noti-icon-badge badge-notif-count notif-counter" id="notification-counter"></span>
         </a>
         <div class="dropdown-menu dropdown-menu-end notification-panel-dropdown">
           <div class="notification-panel-header d-flex justify-content-between align-items-center p-3">
             <h6 class="m-0">Notifications</h6>
-            <a href="javascript: void(0);" class="notification-panel-clear-link">Clear All</a>
+            <a href="javascript: void(0);" class="notification-panel-clear-link" id="clear-notif-btn">Clear All</a>
           </div>
           <div class="px-1" style="max-height: 400px;" data-simplebar>
             <div class="notification-panel-body">
-              <div class="notification-panel-item d-flex align-items-start p-3 notification-panel-unread">
-                <div class="notification-panel-content flex-grow-1">
-                  <div class="d-flex justify-content-between align-items-center mb-2">
-                    <h6 class="notification-panel-title mb-0">Scan Completed</h6>
-                    <span class="notification-panel-icon">
-                      <i class="mdi mdi-check-circle text-success"></i>
-                    </span>
-                  </div>
-                  <p class="notification-panel-description mb-1">Subdomain scan finished for target example.com</p>
-                  <small class="notification-panel-time">2 min ago</small>
-                </div>
-              </div>
-              <div class="notification-panel-item d-flex align-items-start p-3 notification-panel-unread">
-                <div class="notification-panel-content flex-grow-1">
-                  <div class="d-flex justify-content-between align-items-center mb-2">
-                    <h6 class="notification-panel-title mb-0">reNgine Update Available</h6>
-                    <span class="notification-panel-icon">
-                      <i class="mdi mdi-update text-primary"></i>
-                    </span>
-                  </div>
-                  <p class="notification-panel-description mb-1">A new version (v1.2.0) of reNgine is available. Click to update.</p>
-                  <small class="notification-panel-time">1 hour ago</small>
-                </div>
-              </div>
-              <div class="notification-panel-item d-flex align-items-start p-3">
-                <div class="notification-panel-content flex-grow-1">
-                  <div class="d-flex justify-content-between align-items-center mb-2">
-                    <h6 class="notification-panel-title mb-0">Scan Configuration Changed</h6>
-                    <span class="notification-panel-icon">
-                      <i class="mdi mdi-cog text-warning"></i>
-                    </span>
-                  </div>
-                  <p class="notification-panel-description mb-1">Default scan configuration updated. Please review the changes.</p>
-                  <small class="notification-panel-time">1 day ago</small>
-                </div>
-              </div>
-            </div>
+              {% comment %} populate the notifications here {% endcomment %}
           </div>
           <div class="notification-panel-footer text-center p-2">
-            <a href="javascript:void(0);" class="notification-panel-view-all">View All</a>
+            <a href="javascript:void(0);" class="notification-panel-view-all">Mark all as read</a>
           </div>
         </div>
       </li>
diff --git a/web/templates/base/base.html b/web/templates/base/base.html
index b633e356f..a8eefabb8 100644
--- a/web/templates/base/base.html
+++ b/web/templates/base/base.html
@@ -102,6 +102,7 @@ <h4 class="page-title">{% block page_title %}{% endblock page_title %}</h4>
     <script src="{% static 'custom/custom.js' %}"></script>
     <script src="{% static 'custom/toolbox.js' %}"></script>
     <script src="{% static 'custom/right_sidebar.js' %}"></script>
+    <script src="{% static 'custom/notification.js' %}"></script>
     <script src="{% static 'plugins/snackbar/snackbar.min.js' %}"></script>
     <script src="{% static 'plugins/sweetalert2/sweetalert2.all.min.js' %}"></script>
     <script src="https://cdn.datatables.net/1.13.6/js/jquery.dataTables.min.js"></script>

From 3f20709b3b60152a623d029ad5611820f4767f58 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 30 Aug 2024 06:52:52 +0530
Subject: [PATCH 121/211] update no notification

---
 web/static/custom/notification.js | 32 ++++++++++++++++++++-----------
 1 file changed, 21 insertions(+), 11 deletions(-)

diff --git a/web/static/custom/notification.js b/web/static/custom/notification.js
index 57d062c53..32470d8f8 100644
--- a/web/static/custom/notification.js
+++ b/web/static/custom/notification.js
@@ -16,12 +16,21 @@ function updateNotifications() {
       );
       notificationPanel.innerHTML = "";
 
-      data.forEach((notification) => {
-        const notificationItem = document.createElement("div");
-        notificationItem.className = `notification-panel-item d-flex align-items-start p-3 ${
-          notification.is_read ? "" : "notification-panel-unread"
-        }`;
-        notificationItem.innerHTML = `
+      if (data.length === 0) {
+        const noNotificationsMessage = document.createElement("div");
+        noNotificationsMessage.className =
+          "notification-panel-item d-flex align-items-center justify-content-center p-3";
+        noNotificationsMessage.innerHTML = `
+            <p class="text-muted mb-0">Ping? Pong! No notifications, moving along</p>
+        `;
+        notificationPanel.appendChild(noNotificationsMessage);
+      } else {
+        data.forEach((notification) => {
+          const notificationItem = document.createElement("div");
+          notificationItem.className = `notification-panel-item d-flex align-items-start p-3 ${
+            notification.is_read ? "" : "notification-panel-unread"
+          }`;
+          notificationItem.innerHTML = `
                     <div class="notification-panel-content flex-grow-1">
                         <div class="d-flex justify-content-between align-items-center mb-2">
                             <h6 class="notification-panel-title mb-0">${
@@ -39,11 +48,12 @@ function updateNotifications() {
                         ).toLocaleString()}</small>
                     </div>
                 `;
-        notificationItem.addEventListener("click", () =>
-          notificationAction(notification.id)
-        );
-        notificationPanel.appendChild(notificationItem);
-      });
+          notificationItem.addEventListener("click", () =>
+            notificationAction(notification.id)
+          );
+          notificationPanel.appendChild(notificationItem);
+        });
+      }
 
       updateUnreadCount();
     });

From 597748b7a7711c395f369c4e100c0199370d4361 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 30 Aug 2024 07:40:48 +0530
Subject: [PATCH 122/211] Introduce project and system wide notification

---
 web/api/serializers.py                        | 11 ++++--
 web/api/urls.py                               |  2 +-
 web/api/views.py                              | 39 +++++++++++++++----
 web/dashboard/admin.py                        |  1 +
 .../migrations/0003_auto_20240830_0135.py     | 24 ++++++++++++
 ...4_rename_notification_inappnotification.py | 17 ++++++++
 web/dashboard/models.py                       | 20 ++++++++--
 web/static/custom/notification.js             | 25 +++++++++++-
 8 files changed, 122 insertions(+), 17 deletions(-)
 create mode 100644 web/dashboard/migrations/0003_auto_20240830_0135.py
 create mode 100644 web/dashboard/migrations/0004_rename_notification_inappnotification.py

diff --git a/web/api/serializers.py b/web/api/serializers.py
index 08dc1899c..be51d08e1 100644
--- a/web/api/serializers.py
+++ b/web/api/serializers.py
@@ -7,15 +7,18 @@
 from scanEngine.models import *
 from startScan.models import *
 from targetApp.models import *
-from dashboard.models import Notification
+from dashboard.models import InAppNotification
 
 
-class NotificationSerializer(serializers.ModelSerializer):
+class InAppNotificationSerializer(serializers.ModelSerializer):
 	class Meta:
-		model = Notification
-		fields = ['id', 'title', 'description', 'icon', 'is_read', 'created_at']
+		model = InAppNotification
+		fields = ['id', 'title', 'description', 'icon', 'is_read', 'created_at', 'notification_type', 'project']
 		read_only_fields = ['id', 'created_at']
 
+	def get_project_name(self, obj):
+		return obj.project.name if obj.project else None
+
 
 class SearchHistorySerializer(serializers.ModelSerializer):
 	class Meta:
diff --git a/web/api/urls.py b/web/api/urls.py
index 757a70b6a..39ceb84a7 100644
--- a/web/api/urls.py
+++ b/web/api/urls.py
@@ -19,7 +19,7 @@
 router.register(r'listIps', IpAddressViewSet)
 router.register(r'listActivityLogs', ListActivityLogsViewSet)
 router.register(r'listScanLogs', ListScanLogsViewSet)
-router.register(r'notifications', NotificationManagerViewSet, basename='notification')
+router.register(r'notifications', InAppNotificationManagerViewSet, basename='notification')
 
 urlpatterns = [
     url('^', include(router.urls)),
diff --git a/web/api/views.py b/web/api/views.py
index cf388fbcd..99d4d3aa0 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -34,23 +34,36 @@
 logger = logging.getLogger(__name__)
 
 
-class NotificationManagerViewSet(viewsets.ModelViewSet):
+class InAppNotificationManagerViewSet(viewsets.ModelViewSet):
 	"""
 		This class manages the notification model, provided CRUD operation on notif model
 		such as read notif, clear all, fetch all notifications etc
 	"""
-	serializer_class = NotificationSerializer
+	serializer_class = InAppNotificationSerializer
 	pagination_class = None
 
 	def get_queryset(self):
 		# we will see later if user based notif is needed
-		# return Notification.objects.filter(user=self.request.user)
-		return Notification.objects.all()
+		# return InAppNotification.objects.filter(user=self.request.user)
+		project_slug = self.request.query_params.get('project_slug')
+		queryset = InAppNotification.objects.all()
+		if project_slug:
+			queryset = queryset.filter(
+				Q(project__slug=project_slug) | Q(notification_type='system')
+			)
+		return queryset.order_by('-created_at')
 
 	@action(detail=False, methods=['post'])
 	def mark_all_read(self, request):
 		# marks all notification read
-		self.get_queryset().update(is_read=True)
+		project_slug = self.request.query_params.get('project_slug')
+		queryset = self.get_queryset()
+
+		if project_slug:
+			queryset = queryset.filter(
+				Q(project__slug=project_slug) | Q(notification_type='system')
+			)
+		queryset.update(is_read=True)
 		return Response(status=HTTP_204_NO_CONTENT)
 
 	@action(detail=True, methods=['post'])
@@ -64,13 +77,25 @@ def mark_read(self, request, pk=None):
 	@action(detail=False, methods=['get'])
 	def unread_count(self, request):
 		# this fetches the count for unread notif mainly for the badge
-		count = self.get_queryset().filter(is_read=False).count()
+		project_slug = self.request.query_params.get('project_slug')
+		queryset = self.get_queryset()
+		if project_slug:
+			queryset = queryset.filter(
+				Q(project__slug=project_slug) | Q(notification_type='system')
+			)
+		count = queryset.filter(is_read=False).count()
 		return Response({'count': count})
 
 	@action(detail=False, methods=['post'])
 	def clear_all(self, request):
 		# when clicked on the clear button this must be called to clear all notif
-		self.get_queryset().delete()
+		project_slug = self.request.query_params.get('project_slug')
+		queryset = self.get_queryset()
+		if project_slug:
+			queryset = queryset.filter(
+				Q(project__slug=project_slug) | Q(notification_type='system')
+			)
+		queryset.delete()
 		return Response(status=HTTP_204_NO_CONTENT)
 
 
diff --git a/web/dashboard/admin.py b/web/dashboard/admin.py
index be2a79a67..881b18acb 100644
--- a/web/dashboard/admin.py
+++ b/web/dashboard/admin.py
@@ -5,3 +5,4 @@
 admin.site.register(Project)
 admin.site.register(OpenAiAPIKey)
 admin.site.register(NetlasAPIKey)
+admin.site.register(InAppNotification)
\ No newline at end of file
diff --git a/web/dashboard/migrations/0003_auto_20240830_0135.py b/web/dashboard/migrations/0003_auto_20240830_0135.py
new file mode 100644
index 000000000..5e7628e00
--- /dev/null
+++ b/web/dashboard/migrations/0003_auto_20240830_0135.py
@@ -0,0 +1,24 @@
+# Generated by Django 3.2.23 on 2024-08-30 01:35
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dashboard', '0002_notification'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='notification',
+            name='notification_type',
+            field=models.CharField(choices=[('system', 'System-wide'), ('project', 'Project-specific')], default='system', max_length=10),
+        ),
+        migrations.AddField(
+            model_name='notification',
+            name='project',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to='dashboard.project'),
+        ),
+    ]
diff --git a/web/dashboard/migrations/0004_rename_notification_inappnotification.py b/web/dashboard/migrations/0004_rename_notification_inappnotification.py
new file mode 100644
index 000000000..2bc145eed
--- /dev/null
+++ b/web/dashboard/migrations/0004_rename_notification_inappnotification.py
@@ -0,0 +1,17 @@
+# Generated by Django 3.2.23 on 2024-08-30 01:40
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dashboard', '0003_auto_20240830_0135'),
+    ]
+
+    operations = [
+        migrations.RenameModel(
+            old_name='Notification',
+            new_name='InAppNotification',
+        ),
+    ]
diff --git a/web/dashboard/models.py b/web/dashboard/models.py
index b5e218579..0b491a010 100644
--- a/web/dashboard/models.py
+++ b/web/dashboard/models.py
@@ -43,10 +43,16 @@ def __str__(self):
 		return self.key
 
 
-class Notification(models.Model):
+class InAppNotification(models.Model):
+	NOTIFICATION_TYPES = (
+		('system', 'System-wide'),
+		('project', 'Project-specific'),
+	)
+	project = models.ForeignKey(Project, on_delete=models.CASCADE, null=True, blank=True)
+	notification_type = models.CharField(max_length=10, choices=NOTIFICATION_TYPES, default='system')
 	title = models.CharField(max_length=255)
 	description = models.TextField()
-	icon = models.CharField(max_length=50)
+	icon = models.CharField(max_length=50) # mdi icon class name
 	is_read = models.BooleanField(default=False)
 	created_at = models.DateTimeField(auto_now_add=True)
 
@@ -54,4 +60,12 @@ class Meta:
 		ordering = ['-created_at']
 
 	def __str__(self):
-		return f"Notif {self.title}"
+		if self.notification_type == 'system':
+			return f"System wide notif: {self.title}"
+		else:
+			return f"Project wide notif: {self.project.name}: {self.title}"
+		
+	@property
+	def is_system_wide(self):
+		# property to determine if the notification is system wide or project specific
+		return self.notification_type == 'system'
diff --git a/web/static/custom/notification.js b/web/static/custom/notification.js
index 32470d8f8..c3f763505 100644
--- a/web/static/custom/notification.js
+++ b/web/static/custom/notification.js
@@ -2,7 +2,12 @@
 // all the functions and event listeners for the notification panel
 
 function updateNotifications() {
-  fetch("/api/notifications/", {
+  let api_url = "/api/notifications/";
+  const currentProjectSlug = getCurrentProjectSlug();
+  if (currentProjectSlug) {
+    api_url += `?project_slug=${currentProjectSlug}`;
+  }
+  fetch(api_url, {
     method: "GET",
     credentials: "same-origin",
     headers: {
@@ -60,7 +65,12 @@ function updateNotifications() {
 }
 
 function updateUnreadCount() {
-  fetch("/api/notifications/unread_count/", {
+  let api_url = "/api/notifications/unread_count/";
+  const currentProjectSlug = getCurrentProjectSlug();
+  if (currentProjectSlug) {
+    api_url += `?project_slug=${currentProjectSlug}`;
+  }
+  fetch(api_url, {
     method: "GET",
     credentials: "same-origin",
     headers: {
@@ -92,6 +102,11 @@ function notificationAction(notificationId) {
 }
 
 function clearAllNotifications() {
+  let api_url = "/api/notifications/clear_all/";
+  const currentProjectSlug = getCurrentProjectSlug();
+  if (currentProjectSlug) {
+    api_url += `?project_slug=${currentProjectSlug}`;
+  }
   fetch("/api/notifications/clear_all/", {
     method: "POST",
     credentials: "same-origin",
@@ -112,3 +127,9 @@ document.addEventListener("DOMContentLoaded", () => {
   updateNotifications();
   setInterval(updateNotifications, 30000);
 });
+
+
+function getCurrentProjectSlug() {
+  const hiddenInput = document.querySelector('input[name="current_project"]');
+  return hiddenInput ? hiddenInput.value : null;
+}
\ No newline at end of file

From f18e55e8f14838af40dab56b524c99d7dc43bd93 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sat, 31 Aug 2024 08:35:36 +0530
Subject: [PATCH 123/211] Added notification status for priotiy

---
 web/api/serializers.py                        |  2 +-
 ...ter_inappnotification_notification_type.py | 18 +++++
 .../0006_inappnotification_status.py          | 18 +++++
 web/dashboard/models.py                       |  7 +-
 web/reNgine/definitions.py                    | 15 ++++
 web/static/custom/custom.css                  | 78 ++++++++++++++++---
 web/static/custom/notification.js             | 53 +++++++++++--
 web/templates/base/_items/top_bar.html        | 11 +--
 web/templates/base/base.html                  |  1 +
 9 files changed, 175 insertions(+), 28 deletions(-)
 create mode 100644 web/dashboard/migrations/0005_alter_inappnotification_notification_type.py
 create mode 100644 web/dashboard/migrations/0006_inappnotification_status.py

diff --git a/web/api/serializers.py b/web/api/serializers.py
index be51d08e1..e355cd9fc 100644
--- a/web/api/serializers.py
+++ b/web/api/serializers.py
@@ -13,7 +13,7 @@
 class InAppNotificationSerializer(serializers.ModelSerializer):
 	class Meta:
 		model = InAppNotification
-		fields = ['id', 'title', 'description', 'icon', 'is_read', 'created_at', 'notification_type', 'project']
+		fields = ['id', 'title', 'description', 'icon', 'is_read', 'created_at', 'notification_type', 'status', 'project']
 		read_only_fields = ['id', 'created_at']
 
 	def get_project_name(self, obj):
diff --git a/web/dashboard/migrations/0005_alter_inappnotification_notification_type.py b/web/dashboard/migrations/0005_alter_inappnotification_notification_type.py
new file mode 100644
index 000000000..49a5af804
--- /dev/null
+++ b/web/dashboard/migrations/0005_alter_inappnotification_notification_type.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.23 on 2024-08-31 01:21
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dashboard', '0004_rename_notification_inappnotification'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='inappnotification',
+            name='notification_type',
+            field=models.CharField(choices=[('system', 'system'), ('project', 'project')], default='system', max_length=10),
+        ),
+    ]
diff --git a/web/dashboard/migrations/0006_inappnotification_status.py b/web/dashboard/migrations/0006_inappnotification_status.py
new file mode 100644
index 000000000..c674b7844
--- /dev/null
+++ b/web/dashboard/migrations/0006_inappnotification_status.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.23 on 2024-08-31 02:29
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dashboard', '0005_alter_inappnotification_notification_type'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='inappnotification',
+            name='status',
+            field=models.CharField(choices=[('success', 'Success'), ('info', 'Informational'), ('warning', 'Warning'), ('error', 'Error')], default='info', max_length=10),
+        ),
+    ]
diff --git a/web/dashboard/models.py b/web/dashboard/models.py
index 0b491a010..4d764f08a 100644
--- a/web/dashboard/models.py
+++ b/web/dashboard/models.py
@@ -1,5 +1,5 @@
 from django.db import models
-
+from reNgine.definitions import *
 
 class SearchHistory(models.Model):
 	query = models.CharField(max_length=1000)
@@ -44,12 +44,9 @@ def __str__(self):
 
 
 class InAppNotification(models.Model):
-	NOTIFICATION_TYPES = (
-		('system', 'System-wide'),
-		('project', 'Project-specific'),
-	)
 	project = models.ForeignKey(Project, on_delete=models.CASCADE, null=True, blank=True)
 	notification_type = models.CharField(max_length=10, choices=NOTIFICATION_TYPES, default='system')
+	status = models.CharField(max_length=10, choices=NOTIFICATION_STATUS_TYPES, default='info')
 	title = models.CharField(max_length=255)
 	description = models.TextField()
 	icon = models.CharField(max_length=50) # mdi icon class name
diff --git a/web/reNgine/definitions.py b/web/reNgine/definitions.py
index e90ece4f5..58fce2dd5 100644
--- a/web/reNgine/definitions.py
+++ b/web/reNgine/definitions.py
@@ -548,3 +548,18 @@
 
 # OSINT GooFuzz Path
 GOFUZZ_EXEC_PATH = '/usr/src/github/goofuzz/GooFuzz'
+
+
+# In App Notification Definitions
+SYSTEM_LEVEL_NOTIFICATION = 'system'
+PROJECT_LEVEL_NOTIFICATION = 'project'
+NOTIFICATION_TYPES = (
+    ('system', SYSTEM_LEVEL_NOTIFICATION),
+    ('project', PROJECT_LEVEL_NOTIFICATION),
+)
+NOTIFICATION_STATUS_TYPES = (
+    ('success', 'Success'),
+    ('info', 'Informational'),
+    ('warning', 'Warning'),
+    ('error', 'Error'),
+)
\ No newline at end of file
diff --git a/web/static/custom/custom.css b/web/static/custom/custom.css
index 227243885..47fee0e0b 100644
--- a/web/static/custom/custom.css
+++ b/web/static/custom/custom.css
@@ -422,7 +422,7 @@ mark{
 }
 
 .notification-panel-dropdown {
-  width: 380px;
+  width: 400px;
   border: none;
   border-radius: 8px;
   box-shadow: 0 10px 30px rgba(0, 0, 0, 0.1);
@@ -452,8 +452,9 @@ mark{
 }
 
 .notification-panel-item {
-  border-bottom: 1px solid rgba(0, 0, 0, 0.05);
-  transition: background-color 0.2s ease;
+  border-left: 4px solid transparent;
+  transition: all 0.3s ease;
+  margin-bottom: 2px;
 }
 
 .notification-panel-item:last-child {
@@ -461,38 +462,77 @@ mark{
 }
 
 .notification-panel-item:hover {
-  background-color: #f8f9fa;
+  transform: translateY(-2px);
+  box-shadow: 0 2px 0px rgba(0, 0, 0, 0.10);
+}
+
+/* status */
+.notification-panel-status-success {
+  border-left-color: #10B981;
+}
+
+.notification-panel-status-info {
+  border-left-color: #3B82F6;
+}
+
+.notification-panel-status-warning {
+  border-left-color: #F59E0B;
+}
+
+.notification-panel-status-error {
+  border-left-color: #EF4444;
 }
 
 .notification-panel-unread {
-  background-color: #fafbff;
-  border-left: 3px solid #4a90e2;
+  background-color: #F3F4F6;
 }
 
 .notification-panel-unread:hover {
-  background-color: #f0f4ff;
+  background-color: #E5E7EB;
 }
 
 .notification-panel-icon {
   font-size: 1.25rem;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  width: 32px;
+  height: 32px;
+  border-radius: 50%;
+  background-color: #E5E7EB;
 }
 
 .notification-panel-title {
-  color: #212529;
   font-size: 0.95rem;
   font-weight: 600;
 }
 
+.notification-panel-status-success .notification-panel-title {
+  color: #10B981;
+}
+
+.notification-panel-status-info .notification-panel-title {
+  color: #3B82F6;
+}
+
+.notification-panel-status-warning .notification-panel-title {
+  color: #F59E0B;
+}
+
+.notification-panel-status-error .notification-panel-title {
+  color: #EF4444;
+}
+
 .notification-panel-description {
-  color: #6c757d;
+  color: #4B5563;
   font-size: 0.875rem;
   margin-bottom: 0.25rem;
   line-height: 1.4;
 }
 
 .notification-panel-time {
-  color: #adb5bd;
-  font-size: 0.75rem;
+  color: #6B7280;
+  font-size: 0.8rem;
 }
 
 .notification-panel-footer {
@@ -512,6 +552,22 @@ mark{
   color: #0056b3;
 }
 
+.notification-panel-status-success .notification-panel-icon {
+  color: #10B981;
+}
+
+.notification-panel-status-info .notification-panel-icon {
+  color: #3B82F6;
+}
+
+.notification-panel-status-warning .notification-panel-icon {
+  color: #F59E0B;
+}
+
+.notification-panel-status-error .notification-panel-icon {
+  color: #EF4444;
+}
+
 @keyframes notification-buzz {
   0% { transform: translateX(0) rotate(0); }
   15% { transform: translateX(-5px) rotate(-5deg); }
diff --git a/web/static/custom/notification.js b/web/static/custom/notification.js
index c3f763505..bd019c84d 100644
--- a/web/static/custom/notification.js
+++ b/web/static/custom/notification.js
@@ -1,6 +1,8 @@
 // notifications.js
 // all the functions and event listeners for the notification panel
 
+// notifications.js
+
 function updateNotifications() {
   let api_url = "/api/notifications/";
   const currentProjectSlug = getCurrentProjectSlug();
@@ -34,7 +36,7 @@ function updateNotifications() {
           const notificationItem = document.createElement("div");
           notificationItem.className = `notification-panel-item d-flex align-items-start p-3 ${
             notification.is_read ? "" : "notification-panel-unread"
-          }`;
+          } notification-panel-status-${notification.status}`;
           notificationItem.innerHTML = `
                     <div class="notification-panel-content flex-grow-1">
                         <div class="d-flex justify-content-between align-items-center mb-2">
@@ -48,9 +50,9 @@ function updateNotifications() {
                         <p class="notification-panel-description mb-1">${
                           notification.description
                         }</p>
-                        <small class="notification-panel-time">${new Date(
-                          notification.created_at
-                        ).toLocaleString()}</small>
+                        <small class="notification-panel-time">${timeago.format(
+                          new Date(notification.created_at)
+                        )}</small>
                     </div>
                 `;
           notificationItem.addEventListener("click", () =>
@@ -123,13 +125,52 @@ document.addEventListener("DOMContentLoaded", () => {
   const clearAllLink = document.querySelector("#clear-notif-btn");
   clearAllLink.addEventListener("click", clearAllNotifications);
 
+  const markAllReadBtn = document.querySelector("#mark-all-read-btn");
+  markAllReadBtn.addEventListener("click", markAllAsRead);
+
   // Update notifications every 30 seconds
   updateNotifications();
   setInterval(updateNotifications, 30000);
-});
 
+  setInterval(updateTimes, 60000);
+});
 
 function getCurrentProjectSlug() {
   const hiddenInput = document.querySelector('input[name="current_project"]');
   return hiddenInput ? hiddenInput.value : null;
-}
\ No newline at end of file
+}
+
+function markAllAsRead() {
+  fetch("/api/notifications/mark_all_read/", {
+    method: "POST",
+    credentials: "same-origin",
+    headers: {
+      "X-CSRFToken": getCookie("csrftoken"),
+      "Content-Type": "application/json",
+    },
+  })
+    .then((response) => {
+      if (response.ok) {
+        document
+          .querySelectorAll(".notification-panel-item")
+          .forEach((item) => {
+            item.classList.remove("notification-panel-unread");
+          });
+        updateUnreadCount();
+      }
+    })
+    .catch((error) =>
+      console.error("Error marking all notifications as read:", error)
+    );
+}
+
+function updateTimes() {
+  document
+    .querySelectorAll(".notification-panel-time")
+    .forEach((timeElement) => {
+      const datetime = timeElement.getAttribute("datetime");
+      if (datetime) {
+        timeElement.textContent = timeago.format(new Date(datetime));
+      }
+    });
+}
diff --git a/web/templates/base/_items/top_bar.html b/web/templates/base/_items/top_bar.html
index 114773b53..e2fb1ab7b 100644
--- a/web/templates/base/_items/top_bar.html
+++ b/web/templates/base/_items/top_bar.html
@@ -170,14 +170,15 @@ <h6 class="text-overflow m-0">Welcome {{user.get_username}}!</h6>
         <div class="dropdown-menu dropdown-menu-end notification-panel-dropdown">
           <div class="notification-panel-header d-flex justify-content-between align-items-center p-3">
             <h6 class="m-0">Notifications</h6>
-            <a href="javascript: void(0);" class="notification-panel-clear-link" id="clear-notif-btn">Clear All</a>
+            <div>
+              <a href="javascript: void(0);" class="notification-panel-mark-read-link me-3" id="mark-all-read-btn">Mark all as read</a>
+              <a href="javascript: void(0);" class="notification-panel-clear-link" id="clear-notif-btn">Clear All</a>
+            </div>
           </div>
           <div class="px-1" style="max-height: 400px;" data-simplebar>
             <div class="notification-panel-body">
-              {% comment %} populate the notifications here {% endcomment %}
-          </div>
-          <div class="notification-panel-footer text-center p-2">
-            <a href="javascript:void(0);" class="notification-panel-view-all">Mark all as read</a>
+              <!-- populate the notifications here -->
+            </div>
           </div>
         </div>
       </li>
diff --git a/web/templates/base/base.html b/web/templates/base/base.html
index a8eefabb8..0fb2022cf 100644
--- a/web/templates/base/base.html
+++ b/web/templates/base/base.html
@@ -108,6 +108,7 @@ <h4 class="page-title">{% block page_title %}{% endblock page_title %}</h4>
     <script src="https://cdn.datatables.net/1.13.6/js/jquery.dataTables.min.js"></script>
     <script src="https://cdn.datatables.net/1.13.6/js/dataTables.bootstrap5.min.js"></script>
     <script src="https://cdn.datatables.net/rowgroup/1.4.0/js/dataTables.rowGroup.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/timeago.js/4.0.2/timeago.min.js"></script>
     <script type="text/javascript">
       $(document).ready(function(){
         // for tabs with urls, we need to append the hash in the url

From 81af0b1b54b4f27f860c6b398f5c19b8d88beff7 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sat, 31 Aug 2024 11:23:59 +0530
Subject: [PATCH 124/211] Add functions in celery to send in app notif on scan
 start and status change

---
 web/reNgine/common_func.py        | 58 +++++++++++++++++++++++++++++++
 web/reNgine/tasks.py              | 47 +++++++++++++++++++++++++
 web/reNgine/utilities.py          |  1 +
 web/static/custom/notification.js |  6 ++--
 4 files changed, 109 insertions(+), 3 deletions(-)

diff --git a/web/reNgine/common_func.py b/web/reNgine/common_func.py
index 35182fe9e..2007f2f3b 100644
--- a/web/reNgine/common_func.py
+++ b/web/reNgine/common_func.py
@@ -1549,3 +1549,61 @@ def save_domain_info_to_db(target, domain_info):
 		domain.save()
 
 		return domain_info_obj
+
+
+def create_inappnotification(
+		title,
+		description,
+		notification_type=SYSTEM_LEVEL_NOTIFICATION,
+		project_slug=None,
+		icon="mdi-bell",
+		is_read=False,
+		status='info'
+):
+	"""
+		This function will create an inapp notification
+		Inapp Notification not to be confused with Notification model 
+		that is used for sending alerts on telegram, slack etc.
+		Inapp notification is used to show notification on the web app
+
+		Args: 
+			title: str: Title of the notification
+			description: str: Description of the notification
+			notification_type: str: Type of the notification, it can be either
+				SYSTEM_LEVEL_NOTIFICATION or PROJECT_LEVEL_NOTIFICATION
+			project_slug: str: Slug of the project, if notification is PROJECT_LEVEL_NOTIFICATION
+			icon: str: Icon of the notification, only use mdi icons
+			is_read: bool: Whether the notification is read or not, default is False
+			status: str: Status of the notification (success, info, warning, error), default is info
+
+		Returns:
+			ValueError: if error
+			InAppNotification: InAppNotification object if successful
+	"""
+	logger.info('Creating InApp Notification with title: %s', title)
+	if notification_type not in [SYSTEM_LEVEL_NOTIFICATION, PROJECT_LEVEL_NOTIFICATION]:
+		raise ValueError("Invalid notification type")
+	
+	if status not in [choice[0] for choice in NOTIFICATION_STATUS_TYPES]:
+		raise ValueError("Invalid notification status")
+	
+	project = None
+	if notification_type == PROJECT_LEVEL_NOTIFICATION:
+		if not project_slug:
+			raise ValueError("Project slug is required for project level notification")
+		try:
+			project = Project.objects.get(slug=project_slug)
+		except Project.DoesNotExist as e:
+			raise ValueError(f"No project exists: {e}")
+		
+	notification = InAppNotification(
+		title=title,
+		description=description,
+		notification_type=notification_type,
+		project=project,
+		icon=icon,
+		is_read=is_read,
+		status=status
+	)
+	notification.save()
+	return notification
\ No newline at end of file
diff --git a/web/reNgine/tasks.py b/web/reNgine/tasks.py
index 12596e7a2..fe1008b94 100644
--- a/web/reNgine/tasks.py
+++ b/web/reNgine/tasks.py
@@ -3085,6 +3085,7 @@ def send_scan_notif(
 	url = get_scan_url(scan_history_id, subscan_id)
 	title = get_scan_title(scan_history_id, subscan_id)
 	fields = get_scan_fields(engine, scan, subscan, status, tasks)
+
 	severity = None
 	msg = f'{title} {status}\n'
 	msg += '\n🡆 '.join(f'**{k}:** {v}' for k, v in fields.items())
@@ -3098,12 +3099,58 @@ def send_scan_notif(
 	}
 	logger.warning(f'Sending notification "{title}" [{severity}]')
 
+	generate_inapp_notification(scan, subscan, status, engine, fields)
+
 	# Send notification
 	send_notif(
 		msg,
 		scan_history_id,
 		subscan_id,
 		**opts)
+	
+def generate_inapp_notification(scan, subscan, status, engine, fields):
+	scan_type = "Subscan" if subscan else "Scan"
+	domain = subscan.domain.name if subscan else scan.domain.name
+	duration_msg = None
+	
+	if status == 'RUNNING':
+		title = f"{scan_type} Started"
+		description = f"{scan_type} has been initiated for {domain}"
+		icon = "mdi-play-circle-outline"
+		notif_status = 'info'
+	elif status == 'SUCCESS':
+		title = f"{scan_type} Completed"
+		description = f"{scan_type} was successful for {domain}"
+		icon = "mdi-check-circle-outline"
+		notif_status = 'success'
+		duration_msg = f'Completed in {fields.get("Duration")}'
+	elif status == 'ABORTED':
+		title = f"{scan_type} Aborted"
+		description = f"{scan_type} was aborted for {domain}"
+		icon = "mdi-alert-circle-outline"
+		notif_status = 'warning'
+		duration_msg = f'Aborted in {fields.get("Duration")}'
+	elif status == 'FAILED':
+		title = f"{scan_type} Failed"
+		description = f"{scan_type} has failed for {domain}"
+		icon = "mdi-close-circle-outline"
+		notif_status = 'error'
+		duration_msg = f'Failed in {fields.get("Duration")}'
+
+	description += f"<br>Engine: {engine.engine_name if engine else 'N/A'}"
+	slug = scan.domain.project.slug if scan else subscan.history.domain.project.slug
+	if duration_msg:
+		description += f"<br>{duration_msg}"
+
+	create_inappnotification(
+		title=title,
+		description=description,
+		notification_type='project',
+		project_slug=slug,
+		icon=icon,
+		is_read=False,
+		status=notif_status
+	)
 
 
 @app.task(name='send_task_notif', bind=False, queue='send_task_notif_queue')
diff --git a/web/reNgine/utilities.py b/web/reNgine/utilities.py
index a3101625f..8f84d50a1 100644
--- a/web/reNgine/utilities.py
+++ b/web/reNgine/utilities.py
@@ -159,3 +159,4 @@ def is_out_of_scope(self, subdomain):
 		if subdomain in self.plain_patterns:
 			return True
 		return any(pattern.search(subdomain) for pattern in self.regex_patterns)
+
diff --git a/web/static/custom/notification.js b/web/static/custom/notification.js
index bd019c84d..e4114e8ff 100644
--- a/web/static/custom/notification.js
+++ b/web/static/custom/notification.js
@@ -128,11 +128,11 @@ document.addEventListener("DOMContentLoaded", () => {
   const markAllReadBtn = document.querySelector("#mark-all-read-btn");
   markAllReadBtn.addEventListener("click", markAllAsRead);
 
-  // Update notifications every 30 seconds
+  // Update notifications every 15 seconds
   updateNotifications();
-  setInterval(updateNotifications, 30000);
+  setInterval(updateNotifications, 15000);
 
-  setInterval(updateTimes, 60000);
+  setInterval(updateTimes, 30000);
 });
 
 function getCurrentProjectSlug() {

From aa70a28fdac565a428ecb8392eb776daa0bcf3b0 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sat, 31 Aug 2024 11:51:32 +0530
Subject: [PATCH 125/211] make clickable notifications

---
 web/api/serializers.py                        | 14 ++++++++++-
 .../migrations/0007_auto_20240831_0608.py     | 23 +++++++++++++++++++
 web/dashboard/models.py                       |  2 ++
 web/reNgine/common_func.py                    | 10 ++++++--
 web/reNgine/tasks.py                          |  8 ++++++-
 web/static/custom/notification.js             | 21 +++++++++++------
 6 files changed, 67 insertions(+), 11 deletions(-)
 create mode 100644 web/dashboard/migrations/0007_auto_20240831_0608.py

diff --git a/web/api/serializers.py b/web/api/serializers.py
index e355cd9fc..1acbfacf6 100644
--- a/web/api/serializers.py
+++ b/web/api/serializers.py
@@ -13,7 +13,19 @@
 class InAppNotificationSerializer(serializers.ModelSerializer):
 	class Meta:
 		model = InAppNotification
-		fields = ['id', 'title', 'description', 'icon', 'is_read', 'created_at', 'notification_type', 'status', 'project']
+		fields = [
+			'id', 
+			'title', 
+			'description', 
+			'icon', 
+			'is_read', 
+			'created_at', 
+			'notification_type', 
+			'status',
+			'redirect_link',
+			'open_in_new_tab',
+			'project'
+		]
 		read_only_fields = ['id', 'created_at']
 
 	def get_project_name(self, obj):
diff --git a/web/dashboard/migrations/0007_auto_20240831_0608.py b/web/dashboard/migrations/0007_auto_20240831_0608.py
new file mode 100644
index 000000000..34acda1c6
--- /dev/null
+++ b/web/dashboard/migrations/0007_auto_20240831_0608.py
@@ -0,0 +1,23 @@
+# Generated by Django 3.2.23 on 2024-08-31 06:08
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dashboard', '0006_inappnotification_status'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='inappnotification',
+            name='open_in_new_tab',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='inappnotification',
+            name='redirect_link',
+            field=models.URLField(blank=True, max_length=255, null=True),
+        ),
+    ]
diff --git a/web/dashboard/models.py b/web/dashboard/models.py
index 4d764f08a..a43152b42 100644
--- a/web/dashboard/models.py
+++ b/web/dashboard/models.py
@@ -52,6 +52,8 @@ class InAppNotification(models.Model):
 	icon = models.CharField(max_length=50) # mdi icon class name
 	is_read = models.BooleanField(default=False)
 	created_at = models.DateTimeField(auto_now_add=True)
+	redirect_link = models.URLField(max_length=255, blank=True, null=True)
+	open_in_new_tab = models.BooleanField(default=False)
 
 	class Meta:
 		ordering = ['-created_at']
diff --git a/web/reNgine/common_func.py b/web/reNgine/common_func.py
index 2007f2f3b..ce50b0e5b 100644
--- a/web/reNgine/common_func.py
+++ b/web/reNgine/common_func.py
@@ -1558,7 +1558,9 @@ def create_inappnotification(
 		project_slug=None,
 		icon="mdi-bell",
 		is_read=False,
-		status='info'
+		status='info',
+		redirect_link=None,
+		open_in_new_tab=False
 ):
 	"""
 		This function will create an inapp notification
@@ -1575,6 +1577,8 @@ def create_inappnotification(
 			icon: str: Icon of the notification, only use mdi icons
 			is_read: bool: Whether the notification is read or not, default is False
 			status: str: Status of the notification (success, info, warning, error), default is info
+			redirect_link: str: Link to redirect when notification is clicked
+			open_in_new_tab: bool: Whether to open the redirect link in a new tab, default is False
 
 		Returns:
 			ValueError: if error
@@ -1603,7 +1607,9 @@ def create_inappnotification(
 		project=project,
 		icon=icon,
 		is_read=is_read,
-		status=status
+		status=status,
+		redirect_link=redirect_link,
+		open_in_new_tab=open_in_new_tab
 	)
 	notification.save()
 	return notification
\ No newline at end of file
diff --git a/web/reNgine/tasks.py b/web/reNgine/tasks.py
index fe1008b94..81c328f7f 100644
--- a/web/reNgine/tasks.py
+++ b/web/reNgine/tasks.py
@@ -3112,6 +3112,7 @@ def generate_inapp_notification(scan, subscan, status, engine, fields):
 	scan_type = "Subscan" if subscan else "Scan"
 	domain = subscan.domain.name if subscan else scan.domain.name
 	duration_msg = None
+	redirect_link = None
 	
 	if status == 'RUNNING':
 		title = f"{scan_type} Started"
@@ -3142,6 +3143,9 @@ def generate_inapp_notification(scan, subscan, status, engine, fields):
 	if duration_msg:
 		description += f"<br>{duration_msg}"
 
+	if status != 'RUNNING':
+		redirect_link = f"/scan/{slug}/detail/{scan.id}" if scan else None
+
 	create_inappnotification(
 		title=title,
 		description=description,
@@ -3149,7 +3153,9 @@ def generate_inapp_notification(scan, subscan, status, engine, fields):
 		project_slug=slug,
 		icon=icon,
 		is_read=False,
-		status=notif_status
+		status=notif_status,
+		redirect_link=redirect_link,
+		open_in_new_tab=False
 	)
 
 
diff --git a/web/static/custom/notification.js b/web/static/custom/notification.js
index e4114e8ff..1e9a27d1c 100644
--- a/web/static/custom/notification.js
+++ b/web/static/custom/notification.js
@@ -1,8 +1,5 @@
-// notifications.js
 // all the functions and event listeners for the notification panel
 
-// notifications.js
-
 function updateNotifications() {
   let api_url = "/api/notifications/";
   const currentProjectSlug = getCurrentProjectSlug();
@@ -55,9 +52,9 @@ function updateNotifications() {
                         )}</small>
                     </div>
                 `;
-          notificationItem.addEventListener("click", () =>
-            notificationAction(notification.id)
-          );
+          notificationItem.addEventListener("click", (event) => {
+            notificationAction(notification.id, notification.redirect_link, notification.open_in_new_tab);
+          });
           notificationPanel.appendChild(notificationItem);
         });
       }
@@ -87,7 +84,7 @@ function updateUnreadCount() {
     });
 }
 
-function notificationAction(notificationId) {
+function notificationAction(notificationId, redirectLink, openInNewTab) {
   // depending on notification we may also need to redirect to a specific page
   // for example if the notification is related to scan, we may take to scan detail page
 
@@ -100,6 +97,16 @@ function notificationAction(notificationId) {
     },
   }).then(() => {
     updateNotifications();
+
+    // this is where we handle all the notification actions such as redirecting to a specific page
+    if (redirectLink) {
+      if (openInNewTab) {
+        window.open(redirectLink, '_blank');
+      } else {
+        window.location.href = redirectLink;
+      }
+    }
+
   });
 }
 

From 7752f0abb1f5163634f0beadc7b04ed026c8f5a6 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sat, 31 Aug 2024 12:05:32 +0530
Subject: [PATCH 126/211] show snackbar when notification arrives

---
 web/static/custom/notification.js | 52 +++++++++++++++++++++++++++++--
 1 file changed, 49 insertions(+), 3 deletions(-)

diff --git a/web/static/custom/notification.js b/web/static/custom/notification.js
index 1e9a27d1c..1c6e484bc 100644
--- a/web/static/custom/notification.js
+++ b/web/static/custom/notification.js
@@ -1,5 +1,9 @@
 // all the functions and event listeners for the notification panel
 
+// this is to check and compare the last notification id with the current notification id
+let lastNotificationId = null;
+let isInitialLoad = true;
+
 function updateNotifications() {
   let api_url = "/api/notifications/";
   const currentProjectSlug = getCurrentProjectSlug();
@@ -29,6 +33,12 @@ function updateNotifications() {
         `;
         notificationPanel.appendChild(noNotificationsMessage);
       } else {
+        // decisive part to show the Snackbar
+        if (!isInitialLoad && data[0].id !== lastNotificationId) {
+          showNotificationSnackbar(data[0]);
+        }
+        lastNotificationId = data[0].id;
+
         data.forEach((notification) => {
           const notificationItem = document.createElement("div");
           notificationItem.className = `notification-panel-item d-flex align-items-start p-3 ${
@@ -53,16 +63,53 @@ function updateNotifications() {
                     </div>
                 `;
           notificationItem.addEventListener("click", (event) => {
-            notificationAction(notification.id, notification.redirect_link, notification.open_in_new_tab);
+            notificationAction(
+              notification.id,
+              notification.redirect_link,
+              notification.open_in_new_tab
+            );
           });
           notificationPanel.appendChild(notificationItem);
         });
       }
 
       updateUnreadCount();
+
+      // set first load to false
+      isInitialLoad = false;
     });
 }
 
+function showNotificationSnackbar(notification) {
+  let backgroundColor, actionTextColor;
+
+  switch (notification.status) {
+    case "error":
+      backgroundColor = "#e7515a";
+      actionTextColor = "#fff";
+      break;
+    case "warning":
+      backgroundColor = "#e2a03f";
+      actionTextColor = "#fff";
+      break;
+    case "success":
+      backgroundColor = "#8dbf42";
+      actionTextColor = "#fff";
+      break;
+    default:
+      backgroundColor = "#2196f3";
+      actionTextColor = "#fff";
+  }
+
+  Snackbar.show({
+    text: `New notification: ${notification.title}`,
+    pos: "top-right",
+    actionTextColor: actionTextColor,
+    backgroundColor: backgroundColor,
+    duration: 2500,
+  });
+}
+
 function updateUnreadCount() {
   let api_url = "/api/notifications/unread_count/";
   const currentProjectSlug = getCurrentProjectSlug();
@@ -101,12 +148,11 @@ function notificationAction(notificationId, redirectLink, openInNewTab) {
     // this is where we handle all the notification actions such as redirecting to a specific page
     if (redirectLink) {
       if (openInNewTab) {
-        window.open(redirectLink, '_blank');
+        window.open(redirectLink, "_blank");
       } else {
         window.location.href = redirectLink;
       }
     }
-
   });
 }
 

From 61a28004db9d64af15af89fb09079d909b8e689b Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sat, 31 Aug 2024 12:15:38 +0530
Subject: [PATCH 127/211] Add notification when new update for reNgine is
 available

---
 web/api/views.py                       | 19 ++++++--
 web/templates/base/_items/top_bar.html | 66 +++++++++++++-------------
 2 files changed, 49 insertions(+), 36 deletions(-)

diff --git a/web/api/views.py b/web/api/views.py
index 99d4d3aa0..4508f97d2 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -988,7 +988,7 @@ def get(self, request):
 
 		# get current version_number
 		# remove quotes from current_version
-		current_version = RENGINE_CURRENT_VERSION
+		current_version = '1.9.1'
 
 		# for consistency remove v from both if exists
 		latest_version = re.search(r'v(\d+\.)?(\d+\.)?(\*|\d+)',
@@ -1009,8 +1009,21 @@ def get(self, request):
 		return_response['status'] = True
 		return_response['latest_version'] = latest_version
 		return_response['current_version'] = current_version
-		return_response['update_available'] = version.parse(current_version) < version.parse(latest_version)
-		if version.parse(current_version) < version.parse(latest_version):
+		is_version_update_available = version.parse(current_version) < version.parse(latest_version)
+
+		# if is_version_update_available then we should create inapp notification
+		create_inappnotification(
+			title='reNgine Update Available',
+			description=f'Update to version {latest_version} is available',
+			notification_type=SYSTEM_LEVEL_NOTIFICATION,
+			project_slug=None,
+			icon='mdi-update',
+			redirect_link='https://github.com/yogeshojha/rengine/releases',
+			open_in_new_tab=True
+		)
+
+		return_response['update_available'] = is_version_update_available
+		if is_version_update_available:
 			return_response['changelog'] = response[0]['body']
 
 		return Response(return_response)
diff --git a/web/templates/base/_items/top_bar.html b/web/templates/base/_items/top_bar.html
index e2fb1ab7b..8ebc1984a 100644
--- a/web/templates/base/_items/top_bar.html
+++ b/web/templates/base/_items/top_bar.html
@@ -112,39 +112,6 @@ <h5>Toolbox</h5>
           </div>
         </div>
       </li>
-      <li class="dropdown notification-list topbar-dropdown">
-        <a class="nav-link dropdown-toggle nav-user me-0 waves-effect waves-light" data-bs-toggle="dropdown" href="#" role="button" aria-haspopup="false" aria-expanded="false">
-          <svg id="Capa_1" enable-background="new 0 0 510 510" height="40" viewBox="0 0 510 510" width="40" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><linearGradient id="lg1"><stop offset="0" stop-color="#0b799d"/><stop offset="1" stop-color="#07485e"/></linearGradient><linearGradient id="SVGID_1_" gradientUnits="userSpaceOnUse" x1="255" x2="255" xlink:href="#lg1" y1="270.701" y2="34.898"/><linearGradient id="SVGID_2_" gradientUnits="userSpaceOnUse" x1="255" x2="255" y1="232.855" y2="144.039"><stop offset="0" stop-color="#07485e" stop-opacity="0"/><stop offset="1" stop-color="#03232e"/></linearGradient><linearGradient id="SVGID_3_" gradientUnits="userSpaceOnUse" x1="253.079" x2="253.079" y1="220.239" y2="122.466"><stop offset="0" stop-color="#ffdecf"/><stop offset="1" stop-color="#faa68e"/></linearGradient><linearGradient id="SVGID_4_" gradientUnits="userSpaceOnUse" x1="253.079" x2="253.079" y1="149.591" y2="278.824"><stop offset="0" stop-color="#faa68e" stop-opacity="0"/><stop offset="1" stop-color="#c9766e"/></linearGradient><linearGradient id="SVGID_5_" gradientUnits="userSpaceOnUse" x1="255" x2="255" y1="108.776" y2="273.787"><stop offset="0" stop-color="#07485e" stop-opacity="0"/><stop offset=".1225" stop-color="#0d5066" stop-opacity=".123"/><stop offset=".3102" stop-color="#1c657b" stop-opacity=".31"/><stop offset=".5394" stop-color="#35889e" stop-opacity=".539"/><stop offset=".799" stop-color="#58b8ce" stop-opacity=".799"/><stop offset="1" stop-color="#76e2f8"/></linearGradient><linearGradient id="lg2"><stop offset="0" stop-color="#b5dbff"/><stop offset="1" stop-color="#48b2e3"/></linearGradient><linearGradient id="SVGID_6_" gradientUnits="userSpaceOnUse" x1="255" x2="255" xlink:href="#lg2" y1="450.488" y2="531.935"/><linearGradient id="lg3"><stop offset="0" stop-color="#b5dbff" stop-opacity="0"/><stop offset=".1734" stop-color="#8fc5e9" stop-opacity=".173"/><stop offset=".4541" stop-color="#56a4c8" stop-opacity=".454"/><stop offset=".6955" stop-color="#2d8db1" stop-opacity=".696"/><stop offset=".8853" stop-color="#147ea2" stop-opacity=".885"/><stop offset="1" stop-color="#0b799d"/></linearGradient><linearGradient id="SVGID_7_" gradientUnits="userSpaceOnUse" x1="250.996" x2="279.243" xlink:href="#lg3" y1="461.932" y2="571.662"/><linearGradient id="SVGID_8_" gradientUnits="userSpaceOnUse" x1="182.08" x2="420.502" xlink:href="#lg2" y1="285.084" y2="523.506"/><linearGradient id="SVGID_9_" gradientUnits="userSpaceOnUse" x1="245.58" x2="282.217" y1="348.585" y2="385.222"><stop offset="0" stop-color="#edf5ff"/><stop offset="1" stop-color="#d5e8fe"/></linearGradient><linearGradient id="SVGID_10_" gradientUnits="userSpaceOnUse" x1="255" x2="255" xlink:href="#lg3" y1="420.311" y2="484.371"/><linearGradient id="SVGID_11_" gradientUnits="userSpaceOnUse" x1="152.583" x2="152.583" xlink:href="#lg2" y1="468.999" y2="485.678"/><linearGradient id="SVGID_12_" gradientUnits="userSpaceOnUse" x1="357.417" x2="357.417" xlink:href="#lg2" y1="468.999" y2="485.678"/><linearGradient id="SVGID_13_" gradientUnits="userSpaceOnUse" x1="202.485" x2="374.19" xlink:href="#lg1" y1="107.494" y2="279.199"/><g><ellipse cx="255" cy="216.429" fill="url(#SVGID_1_)" rx="155.929" ry="75.466"/><ellipse cx="255" cy="196.858" fill="url(#SVGID_2_)" rx="143.65" ry="95.038"/><g><path d="m253.079 265.238c-51.495 0-93.239-41.744-93.239-93.239v-69.456c0-51.494 41.744-93.239 93.239-93.239 51.494 0 93.239 41.745 93.239 93.239v69.457c0 51.494-41.744 93.238-93.239 93.238z" fill="url(#SVGID_3_)"/><path d="m258.376 205.338h-10.594c-8.49 0-15.104-7.364-14.195-15.804l5.539-51.487h27.907l5.539 51.487c.908 8.44-5.706 15.804-14.196 15.804z" fill="url(#SVGID_4_)"/></g><path d="m401.352 212.838c.02.22.048.439.065.659-2.978-118.668-67.39-213.497-146.417-213.497s-143.439 94.829-146.417 213.497c.016-.22.045-.439.065-.659-.108 1.19-.169 2.387-.169 3.591 0 41.679 65.6 75.466 146.521 75.466s146.521-33.787 146.521-75.466c0-1.204-.061-2.4-.169-3.591z" fill="url(#SVGID_5_)"/><g><g><g><path d="m53.329 461.66v13.248c0 6.13 2.74 11.939 7.47 15.838l16.396 13.516c4.5 3.71 10.151 5.738 15.983 5.738h323.643c5.832 0 11.483-2.029 15.983-5.738l16.396-13.516c4.73-3.899 7.47-9.708 7.47-15.838v-13.248c0-9.656-7.827-17.483-17.483-17.483h-368.375c-9.656 0-17.483 7.827-17.483 17.483z" fill="url(#SVGID_6_)"/><path d="m53.443 477.037c.556 5.33 3.177 10.265 7.356 13.709l16.396 13.516c4.5 3.71 10.151 5.738 15.983 5.738h323.643c5.832 0 11.483-2.029 15.983-5.738l16.396-13.516c4.178-3.444 6.8-8.38 7.356-13.709z" fill="url(#SVGID_7_)"/></g></g><g><path d="m422.175 471.759h-334.35c-12.937 0-23.424-10.487-23.424-23.424v-180.661c0-12.937 10.487-23.424 23.424-23.424h334.351c12.937 0 23.424 10.487 23.424 23.424v180.661c-.001 12.936-10.488 23.424-23.425 23.424z" fill="url(#SVGID_8_)"/><circle cx="255" cy="358.004" fill="url(#SVGID_9_)" r="35.66"/><path d="m64.401 388.225v60.862c0 12.521 10.835 22.672 24.201 22.672h332.796c13.366 0 24.201-10.15 24.201-22.672v-60.862z" fill="url(#SVGID_10_)"/></g><g><path d="m166.423 482.394h-27.68c-5.023 0-9.095-4.072-9.095-9.095v-3.559c0-5.023 4.072-9.095 9.095-9.095h27.68c5.023 0 9.095 4.072 9.095 9.095v3.559c0 5.023-4.072 9.095-9.095 9.095z" fill="url(#SVGID_11_)"/><path d="m371.257 482.394h-27.68c-5.023 0-9.095-4.072-9.095-9.095v-3.559c0-5.023 4.072-9.095 9.095-9.095h27.68c5.023 0 9.095 4.072 9.095 9.095v3.559c0 5.023-4.071 9.095-9.095 9.095z" fill="url(#SVGID_12_)"/></g></g><path d="m410.818 213.497c-3.189-40.32-71.727-72.535-155.818-72.535s-152.629 32.215-155.818 72.535c3.169-118.668 71.717-213.497 155.818-213.497s152.649 94.829 155.818 213.497z" fill="url(#SVGID_13_)"/></g></svg>
-          <span class="pro-user-name ms-1">
-            {{user.get_username}} <span class="badge bg-danger ms-1 me-1 rengine_update_available">1</span><i class="mdi mdi-chevron-down"></i>
-          </span>
-        </a>
-        <div class="dropdown-menu dropdown-menu-end profile-dropdown ">
-          <div class="dropdown-header noti-title">
-            <h6 class="text-overflow m-0">Welcome {{user.get_username}}!</h6>
-          </div>
-          <a href="{% url 'profile' current_project.slug %}" class="dropdown-item notify-item">
-            <i class="fe-user"></i>
-            <span>My Account</span>
-          </a>
-          {% if user|can:'modify_system_configurations' %}
-          <a href="{% url 'admin_interface' current_project.slug %}" class="dropdown-item notify-item">
-            <i class="fe-settings"></i>
-            <span>Admin Settings</span>
-          </a>
-          <div class="dropdown-divider"></div>
-          <a href="javascript: check_rengine_update()" class="dropdown-item notify-item">
-            <i class="fe-refresh-cw"></i>
-            <span>Check reNgine Update <small class="text-danger rengine_update_available"></br>Update available!</small></span>
-          </a>
-          {% endif %}
-          <div class="dropdown-divider"></div>
-          <a href="{% url 'logout' %}" class="dropdown-item notify-item">
-            <i class="fe-log-out"></i>
-            <span>Logout</span>
-          </a>
-        </div>
-      </li>
       <li class="dropdown">
         <a class="nav-link dropdown-toggle waves-effect waves-light" href="#">
           <div class="">
@@ -188,6 +155,39 @@ <h6 class="m-0">Notifications</h6>
           <span class="badge bg-danger noti-icon-badge badge-notif-count"><span id="current_scan_counter">0</span></span>
         </a>
       </li>
+      <li class="dropdown notification-list topbar-dropdown">
+        <a class="nav-link dropdown-toggle nav-user me-0 waves-effect waves-light" data-bs-toggle="dropdown" href="#" role="button" aria-haspopup="false" aria-expanded="false">
+          <svg id="Capa_1" enable-background="new 0 0 510 510" height="40" viewBox="0 0 510 510" width="40" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><linearGradient id="lg1"><stop offset="0" stop-color="#0b799d"/><stop offset="1" stop-color="#07485e"/></linearGradient><linearGradient id="SVGID_1_" gradientUnits="userSpaceOnUse" x1="255" x2="255" xlink:href="#lg1" y1="270.701" y2="34.898"/><linearGradient id="SVGID_2_" gradientUnits="userSpaceOnUse" x1="255" x2="255" y1="232.855" y2="144.039"><stop offset="0" stop-color="#07485e" stop-opacity="0"/><stop offset="1" stop-color="#03232e"/></linearGradient><linearGradient id="SVGID_3_" gradientUnits="userSpaceOnUse" x1="253.079" x2="253.079" y1="220.239" y2="122.466"><stop offset="0" stop-color="#ffdecf"/><stop offset="1" stop-color="#faa68e"/></linearGradient><linearGradient id="SVGID_4_" gradientUnits="userSpaceOnUse" x1="253.079" x2="253.079" y1="149.591" y2="278.824"><stop offset="0" stop-color="#faa68e" stop-opacity="0"/><stop offset="1" stop-color="#c9766e"/></linearGradient><linearGradient id="SVGID_5_" gradientUnits="userSpaceOnUse" x1="255" x2="255" y1="108.776" y2="273.787"><stop offset="0" stop-color="#07485e" stop-opacity="0"/><stop offset=".1225" stop-color="#0d5066" stop-opacity=".123"/><stop offset=".3102" stop-color="#1c657b" stop-opacity=".31"/><stop offset=".5394" stop-color="#35889e" stop-opacity=".539"/><stop offset=".799" stop-color="#58b8ce" stop-opacity=".799"/><stop offset="1" stop-color="#76e2f8"/></linearGradient><linearGradient id="lg2"><stop offset="0" stop-color="#b5dbff"/><stop offset="1" stop-color="#48b2e3"/></linearGradient><linearGradient id="SVGID_6_" gradientUnits="userSpaceOnUse" x1="255" x2="255" xlink:href="#lg2" y1="450.488" y2="531.935"/><linearGradient id="lg3"><stop offset="0" stop-color="#b5dbff" stop-opacity="0"/><stop offset=".1734" stop-color="#8fc5e9" stop-opacity=".173"/><stop offset=".4541" stop-color="#56a4c8" stop-opacity=".454"/><stop offset=".6955" stop-color="#2d8db1" stop-opacity=".696"/><stop offset=".8853" stop-color="#147ea2" stop-opacity=".885"/><stop offset="1" stop-color="#0b799d"/></linearGradient><linearGradient id="SVGID_7_" gradientUnits="userSpaceOnUse" x1="250.996" x2="279.243" xlink:href="#lg3" y1="461.932" y2="571.662"/><linearGradient id="SVGID_8_" gradientUnits="userSpaceOnUse" x1="182.08" x2="420.502" xlink:href="#lg2" y1="285.084" y2="523.506"/><linearGradient id="SVGID_9_" gradientUnits="userSpaceOnUse" x1="245.58" x2="282.217" y1="348.585" y2="385.222"><stop offset="0" stop-color="#edf5ff"/><stop offset="1" stop-color="#d5e8fe"/></linearGradient><linearGradient id="SVGID_10_" gradientUnits="userSpaceOnUse" x1="255" x2="255" xlink:href="#lg3" y1="420.311" y2="484.371"/><linearGradient id="SVGID_11_" gradientUnits="userSpaceOnUse" x1="152.583" x2="152.583" xlink:href="#lg2" y1="468.999" y2="485.678"/><linearGradient id="SVGID_12_" gradientUnits="userSpaceOnUse" x1="357.417" x2="357.417" xlink:href="#lg2" y1="468.999" y2="485.678"/><linearGradient id="SVGID_13_" gradientUnits="userSpaceOnUse" x1="202.485" x2="374.19" xlink:href="#lg1" y1="107.494" y2="279.199"/><g><ellipse cx="255" cy="216.429" fill="url(#SVGID_1_)" rx="155.929" ry="75.466"/><ellipse cx="255" cy="196.858" fill="url(#SVGID_2_)" rx="143.65" ry="95.038"/><g><path d="m253.079 265.238c-51.495 0-93.239-41.744-93.239-93.239v-69.456c0-51.494 41.744-93.239 93.239-93.239 51.494 0 93.239 41.745 93.239 93.239v69.457c0 51.494-41.744 93.238-93.239 93.238z" fill="url(#SVGID_3_)"/><path d="m258.376 205.338h-10.594c-8.49 0-15.104-7.364-14.195-15.804l5.539-51.487h27.907l5.539 51.487c.908 8.44-5.706 15.804-14.196 15.804z" fill="url(#SVGID_4_)"/></g><path d="m401.352 212.838c.02.22.048.439.065.659-2.978-118.668-67.39-213.497-146.417-213.497s-143.439 94.829-146.417 213.497c.016-.22.045-.439.065-.659-.108 1.19-.169 2.387-.169 3.591 0 41.679 65.6 75.466 146.521 75.466s146.521-33.787 146.521-75.466c0-1.204-.061-2.4-.169-3.591z" fill="url(#SVGID_5_)"/><g><g><g><path d="m53.329 461.66v13.248c0 6.13 2.74 11.939 7.47 15.838l16.396 13.516c4.5 3.71 10.151 5.738 15.983 5.738h323.643c5.832 0 11.483-2.029 15.983-5.738l16.396-13.516c4.73-3.899 7.47-9.708 7.47-15.838v-13.248c0-9.656-7.827-17.483-17.483-17.483h-368.375c-9.656 0-17.483 7.827-17.483 17.483z" fill="url(#SVGID_6_)"/><path d="m53.443 477.037c.556 5.33 3.177 10.265 7.356 13.709l16.396 13.516c4.5 3.71 10.151 5.738 15.983 5.738h323.643c5.832 0 11.483-2.029 15.983-5.738l16.396-13.516c4.178-3.444 6.8-8.38 7.356-13.709z" fill="url(#SVGID_7_)"/></g></g><g><path d="m422.175 471.759h-334.35c-12.937 0-23.424-10.487-23.424-23.424v-180.661c0-12.937 10.487-23.424 23.424-23.424h334.351c12.937 0 23.424 10.487 23.424 23.424v180.661c-.001 12.936-10.488 23.424-23.425 23.424z" fill="url(#SVGID_8_)"/><circle cx="255" cy="358.004" fill="url(#SVGID_9_)" r="35.66"/><path d="m64.401 388.225v60.862c0 12.521 10.835 22.672 24.201 22.672h332.796c13.366 0 24.201-10.15 24.201-22.672v-60.862z" fill="url(#SVGID_10_)"/></g><g><path d="m166.423 482.394h-27.68c-5.023 0-9.095-4.072-9.095-9.095v-3.559c0-5.023 4.072-9.095 9.095-9.095h27.68c5.023 0 9.095 4.072 9.095 9.095v3.559c0 5.023-4.072 9.095-9.095 9.095z" fill="url(#SVGID_11_)"/><path d="m371.257 482.394h-27.68c-5.023 0-9.095-4.072-9.095-9.095v-3.559c0-5.023 4.072-9.095 9.095-9.095h27.68c5.023 0 9.095 4.072 9.095 9.095v3.559c0 5.023-4.071 9.095-9.095 9.095z" fill="url(#SVGID_12_)"/></g></g><path d="m410.818 213.497c-3.189-40.32-71.727-72.535-155.818-72.535s-152.629 32.215-155.818 72.535c3.169-118.668 71.717-213.497 155.818-213.497s152.649 94.829 155.818 213.497z" fill="url(#SVGID_13_)"/></g></svg>
+          <span class="pro-user-name ms-1">
+            {{user.get_username}}<i class="mdi mdi-chevron-down"></i>
+          </span>
+        </a>
+        <div class="dropdown-menu dropdown-menu-end profile-dropdown ">
+          <div class="dropdown-header noti-title">
+            <h6 class="text-overflow m-0">Welcome {{user.get_username}}!</h6>
+          </div>
+          <a href="{% url 'profile' current_project.slug %}" class="dropdown-item notify-item">
+            <i class="fe-user"></i>
+            <span>My Account</span>
+          </a>
+          {% if user|can:'modify_system_configurations' %}
+          <a href="{% url 'admin_interface' current_project.slug %}" class="dropdown-item notify-item">
+            <i class="fe-settings"></i>
+            <span>Admin Settings</span>
+          </a>
+          <div class="dropdown-divider"></div>
+          <a href="javascript: check_rengine_update()" class="dropdown-item notify-item">
+            <i class="fe-refresh-cw"></i>
+            <span>Check reNgine Update <small class="text-danger rengine_update_available"></br>Update available!</small></span>
+          </a>
+          {% endif %}
+          <div class="dropdown-divider"></div>
+          <a href="{% url 'logout' %}" class="dropdown-item notify-item">
+            <i class="fe-log-out"></i>
+            <span>Logout</span>
+          </a>
+        </div>
+      </li>
     </ul>
     <div class="logo-box">
       <a href="{% url 'dashboardIndex' current_project.slug %}" class="logo logo-dark text-center">

From 39cee3138446a4a51ad691d223e3f0e23e7854c0 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sat, 31 Aug 2024 12:41:07 +0530
Subject: [PATCH 128/211] fix update changelog screen for reNgine

---
 web/api/views.py             |  2 +-
 web/static/custom/custom.js  | 25 +++++++++++
 web/templates/base/base.html | 85 ++++++++++++++++++++++++++++++------
 3 files changed, 97 insertions(+), 15 deletions(-)

diff --git a/web/api/views.py b/web/api/views.py
index 4508f97d2..740967753 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -988,7 +988,7 @@ def get(self, request):
 
 		# get current version_number
 		# remove quotes from current_version
-		current_version = '1.9.1'
+		current_version = RENGINE_CURRENT_VERSION
 
 		# for consistency remove v from both if exists
 		latest_version = re.search(r'v(\d+\.)?(\d+\.)?(\*|\d+)',
diff --git a/web/static/custom/custom.js b/web/static/custom/custom.js
index 570d72332..617fb4adb 100644
--- a/web/static/custom/custom.js
+++ b/web/static/custom/custom.js
@@ -1,3 +1,26 @@
+function loadScript(src) {
+	// helper function to load a script asynchronously
+	return new Promise((resolve, reject) => {
+		const script = document.createElement('script');
+		script.src = src;
+		script.onload = resolve;
+		script.onerror = reject;
+		document.head.appendChild(script);
+	});
+}
+
+function loadCSS(href) {
+	// helper function to load a css asynchronously
+	return new Promise((resolve, reject) => {
+		const link = document.createElement('link');
+		link.rel = 'stylesheet';
+		link.href = href;
+		link.onload = resolve;
+		link.onerror = reject;
+		document.head.appendChild(link);
+	});
+}
+
 function getCurrentProjectSlug(){
 	return document.querySelector('input[name="current_project"]').value;
 }
@@ -3377,3 +3400,5 @@ function show_scan_configuration(starting_path, out_of_scope_subdomains, exclude
 	$('#modal-content').append(content);
 	$('#modal_dialog').modal('show');
 }
+
+
diff --git a/web/templates/base/base.html b/web/templates/base/base.html
index 0fb2022cf..af82b9d3d 100644
--- a/web/templates/base/base.html
+++ b/web/templates/base/base.html
@@ -168,7 +168,8 @@ <h4 class="page-title">{% block page_title %}{% endblock page_title %}</h4>
 
       function check_rengine_update(){
         if (window.localStorage.getItem('update_available') && window.localStorage.getItem('update_available') === 'true') {
-          update_available();
+          // redirect to github release page
+          window.open("https://github.com/yogeshojha/rengine/releases","_blank");
         }
         else{
           Swal.fire({
@@ -208,19 +209,75 @@ <h4 class="page-title">{% block page_title %}{% endblock page_title %}</h4>
         }
       }
 
-      function update_available(latest_version_number, changelog){
-        Swal.fire({
-          title: 'Update Available!',
-          html: `<h5>reNgine's new update ${latest_version_number} is available, please follow the update instructions.</h5><pre>${changelog}</pre>`,
-          icon: 'info',
-          confirmButtonText: 'Update Instructions',
-          showCancelButton: true,
-          cancelButtonText: 'Dismiss',
-          width: '60%',
-        }).then((result) => {
-          if (result.isConfirmed) {
-            window.open("https://www.rengine.wiki/update","_blank")
-          }
+      function update_available(latest_version_number, changelog) {
+        // Ensure marked and highlight.js are loaded, to render the changelog
+        Promise.all([
+          loadScript('https://cdn.jsdelivr.net/npm/marked/marked.min.js'),
+          loadScript('https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/highlight.min.js'),
+          loadCSS('https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/styles/github.min.css')
+        ]).then(() => {
+          marked.setOptions({
+            highlight: function(code, lang) {
+              const language = hljs.getLanguage(lang) ? lang : 'plaintext';
+              return hljs.highlight(code, { language }).value;
+            },
+            langPrefix: 'hljs language-'
+          });
+
+          const parsedChangelog = marked.parse(changelog);
+
+          const changelogStyle = `
+            <style>
+              .changelog-content {
+                background-color: #f8f9fa;
+                border-radius: 8px;
+                padding: 20px;
+                font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
+                text-align: left;
+              }
+              .changelog-content h1, .changelog-content h2 {
+                border-bottom: 1px solid #eaecef;
+                padding-bottom: 0.3em;
+              }
+              .changelog-content pre {
+                background-color: #f6f8fa;
+                border-radius: 6px;
+                padding: 16px;
+              }
+              .changelog-content code {
+                background-color: rgba(27,31,35,.05);
+                border-radius: 3px;
+                font-size: 85%;
+                margin: 0;
+                padding: .2em .4em;
+              }
+            </style>
+          `;
+
+          Swal.fire({
+            title: 'Update Available!',
+            html: `
+              ${changelogStyle}
+              <h5>reNgine's new update ${latest_version_number} is available, please follow the update instructions.</h5>
+              <div class="changelog-content" style="max-height: 500px;" data-simplebar>
+                ${parsedChangelog}
+              </div>
+            `,
+            icon: 'info',
+            confirmButtonText: 'Update Instructions',
+            showCancelButton: true,
+            cancelButtonText: 'Dismiss',
+            width: '70%',
+            didOpen: () => {
+              document.querySelectorAll('pre code').forEach((block) => {
+                hljs.highlightBlock(block);
+              });
+            }
+          }).then((result) => {
+            if (result.isConfirmed) {
+              window.open("https://www.rengine.wiki/update","_blank");
+            }
+          });
         });
       }
 

From 17d995220cc6b880965dc25cb164539c999c3ac7 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sat, 31 Aug 2024 12:51:27 +0530
Subject: [PATCH 129/211] fix sidebar counter hide by default

---
 web/static/custom/right_sidebar.js     | 2 +-
 web/templates/base/_items/top_bar.html | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/web/static/custom/right_sidebar.js b/web/static/custom/right_sidebar.js
index 8ce02d39e..aefdafc2e 100644
--- a/web/static/custom/right_sidebar.js
+++ b/web/static/custom/right_sidebar.js
@@ -25,8 +25,8 @@ function getScanStatusSidebar(project, reload) {
     else{
       $('#upcoming_scans').html(`<div class="alert alert-info" role="alert">No upcoming Scans.</div>`);
     }
-
     if (scans['scanning'].length > 0){
+      // remove display none for current_scan_counter
       $('#current_scan_counter').html(scans['scanning'].length);
       $('#current_scan_count').html(`${scans['scanning'].length} Scans Currently Running`)
       for (var scan in scans['scanning']) {
diff --git a/web/templates/base/_items/top_bar.html b/web/templates/base/_items/top_bar.html
index 8ebc1984a..6e73f277e 100644
--- a/web/templates/base/_items/top_bar.html
+++ b/web/templates/base/_items/top_bar.html
@@ -152,7 +152,7 @@ <h6 class="m-0">Notifications</h6>
       <li class="dropdown top-activity-counter">
         <a class="nav-link dropdown-toggle waves-effect waves-light right-bar-toggle" href="javascript:getScanStatusSidebar(project='{{current_project.slug}}', reload=false)">
           <i class="fe-activity noti-icon"></i>
-          <span class="badge bg-danger noti-icon-badge badge-notif-count"><span id="current_scan_counter">0</span></span>
+          <span class="badge bg-danger noti-icon-badge badge-notif-count" id="current_scan_counter"></span>
         </a>
       </li>
       <li class="dropdown notification-list topbar-dropdown">

From 17179e170850abc423f3f4323e0da535d2d653f2 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sat, 31 Aug 2024 17:10:37 +0530
Subject: [PATCH 130/211] seperate update related js functions to a file called
 update.js, show popup about latest releases

---
 web/static/custom/update.js  | 201 +++++++++++++++++++++++++++++++++++
 web/templates/base/base.html | 156 +--------------------------
 2 files changed, 205 insertions(+), 152 deletions(-)
 create mode 100644 web/static/custom/update.js

diff --git a/web/static/custom/update.js b/web/static/custom/update.js
new file mode 100644
index 000000000..ee03ac99a
--- /dev/null
+++ b/web/static/custom/update.js
@@ -0,0 +1,201 @@
+// all the functions related to reNgine update, including showing up modal, notification etc will be here
+
+// Source : https://stackoverflow.com/a/32428268
+function checkDailyUpdate() {
+  if (!hasOneDayPassed()) return false;
+  console.log("Checking Daily Update...");
+  fetch("/api/rengine/update/")
+    .then((response) => response.json())
+    .then(function (response) {
+      if (response["update_available"]) {
+        window.localStorage.setItem("update_available", true);
+        $(".rengine_update_available").show();
+        update_available(response["latest_version"], response["changelog"]);
+      } else {
+        window.localStorage.setItem("update_available", false);
+        $(".rengine_update_available").hide();
+      }
+    });
+}
+
+function check_rengine_update() {
+  if (
+    window.localStorage.getItem("update_available") &&
+    window.localStorage.getItem("update_available") === "true"
+  ) {
+    // redirect to github release page
+    window.open("https://github.com/yogeshojha/rengine/releases", "_blank");
+  } else {
+    Swal.fire({
+      title: "Checking reNgine latest version...",
+      allowOutsideClick: false,
+    });
+    swal.showLoading();
+    fetch("/api/rengine/update/")
+      .then((response) => response.json())
+      .then(function (response) {
+        console.log(response);
+        swal.close();
+        if (response["description"] == "RateLimited") {
+          Swal.fire({
+            title: "Oops!",
+            text: "Github rate limit exceeded, please try again in an hour!",
+            icon: "error",
+          });
+          window.localStorage.setItem("update_available", false);
+          $(".rengine_update_available").hide();
+        } else if (response["update_available"]) {
+          window.localStorage.setItem("update_available", true);
+          $(".rengine_update_available").show();
+          update_available(response["latest_version"], response["changelog"]);
+        } else {
+          window.localStorage.setItem("update_available", false);
+          $(".rengine_update_available").hide();
+          Swal.fire({
+            title: "Update not available",
+            text: "You are running the latest version of reNgine!",
+            icon: "info",
+          });
+        }
+      });
+  }
+}
+
+function update_available(latest_version_number, changelog) {
+  // Ensure marked and highlight.js are loaded, to render the changelog
+  Promise.all([
+    loadScript("https://cdn.jsdelivr.net/npm/marked/marked.min.js"),
+    loadScript(
+      "https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/highlight.min.js"
+    ),
+    loadCSS(
+      "https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/styles/github.min.css"
+    ),
+  ]).then(() => {
+    marked.setOptions({
+      highlight: function (code, lang) {
+        const language = hljs.getLanguage(lang) ? lang : "plaintext";
+        return hljs.highlight(code, { language }).value;
+      },
+      langPrefix: "hljs language-",
+    });
+
+    const parsedChangelog = marked.parse(changelog);
+
+    const changelogStyle = `
+        <style>
+          .changelog-content {
+            background-color: #f8f9fa;
+            border-radius: 8px;
+            padding: 20px;
+            font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
+            text-align: left;
+          }
+          .changelog-content h1, .changelog-content h2 {
+            border-bottom: 1px solid #eaecef;
+            padding-bottom: 0.3em;
+          }
+          .changelog-content pre {
+            background-color: #f6f8fa;
+            border-radius: 6px;
+            padding: 16px;
+          }
+          .changelog-content code {
+            background-color: rgba(27,31,35,.05);
+            border-radius: 3px;
+            font-size: 85%;
+            margin: 0;
+            padding: .2em .4em;
+          }
+        </style>
+      `;
+
+    Swal.fire({
+      title: "Update Available!",
+      html: `
+          ${changelogStyle}
+          <h5>reNgine's new update ${latest_version_number} is available, please follow the update instructions.</h5>
+          <div class="changelog-content" style="max-height: 500px;" data-simplebar>
+            ${parsedChangelog}
+          </div>
+        `,
+      icon: "info",
+      confirmButtonText: "Update Instructions",
+      showCancelButton: true,
+      cancelButtonText: "Dismiss",
+      width: "70%",
+      didOpen: () => {
+        document.querySelectorAll("pre code").forEach((block) => {
+          hljs.highlightBlock(block);
+        });
+      },
+    }).then((result) => {
+      if (result.isConfirmed) {
+        window.open("https://www.rengine.wiki/update", "_blank");
+      }
+    });
+  });
+}
+
+// Source: https://stackoverflow.com/a/32428268
+function hasOneDayPassed() {
+  var date = new Date().toLocaleDateString();
+  if (window.localStorage.getItem("last_update_checked") == date) {
+    return false;
+  }
+  window.localStorage.setItem("last_update_checked", date);
+  return true;
+}
+
+function showAfterUpdatePopup() {
+  // this function will show a popup after the update is done to tell user about the new features
+  const currentVersion = document.body.getAttribute("data-rengine-version");
+  const lastShownVersion = localStorage.getItem("lastShownUpdateVersion");
+
+  if (lastShownVersion !== currentVersion) {
+    // const isFirstRun = lastShownVersion === null;
+    // we will use this once videos are made for features
+    // Swal.fire({
+    //   title: isFirstRun ? "Welcome to reNgine!" : "Thanks for updating!",
+    //   text: `Would you like to see ${
+    //     isFirstRun ? "the features" : "what's changed"
+    //   } in this version?`,
+    //   icon: "info",
+    //   showCancelButton: true,
+    //   confirmButtonText: "Yes, show me",
+    //   cancelButtonText: "No, thanks",
+    // }).then((result) => {
+    //   if (result.isConfirmed) {
+    //     window.open("https://rengine.wiki/changelog/latest", "_blank");
+    //   }
+    //   localStorage.setItem("lastShownUpdateVersion", currentVersion);
+    // });
+    Swal.fire({
+      title: "Thanks for using reNgine!",
+      text: `Would you like to see what's new in this version?`,
+      icon: "info",
+      showCancelButton: true,
+      confirmButtonText: "Yes, show me",
+      cancelButtonText: "No, thanks",
+    }).then((result) => {
+      if (result.isConfirmed) {
+        window.open(`https://rengine.wiki/whatisnew/${currentVersion}`, "_blank");
+      }
+      localStorage.setItem("lastShownUpdateVersion", currentVersion);
+    });
+  }
+}
+
+$(document).ready(function () {
+    // show popup after update
+    showAfterUpdatePopup();
+  // hide badge if update does not exists
+  if (
+    window.localStorage.getItem("update_available") &&
+    window.localStorage.getItem("update_available") === "true"
+  ) {
+    $(".rengine_update_available").show();
+  } else {
+    $(".rengine_update_available").hide();
+  }
+});
diff --git a/web/templates/base/base.html b/web/templates/base/base.html
index af82b9d3d..fc94c33c2 100644
--- a/web/templates/base/base.html
+++ b/web/templates/base/base.html
@@ -57,7 +57,7 @@
     {% endblock custom_js_css_link %}
   </head>
 
-  <body class="loading" data-layout-mode="horizontal">
+  <body class="loading" data-layout-mode="horizontal" data-rengine-version="{{ RENGINE_CURRENT_VERSION }}">
     <!-- Topbar begins -->
     {% include 'base/_items/top_bar.html' %}
     {# topbar ends #}
@@ -100,6 +100,7 @@ <h4 class="page-title">{% block page_title %}{% endblock page_title %}</h4>
     <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.3.8/purify.min.js"></script>
     <script src="{% static 'assets/js/app.min.js' %}"></script>
     <script src="{% static 'custom/custom.js' %}"></script>
+    <script src="{% static 'custom/update.js' %}"></script>
     <script src="{% static 'custom/toolbox.js' %}"></script>
     <script src="{% static 'custom/right_sidebar.js' %}"></script>
     <script src="{% static 'custom/notification.js' %}"></script>
@@ -125,13 +126,7 @@ <h4 class="page-title">{% block page_title %}{% endblock page_title %}</h4>
         checkDailyUpdate();
 
         getScanStatusSidebar(project='{{current_project.slug}}', reload=false);
-        // hide badge if update does not exists
-        if (window.localStorage.getItem('update_available') && window.localStorage.getItem('update_available') === 'true') {
-          $('.rengine_update_available').show();
-        }
-        else{
-          $('.rengine_update_available').hide();
-        }
+
         // tippy for notification or scan acitivity
         tippy('.top-activity-counter', {
           content: 'Scan Activity',
@@ -166,149 +161,6 @@ <h4 class="page-title">{% block page_title %}{% endblock page_title %}</h4>
         });
       }
 
-      function check_rengine_update(){
-        if (window.localStorage.getItem('update_available') && window.localStorage.getItem('update_available') === 'true') {
-          // redirect to github release page
-          window.open("https://github.com/yogeshojha/rengine/releases","_blank");
-        }
-        else{
-          Swal.fire({
-            title: 'Checking reNgine latest version...',
-            allowOutsideClick: false
-          });
-          swal.showLoading();
-          fetch('/api/rengine/update/')
-          .then(response => response.json())
-          .then(function (response) {
-            console.log(response);
-            swal.close();
-            if (response['description'] == 'RateLimited') {
-              Swal.fire({
-                title: 'Oops!',
-                text: 'Github rate limit exceeded, please try again in an hour!',
-                icon: 'error'
-              });
-              window.localStorage.setItem('update_available', false);
-              $('.rengine_update_available').hide();
-            }
-            else if (response['update_available']){
-              window.localStorage.setItem('update_available', true);
-              $('.rengine_update_available').show();
-              update_available(response['latest_version'], response['changelog']);
-            }
-            else{
-              window.localStorage.setItem('update_available', false);
-              $('.rengine_update_available').hide();
-              Swal.fire({
-                title: 'Update not available',
-                text: 'You are running the latest version of reNgine!',
-                icon: 'info'
-              });
-            }
-          });
-        }
-      }
-
-      function update_available(latest_version_number, changelog) {
-        // Ensure marked and highlight.js are loaded, to render the changelog
-        Promise.all([
-          loadScript('https://cdn.jsdelivr.net/npm/marked/marked.min.js'),
-          loadScript('https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/highlight.min.js'),
-          loadCSS('https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/styles/github.min.css')
-        ]).then(() => {
-          marked.setOptions({
-            highlight: function(code, lang) {
-              const language = hljs.getLanguage(lang) ? lang : 'plaintext';
-              return hljs.highlight(code, { language }).value;
-            },
-            langPrefix: 'hljs language-'
-          });
-
-          const parsedChangelog = marked.parse(changelog);
-
-          const changelogStyle = `
-            <style>
-              .changelog-content {
-                background-color: #f8f9fa;
-                border-radius: 8px;
-                padding: 20px;
-                font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
-                text-align: left;
-              }
-              .changelog-content h1, .changelog-content h2 {
-                border-bottom: 1px solid #eaecef;
-                padding-bottom: 0.3em;
-              }
-              .changelog-content pre {
-                background-color: #f6f8fa;
-                border-radius: 6px;
-                padding: 16px;
-              }
-              .changelog-content code {
-                background-color: rgba(27,31,35,.05);
-                border-radius: 3px;
-                font-size: 85%;
-                margin: 0;
-                padding: .2em .4em;
-              }
-            </style>
-          `;
-
-          Swal.fire({
-            title: 'Update Available!',
-            html: `
-              ${changelogStyle}
-              <h5>reNgine's new update ${latest_version_number} is available, please follow the update instructions.</h5>
-              <div class="changelog-content" style="max-height: 500px;" data-simplebar>
-                ${parsedChangelog}
-              </div>
-            `,
-            icon: 'info',
-            confirmButtonText: 'Update Instructions',
-            showCancelButton: true,
-            cancelButtonText: 'Dismiss',
-            width: '70%',
-            didOpen: () => {
-              document.querySelectorAll('pre code').forEach((block) => {
-                hljs.highlightBlock(block);
-              });
-            }
-          }).then((result) => {
-            if (result.isConfirmed) {
-              window.open("https://www.rengine.wiki/update","_blank");
-            }
-          });
-        });
-      }
-
-      // Source : https://stackoverflow.com/a/32428268
-      function checkDailyUpdate(){
-        if( !hasOneDayPassed() ) return false;
-        console.log('Checking Daily Update...')
-        fetch('/api/rengine/update/')
-        .then(response => response.json())
-        .then(function (response) {
-          if (response['update_available']){
-            window.localStorage.setItem('update_available', true);
-            $('.rengine_update_available').show();
-            update_available(response['latest_version'], response['changelog'])
-          }
-          else{
-            window.localStorage.setItem('update_available', false);
-            $('.rengine_update_available').hide();
-          }
-        });
-      }
-
-      // Source: https://stackoverflow.com/a/32428268
-      function hasOneDayPassed(){
-        var date = new Date().toLocaleDateString();
-        if(window.localStorage.getItem('last_update_checked') == date){
-          return false;
-        }
-        window.localStorage.setItem('last_update_checked', date);
-        return true;
-      }
     </script>
     {% if messages %}
       {% for message in messages %}
@@ -330,4 +182,4 @@ <h5>reNgine's new update ${latest_version_number} is available, please follow th
     {% block page_level_script %}
     {% endblock page_level_script%}
   </body>
-</html>
+</html>
\ No newline at end of file

From 740a0e2c8971977a45968178ae52a118c32859b0 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sat, 31 Aug 2024 17:37:30 +0530
Subject: [PATCH 131/211] update readme to include community created videos

---
 README.md | 168 +++++++++++-------------------------------------------
 1 file changed, 32 insertions(+), 136 deletions(-)

diff --git a/README.md b/README.md
index e09810b25..fd4f0f2dd 100644
--- a/README.md
+++ b/README.md
@@ -31,9 +31,6 @@
 <img style="width: 282px; height: 56px" src="https://opensourcesecurityindex.io/badge.svg" alt="Open Source Security Index - Fastest Growing Open Source Security Projects" width="282" height="56" /> </a>
 </p>
 
-<h3>reNgine 2.1.0 is released!</h3>
-<p align="left">Unleash the power of LLM toolkit! Now you can use local LLM models to generate attack surface and vulnerability reports!, Checkout the release-notes!</p>
-
 <h4>What is reNgine?</h4>
 reNgine is your ultimate web application reconnaissance suite, designed to supercharge the recon process for security pros, pentesters, and bug bounty hunters. It is go-to web application reconnaissance suite that's designed to simplify and streamline the reconnaissance process for all the needs of security professionals, penetration testers, and bug bounty hunters. With its highly configurable engines, data correlation capabilities, continuous monitoring, database-backed reconnaissance data, and an intuitive user interface, reNgine redefines how you gather critical information about your target web applications.
 
@@ -58,10 +55,11 @@ Detailed documentation available at [https://rengine.wiki](https://rengine.wiki)
 * [About reNgine](#about-rengine)
 * [Workflow](#workflow)
 * [Features](#features)
-* [Scan Engine](#scan-engine)
 * [Quick Installation](#quick-installation)
-* [What's new in reNgine 2.0](#changelog)
+* [Installation Video](#installation-video-tutorial)
+* [Community-Curated Videos](#community-curated-videos)
 * [Screenshots](#screenshots)
+* [What's new in reNgine](https://github.com/yogeshojha/rengine/releases)
 * [Contributing](#contributing)
 * [reNgine Support](#rengine-support)
 * [Support and Sponsoring](#support-and-sponsoring)
@@ -161,126 +159,6 @@ reNgine is not an ordinary reconnaissance suite; it's a game-changer! We've turb
 
 ![-----------------------------------------------------](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/aqua.png)
 
-## Scan Engine
-
-```yaml
-# Global vars for all tools
-#
-# custom_headers: ['Foo: bar', 'User-Agent: Anything']     # FFUF, Nuclei, Dalfox, CRL Fuzz, HTTP Crawl, Fetch URL, etc
-# enable_http_crawl: true           # All tools
-# threads: 30                       # All tools
-
-subdomain_discovery: {
-  'uses_tools': ['subfinder', 'ctfr', 'sublist3r', 'tlsx', 'oneforall', 'netlas'],  # amass-passive, amass-active, All
-  'enable_http_crawl': true,
-  'threads': 30,
-  'timeout': 5,
-  # 'use_subfinder_config': false,
-  # 'use_amass_config': false,
-  # 'amass_wordlist': 'deepmagic.com-prefixes-top50000'
-}
-http_crawl: {
-  # 'threads': 30,
-  # 'follow_redirect': true
-}
-port_scan: {
-  'enable_http_crawl': true,
-  'timeout': 5,
-  # 'exclude_ports': [],
-  # 'exclude_subdomains': [],
-  'ports': ['top-100'],
-  'rate_limit': 150,
-  'threads': 30,
-  'passive': false,
-  # 'use_naabu_config': false,
-  # 'enable_nmap': true,
-  # 'nmap_cmd': '',
-  # 'nmap_script': '',
-  # 'nmap_script_args': ''
-}
-osint: {
-  'discover': [
-      'emails',
-      'metainfo',
-      'employees'
-    ],
-  'dorks': [
-    'login_pages',
-    'admin_panels',
-    'dashboard_pages',
-    'stackoverflow',
-    'social_media',
-    'project_management',
-    'code_sharing',
-    'config_files',
-    'jenkins',
-    'wordpress_files',
-    'php_error',
-    'exposed_documents',
-    'db_files',
-    'git_exposed'
-  ],
-  # 'custom_dorks': [],
-  'intensity': 'normal',
-  'documents_limit': 50
-}
-dir_file_fuzz: {
-  'auto_calibration': true,
-  'enable_http_crawl': true,
-  'rate_limit': 150,
-  'extensions': ['html', 'php','git','yaml','conf','cnf','config','gz','env','log','db','mysql','bak','asp','aspx','txt','conf','sql','json','yml','pdf'],
-  'follow_redirect': false,
-  'max_time': 0,
-  'match_http_status': [200, 204],
-  'recursive_level': 2,
-  'stop_on_error': false,
-  'timeout': 5,
-  'threads': 30,
-  'wordlist_name': 'dicc'
-}
-fetch_url: {
-  'uses_tools': ['gospider', 'hakrawler', 'waybackurls', 'katana', 'gau'],
-  'remove_duplicate_endpoints': true,
-  'duplicate_fields': ['content_length', 'page_title'],
-  'enable_http_crawl': true,
-  'gf_patterns': ['debug_logic', 'idor', 'interestingEXT', 'interestingparams', 'interestingsubs', 'lfi', 'rce', 'redirect', 'sqli', 'ssrf', 'ssti', 'xss'],
-  'ignore_file_extensions': ['png', 'jpg', 'jpeg', 'gif', 'mp4', 'mpeg', 'mp3'],
-  'threads': 30,
-  # 'exclude_subdomains': false
-}
-vulnerability_scan: {
-  'run_nuclei': true,
-  'run_dalfox': false,
-  'run_crlfuzz': false,
-  'run_s3scanner': false,
-  'enable_http_crawl': true,
-  'concurrency': 50,
-  'intensity': 'normal',
-  'rate_limit': 150,
-  'retries': 1,
-  'timeout': 5,
-  'fetch_gpt_report': true,
-  'nuclei': {
-    'use_nuclei_config': false,
-    'severities': ['unknown', 'info', 'low', 'medium', 'high', 'critical'],
-    # 'tags': [],                 # Nuclei tags (https://github.com/projectdiscovery/nuclei-templates)
-    # 'templates': [],            # Nuclei templates (https://github.com/projectdiscovery/nuclei-templates)
-    # 'custom_templates': []      # Nuclei custom templates uploaded in reNgine
-  }
-}
-waf_detection: {
-  'enable_http_crawl': true
-}
-screenshot: {
-  'enable_http_crawl': true,
-  'intensity': 'normal',
-  'timeout': 10,
-  'threads': 40
-}
-```
-
-![-----------------------------------------------------](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/aqua.png)
-
 ## Quick Installation
 
 ### Quick Setup for Ubuntu/VPS
@@ -354,6 +232,12 @@ screenshot: {
 
 For Mac, Windows, or other systems, refer to our detailed installation guide [https://reNgine.wiki/install/detailed/](https://reNgine.wiki/install/detailed/)
 
+### Installation Video Tutorial
+
+If you encounter any issues during installation or prefer a visual guide, one of our community members has created an excellent installation video for Kali Linux installation. You can find it here: [https://www.youtube.com/watch?v=7OFfrU6VrWw](https://www.youtube.com/watch?v=7OFfrU6VrWw)
+
+Please note: This is community-curated content and is not owned by reNgine. The installation process may change, so please refer to the official documentation for the most up-to-date instructions.
+
 ## Updating
 
 1. To update reNgine, run:
@@ -368,11 +252,24 @@ For Mac, Windows, or other systems, refer to our detailed installation guide [ht
     sudo chmod +x update.sh
     ```
 
-## Changelog
+![-----------------------------------------------------](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/aqua.png)
+
+## Community-Curated Videos
+
+reNgine has a vibrant community that often creates helpful content about installation, features, and usage. Below is a collection of community-curated videos that you might find useful. Please note that these videos are not official reNgine content, and the information they contain may become outdated as reNgine evolves.
+
+Always refer to the official documentation for the most up-to-date and accurate information. If you've created a video about reNgine and would like it featured here, please send a pull request updating this table.
 
-For the latest updates and changes, please check our [changelog.](https://rengine.wiki/changelog/)
+| Video Title | Language | Uploader | Date | Link |
+|-------------|----------|----------|------|------|
+| reNgine Installation on Kali Linux | English | Secure the Cyber World | 2024-02-29 | [Watch](https://www.youtube.com/watch?v=7OFfrU6VrWw) |
+| Resultados do ReNgine - Automação para Recon | Portuguese | Guia Anônima | 2023-04-18 | [Watch](https://www.youtube.com/watch?v=6aNvDy1FzIM) |
+| reNgine Introduction | Moroccan Arabic | Th3 Hacker News Bdarija | 2021-07-27 | [Watch](https://www.youtube.com/watch?v=9FuRrcmWgWU) |
+
+We appreciate the community's contributions in creating these resources.
+
+![-----------------------------------------------------](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/aqua.png)
 
-![-----------------------------------------------------](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/aqua.png)  
 
 ## Screenshots
 
@@ -518,13 +415,6 @@ Thank you for your support!
 
 ![-----------------------------------------------------](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/aqua.png)
 
-## License
-
-Distributed under the GNU GPL v3 License. See [LICENSE](LICENSE) for more information.
-
-![-----------------------------------------------------](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/aqua.png)
-
-
 ## Reporting Security Vulnerabilities
 
 We appreciate your efforts to responsibly disclose your findings and will make every effort to acknowledge your contributions.
@@ -552,4 +442,10 @@ Thank you for helping to keep reNgine and its users safe!
 
 ![-----------------------------------------------------](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/aqua.png)
 
-<p align="right"><i>Note: Parts of this README were written or refined using AI language models.</i></p>
+## License
+
+Distributed under the GNU GPL v3 License. See [LICENSE](LICENSE) for more information.
+
+![-----------------------------------------------------](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/aqua.png)
+
+<p align="right"><i>Note: Parts of this README were written or refined using AI language models.</i></p>
\ No newline at end of file

From 5aa6842eb5a0c6f667323930434e2d1c3cb0143a Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sat, 31 Aug 2024 19:22:21 +0530
Subject: [PATCH 132/211] Add chaos go install

---
 web/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/web/Dockerfile b/web/Dockerfile
index 33dd9ee86..621357706 100644
--- a/web/Dockerfile
+++ b/web/Dockerfile
@@ -85,6 +85,7 @@ RUN printf "\
     github.com/tomnomnom/waybackurls@latest\n\
     github.com/projectdiscovery/httpx/cmd/httpx@latest\n\
     github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest\n\
+    github.com/projectdiscovery/chaos-client/cmd/chaos@latest\n\
     github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest\n\
     github.com/projectdiscovery/naabu/v2/cmd/naabu@latest\n\
     github.com/hakluke/hakrawler@latest\n\

From cafc4c9f5df8fcb112dd63b94285590ccfbda3ce Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sat, 31 Aug 2024 19:26:38 +0530
Subject: [PATCH 133/211] added chaos api key section in FE

---
 .../templates/dashboard/onboarding.html       | 10 ++++++++
 .../templates/scanEngine/settings/api.html    | 23 +++++++++++++++----
 2 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/web/dashboard/templates/dashboard/onboarding.html b/web/dashboard/templates/dashboard/onboarding.html
index e171f52ef..742a679ac 100644
--- a/web/dashboard/templates/dashboard/onboarding.html
+++ b/web/dashboard/templates/dashboard/onboarding.html
@@ -76,6 +76,16 @@ <h4 class="mt-3 mt-lg-0">Default API Keys</h4>
                           {% endif %}
                           <span class="text-muted float-end">This is optional</span>
                         </div>
+                        <div class="mb-3">
+                          <label for="key_netlas" class="form-label">Chaos by Project Discovery</label>
+                          <p class="text-muted">Chaos keys will be used for subdomain enumeration and recon data for Public Bug Bounty Programs.</p>
+                          {% if chaos_key %}
+                            <input class="form-control" type="text" id="key_chaos" name="key_chaos" placeholder="Enter Chaos Key" value="{{chaos_key}}">
+                          {% else %}
+                            <input class="form-control" type="text" id="key_chaos" name="key_chaos" placeholder="Enter Chaos Key">
+                          {% endif %}
+                          <span class="text-muted float-end optional-text">This is optional but recommended. Get your API key from <a href="https://cloud.projectdiscovery.io" target="_blank">https://cloud.projectdiscovery.io</a></span>
+                        </div>
                         <div class="mb-0">
                           <button class="btn btn-info float-sm-end my-4" type="submit"> Proceed </button>
                         </div>
diff --git a/web/scanEngine/templates/scanEngine/settings/api.html b/web/scanEngine/templates/scanEngine/settings/api.html
index 9f57f1a6d..8cecea2d6 100644
--- a/web/scanEngine/templates/scanEngine/settings/api.html
+++ b/web/scanEngine/templates/scanEngine/settings/api.html
@@ -39,7 +39,7 @@
                     <span class="password-eye"></span>
                   </div>
                 </div>
-                <span class="text-muted float-end">This is optional but recommended.</span>
+                <span class="text-muted float-end optional-text">This is optional but recommended. Get your API key from <a href="https://platform.openai.com/api-keys" target="_blank">https://platform.openai.com/api-keys</a></span>
               </div>
               <div class="mb-3">
                 <label for="key_netlas" class="form-label">Netlas</label>
@@ -54,12 +54,27 @@
                     <span class="password-eye"></span>
                   </div>
                 </div>
-                <span class="text-muted float-end">This is optional</span>
+                <span class="text-muted float-end optional-text">This is optional. Get your API key from <a href="https://netlas.io" target="_blank">https://netlas.io</a></span>
               </div>
+              <div class="mb-3">
+                <label for="key_chaos" class="form-label">Chaos</label>
+                <p class="text-muted">Chaos keys will be used for subdomain enumeration and recon data for Public Bug Bounty Programs.</p>
+                <div class="flex-grow-1 position-relative">
+                {% if chaos_key %}
+                  <input class="form-control" type="password" id="key_chaos" name="key_chaos" placeholder="Enter Chaos Key" value="{{chaos_key}}">
+                {% else %}
+                  <input class="form-control" type="text" id="key_chaos" name="key_chaos" placeholder="Enter Chaos Key">
+                {% endif %}
+                  <div class="position-absolute top-50 end-0 translate-middle-y pe-2" style="cursor: pointer;" data-password="false">
+                    <span class="password-eye"></span>
+                  </div>
+                </div>
+                <span class="text-muted float-end optional-text">This is optional but recommended. Get your API key from <a href="https://cloud.projectdiscovery.io" target="_blank">https://cloud.projectdiscovery.io</a></span>
+              </div>
+            </div>
               <div class="mb-0">
                 <button class="btn btn-info float-sm-end my-4" type="submit"> Update API Keys</button>
               </div>
-            </div>
           </div>
         </form>
       </div>
@@ -70,4 +85,4 @@
 
 
 {% block page_level_script %}
-{% endblock page_level_script %}
+{% endblock page_level_script %}
\ No newline at end of file

From 596dddf9390e59403c646d35d16fa8bc8d62f003 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sat, 31 Aug 2024 19:26:57 +0530
Subject: [PATCH 134/211] add and save chaos key funcs

---
 web/api/views.py                             |  6 ++++-
 web/dashboard/admin.py                       |  1 +
 web/dashboard/migrations/0008_chaosapikey.py | 20 ++++++++++++++++
 web/dashboard/models.py                      |  8 +++++++
 web/dashboard/views.py                       | 24 +++++++++++++++-----
 web/reNgine/common_func.py                   |  6 +++++
 web/scanEngine/views.py                      | 12 ++++++++++
 web/static/custom/custom.css                 |  5 ++++
 8 files changed, 75 insertions(+), 7 deletions(-)
 create mode 100644 web/dashboard/migrations/0008_chaosapikey.py

diff --git a/web/api/views.py b/web/api/views.py
index 740967753..1bcd909d2 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -1123,7 +1123,11 @@ def get(self, request):
 
 		version_number = None
 		_, stdout = run_command(tool.version_lookup_command)
-		version_number = re.search(re.compile(tool.version_match_regex), str(stdout))
+		if tool.version_match_regex:
+			version_number = re.search(re.compile(tool.version_match_regex), str(stdout))
+		else:
+			version_match_regex = r'(?i:v)?(\d+(?:\.\d+){2,})'
+			version_number = re.search(version_match_regex, str(stdout))
 		if not version_number:
 			return Response({'status': False, 'message': 'Invalid version lookup command.'})
 
diff --git a/web/dashboard/admin.py b/web/dashboard/admin.py
index 881b18acb..19aa70806 100644
--- a/web/dashboard/admin.py
+++ b/web/dashboard/admin.py
@@ -5,4 +5,5 @@
 admin.site.register(Project)
 admin.site.register(OpenAiAPIKey)
 admin.site.register(NetlasAPIKey)
+admin.site.register(ChaosAPIKey)
 admin.site.register(InAppNotification)
\ No newline at end of file
diff --git a/web/dashboard/migrations/0008_chaosapikey.py b/web/dashboard/migrations/0008_chaosapikey.py
new file mode 100644
index 000000000..0ffdbb929
--- /dev/null
+++ b/web/dashboard/migrations/0008_chaosapikey.py
@@ -0,0 +1,20 @@
+# Generated by Django 3.2.23 on 2024-08-31 12:27
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dashboard', '0007_auto_20240831_0608'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='ChaosAPIKey',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False)),
+                ('key', models.CharField(max_length=500)),
+            ],
+        ),
+    ]
diff --git a/web/dashboard/models.py b/web/dashboard/models.py
index a43152b42..a59bc1e2a 100644
--- a/web/dashboard/models.py
+++ b/web/dashboard/models.py
@@ -41,6 +41,14 @@ class NetlasAPIKey(models.Model):
 
 	def __str__(self):
 		return self.key
+	
+
+class ChaosAPIKey(models.Model):
+	id = models.AutoField(primary_key=True)
+	key = models.CharField(max_length=500)
+
+	def __str__(self):
+		return self.key
 
 
 class InAppNotification(models.Model):
diff --git a/web/dashboard/views.py b/web/dashboard/views.py
index 11c688bfc..4573b1f2e 100644
--- a/web/dashboard/views.py
+++ b/web/dashboard/views.py
@@ -319,6 +319,13 @@ def onboarding(request):
     context = {}
     error = ''
 
+    # check is any projects exists, then redirect to project list else onboarding
+    # project = Project.objects.first()
+
+    # if project:
+    #     slug = project.slug
+    #     return HttpResponseRedirect(reverse('dashboardIndex', kwargs={'slug': slug}))
+
     if request.method == "POST":
         project_name = request.POST.get('project_name')
         slug = slugify(project_name)
@@ -327,6 +334,7 @@ def onboarding(request):
         create_user_role = request.POST.get('create_user_role')
         key_openai = request.POST.get('key_openai')
         key_netlas = request.POST.get('key_netlas')
+        key_chaos = request.POST.get('key_chaos')
 
         insert_date = timezone.now()
 
@@ -369,15 +377,19 @@ def onboarding(request):
             else:
                 NetlasAPIKey.objects.create(key=key_netlas)
 
+        if key_chaos:
+            chaos_api_key = ChaosAPIKey.objects.first()
+            if chaos_api_key:
+                chaos_api_key.key = key_chaos
+                chaos_api_key.save()
+            else:
+                ChaosAPIKey.objects.create(key=key_chaos)
+
     context['error'] = error
-    # check is any projects exists, then redirect to project list else onboarding
-    project = Project.objects.first()
+    
 
     context['openai_key'] = OpenAiAPIKey.objects.first()
     context['netlas_key'] = NetlasAPIKey.objects.first()
-
-    if project:
-        slug = project.slug
-        return HttpResponseRedirect(reverse('dashboardIndex', kwargs={'slug': slug}))
+    context['chaos_key'] = ChaosAPIKey.objects.first()
 
     return render(request, 'dashboard/onboarding.html', context)
diff --git a/web/reNgine/common_func.py b/web/reNgine/common_func.py
index ce50b0e5b..dae1e8f2d 100644
--- a/web/reNgine/common_func.py
+++ b/web/reNgine/common_func.py
@@ -1034,6 +1034,12 @@ def get_netlas_key():
 	netlas_key = NetlasAPIKey.objects.all()
 	return netlas_key[0] if netlas_key else None
 
+
+def get_chaos_key():
+	chaos_key = ChaosAPIKey.objects.all()
+	return chaos_key[0] if chaos_key else None
+
+
 def parse_llm_vulnerability_report(report):
 	report = report.replace('**', '')
 	data = {}
diff --git a/web/scanEngine/views.py b/web/scanEngine/views.py
index 08433ec44..80845d984 100644
--- a/web/scanEngine/views.py
+++ b/web/scanEngine/views.py
@@ -503,6 +503,7 @@ def api_vault(request, slug):
     if request.method == "POST":
         key_openai = request.POST.get('key_openai')
         key_netlas = request.POST.get('key_netlas')
+        key_chaos = request.POST.get('key_chaos')
 
 
         if key_openai:
@@ -521,10 +522,21 @@ def api_vault(request, slug):
             else:
                 NetlasAPIKey.objects.create(key=key_netlas)
 
+        if key_chaos:
+            chaos_api_key = ChaosAPIKey.objects.first()
+            if chaos_api_key:
+                chaos_api_key.key = key_chaos
+                chaos_api_key.save()
+            else:
+                ChaosAPIKey.objects.create(key=key_chaos)
+
     openai_key = OpenAiAPIKey.objects.first()
     netlas_key = NetlasAPIKey.objects.first()
+    chaos_key = ChaosAPIKey.objects.first()
+
     context['openai_key'] = openai_key
     context['netlas_key'] = netlas_key
+    context['chaos_key'] = chaos_key
     return render(request, 'scanEngine/settings/api.html', context)
 
 
diff --git a/web/static/custom/custom.css b/web/static/custom/custom.css
index 47fee0e0b..0f28c7916 100644
--- a/web/static/custom/custom.css
+++ b/web/static/custom/custom.css
@@ -581,4 +581,9 @@ mark{
 
 .notification-bell-icon.buzz {
   animation: notification-buzz 0.8s ease-out;
+}
+
+
+.optional-text {
+  margin-top: 4px;
 }
\ No newline at end of file

From b841b00873c4a7fdde89cd0ecdeb46e6a7f9aa54 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sat, 31 Aug 2024 19:27:08 +0530
Subject: [PATCH 135/211] use chaos as subdomain enum tool

---
 web/reNgine/tasks.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/web/reNgine/tasks.py b/web/reNgine/tasks.py
index 81c328f7f..5e934803f 100644
--- a/web/reNgine/tasks.py
+++ b/web/reNgine/tasks.py
@@ -497,6 +497,15 @@ def subdomain_discovery(
 				cmd_extract = f"grep -oE '([a-zA-Z0-9]([-a-zA-Z0-9]*[a-zA-Z0-9])?\.)+{host}'"
 				cmd += f' | {cmd_extract} > {results_file}'
 
+			elif tool == 'chaos':
+				# we need to find api key if not ignore
+				chaos_key = get_chaos_key()
+				if not chaos_key:
+					logger.error('Chaos API key not found. Skipping.')
+					continue
+				results_file = self.results_dir + '/subdomains_chaos.txt'
+				cmd = f'chaos -d {host} -silent -key {chaos_key} -o {results_file}'
+
 		elif tool in custom_subdomain_tools:
 			tool_query = InstalledExternalTool.objects.filter(name__icontains=tool.lower())
 			if not tool_query.exists():

From e75603f0dfe82c4d550a6f28d205e4dae9c63975 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sat, 31 Aug 2024 19:27:23 +0530
Subject: [PATCH 136/211] remove debug code

---
 web/dashboard/views.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/web/dashboard/views.py b/web/dashboard/views.py
index 4573b1f2e..8802314b8 100644
--- a/web/dashboard/views.py
+++ b/web/dashboard/views.py
@@ -320,11 +320,11 @@ def onboarding(request):
     error = ''
 
     # check is any projects exists, then redirect to project list else onboarding
-    # project = Project.objects.first()
+    project = Project.objects.first()
 
-    # if project:
-    #     slug = project.slug
-    #     return HttpResponseRedirect(reverse('dashboardIndex', kwargs={'slug': slug}))
+    if project:
+        slug = project.slug
+        return HttpResponseRedirect(reverse('dashboardIndex', kwargs={'slug': slug}))
 
     if request.method == "POST":
         project_name = request.POST.get('project_name')

From beab91f6a7211a0b95267d5c31e205e333b1ad23 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sat, 31 Aug 2024 19:34:02 +0530
Subject: [PATCH 137/211] Added chaos as external tool

---
 web/fixtures/external_tools.yaml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/web/fixtures/external_tools.yaml b/web/fixtures/external_tools.yaml
index 0c2994b64..9c56b4d24 100644
--- a/web/fixtures/external_tools.yaml
+++ b/web/fixtures/external_tools.yaml
@@ -329,3 +329,20 @@
     is_github_cloned: false
     github_clone_path: null
     subdomain_gathering_command: null
+- model: scanEngine.installedexternaltool
+  pk: 19
+  fields:
+    logo_url: null
+    name: chaos
+    description: Go client to communicate with Project Discovery's Chaos dataset API.
+    github_url: https://github.com/projectdiscovery/chaos-client
+    license_url: https://github.com/projectdiscovery/chaos-client/blob/main/LICENSE.md
+    version_lookup_command: chaos -version
+    update_command: chaos -up
+    install_command: go install -v github.com/projectdiscovery/chaos-client/cmd/chaos@latest
+    version_match_regex: (?i:v)?(\d+(?:\.\d+){2,})
+    is_default: true
+    is_subdomain_gathering: true
+    is_github_cloned: false
+    github_clone_path: null
+    subdomain_gathering_command: null

From 6fc9e3e3955c8d1fe9de5ecb8042dd4118dbe1a0 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sat, 31 Aug 2024 19:44:29 +0530
Subject: [PATCH 138/211] Added chaos in default_scan_engines fixture

---
 web/fixtures/default_scan_engines.yaml | 64 +++++++++++++-------------
 1 file changed, 33 insertions(+), 31 deletions(-)

diff --git a/web/fixtures/default_scan_engines.yaml b/web/fixtures/default_scan_engines.yaml
index 6194b4585..6d481f64d 100644
--- a/web/fixtures/default_scan_engines.yaml
+++ b/web/fixtures/default_scan_engines.yaml
@@ -2,11 +2,11 @@
   pk: 1
   fields:
     engine_name: Full Scan
-    yaml_configuration: "subdomain_discovery: {\r\n  'uses_tools': ['subfinder', 'ctfr',
-      'sublist3r', 'tlsx', 'oneforall', 'netlas'],\r\n  'enable_http_crawl': true,\r\n
-      \ 'threads': 30,\r\n  'timeout': 5,\r\n}\r\nhttp_crawl: {}\r\nport_scan: {\r\n
-      \ 'enable_http_crawl': true,\r\n  'timeout': 5,\r\n  # 'exclude_ports': [],\r\n
-      \ # 'exclude_subdomains': [],\r\n  'ports': ['top-100'],\r\n  'rate_limit':
+    yaml_configuration: "subdomain_discovery: {\r\n  'uses_tools': ['subfinder', 'chaos',
+      'ctfr', 'sublist3r', 'tlsx', 'oneforall', 'netlas'],\r\n  'enable_http_crawl':
+      true,\r\n  'threads': 30,\r\n  'timeout': 5,\r\n}\r\nhttp_crawl: {}\r\nport_scan:
+      {\r\n  'enable_http_crawl': true,\r\n  'timeout': 5,\r\n  # 'exclude_ports':
+      [],\r\n  # 'exclude_subdomains': [],\r\n  'ports': ['top-100'],\r\n  'rate_limit':
       150,\r\n  'threads': 30,\r\n  'passive': false,\r\n  # 'use_naabu_config': false,\r\n
       \ # 'enable_nmap': true,\r\n  # 'nmap_cmd': '',\r\n  # 'nmap_script': '',\r\n
       \ # 'nmap_script_args': ''\r\n}\r\nosint: {\r\n  'discover': [\r\n      'emails',\r\n
@@ -26,14 +26,15 @@
       'page_title'],\r\n  'enable_http_crawl': true,\r\n  'gf_patterns': ['debug_logic',
       'idor', 'interestingEXT', 'interestingparams', 'interestingsubs', 'lfi', 'rce',
       'redirect', 'sqli', 'ssrf', 'ssti', 'xss'],\r\n  'ignore_file_extensions': ['png',
-      'jpg', 'jpeg', 'gif', 'mp4', 'mpeg', 'mp3'],\r\n  'threads': 30\r\n}\r\nvulnerability_scan: {\r\n
-      \ 'run_nuclei': true,\r\n  'run_dalfox': true,\r\n  'run_crlfuzz': true,\r\n
+      'jpg', 'jpeg', 'gif', 'mp4', 'mpeg', 'mp3'],\r\n  'threads': 30\r\n}\r\nvulnerability_scan:
+      {\r\n  'run_nuclei': true,\r\n  'run_dalfox': true,\r\n  'run_crlfuzz': true,\r\n
       \ 'enable_http_crawl': true,\r\n  'concurrency': 50,\r\n  'intensity': 'normal',\r\n
       \ 'rate_limit': 150,\r\n  'retries': 1,\r\n  'timeout': 5,\r\n  'fetch_gpt_report':
-      true,\r\n  'nuclei': {\r\n    'use_nuclei_config': false,\r\n    'severities': ['unknown',
-      'info', 'low', 'medium', 'high', 'critical']\r\n  }\r\n}\r\nwaf_detection: {\r\n\r\n}\r\nscreenshot:
-      {\r\n  'enable_http_crawl': true,\r\n  'intensity': 'normal',\r\n  'timeout':
-      10,\r\n  'threads': 40\r\n}\r\n\r\n# custom_headers: [\"Cookie: Test\"]"
+      true,\r\n  'nuclei': {\r\n    'use_nuclei_config': false,\r\n    'severities':
+      ['unknown', 'info', 'low', 'medium', 'high', 'critical']\r\n  }\r\n}\r\nwaf_detection:
+      {\r\n\r\n}\r\nscreenshot: {\r\n  'enable_http_crawl': true,\r\n  'intensity':
+      'normal',\r\n  'timeout': 10,\r\n  'threads': 40\r\n}\r\n\r\n# custom_headers:
+      [\"Cookie: Test\"]"
     default_engine: true
 - model: scanEngine.enginetype
   pk: 2
@@ -41,8 +42,8 @@
     engine_name: Subdomain Scan
     yaml_configuration: "subdomain_discovery: {\r\n  'uses_tools': [\r\n    'subfinder',
       \r\n    'ctfr', \r\n    'sublist3r', \r\n    'tlsx', \r\n    'oneforall', \r\n
-      \   'netlas'\r\n  ],\r\n  'enable_http_crawl': true,\r\n  'threads': 30,\r\n
-      \ 'timeout': 5,\r\n}\r\nhttp_crawl: {}"
+      \   'netlas', \r\n    'chaos'\r\n  ],\r\n  'enable_http_crawl': true,\r\n  'threads':
+      30,\r\n  'timeout': 5,\r\n}\r\nhttp_crawl: {}"
     default_engine: true
 - model: scanEngine.enginetype
   pk: 3
@@ -60,11 +61,11 @@
   pk: 4
   fields:
     engine_name: Vulnerability Scan
-    yaml_configuration: "subdomain_discovery: {\r\n  'uses_tools': ['subfinder', 'ctfr',
-      'sublist3r', 'tlsx', 'oneforall', 'netlas'],\r\n  'enable_http_crawl': true,\r\n
-      \ 'threads': 30,\r\n  'timeout': 5,\r\n}\r\nhttp_crawl: {}\r\nosint: {\r\n  'discover':
-      [\r\n      'emails',\r\n      'metainfo',\r\n      'employees'\r\n    ],\r\n
-      \ 'dorks': [\r\n    'login_pages',\r\n    'admin_panels',\r\n    'dashboard_pages',\r\n
+    yaml_configuration: "subdomain_discovery: {\r\n  'uses_tools': ['subfinder', 'chaos',
+      'ctfr', 'sublist3r', 'tlsx', 'oneforall', 'netlas'],\r\n  'enable_http_crawl':
+      true,\r\n  'threads': 30,\r\n  'timeout': 5,\r\n}\r\nhttp_crawl: {}\r\nosint:
+      {\r\n  'discover': [\r\n      'emails',\r\n      'metainfo',\r\n      'employees'\r\n
+      \   ],\r\n  'dorks': [\r\n    'login_pages',\r\n    'admin_panels',\r\n    'dashboard_pages',\r\n
       \   'stackoverflow',\r\n    'social_media',\r\n    'project_management',\r\n
       \   'code_sharing',\r\n    'config_files',\r\n    'jenkins',\r\n    'wordpress_files',\r\n
       \   'php_error',\r\n    'exposed_documents',\r\n    'db_files',\r\n    'git_exposed'\r\n
@@ -72,8 +73,8 @@
       {\r\n  'run_nuclei': true,\r\n  'run_dalfox': true,\r\n  'run_crlfuzz': true,\r\n
       \ 'enable_http_crawl': true,\r\n  'concurrency': 50,\r\n  'intensity': 'normal',\r\n
       \ 'rate_limit': 150,\r\n  'retries': 1,\r\n  'timeout': 5,\r\n  'fetch_gpt_report':
-      true,\r\n  'nuclei': {\r\n    'use_nuclei_config': false,\r\n    'severities': ['unknown',
-      'info', 'low', 'medium', 'high', 'critical']\r\n  }\r\n}"
+      true,\r\n  'nuclei': {\r\n    'use_nuclei_config': false,\r\n    'severities':
+      ['unknown', 'info', 'low', 'medium', 'high', 'critical']\r\n  }\r\n}"
     default_engine: true
 - model: scanEngine.enginetype
   pk: 5
@@ -90,15 +91,16 @@
   pk: 6
   fields:
     engine_name: reNgine Recommended
-    yaml_configuration: "subdomain_discovery: {\r\n  'uses_tools': ['subfinder', 'ctfr',
-      'sublist3r', 'tlsx', 'oneforall', 'netlas'],\r\n  'enable_http_crawl': true,\r\n
-      \ 'threads': 30,\r\n  'timeout': 5,\r\n}\r\nhttp_crawl: {}\r\nosint: {\r\n  'discover':
-      [\r\n      'emails',\r\n      'metainfo'\r\n    ],\r\n  'dorks': [\r\n    'login_pages',\r\n
-      \   'admin_panels',\r\n    'dashboard_pages',\r\n    'config_files',\r\n    'exposed_documents',\r\n
-      \ ],\r\n  'intensity': 'normal',\r\n  'documents_limit': 50\r\n}\r\nvulnerability_scan:
-      {\r\n  'run_nuclei': true,\r\n  'run_dalfox': true,\r\n  'run_crlfuzz': true,\r\n
-      \ 'enable_http_crawl': false,\r\n  'concurrency': 50,\r\n  'intensity': 'normal',\r\n
-      \ 'rate_limit': 150,\r\n  'retries': 1,\r\n  'timeout': 5,\r\n  'fetch_gpt_report':
-      true,\r\n  'nuclei': {\r\n    'use_nuclei_config': false,\r\n    'severities': ['low',
-      'medium', 'high', 'critical']\r\n  }\r\n}"
+    yaml_configuration: "subdomain_discovery: {\r\n  'uses_tools': ['subfinder', 'chaos',
+      'ctfr', 'sublist3r', 'tlsx', 'oneforall', 'netlas'],\r\n  'enable_http_crawl':
+      true,\r\n  'threads': 30,\r\n  'timeout': 5,\r\n}\r\nhttp_crawl: {}\r\nosint:
+      {\r\n  'discover': [\r\n      'emails',\r\n      'metainfo'\r\n    ],\r\n  'dorks':
+      [\r\n    'login_pages',\r\n    'admin_panels',\r\n    'dashboard_pages',\r\n
+      \   'config_files',\r\n    'exposed_documents',\r\n  ],\r\n  'intensity': 'normal',\r\n
+      \ 'documents_limit': 50\r\n}\r\nvulnerability_scan: {\r\n  'run_nuclei': true,\r\n
+      \ 'run_dalfox': true,\r\n  'run_crlfuzz': true,\r\n  'enable_http_crawl': false,\r\n
+      \ 'concurrency': 50,\r\n  'intensity': 'normal',\r\n  'rate_limit': 150,\r\n
+      \ 'retries': 1,\r\n  'timeout': 5,\r\n  'fetch_gpt_report': true,\r\n  'nuclei':
+      {\r\n    'use_nuclei_config': false,\r\n    'severities': ['low', 'medium',
+      'high', 'critical']\r\n  }\r\n}"
     default_engine: true

From 5b15a30e9522691c581d92bd7c9b46cf399ab76e Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sat, 31 Aug 2024 19:57:40 +0530
Subject: [PATCH 139/211] disable fetching gpt report by default

---
 web/fixtures/default_scan_engines.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/web/fixtures/default_scan_engines.yaml b/web/fixtures/default_scan_engines.yaml
index 6d481f64d..825bcd6a3 100644
--- a/web/fixtures/default_scan_engines.yaml
+++ b/web/fixtures/default_scan_engines.yaml
@@ -30,7 +30,7 @@
       {\r\n  'run_nuclei': true,\r\n  'run_dalfox': true,\r\n  'run_crlfuzz': true,\r\n
       \ 'enable_http_crawl': true,\r\n  'concurrency': 50,\r\n  'intensity': 'normal',\r\n
       \ 'rate_limit': 150,\r\n  'retries': 1,\r\n  'timeout': 5,\r\n  'fetch_gpt_report':
-      true,\r\n  'nuclei': {\r\n    'use_nuclei_config': false,\r\n    'severities':
+      false,\r\n  'nuclei': {\r\n    'use_nuclei_config': false,\r\n    'severities':
       ['unknown', 'info', 'low', 'medium', 'high', 'critical']\r\n  }\r\n}\r\nwaf_detection:
       {\r\n\r\n}\r\nscreenshot: {\r\n  'enable_http_crawl': true,\r\n  'intensity':
       'normal',\r\n  'timeout': 10,\r\n  'threads': 40\r\n}\r\n\r\n# custom_headers:
@@ -73,7 +73,7 @@
       {\r\n  'run_nuclei': true,\r\n  'run_dalfox': true,\r\n  'run_crlfuzz': true,\r\n
       \ 'enable_http_crawl': true,\r\n  'concurrency': 50,\r\n  'intensity': 'normal',\r\n
       \ 'rate_limit': 150,\r\n  'retries': 1,\r\n  'timeout': 5,\r\n  'fetch_gpt_report':
-      true,\r\n  'nuclei': {\r\n    'use_nuclei_config': false,\r\n    'severities':
+      false,\r\n  'nuclei': {\r\n    'use_nuclei_config': false,\r\n    'severities':
       ['unknown', 'info', 'low', 'medium', 'high', 'critical']\r\n  }\r\n}"
     default_engine: true
 - model: scanEngine.enginetype
@@ -100,7 +100,7 @@
       \ 'documents_limit': 50\r\n}\r\nvulnerability_scan: {\r\n  'run_nuclei': true,\r\n
       \ 'run_dalfox': true,\r\n  'run_crlfuzz': true,\r\n  'enable_http_crawl': false,\r\n
       \ 'concurrency': 50,\r\n  'intensity': 'normal',\r\n  'rate_limit': 150,\r\n
-      \ 'retries': 1,\r\n  'timeout': 5,\r\n  'fetch_gpt_report': true,\r\n  'nuclei':
+      \ 'retries': 1,\r\n  'timeout': 5,\r\n  'fetch_gpt_report': false,\r\n  'nuclei':
       {\r\n    'use_nuclei_config': false,\r\n    'severities': ['low', 'medium',
       'high', 'critical']\r\n  }\r\n}"
     default_engine: true

From 5685a135d924502e9b8b7e28a176691fcdabeb90 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sat, 31 Aug 2024 20:35:21 +0530
Subject: [PATCH 140/211] update chaos during dockerbuild process

---
 web/Dockerfile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/web/Dockerfile b/web/Dockerfile
index 621357706..66d709e75 100644
--- a/web/Dockerfile
+++ b/web/Dockerfile
@@ -104,6 +104,9 @@ RUN printf "\
 # Update Nuclei and Nuclei-Templates
 RUN nuclei -update-templates
 
+# update chaos
+RUN chaos -update
+
 # Copy requirements
 COPY ./requirements.txt /tmp/requirements.txt
 RUN pip3 install --upgrade setuptools==72.1.0

From ba162e5bea7a997ec6efae29707909563639ca47 Mon Sep 17 00:00:00 2001
From: Sean Keane <keanesf@gmail.com>
Date: Thu, 4 Jul 2024 07:02:29 -0500
Subject: [PATCH 141/211] adding logic for a new feature to sync hackerone
 bookmarks

---
 docker-compose.yml                            |   4 +-
 web/celery-entrypoint.sh                      |   2 +
 web/reNgine/tasks.py                          | 153 ++++++++++++++++++
 .../scanEngine/settings/hackerone.html        |  28 ++--
 .../templates/organization/list.html          |   1 +
 web/targetApp/urls.py                         |   4 +
 web/targetApp/views.py                        |  11 +-
 7 files changed, 190 insertions(+), 13 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 2daccd382..1f580d997 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -37,7 +37,7 @@ services:
       - tool_config:/root/.config
       - static_volume:/usr/src/app/staticfiles/
     environment:
-      - DEBUG=0
+      - DEBUG=1
       - CELERY_BROKER=redis://redis:6379/0
       - CELERY_BACKEND=redis://redis:6379/0
       - DOMAIN_NAME=${DOMAIN_NAME}
@@ -86,7 +86,7 @@ services:
     restart: always
     image: docker.pkg.github.com/yogeshojha/rengine/rengine:latest
     environment:
-      - DEBUG=0
+      - DEBUG=1
       - CELERY_BROKER=redis://redis:6379/0
       - CELERY_BACKEND=redis://redis:6379/0
       - DOMAIN_NAME=${DOMAIN_NAME}
diff --git a/web/celery-entrypoint.sh b/web/celery-entrypoint.sh
index 6d7968fff..5f5dfe14d 100755
--- a/web/celery-entrypoint.sh
+++ b/web/celery-entrypoint.sh
@@ -187,6 +187,8 @@ watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/re
 watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=10 --loglevel=$loglevel -Q query_reverse_whois_queue -n query_reverse_whois_worker &
 watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=10 --loglevel=$loglevel -Q query_ip_history_queue -n query_ip_history_worker &
 watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=30 --loglevel=$loglevel -Q llm_queue -n llm_worker &
+watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=30 --loglevel=$loglevel -Q gpt_queue -n gpt_worker &
+watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=10 --loglevel=$loglevel -Q h1_sync_queue -n h1_sync_worker &
 watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=10 --loglevel=$loglevel -Q dorking_queue -n dorking_worker &
 watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=10 --loglevel=$loglevel -Q osint_discovery_queue -n osint_discovery_worker &
 watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=10 --loglevel=$loglevel -Q h8mail_queue -n h8mail_worker &
diff --git a/web/reNgine/tasks.py b/web/reNgine/tasks.py
index 66a45498d..d377201c5 100644
--- a/web/reNgine/tasks.py
+++ b/web/reNgine/tasks.py
@@ -20,6 +20,7 @@
 from django.db.models import Count
 from dotted_dict import DottedDict
 from django.utils import timezone
+from django.shortcuts import get_object_or_404
 from pycvesearch import CVESearch
 from metafinder.extractor import extract_metadata_from_google_search
 
@@ -4622,3 +4623,155 @@ def llm_vulnerability_description(vulnerability_id):
 			vuln.save()
 
 	return response
+
+def fetch_h1_bookmarked():
+	"""
+    Fetches bookmarked programs from HackerOne API using pagination.
+
+    Returns:
+        list: A list of bookmarked program objects.
+    """
+	ALLOWED_SCOPE_TYPES = ["WILDCARD", "DOMAIN", "IP_ADDRESS", "CIDR", "URL"]
+
+	bookmarked_programs = []
+	next_link = True
+	programs_url = "https://api.hackerone.com/v1/hackers/programs?size=100"
+
+	hackerone_query = Hackerone.objects.all()
+
+	if hackerone_query.exists():
+		hackerone = Hackerone.objects.first()
+
+		headers = {
+			'Content-Type': 'application/json',
+			'Accept': 'application/json'
+		}
+
+		while next_link:
+			try:
+				response = requests.get(programs_url, auth=(hackerone.username, hackerone.api_key), headers=headers)
+				response.raise_for_status()  # Raise an exception for non-200 status codes
+
+				response_json = response.json()
+				for program in response_json["data"]:
+					if program["attributes"]["bookmarked"]:
+						program_url = f"https://api.hackerone.com/v1/hackers/programs/{program['attributes']['handle']}"
+						program_response = requests.get(program_url, auth=(hackerone.username, hackerone.api_key), headers=headers)
+						program_response.raise_for_status()
+
+						program_json = program_response.json()
+						program_scopes = []
+						for scope in program_json["relationships"]["structured_scopes"]["data"]:
+							if (
+								scope["attributes"]["asset_type"] in ALLOWED_SCOPE_TYPES
+								and scope["attributes"]["eligible_for_submission"] is True
+							):
+								program_scopes.append(scope["attributes"])
+
+						program["scopes"] = program_scopes
+						bookmarked_programs.append(program)
+
+				if "links" in response_json and "next" in response_json["links"]:
+					programs_url = response_json["links"]["next"]
+				else:
+					next_link = False
+
+			except requests.exceptions.RequestException as e:
+				logger.error(f"Error fetching HackerOne programs: {e}")
+				break
+
+	return bookmarked_programs
+
+@app.task(name='sync_h1_bookmarked', bind=False, queue='h1_sync_queue')
+def sync_h1_bookmarked():
+    """
+    Sync HackerOne bookmarked programs to organizations
+    """
+    try:
+        logger.info('Starting HackerOne Bookmark Sync')
+
+        # Fetch bookmarked programs and project details
+        bookmarked_programs = fetch_h1_bookmarked()
+        project = Project.objects.get(slug="default")
+        bookmarked_handles = {program['attributes']['handle']
+                              for program in bookmarked_programs}
+
+		# Get current organizations and their handles
+        current_organizations = Organization.objects.filter(project=project)
+        current_handles = {org.name for org in current_organizations}
+
+		# Delete organizations not in the bookmarked programs
+        handles_to_delete = current_handles - bookmarked_handles
+
+		# Delete organizations
+        for handle in handles_to_delete:
+            try:
+                org_to_delete = get_object_or_404(Organization, name=handle, project=project)
+                # Check if organization was added via H1 Bookmark Sync
+                if(org_to_delete.description == 'Added via H1 Bookmark Sync'):
+                    for domain in org_to_delete.get_domains():
+                        domain.delete()
+                    org_to_delete.delete()
+                    logger.info(f'Deleted organization: {handle}')
+            except Exception as e:
+                logger.error(f"Error deleting organization {handle}: {e}")
+
+        # Process bookmarked programs and create domains
+        for program in bookmarked_programs:
+
+            if program['attributes']['handle'] not in current_handles:
+                domains = []
+
+                for scope in program["scopes"]:
+                    domain_name = None
+                    description = ''
+                    ip_address_cidr = None
+
+                    if scope["asset_type"] == "WILDCARD":
+                        domain_name = scope["asset_identifier"].replace('*.', '')
+                    elif scope["asset_type"] == "DOMAIN":
+                        domain_name = scope["asset_identifier"]
+                    elif scope["asset_type"] in ["IP_ADDRESS", "CIDR"]:
+                        domain_name = scope["asset_identifier"]
+                        ip_address_cidr = scope["asset_identifier"]
+                    elif scope["asset_type"] == "URL":
+                        parsed_url = urlparse(scope["asset_identifier"])
+                        domain_name = parsed_url.netloc
+
+                    if domain_name:
+                        try:
+                            domain, created = Domain.objects.get_or_create(
+                                name=domain_name,
+                                description=description,
+                                h1_team_handle=program['attributes']['handle'],
+                                project=project,
+                                ip_address_cidr=ip_address_cidr
+                            )
+                            domain.insert_date = timezone.now()
+                            domain.save()
+                            
+                            domains.append(domain)
+                        except Exception as e:
+                            logger.error(f"Error creating/updating domain {domain_name}: {e}")
+
+                try:
+                    organization, created = Organization.objects.get_or_create(
+                        name=program['attributes']['handle'],
+                        project=project,
+                        defaults={'description': 'Added via H1 Bookmark Sync', 'insert_date': timezone.now()}
+                    )
+                    
+                    if not created:
+                        organization.insert_date = timezone.now()
+                    
+                    for domain in domains:
+                        organization.domains.add(domain)
+
+                    organization.save()
+                    logger.info(f"Added organization: program['attributes']['handle']")
+                except Exception as e:
+                    logger.error(f"Error creating/updating organization {program['attributes']['handle']}: {e}")
+
+        logger.info('Completed HackerOne Bookmark Sync')
+    except Exception as e:
+        logger.error(f"Error in sync_h1_bookmarked task: {e}")
\ No newline at end of file
diff --git a/web/scanEngine/templates/scanEngine/settings/hackerone.html b/web/scanEngine/templates/scanEngine/settings/hackerone.html
index 1cbd18142..a5f4f1b21 100644
--- a/web/scanEngine/templates/scanEngine/settings/hackerone.html
+++ b/web/scanEngine/templates/scanEngine/settings/hackerone.html
@@ -24,16 +24,16 @@
   <div class="col-12">
     <div class="card">
       <div class="card-body">
-        <h4 class="header-title">Hackerone Automatic Vulnerability Report Settings</h4>
-        <img src="https://www.hackerone.com/assets/images/logo.png" alt="" height="30px">
-        <div class="alert alert-danger border-0 mb-3 mt-3" role="alert">
-          Use this feature with caution! Please do not spam triagers!
-          <br>We do not allow sending vulnerability report for low severity and informational vulnerabilities to avoid spamming triagers!
-          You can send them manually from Vulnerability Section inside reNgine.
-        </div>
+        <img src="https://www.hackerone.com/themes/hacker_one/images/logo-hackerone.svg" alt="" height="30px">  
+        <p class="mt-3">
+          HackerOne API Setting can be used for the following:
+          <ul>
+            <li>Synchroinze HackerOne bookmarks with reEngine organizations</li>
+            <li>Automatically Reports vulnerabilities</li>
+          </ul>
+        </p>
+        <h4 class="header-title">Hackerone API Settings</h4>  
         <p class="mt-3">
-          reNgine Automatically Reports vulnerabilities to your bug bounty programs on Hackerone, if any vulnerabilities are identified.
-          <br>
           <span class="text-danger">A valid Hackerone API token and username is required.</span>
           <br>
           More details on how to generate your hackerone api token is provided by <a href="https://api.hackerone.com/getting-started-hacker-api/#getting-started-hacker-api" class="text-primary" target="_blank">Hackerone Documentation <i class="fe-external-link"></i></a>
@@ -53,6 +53,15 @@ <h4 class="header-title">Hackerone Automatic Vulnerability Report Settings</h4>
           <a class="btn btn-primary float-end mt-3" href="javascript:test_hackerone()" role="button">
             &nbsp;&nbsp;Test my hackerone api key
           </a>
+          <h4 class="header-title">Hackerone Automatic Vulnerability Report Settings</h4>
+          <p class="mt-3">
+            reNgine Automatically Reports vulnerabilities to your bug bounty programs on Hackerone, if any vulnerabilities are identified.
+          </p>
+          <div class="alert alert-danger border-0 mb-3 mt-3" role="alert">
+            Use this feature with caution! Please do not spam triagers!
+            <br>We do not allow sending vulnerability report for low severity and informational vulnerabilities to avoid spamming triagers!
+            You can send them manually from Vulnerability Section inside reNgine.
+          </div>
           <h4 class="header-title text-danger mt-3">Report Vulnerability to hackerone when</h4>
           <table>
             <tr>
@@ -90,7 +99,6 @@ <h4 class="header-title mt-3">Vulnerability Report Template</h4>
 </div>
 {% endblock main_content %}
 
-
 {% block page_level_script %}
 <script src="{% static 'plugins/markdown/simplemde.min.js' %}"></script>
 <script src="{% static 'custom/custom.js' %}"></script>
diff --git a/web/targetApp/templates/organization/list.html b/web/targetApp/templates/organization/list.html
index e204337b1..a7edd761a 100644
--- a/web/targetApp/templates/organization/list.html
+++ b/web/targetApp/templates/organization/list.html
@@ -28,6 +28,7 @@
           </div>
           <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
             {% if user|can:'modify_targets' %}
+            <a class="btn btn-soft-primary float-end ms-1" href="{% url 'sync_organization' current_project.slug %}" data-toggle="tooltip" data-placement="top" title="Sync Organization">Sync Organizations</a>
             <a class="btn btn-soft-primary float-end ms-1" href="{% url 'add_organization' current_project.slug %}" data-toggle="tooltip" data-placement="top" title="Add Organization">Add New Organization</a>
             {% endif %}
           </div>
diff --git a/web/targetApp/urls.py b/web/targetApp/urls.py
index 5d7f64142..d0e2d8a91 100644
--- a/web/targetApp/urls.py
+++ b/web/targetApp/urls.py
@@ -31,6 +31,10 @@
         '<slug:slug>/list/organization',
         views.list_organization,
         name='list_organization'),
+    path(
+        '<slug:slug>/sync/organization',
+        views.sync_organization,
+        name='sync_organization'),
     path(
         'delete/target/<int:id>',
         views.delete_target,
diff --git a/web/targetApp/views.py b/web/targetApp/views.py
index e5c6a16fc..e9dd175a1 100644
--- a/web/targetApp/views.py
+++ b/web/targetApp/views.py
@@ -3,8 +3,10 @@
 import ipaddress
 import logging
 import validators
+import pytz
 
 from datetime import timedelta
+from django.utils import timezone
 from urllib.parse import urlparse
 from django import http
 from django.conf import settings
@@ -15,9 +17,10 @@
 from django.utils import timezone
 from django.utils.safestring import mark_safe
 from rolepermissions.decorators import has_permission_decorator
+from django_celery_beat.models import (PeriodicTask, ClockedSchedule)
 
 from reNgine.common_func import *
-from reNgine.tasks import run_command, sanitize_url
+from reNgine.tasks import run_command, sanitize_url, sync_h1_bookmarked
 from scanEngine.models import *
 from startScan.models import *
 from targetApp.forms import *
@@ -542,6 +545,12 @@ def list_organization(request, slug):
     }
     return render(request, 'organization/list.html', context)
 
+def sync_organization(request, slug):
+    # Start the celery task
+    sync_h1_bookmarked.apply_async()
+    
+    return http.HttpResponseRedirect(reverse('list_organization', kwargs={'slug': slug}))
+
 
 @has_permission_decorator(PERM_MODIFY_TARGETS, redirect_url=FOUR_OH_FOUR_URL)
 def delete_organization(request, id):

From b16c112e4853b717655aa1e00a95a2a17e840b06 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sun, 1 Sep 2024 17:47:51 +0530
Subject: [PATCH 142/211] revert back unnecessary changes

---
 docker-compose.yml                            |  4 +--
 web/celery-entrypoint.sh                      |  1 -
 .../scanEngine/settings/hackerone.html        | 28 +++++++------------
 web/targetApp/views.py                        |  3 --
 4 files changed, 12 insertions(+), 24 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 6eb4910e9..6f40c5bd6 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -37,7 +37,7 @@ services:
       - tool_config:/root/.config
       - static_volume:/usr/src/app/staticfiles/
     environment:
-      - DEBUG=1
+      - DEBUG=0
       - CELERY_BROKER=redis://redis:6379/0
       - CELERY_BACKEND=redis://redis:6379/0
       - DOMAIN_NAME=${DOMAIN_NAME}
@@ -86,7 +86,7 @@ services:
     restart: always
     image: docker.pkg.github.com/yogeshojha/rengine/rengine:latest
     environment:
-      - DEBUG=1
+      - DEBUG=0
       - CELERY_BROKER=redis://redis:6379/0
       - CELERY_BACKEND=redis://redis:6379/0
       - DOMAIN_NAME=${DOMAIN_NAME}
diff --git a/web/celery-entrypoint.sh b/web/celery-entrypoint.sh
index 5f5dfe14d..ae964a6f0 100755
--- a/web/celery-entrypoint.sh
+++ b/web/celery-entrypoint.sh
@@ -188,7 +188,6 @@ watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/re
 watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=10 --loglevel=$loglevel -Q query_ip_history_queue -n query_ip_history_worker &
 watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=30 --loglevel=$loglevel -Q llm_queue -n llm_worker &
 watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=30 --loglevel=$loglevel -Q gpt_queue -n gpt_worker &
-watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=10 --loglevel=$loglevel -Q h1_sync_queue -n h1_sync_worker &
 watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=10 --loglevel=$loglevel -Q dorking_queue -n dorking_worker &
 watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=10 --loglevel=$loglevel -Q osint_discovery_queue -n osint_discovery_worker &
 watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=10 --loglevel=$loglevel -Q h8mail_queue -n h8mail_worker &
diff --git a/web/scanEngine/templates/scanEngine/settings/hackerone.html b/web/scanEngine/templates/scanEngine/settings/hackerone.html
index 95e83b223..eec049813 100644
--- a/web/scanEngine/templates/scanEngine/settings/hackerone.html
+++ b/web/scanEngine/templates/scanEngine/settings/hackerone.html
@@ -24,16 +24,16 @@
   <div class="col-12">
     <div class="card">
       <div class="card-body">
-        <img src="https://www.hackerone.com/themes/hacker_one/images/logo-hackerone.svg" alt="" height="30px">  
-        <p class="mt-3">
-          HackerOne API Setting can be used for the following:
-          <ul>
-            <li>Synchroinze HackerOne bookmarks with reEngine organizations</li>
-            <li>Automatically Reports vulnerabilities</li>
-          </ul>
-        </p>
-        <h4 class="header-title">Hackerone API Settings</h4>  
+        <h4 class="header-title">Hackerone Automatic Vulnerability Report Settings</h4>
+        <img src="https://www.hackerone.com/assets/images/logo.png" alt="" height="30px">
+        <div class="alert alert-danger border-0 mb-3 mt-3" role="alert">
+          Use this feature with caution! Please do not spam triagers!
+          <br>We do not allow sending vulnerability report for low severity and informational vulnerabilities to avoid spamming triagers!
+          You can send them manually from Vulnerability Section inside reNgine.
+        </div>
         <p class="mt-3">
+          reNgine Automatically Reports vulnerabilities to your bug bounty programs on Hackerone, if any vulnerabilities are identified.
+          <br>
           <span class="text-danger">A valid Hackerone API token and username is required.</span>
           <br>
           More details on how to generate your hackerone api token is provided by <a href="https://api.hackerone.com/getting-started-hacker-api/#getting-started-hacker-api" class="text-primary" target="_blank">Hackerone Documentation <i class="fe-external-link"></i></a>
@@ -58,15 +58,6 @@ <h4 class="header-title">Hackerone API Settings</h4>
           <a class="btn btn-primary float-end mt-3" href="javascript:test_hackerone()" role="button">
             &nbsp;&nbsp;Test my hackerone api key
           </a>
-          <h4 class="header-title">Hackerone Automatic Vulnerability Report Settings</h4>
-          <p class="mt-3">
-            reNgine Automatically Reports vulnerabilities to your bug bounty programs on Hackerone, if any vulnerabilities are identified.
-          </p>
-          <div class="alert alert-danger border-0 mb-3 mt-3" role="alert">
-            Use this feature with caution! Please do not spam triagers!
-            <br>We do not allow sending vulnerability report for low severity and informational vulnerabilities to avoid spamming triagers!
-            You can send them manually from Vulnerability Section inside reNgine.
-          </div>
           <h4 class="header-title text-danger mt-3">Report Vulnerability to hackerone when</h4>
           <table>
             <tr>
@@ -104,6 +95,7 @@ <h4 class="header-title mt-3">Vulnerability Report Template</h4>
 </div>
 {% endblock main_content %}
 
+
 {% block page_level_script %}
 <script src="{% static 'plugins/markdown/simplemde.min.js' %}"></script>
 <script src="{% static 'custom/custom.js' %}"></script>
diff --git a/web/targetApp/views.py b/web/targetApp/views.py
index e9dd175a1..df05e6e2e 100644
--- a/web/targetApp/views.py
+++ b/web/targetApp/views.py
@@ -3,10 +3,8 @@
 import ipaddress
 import logging
 import validators
-import pytz
 
 from datetime import timedelta
-from django.utils import timezone
 from urllib.parse import urlparse
 from django import http
 from django.conf import settings
@@ -17,7 +15,6 @@
 from django.utils import timezone
 from django.utils.safestring import mark_safe
 from rolepermissions.decorators import has_permission_decorator
-from django_celery_beat.models import (PeriodicTask, ClockedSchedule)
 
 from reNgine.common_func import *
 from reNgine.tasks import run_command, sanitize_url, sync_h1_bookmarked

From 6367900a1adba02b1c7a33cae00ebd532002bc4a Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sun, 1 Sep 2024 17:48:56 +0530
Subject: [PATCH 143/211] remove unused worker

---
 web/celery-entrypoint.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/web/celery-entrypoint.sh b/web/celery-entrypoint.sh
index ae964a6f0..6d7968fff 100755
--- a/web/celery-entrypoint.sh
+++ b/web/celery-entrypoint.sh
@@ -187,7 +187,6 @@ watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/re
 watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=10 --loglevel=$loglevel -Q query_reverse_whois_queue -n query_reverse_whois_worker &
 watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=10 --loglevel=$loglevel -Q query_ip_history_queue -n query_ip_history_worker &
 watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=30 --loglevel=$loglevel -Q llm_queue -n llm_worker &
-watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=30 --loglevel=$loglevel -Q gpt_queue -n gpt_worker &
 watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=10 --loglevel=$loglevel -Q dorking_queue -n dorking_worker &
 watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=10 --loglevel=$loglevel -Q osint_discovery_queue -n osint_discovery_worker &
 watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=10 --loglevel=$loglevel -Q h8mail_queue -n h8mail_worker &

From 381b6eab2c319388ff005b90e98eb375edd91ea3 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 2 Sep 2024 06:51:19 +0530
Subject: [PATCH 144/211] update onboarding screen

---
 .../templates/dashboard/onboarding.html       | 126 ++++++++++--------
 1 file changed, 72 insertions(+), 54 deletions(-)

diff --git a/web/dashboard/templates/dashboard/onboarding.html b/web/dashboard/templates/dashboard/onboarding.html
index 742a679ac..0456d7435 100644
--- a/web/dashboard/templates/dashboard/onboarding.html
+++ b/web/dashboard/templates/dashboard/onboarding.html
@@ -7,87 +7,104 @@
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <link href="{% static 'bootstrap/bootstrap.min.css' %}" rel="stylesheet" type="text/css" id="bootstrap-stylesheet" />
     <link href="{% static 'assets/css/app.min.css' %}" rel="stylesheet" type="text/css" id="main-stylesheet" />
+    <style>
+      .accordion-item {
+        border: none;
+        margin-bottom: 10px;
+      }
+
+      .accordion-button {
+        background-color: #f8f9fa;
+        padding: 15px;
+      }
+
+      .accordion-button:not(.collapsed) {
+        background-color: #f8f9fa;
+        box-shadow: none;
+      }
+
+      .accordion-button:focus {
+        box-shadow: none;
+      }
+    </style>
   </head>
   <body class="authentication-bg authentication-bg-pattern">
     <div class="account-pages mt-5 mb-5">
       <div class="container">
         <div class="row justify-content-center">
           <div class="col-xl-9">
-            <form method="POST" autocomplete="off">
-              {% csrf_token %}
-              <div class="card bg-pattern">
+            <form method="POST" autocomplete="off"> {% csrf_token %} <div class="card bg-pattern">
                 <div class="card-body p-4">
                   <h3 class="text-center">Hey {{user.username}}! Welcome to reNgine</h3>
-                  <p>You will need to create your first project before you start using reNgine. Projects are now a part of reNgine 2.0! <a href="#">Learn more about projects.</a></p>
-                  {% if error %}
-                  <div class="alert alert-danger">
+                  <p>To get started with reNgine, you'll need to create your first project. Projects help you organize and manage your security assessments efficiently. <a href="https://rengine.wiki/usage/projects/" target="_blank">Learn more about projects.</a>
+                  </p> {% if error %} <div class="alert alert-danger">
                     {{error}}
-                  </div>
-                  {% endif %}
-                  <div class="row">
-                    <div class="col-lg-6">
+                  </div> {% endif %} <div class="row">
+                    <div class="col-lg-12">
                       <div class="p-sm-3">
                         <h4 class="mt-0">Project</h4>
-                        <div class="mb-3">
+                        <div class="mb-2">
                           <label for="project_name" class="form-label">Project name</label>
                           <input class="form-control" type="text" id="project_name" name="project_name" required value="Default">
                         </div>
                         <h4 class="mt-0">Additional User</h4>
-                        <p class="text-muted">You can add additional users and assign them roles. You may add additional users and also change their roles at any point in future.</p>
-                        <div class="mb-3">
+                        <p class="text-muted">You can add additional users and assign them roles. You can manage users and their roles anytime in the future.</p>
+                        <div class="mb-2">
                           <label for="create_username" class="form-label">User name</label>
                           <input class="form-control" type="text" id="create_username" name="create_username" autocomplete="off">
                         </div>
-                        <div class="mb-3">
+                        <div class="mb-2">
                           <label for="create_password" class="form-label">Password</label>
                           <input class="form-control" type="password" id="create_password" name="create_password" autocomplete="new-password">
                         </div>
-                        <div class="form mb-3">
+                        <div class="form">
                           <label for="create_user_role" class="form-label float-start">Role</label>
                           <select class="form-select" id="create_user_role" name="create_user_role">
-                          <option value='sys_admin'>Sys Admin</option>
-                          <option value='penetration_tester'>Penetration Tester</option>
-                          <option value='auditor'>Auditor</option>
+                            <option value='sys_admin'>Sys Admin</option>
+                            <option value='penetration_tester'>Penetration Tester</option>
+                            <option value='auditor'>Auditor</option>
                           </select>
                         </div>
                       </div>
                     </div>
-                    <div class="col-lg-6">
+                    <div class="col-lg-12">
                       <div class="p-sm-3">
-                        <h4 class="mt-3 mt-lg-0">Default API Keys</h4>
-                        <p class="text-muted mb-4">If you have API keys for these services, please enter them here.</p>
-                        <div class="mb-3">
-                          <label for="key_openai" class="form-label">OpenAI <span class="ms-1 badge bg-soft-danger text-danger">🔥 Recommended</span><span class="ms-1 badge bg-soft-primary text-primary">Experimental</span></label>
-                          <p class="text-muted">OpenAI keys will be used to generate vulnerability description, remediation, impact and vulnerability report writing using ChatGPT.</p>
-                          {% if openai_key %}
-                            <input class="form-control" type="text" id="key_openai" name="key_openai" placeholder="Enter OpenAI Key" value="{{openai_key}}">
-                          {% else %}
-                            <input class="form-control" type="text" id="key_openai" name="key_openai" placeholder="Enter OpenAI Key">
-                          {% endif %}
-                          <span class="text-muted float-end">This is optional but recommended.</span>
-                        </div>
-                        <div class="mb-3">
-                          <label for="key_netlas" class="form-label">Netlas</label>
-                          <p class="text-muted">Netlas keys will be used to get whois information and other OSINT data.</p>
-                          {% if netlas_key %}
-                            <input class="form-control" type="text" id="key_netlas" name="key_netlas" placeholder="Enter Netlas Key" value="{{netlas_key}}">
-                          {% else %}
-                            <input class="form-control" type="text" id="key_netlas" name="key_netlas" placeholder="Enter Netlas Key">
-                          {% endif %}
-                          <span class="text-muted float-end">This is optional</span>
-                        </div>
-                        <div class="mb-3">
-                          <label for="key_netlas" class="form-label">Chaos by Project Discovery</label>
-                          <p class="text-muted">Chaos keys will be used for subdomain enumeration and recon data for Public Bug Bounty Programs.</p>
-                          {% if chaos_key %}
-                            <input class="form-control" type="text" id="key_chaos" name="key_chaos" placeholder="Enter Chaos Key" value="{{chaos_key}}">
-                          {% else %}
-                            <input class="form-control" type="text" id="key_chaos" name="key_chaos" placeholder="Enter Chaos Key">
-                          {% endif %}
-                          <span class="text-muted float-end optional-text">This is optional but recommended. Get your API key from <a href="https://cloud.projectdiscovery.io" target="_blank">https://cloud.projectdiscovery.io</a></span>
-                        </div>
-                        <div class="mb-0">
-                          <button class="btn btn-info float-sm-end my-4" type="submit"> Proceed </button>
+                        <h4 class="mt-lg-0">API Keys</h4>
+                        <p class="text-muted mb-2">If you have API keys for these services, please enter them here.</p>
+                        <div class="accordion" id="apiKeysAccordion">
+                          <div class="accordion-item">
+                            <h2 class="accordion-header" id="headingOpenAI">
+                              <button class="accordion-button collapsed" type="button" data-bs-toggle="collapse" data-bs-target="#collapseOpenAI" aria-expanded="true" aria-controls="collapseOpenAI">OpenAI Key</button>
+                            </h2>
+                            <div id="collapseOpenAI" class="accordion-collapse collapse" aria-labelledby="headingOpenAI" data-bs-parent="#apiKeysAccordion">
+                              <div class="accordion-body">
+                                <p class="text-muted">OpenAI keys will be used to generate vulnerability description, remediation, impact and vulnerability report writing using ChatGPT.</p> {% if openai_key %} <input class="form-control" type="text" id="key_openai" name="key_openai" placeholder="Enter OpenAI Key" value="{{openai_key}}"> {% else %} <input class="form-control" type="text" id="key_openai" name="key_openai" placeholder="Enter OpenAI Key"> {% endif %} 
+                                <small class="text-muted float-end mt-2 mb-2">This is optional but recommended.</small>
+                              </div>
+                            </div>
+                          </div>
+                          <div class="accordion-item">
+                            <h2 class="accordion-header" id="headingNetlas">
+                              <button class="accordion-button collapsed" type="button" data-bs-toggle="collapse" data-bs-target="#collapseNetlas" aria-expanded="false" aria-controls="collapseNetlas"> Netlas </button>
+                            </h2>
+                            <div id="collapseNetlas" class="accordion-collapse collapse" aria-labelledby="headingNetlas" data-bs-parent="#apiKeysAccordion">
+                              <div class="accordion-body">
+                                <p class="text-muted">Netlas keys will be used to get whois information and other OSINT data.</p> {% if netlas_key %} <input class="form-control" type="text" id="key_netlas" name="key_netlas" placeholder="Enter Netlas Key" value="{{netlas_key}}"> {% else %} <input class="form-control" type="text" id="key_netlas" name="key_netlas" placeholder="Enter Netlas Key"> {% endif %} 
+                                <small class="text-muted float-end mt-2 mb-2">This is optional</small>
+                              </div>
+                            </div>
+                          </div>
+                          <div class="accordion-item">
+                            <h2 class="accordion-header" id="headingChaos">
+                              <button class="accordion-button collapsed" type="button" data-bs-toggle="collapse" data-bs-target="#collapseChaos" aria-expanded="false" aria-controls="collapseChaos"> Chaos by Project Discovery </button>
+                            </h2>
+                            <div id="collapseChaos" class="accordion-collapse collapse" aria-labelledby="headingChaos" data-bs-parent="#apiKeysAccordion">
+                              <div class="accordion-body">
+                                <p class="text-muted">Chaos keys will be used for subdomain enumeration and recon data for Public Bug Bounty Programs.</p> {% if chaos_key %} <input class="form-control" type="text" id="key_chaos" name="key_chaos" placeholder="Enter Chaos Key" value="{{chaos_key}}"> {% else %} <input class="form-control" type="text" id="key_chaos" name="key_chaos" placeholder="Enter Chaos Key"> {% endif %} 
+                                <small class="text-muted float-end mt-2 mb-2">This is optional but recommended. Get your API key from <a href="https://cloud.projectdiscovery.io" target="_blank">https://cloud.projectdiscovery.io</a></small>
+                              </div>
+                            </div>
+                          </div>
                         </div>
                       </div>
                     </div>
@@ -99,5 +116,6 @@ <h4 class="mt-3 mt-lg-0">Default API Keys</h4>
         </div>
       </div>
     </div>
+    <script src="{% static 'assets/js/vendor.min.js' %}"></script>
   </body>
-</html>
+</html>
\ No newline at end of file

From 148031aece1e3c06e664976c7cd73446d510b186 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 2 Sep 2024 07:00:23 +0530
Subject: [PATCH 145/211] finalize onboarding design to accomodate accordion

---
 .../templates/dashboard/onboarding.html       | 64 ++++++++++++++++---
 1 file changed, 55 insertions(+), 9 deletions(-)

diff --git a/web/dashboard/templates/dashboard/onboarding.html b/web/dashboard/templates/dashboard/onboarding.html
index 0456d7435..131f4280b 100644
--- a/web/dashboard/templates/dashboard/onboarding.html
+++ b/web/dashboard/templates/dashboard/onboarding.html
@@ -10,21 +10,66 @@
     <style>
       .accordion-item {
         border: none;
-        margin-bottom: 10px;
+        margin-bottom: 15px;
+        border-radius: 8px;
+        overflow: hidden;
+        box-shadow: 0 2px 5px rgba(0, 0, 0, 0.05);
+        transition: box-shadow 0.3s ease;
+      }
+
+      .accordion-item:hover {
+        box-shadow: 0 5px 15px rgba(0, 0, 0, 0.1);
       }
 
       .accordion-button {
         background-color: #f8f9fa;
-        padding: 15px;
+        color: #333333;
+        font-weight: 500;
+        padding: 15px 20px;
+        transition: all 0.3s ease;
+      }
+
+      .accordion-item:first-child {
+        margin-top: 0;
+      }
+
+      .accordion-button:hover {
+        background-color: #e9ecef;
       }
 
       .accordion-button:not(.collapsed) {
-        background-color: #f8f9fa;
+        background-color: #e9ecef;
         box-shadow: none;
       }
 
       .accordion-button:focus {
         box-shadow: none;
+        border-color: transparent;
+      }
+
+      .accordion-button::after {
+        transition: transform 0.3s ease;
+      }
+
+      .accordion-button:not(.collapsed)::after {
+        transform: rotate(-180deg);
+      }
+
+      .accordion-body {
+        background-color: #ffffff;
+        padding: 20px;
+      }
+
+      .form-control {
+        border: 1px solid #ced4da;
+        border-radius: 4px;
+        padding: 10px 15px;
+        transition: border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;
+      }
+
+      .form-control:focus {
+        border-color: #80bdff;
+        box-shadow: 0 0 0 0.2rem rgba(0, 123, 255, 0.25);
       }
     </style>
   </head>
@@ -78,8 +123,7 @@ <h2 class="accordion-header" id="headingOpenAI">
                             </h2>
                             <div id="collapseOpenAI" class="accordion-collapse collapse" aria-labelledby="headingOpenAI" data-bs-parent="#apiKeysAccordion">
                               <div class="accordion-body">
-                                <p class="text-muted">OpenAI keys will be used to generate vulnerability description, remediation, impact and vulnerability report writing using ChatGPT.</p> {% if openai_key %} <input class="form-control" type="text" id="key_openai" name="key_openai" placeholder="Enter OpenAI Key" value="{{openai_key}}"> {% else %} <input class="form-control" type="text" id="key_openai" name="key_openai" placeholder="Enter OpenAI Key"> {% endif %} 
-                                <small class="text-muted float-end mt-2 mb-2">This is optional but recommended.</small>
+                                <p class="text-muted">OpenAI keys will be used to generate vulnerability description, remediation, impact and vulnerability report writing using ChatGPT.</p> {% if openai_key %} <input class="form-control" type="text" id="key_openai" name="key_openai" placeholder="Enter OpenAI Key" value="{{openai_key}}"> {% else %} <input class="form-control" type="text" id="key_openai" name="key_openai" placeholder="Enter OpenAI Key"> {% endif %} <small class="text-muted float-end mt-2 mb-2">This is optional but recommended.</small>
                               </div>
                             </div>
                           </div>
@@ -89,8 +133,7 @@ <h2 class="accordion-header" id="headingNetlas">
                             </h2>
                             <div id="collapseNetlas" class="accordion-collapse collapse" aria-labelledby="headingNetlas" data-bs-parent="#apiKeysAccordion">
                               <div class="accordion-body">
-                                <p class="text-muted">Netlas keys will be used to get whois information and other OSINT data.</p> {% if netlas_key %} <input class="form-control" type="text" id="key_netlas" name="key_netlas" placeholder="Enter Netlas Key" value="{{netlas_key}}"> {% else %} <input class="form-control" type="text" id="key_netlas" name="key_netlas" placeholder="Enter Netlas Key"> {% endif %} 
-                                <small class="text-muted float-end mt-2 mb-2">This is optional</small>
+                                <p class="text-muted">Netlas keys will be used to get whois information and other OSINT data.</p> {% if netlas_key %} <input class="form-control" type="text" id="key_netlas" name="key_netlas" placeholder="Enter Netlas Key" value="{{netlas_key}}"> {% else %} <input class="form-control" type="text" id="key_netlas" name="key_netlas" placeholder="Enter Netlas Key"> {% endif %} <small class="text-muted float-end mt-2 mb-2">This is optional</small>
                               </div>
                             </div>
                           </div>
@@ -100,8 +143,8 @@ <h2 class="accordion-header" id="headingChaos">
                             </h2>
                             <div id="collapseChaos" class="accordion-collapse collapse" aria-labelledby="headingChaos" data-bs-parent="#apiKeysAccordion">
                               <div class="accordion-body">
-                                <p class="text-muted">Chaos keys will be used for subdomain enumeration and recon data for Public Bug Bounty Programs.</p> {% if chaos_key %} <input class="form-control" type="text" id="key_chaos" name="key_chaos" placeholder="Enter Chaos Key" value="{{chaos_key}}"> {% else %} <input class="form-control" type="text" id="key_chaos" name="key_chaos" placeholder="Enter Chaos Key"> {% endif %} 
-                                <small class="text-muted float-end mt-2 mb-2">This is optional but recommended. Get your API key from <a href="https://cloud.projectdiscovery.io" target="_blank">https://cloud.projectdiscovery.io</a></small>
+                                <p class="text-muted">Chaos keys enhance your reconnaissance capabilities by providing subdomain enumeration and valuable data for Public Bug Bounty Programs.</p> {% if chaos_key %} <input class="form-control" type="text" id="key_chaos" name="key_chaos" placeholder="Enter Chaos Key" value="{{chaos_key}}"> {% else %} <input class="form-control" type="text" id="key_chaos" name="key_chaos" placeholder="Enter Chaos Key"> {% endif %} <small class="text-muted float-end mt-2 mb-2">This is optional but recommended. Get your API key from <a href="https://cloud.projectdiscovery.io" target="_blank">https://cloud.projectdiscovery.io</a>
+                                </small>
                               </div>
                             </div>
                           </div>
@@ -109,6 +152,9 @@ <h2 class="accordion-header" id="headingChaos">
                       </div>
                     </div>
                   </div>
+                  <div class="mb-0">
+                    <button class="btn btn-info float-sm-end my-4" type="submit"> Proceed </button>
+                  </div>
                 </div>
               </div>
             </form>

From 0eabb98ea611c22e1a5da678bc66ec9f4cb2c107 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 2 Sep 2024 07:18:45 +0530
Subject: [PATCH 146/211] Add hackerone username key field in onboarding screen

---
 .../templates/dashboard/onboarding.html       | 32 +++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

diff --git a/web/dashboard/templates/dashboard/onboarding.html b/web/dashboard/templates/dashboard/onboarding.html
index 131f4280b..0642880b5 100644
--- a/web/dashboard/templates/dashboard/onboarding.html
+++ b/web/dashboard/templates/dashboard/onboarding.html
@@ -84,7 +84,9 @@ <h3 class="text-center">Hey {{user.username}}! Welcome to reNgine</h3>
                   <p>To get started with reNgine, you'll need to create your first project. Projects help you organize and manage your security assessments efficiently. <a href="https://rengine.wiki/usage/projects/" target="_blank">Learn more about projects.</a>
                   </p> {% if error %} <div class="alert alert-danger">
                     {{error}}
-                  </div> {% endif %} <div class="row">
+                  </div> 
+                  {% endif %} 
+                  <div class="row">
                     <div class="col-lg-12">
                       <div class="p-sm-3">
                         <h4 class="mt-0">Project</h4>
@@ -119,7 +121,7 @@ <h4 class="mt-lg-0">API Keys</h4>
                         <div class="accordion" id="apiKeysAccordion">
                           <div class="accordion-item">
                             <h2 class="accordion-header" id="headingOpenAI">
-                              <button class="accordion-button collapsed" type="button" data-bs-toggle="collapse" data-bs-target="#collapseOpenAI" aria-expanded="true" aria-controls="collapseOpenAI">OpenAI Key</button>
+                              <button class="accordion-button collapsed" type="button" data-bs-toggle="collapse" data-bs-target="#collapseOpenAI" aria-expanded="true" aria-controls="collapseOpenAI">OpenAI</button>
                             </h2>
                             <div id="collapseOpenAI" class="accordion-collapse collapse" aria-labelledby="headingOpenAI" data-bs-parent="#apiKeysAccordion">
                               <div class="accordion-body">
@@ -148,6 +150,32 @@ <h2 class="accordion-header" id="headingChaos">
                               </div>
                             </div>
                           </div>
+                          <div class="accordion-item">
+                            <h2 class="accordion-header" id="headingHackerone">
+                              <button class="accordion-button collapsed" type="button" data-bs-toggle="collapse" data-bs-target="#collapseHackerone" aria-expanded="false" aria-controls="collapseChaos"> Hackerone </button>
+                            </h2>
+                            <div id="collapseHackerone" class="accordion-collapse collapse" aria-labelledby="headingHackerone" data-bs-parent="#apiKeysAccordion">
+                              <div class="accordion-body">
+                                <div class="row">
+                                  <p class="text-muted">Hackerone Keys can be used to import targets, bookmarked programs, and submit automated vulnerability report to Hackerone. This is a bug bounty specific feature.</p> 
+                                  </small>
+                                  <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
+                                    <label for="hackerone_username"  class="form-label">Hackerone Username (Not email)</label>
+                                    {% if hackerone_username %} <input class="form-control" type="text" id="username_hackerone" name="username_hackerone" placeholder="Enter Hackerone Username" value="{{hackerone_username}}"> {% else %} <input class="form-control" type="text" id="username_hackerone" name="username_hackerone" placeholder="Enter Hackerone Username"> {% endif %}
+                                  </div>
+                                  <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
+                                    <label for="hackerone_api_token" class="form-label">Generate your <a href="https://hackerone.com/settings/api_token/edit" target="_blank">API Token from here <i class="fe-external-link"></i></a></label>
+                                    <div class="flex-grow-1 position-relative">
+                                    {% if hackerone_key %} <input class="form-control" type="text" id="key_hackerone" name="key_hackerone" placeholder="Enter Hackerone Key" value="{{hackerone_key}}"> {% else %} <input class="form-control" type="text" id="key_hackerone" name="key_hackerone" placeholder="Enter Hackerone Token"> {% endif %}
+                                    </div>
+                                  </div>
+                                  <div class="col-12">
+                                    <small class="text-muted float-end mt-2 mb-2">This is optional but recommended for bug hunters. Get your API key from <a href="https://api.hackerone.com/getting-started-hacker-api/#getting-started-hacker-api" class="text-primary" target="_blank">Hackerone Documentation</a>
+                                  </div
+                                </div>
+                              </div>
+                            </div>
+                          </div>
                         </div>
                       </div>
                     </div>

From 27325baf9821a9553d6a714e63b9ea38055929f0 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 2 Sep 2024 07:26:34 +0530
Subject: [PATCH 147/211] Added hackerone key/user model and populate in
 onboarding screen

---
 .../migrations/0009_hackeroneapikey.py        | 21 +++++++++++++++++++
 web/dashboard/models.py                       |  9 ++++++++
 .../templates/dashboard/onboarding.html       |  2 +-
 web/dashboard/views.py                        | 16 ++++++++++++++
 web/reNgine/common_func.py                    |  5 +++++
 5 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 web/dashboard/migrations/0009_hackeroneapikey.py

diff --git a/web/dashboard/migrations/0009_hackeroneapikey.py b/web/dashboard/migrations/0009_hackeroneapikey.py
new file mode 100644
index 000000000..74799e4a3
--- /dev/null
+++ b/web/dashboard/migrations/0009_hackeroneapikey.py
@@ -0,0 +1,21 @@
+# Generated by Django 3.2.23 on 2024-09-02 01:51
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dashboard', '0008_chaosapikey'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='HackerOneAPIKey',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False)),
+                ('username', models.CharField(max_length=500)),
+                ('key', models.CharField(max_length=500)),
+            ],
+        ),
+    ]
diff --git a/web/dashboard/models.py b/web/dashboard/models.py
index a59bc1e2a..cbec67787 100644
--- a/web/dashboard/models.py
+++ b/web/dashboard/models.py
@@ -49,6 +49,15 @@ class ChaosAPIKey(models.Model):
 
 	def __str__(self):
 		return self.key
+	
+
+class HackerOneAPIKey(models.Model):
+	id = models.AutoField(primary_key=True)
+	username = models.CharField(max_length=500)
+	key = models.CharField(max_length=500)
+
+	def __str__(self):
+		return self.username
 
 
 class InAppNotification(models.Model):
diff --git a/web/dashboard/templates/dashboard/onboarding.html b/web/dashboard/templates/dashboard/onboarding.html
index 0642880b5..55685ecf1 100644
--- a/web/dashboard/templates/dashboard/onboarding.html
+++ b/web/dashboard/templates/dashboard/onboarding.html
@@ -164,7 +164,7 @@ <h2 class="accordion-header" id="headingHackerone">
                                     {% if hackerone_username %} <input class="form-control" type="text" id="username_hackerone" name="username_hackerone" placeholder="Enter Hackerone Username" value="{{hackerone_username}}"> {% else %} <input class="form-control" type="text" id="username_hackerone" name="username_hackerone" placeholder="Enter Hackerone Username"> {% endif %}
                                   </div>
                                   <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
-                                    <label for="hackerone_api_token" class="form-label">Generate your <a href="https://hackerone.com/settings/api_token/edit" target="_blank">API Token from here <i class="fe-external-link"></i></a></label>
+                                    <label for="hackerone_key" class="form-label">Generate your <a href="https://hackerone.com/settings/api_token/edit" target="_blank">API Token from here <i class="fe-external-link"></i></a></label>
                                     <div class="flex-grow-1 position-relative">
                                     {% if hackerone_key %} <input class="form-control" type="text" id="key_hackerone" name="key_hackerone" placeholder="Enter Hackerone Key" value="{{hackerone_key}}"> {% else %} <input class="form-control" type="text" id="key_hackerone" name="key_hackerone" placeholder="Enter Hackerone Token"> {% endif %}
                                     </div>
diff --git a/web/dashboard/views.py b/web/dashboard/views.py
index 8802314b8..d88e16662 100644
--- a/web/dashboard/views.py
+++ b/web/dashboard/views.py
@@ -335,6 +335,8 @@ def onboarding(request):
         key_openai = request.POST.get('key_openai')
         key_netlas = request.POST.get('key_netlas')
         key_chaos = request.POST.get('key_chaos')
+        key_hackerone = request.POST.get('key_hackerone')
+        username_hackerone = request.POST.get('username_hackerone')
 
         insert_date = timezone.now()
 
@@ -385,11 +387,25 @@ def onboarding(request):
             else:
                 ChaosAPIKey.objects.create(key=key_chaos)
 
+        if key_hackerone and username_hackerone:
+            hackerone_api_key = HackerOneAPIKey.objects.first()
+            if hackerone_api_key:
+                hackerone_api_key.username = username_hackerone
+                hackerone_api_key.key = key_hackerone
+                hackerone_api_key.save()
+            else:
+                HackerOneAPIKey.objects.create(
+                    username=username_hackerone, 
+                    key=key_hackerone
+                )
+
     context['error'] = error
     
 
     context['openai_key'] = OpenAiAPIKey.objects.first()
     context['netlas_key'] = NetlasAPIKey.objects.first()
     context['chaos_key'] = ChaosAPIKey.objects.first()
+    context['hackerone_key'] = HackerOneAPIKey.objects.first().key
+    context['hackerone_username'] = HackerOneAPIKey.objects.first().username
 
     return render(request, 'dashboard/onboarding.html', context)
diff --git a/web/reNgine/common_func.py b/web/reNgine/common_func.py
index dae1e8f2d..65dbd2ba9 100644
--- a/web/reNgine/common_func.py
+++ b/web/reNgine/common_func.py
@@ -1040,6 +1040,11 @@ def get_chaos_key():
 	return chaos_key[0] if chaos_key else None
 
 
+def get_hackerone_key():
+	hackerone_key = HackerOneAPIKey.objects.all()
+	return hackerone_key[0] if hackerone_key else None
+
+
 def parse_llm_vulnerability_report(report):
 	report = report.replace('**', '')
 	data = {}

From 1b99175f9cf837b25a2c79bce485c92457c6fdff Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 2 Sep 2024 08:01:08 +0530
Subject: [PATCH 148/211] Add hackerone api key section in api vault

---
 .../templates/scanEngine/settings/api.html    | 30 ++++++++++++++++---
 web/scanEngine/views.py                       | 19 ++++++++++++
 2 files changed, 45 insertions(+), 4 deletions(-)

diff --git a/web/scanEngine/templates/scanEngine/settings/api.html b/web/scanEngine/templates/scanEngine/settings/api.html
index 8cecea2d6..1ccdd792b 100644
--- a/web/scanEngine/templates/scanEngine/settings/api.html
+++ b/web/scanEngine/templates/scanEngine/settings/api.html
@@ -39,7 +39,7 @@
                     <span class="password-eye"></span>
                   </div>
                 </div>
-                <span class="text-muted float-end optional-text">This is optional but recommended. Get your API key from <a href="https://platform.openai.com/api-keys" target="_blank">https://platform.openai.com/api-keys</a></span>
+                <span class="text-muted float-end optional-text mt-2">This is optional but recommended. Get your API key from <a href="https://platform.openai.com/api-keys" target="_blank">https://platform.openai.com/api-keys</a></span>
               </div>
               <div class="mb-3">
                 <label for="key_netlas" class="form-label">Netlas</label>
@@ -54,10 +54,10 @@
                     <span class="password-eye"></span>
                   </div>
                 </div>
-                <span class="text-muted float-end optional-text">This is optional. Get your API key from <a href="https://netlas.io" target="_blank">https://netlas.io</a></span>
+                <span class="text-muted float-end optional-text mt-2">This is optional. Get your API key from <a href="https://netlas.io" target="_blank">https://netlas.io</a></span>
               </div>
               <div class="mb-3">
-                <label for="key_chaos" class="form-label">Chaos</label>
+                <label for="key_chaos" class="form-label">Chaos by Project Discovery</label>
                 <p class="text-muted">Chaos keys will be used for subdomain enumeration and recon data for Public Bug Bounty Programs.</p>
                 <div class="flex-grow-1 position-relative">
                 {% if chaos_key %}
@@ -69,7 +69,29 @@
                     <span class="password-eye"></span>
                   </div>
                 </div>
-                <span class="text-muted float-end optional-text">This is optional but recommended. Get your API key from <a href="https://cloud.projectdiscovery.io" target="_blank">https://cloud.projectdiscovery.io</a></span>
+                <span class="text-muted float-end optional-text mt-2">This is optional but recommended. Get your API key from <a href="https://cloud.projectdiscovery.io" target="_blank">https://cloud.projectdiscovery.io</a></span>
+              </div>
+              <div class="mb-3">
+                <label for="key_hackerone" class="form-label">Hackerone</label>
+                <div class="row">
+                <p class="text-muted">Hackerone Keys will be used to import targets, bookmarked programs, and submit automated vulnerability report to Hackerone. This is a bug bounty specific feature.</p>
+                  <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
+                    <label for="hackerone_username"  class="form-label">Hackerone Username (Not email)</label>
+                    {% if hackerone_username %} <input class="form-control" type="text" id="username_hackerone" name="username_hackerone" placeholder="Enter Hackerone Username" value="{{hackerone_username}}"> {% else %} <input class="form-control" type="text" id="username_hackerone" name="username_hackerone" placeholder="Enter Hackerone Username"> {% endif %}
+                  </div>
+                  <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
+                    <label for="hackerone_key" class="form-label">Generate your <a href="https://hackerone.com/settings/api_token/edit" target="_blank">API Token from here <i class="fe-external-link"></i></a></label>
+                    <div class="flex-grow-1 position-relative">
+                    {% if hackerone_key %} <input class="form-control" type="password" id="key_hackerone" name="key_hackerone" placeholder="Enter Hackerone Key" value="{{hackerone_key}}"> {% else %} <input class="form-control" type="text" id="key_hackerone" name="key_hackerone" placeholder="Enter Hackerone Token"> {% endif %}
+                    <div class="position-absolute top-50 end-0 translate-middle-y pe-2" style="cursor: pointer;" data-password="false">
+                      <span class="password-eye"></span>
+                    </div>
+                    </div>
+                  </div>
+                  <div class="col-12">
+                    <p class="text-muted float-end mt-2 mb-2">This is optional but recommended for bug hunters. Get your API key from <a href="https://api.hackerone.com/getting-started-hacker-api/#getting-started-hacker-api" class="text-primary" target="_blank">Hackerone Documentation</a>
+                  </div
+                </div>
               </div>
             </div>
               <div class="mb-0">
diff --git a/web/scanEngine/views.py b/web/scanEngine/views.py
index 80845d984..06a3518df 100644
--- a/web/scanEngine/views.py
+++ b/web/scanEngine/views.py
@@ -504,6 +504,8 @@ def api_vault(request, slug):
         key_openai = request.POST.get('key_openai')
         key_netlas = request.POST.get('key_netlas')
         key_chaos = request.POST.get('key_chaos')
+        key_hackerone = request.POST.get('key_hackerone')
+        username_hackerone = request.POST.get('username_hackerone')
 
 
         if key_openai:
@@ -530,13 +532,30 @@ def api_vault(request, slug):
             else:
                 ChaosAPIKey.objects.create(key=key_chaos)
 
+        if key_hackerone and username_hackerone:
+            hackerone_api_key = HackerOneAPIKey.objects.first()
+            if hackerone_api_key:
+                hackerone_api_key.username = username_hackerone
+                hackerone_api_key.key = key_hackerone
+                hackerone_api_key.save()
+            else:
+                HackerOneAPIKey.objects.create(
+                    username=username_hackerone, 
+                    key=key_hackerone
+                )
+
     openai_key = OpenAiAPIKey.objects.first()
     netlas_key = NetlasAPIKey.objects.first()
     chaos_key = ChaosAPIKey.objects.first()
+    hackerone_key = HackerOneAPIKey.objects.first().key
+    hackerone_username = HackerOneAPIKey.objects.first().username
 
     context['openai_key'] = openai_key
     context['netlas_key'] = netlas_key
     context['chaos_key'] = chaos_key
+    context['hackerone_key'] = hackerone_key
+    context['hackerone_username'] = hackerone_username
+    
     return render(request, 'scanEngine/settings/api.html', context)
 
 

From 5a69889589485347b63e457224f62770bff6ef5c Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 2 Sep 2024 09:04:49 +0530
Subject: [PATCH 149/211] Add send_report field to enable/disable automated
 vuln submission in h1

---
 web/reNgine/common_func.py                    |   8 +-
 web/scanEngine/forms.py                       |  24 +---
 .../migrations/0002_hackerone_send_report.py  |  18 +++
 web/scanEngine/models.py                      |   6 +-
 .../scanEngine/settings/hackerone.html        | 122 ++++++------------
 web/static/custom/custom.js                   |  57 ++++++++
 6 files changed, 132 insertions(+), 103 deletions(-)
 create mode 100644 web/scanEngine/migrations/0002_hackerone_send_report.py

diff --git a/web/reNgine/common_func.py b/web/reNgine/common_func.py
index 65dbd2ba9..29e24c548 100644
--- a/web/reNgine/common_func.py
+++ b/web/reNgine/common_func.py
@@ -1040,9 +1040,13 @@ def get_chaos_key():
 	return chaos_key[0] if chaos_key else None
 
 
-def get_hackerone_key():
+def get_hackerone_key_username():
+	"""
+		Get the HackerOne API key username from the database.
+		Returns: a tuple of the username and api key
+	"""
 	hackerone_key = HackerOneAPIKey.objects.all()
-	return hackerone_key[0] if hackerone_key else None
+	return (hackerone_key[0].username, hackerone_key[0].key) if hackerone_key else None
 
 
 def parse_llm_vulnerability_report(report):
diff --git a/web/scanEngine/forms.py b/web/scanEngine/forms.py
index e55744621..2317351eb 100644
--- a/web/scanEngine/forms.py
+++ b/web/scanEngine/forms.py
@@ -398,26 +398,14 @@ class Meta:
         model = Hackerone
         fields = '__all__'
 
-    username = forms.CharField(
-        required=True,
-        widget=forms.TextInput(
+    send_report = forms.BooleanField(
+        required=False,
+        widget=forms.CheckboxInput(
             attrs={
-                "class": "form-control form-control-lg",
-                "id": "username",
-                "placeholder": "Your Hackerone Username",
+                "class": "form-check-input",
+                "id": "send_report",
             }))
 
-    api_key = forms.CharField(
-        required=True,
-        widget=forms.PasswordInput(
-            attrs={
-                "class": "form-control form-control-lg",
-                "id": "api_key",
-                "placeholder": "Hackerone API Token",
-            },
-            render_value=True
-        ))
-
     send_critical = forms.BooleanField(
         required=False,
         widget=forms.CheckboxInput(
@@ -453,6 +441,7 @@ def set_value(self, key):
         self.initial['username'] = key.username
         self.initial['api_key'] = key.api_key
 
+        self.initial['send_report'] = key.send_report
         self.initial['send_critical'] = key.send_critical
         self.initial['send_high'] = key.send_high
         self.initial['send_medium'] = key.send_medium
@@ -460,6 +449,7 @@ def set_value(self, key):
         self.initial['report_template'] = key.report_template
 
     def set_initial(self):
+        self.initial['send_report'] = False
         self.initial['send_critical'] = True
         self.initial['send_high'] = True
         self.initial['send_medium'] = False
diff --git a/web/scanEngine/migrations/0002_hackerone_send_report.py b/web/scanEngine/migrations/0002_hackerone_send_report.py
new file mode 100644
index 000000000..7c40fa8fa
--- /dev/null
+++ b/web/scanEngine/migrations/0002_hackerone_send_report.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.23 on 2024-09-02 02:51
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('scanEngine', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='hackerone',
+            name='send_report',
+            field=models.BooleanField(blank=True, default=False, null=True),
+        ),
+    ]
diff --git a/web/scanEngine/models.py b/web/scanEngine/models.py
index 3e5c6d07f..f0beef502 100644
--- a/web/scanEngine/models.py
+++ b/web/scanEngine/models.py
@@ -97,8 +97,10 @@ class Proxy(models.Model):
 
 class Hackerone(models.Model):
     id = models.AutoField(primary_key=True)
-    username = models.CharField(max_length=100, null=True, blank=True)
-    api_key = models.CharField(max_length=200, null=True, blank=True)
+    # TODO: username and api_key fields will be deprecated in another major release, Instead HackerOneAPIKey model from dasbhboard/models.py will be used
+    username = models.CharField(max_length=100, null=True, blank=True) # unused
+    api_key = models.CharField(max_length=200, null=True, blank=True) # unused
+    send_report = models.BooleanField(default=False, null=True, blank=True)
     send_critical = models.BooleanField(default=True)
     send_high = models.BooleanField(default=True)
     send_medium = models.BooleanField(default=False)
diff --git a/web/scanEngine/templates/scanEngine/settings/hackerone.html b/web/scanEngine/templates/scanEngine/settings/hackerone.html
index eec049813..5a9de97ad 100644
--- a/web/scanEngine/templates/scanEngine/settings/hackerone.html
+++ b/web/scanEngine/templates/scanEngine/settings/hackerone.html
@@ -12,11 +12,11 @@
 
 {% block breadcrumb_title %}
 <li class="breadcrumb-item"><a href="#">Settings</a></li>
-<li class="breadcrumb-item active">Hackerone Settings</li>
+<li class="breadcrumb-item active">Hackerone Automatic Vulnerability Report Settings</li>
 {% endblock breadcrumb_title %}
 
 {% block page_title %}
-HackerOne Settings
+Hackerone Automatic Vulnerability Report Settings
 {% endblock page_title %}
 
 {% block main_content %}
@@ -24,8 +24,6 @@
   <div class="col-12">
     <div class="card">
       <div class="card-body">
-        <h4 class="header-title">Hackerone Automatic Vulnerability Report Settings</h4>
-        <img src="https://www.hackerone.com/assets/images/logo.png" alt="" height="30px">
         <div class="alert alert-danger border-0 mb-3 mt-3" role="alert">
           Use this feature with caution! Please do not spam triagers!
           <br>We do not allow sending vulnerability report for low severity and informational vulnerabilities to avoid spamming triagers!
@@ -34,31 +32,13 @@ <h4 class="header-title">Hackerone Automatic Vulnerability Report Settings</h4>
         <p class="mt-3">
           reNgine Automatically Reports vulnerabilities to your bug bounty programs on Hackerone, if any vulnerabilities are identified.
           <br>
-          <span class="text-danger">A valid Hackerone API token and username is required.</span>
-          <br>
-          More details on how to generate your hackerone api token is provided by <a href="https://api.hackerone.com/getting-started-hacker-api/#getting-started-hacker-api" class="text-primary" target="_blank">Hackerone Documentation <i class="fe-external-link"></i></a>
+          <span class="text-danger">A valid Hackerone API token and username is required. You can set api keys from API Vault Section </span>
         </p>
-        <form method="post">
+        <form method="post" id="hackerone_form">
           {% csrf_token %}
-          <div class="row">
-            <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
-              <label for="hackerone_username"  class="form-label">Your Hackerone Username (Not email)</label>
-              {{ form.username }}
-            </div>
-            <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
-              <label for="hackerone_api_token" class="form-label">Generate your <a href="https://hackerone.com/settings/api_token/edit" target="_blank">API Token from here <i class="fe-external-link"></i></a></label>
-              <div class="flex-grow-1 position-relative">
-              {{ form.api_key }}
-              <div class="position-absolute top-50 end-0 translate-middle-y pe-2" style="cursor: pointer;" data-password="false">
-                <span class="password-eye"></span>
-              </div>
-              </div>
-            </div>
-          </div>
-          <a class="btn btn-primary float-end mt-3" href="javascript:test_hackerone()" role="button">
-            &nbsp;&nbsp;Test my hackerone api key
-          </a>
-          <h4 class="header-title text-danger mt-3">Report Vulnerability to hackerone when</h4>
+          <h4 class="header-title mt-3">Automated Vulnerability Report Submission</h4>
+          <div><span class="me-2">Enable Automated Vulnerability Report Submission to Hackerone</span>{{form.send_report}}</div>
+          <h4 class="header-title mt-3">Report Vulnerability to hackerone when</h4>
           <table>
             <tr>
               <td>Critical Severity is found. (Default)</td>
@@ -111,62 +91,40 @@ <h4 class="header-title mt-3">Vulnerability Report Template</h4>
   return DOMPurify.sanitize(simplemde.markdown(plainText));
 };
 
-function test_hackerone() {
-  if ($("#username").val().length == 0 || $("#api_key").val().length == 0) {
-    if ($("#username").val().length == 0) {
-      $("#username").addClass("is-invalid");
-    }
-    if ($("#api_key").val().length == 0) {
-      $("#api_key").addClass("is-invalid");
+function handleFormInputs() {
+  const form = document.getElementById('hackerone_form');
+  const checkbox = document.getElementById('send_report');
+  const inputs = form.querySelectorAll('input:not(#send_report):not([type="submit"]):not([name="csrf_token"])');
+  
+  inputs.forEach(input => {
+    if (input.type === 'text' || input.type === 'textarea') {
+      input.readOnly = !checkbox.checked;
+    } else if (input.type !== 'hidden') {
+      input.disabled = !checkbox.checked;
     }
-  }
-  else{
-    const hackerone_api = 'testHackerone/';
-    var username = $("#username").val();
-    var api_key = $("#api_key").val();
-    swal.queue([{
-      title: 'Hackerone Configuration',
-      confirmButtonText: 'Test my hackerone API Key',
-      text:
-      'This will test if your hackerone API keys are working.',
-      showLoaderOnConfirm: true,
-      preConfirm: function() {
-        return fetch(hackerone_api, {
-          method: 'POST',
-          headers: {
-            "X-CSRFToken": getCookie("csrftoken"),
-            "Content-Type": "application/json"
-          },
-          body: JSON.stringify({'username': username, 'api_key': api_key}),
-        },
-      ).then(function (response) {
-        return response.json();
-      })
-      .then(function(data) {
-        if (data.status == 200) {
-          $("#username").addClass("is-valid");
-          $("#api_key").addClass("is-valid");
-          $("#username").removeClass("is-invalid");
-          $("#api_key").removeClass("is-invalid");
-          return swal.insertQueueStep("Your hackerone Credentials are working.")
-        }
-        else{
-          $("#username").addClass("is-invalid");
-          $("#api_key").addClass("is-invalid");
-          $("#username").removeClass("is-valid");
-          $("#api_key").removeClass("is-valid");
-          return swal.insertQueueStep("Oops! Your hackerone Credentials are not working, check your username and/or api_key.")
-        }
-      })
-      .catch(function() {
-        swal.insertQueueStep({
-          type: 'error',
-          title: 'Unable to get your public IP'
-        })
-      })
-    }
-  }]);
-}
+  });
 }
+
+document.addEventListener('DOMContentLoaded', () => {
+  const form = document.getElementById('hackerone_form');
+  const checkbox = document.getElementById('send_report');
+  
+  handleFormInputs(); // init state
+  checkbox.addEventListener('change', handleFormInputs);
+
+  form.addEventListener('submit', (event) => {
+    if (!checkbox.checked) {
+      // If checkbox is unchecked, temporarily enable all inputs for submission
+      const inputs = form.querySelectorAll('input:not(#send_report):not([type="submit"]):not([name="csrf_token"])');
+      inputs.forEach(input => {
+        input.disabled = false;
+        input.readOnly = false;
+      });
+      
+      setTimeout(() => handleFormInputs(), 0);
+    }
+  });
+});
+
 </script>
 {% endblock page_level_script %}
diff --git a/web/static/custom/custom.js b/web/static/custom/custom.js
index 617fb4adb..f04913b25 100644
--- a/web/static/custom/custom.js
+++ b/web/static/custom/custom.js
@@ -3402,3 +3402,60 @@ function show_scan_configuration(starting_path, out_of_scope_subdomains, exclude
 }
 
 
+function test_hackerone() {
+	if ($("#username").val().length == 0 || $("#api_key").val().length == 0) {
+	  if ($("#username").val().length == 0) {
+		$("#username").addClass("is-invalid");
+	  }
+	  if ($("#api_key").val().length == 0) {
+		$("#api_key").addClass("is-invalid");
+	  }
+	}
+	else{
+	  const hackerone_api = 'testHackerone/';
+	  var username = $("#username").val();
+	  var api_key = $("#api_key").val();
+	  swal.queue([{
+		title: 'Hackerone Configuration',
+		confirmButtonText: 'Test my hackerone API Key',
+		text:
+		'This will test if your hackerone API keys are working.',
+		showLoaderOnConfirm: true,
+		preConfirm: function() {
+		  return fetch(hackerone_api, {
+			method: 'POST',
+			headers: {
+			  "X-CSRFToken": getCookie("csrftoken"),
+			  "Content-Type": "application/json"
+			},
+			body: JSON.stringify({'username': username, 'api_key': api_key}),
+		  },
+		).then(function (response) {
+		  return response.json();
+		})
+		.then(function(data) {
+		  if (data.status == 200) {
+			$("#username").addClass("is-valid");
+			$("#api_key").addClass("is-valid");
+			$("#username").removeClass("is-invalid");
+			$("#api_key").removeClass("is-invalid");
+			return swal.insertQueueStep("Your hackerone Credentials are working.")
+		  }
+		  else{
+			$("#username").addClass("is-invalid");
+			$("#api_key").addClass("is-invalid");
+			$("#username").removeClass("is-valid");
+			$("#api_key").removeClass("is-valid");
+			return swal.insertQueueStep("Oops! Your hackerone Credentials are not working, check your username and/or api_key.")
+		  }
+		})
+		.catch(function() {
+		  swal.insertQueueStep({
+			type: 'error',
+			title: 'Test Hackerone API Key',
+		  })
+		})
+	  }
+	}]);
+  }
+}
\ No newline at end of file

From bc68bf14d32bc90999d6a57677737dc93dcf5e24 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 2 Sep 2024 09:12:48 +0530
Subject: [PATCH 150/211] fix condition to send report

---
 web/reNgine/tasks.py | 41 ++++++++++++++++++++++++++---------------
 1 file changed, 26 insertions(+), 15 deletions(-)

diff --git a/web/reNgine/tasks.py b/web/reNgine/tasks.py
index bbb62342c..0d31fb5b3 100644
--- a/web/reNgine/tasks.py
+++ b/web/reNgine/tasks.py
@@ -2227,13 +2227,24 @@ def nuclei_individual_severity_module(self, cmd, severity, enable_http_crawl, sh
 				fields,
 				add_meta_info=False)
 
-		# Send report to hackerone
-		hackerone_query = Hackerone.objects.all()
+		"""
+			Send report to hackerone when
+			1. send_report is True from Hackerone model in ScanEngine
+			2. username and key is set in HackerOneAPIKey in Dashboard
+			3. severity is not info or low
+		"""
+		hackerone_query = Hackerone.objects.filter(send_report=True)
+		api_key_check_query = HackerOneAPIKey.objects.filter(
+			Q(username__isnull=False) & Q(key__isnull=False)
+		)
+
 		send_report = (
 			hackerone_query.exists() and
+			api_key_check_query.exists() and
 			severity not in ('info', 'low') and
 			vuln.target_domain.h1_team_handle
 		)
+		
 		if send_report:
 			hackerone = hackerone_query.first()
 			if hackerone.send_critical and severity == 'critical':
@@ -3315,23 +3326,23 @@ def send_hackerone_report(vulnerability_id):
 			tpl = tpl.replace('{vulnerability_reference}', vulnerability.reference if vulnerability.reference else '')
 
 			data = {
-			  "data": {
-				"type": "report",
-				"attributes": {
-				  "team_handle": vulnerability.target_domain.h1_team_handle,
-				  "title": f'{vulnerability.name} found in {vulnerability.http_url}',
-				  "vulnerability_information": tpl,
-				  "severity_rating": severity_value,
-				  "impact": "More information about the impact and vulnerability can be found here: \n" + vulnerability.reference if vulnerability.reference else "NA",
-				}
+				"data": {
+					"type": "report",
+					"attributes": {
+						"team_handle": vulnerability.target_domain.h1_team_handle,
+						"title": f'{vulnerability.name} found in {vulnerability.http_url}',
+						"vulnerability_information": tpl,
+						"severity_rating": severity_value,
+						"impact": "More information about the impact and vulnerability can be found here: \n" + vulnerability.reference if vulnerability.reference else "NA",
+					}
 			  }
 			}
 
 			r = requests.post(
-			  'https://api.hackerone.com/v1/hackers/reports',
-			  auth=(hackerone.username, hackerone.api_key),
-			  json=data,
-			  headers=headers
+				'https://api.hackerone.com/v1/hackers/reports',
+				auth=(hackerone.username, hackerone.api_key),
+				json=data,
+				headers=headers
 			)
 			response = r.json()
 			status_code = r.status_code

From 7970bbee08d6c94a5e1a806f8db954a3c6341ccb Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 2 Sep 2024 09:23:58 +0530
Subject: [PATCH 151/211] fix hackerone send report task to use new api key
 model

---
 web/reNgine/tasks.py | 102 +++++++++++++++++++++++--------------------
 1 file changed, 54 insertions(+), 48 deletions(-)

diff --git a/web/reNgine/tasks.py b/web/reNgine/tasks.py
index 0d31fb5b3..c7eea5119 100644
--- a/web/reNgine/tasks.py
+++ b/web/reNgine/tasks.py
@@ -2244,7 +2244,7 @@ def nuclei_individual_severity_module(self, cmd, severity, enable_http_crawl, sh
 			severity not in ('info', 'low') and
 			vuln.target_domain.h1_team_handle
 		)
-		
+
 		if send_report:
 			hackerone = hackerone_query.first()
 			if hackerone.send_critical and severity == 'critical':
@@ -3304,58 +3304,64 @@ def send_hackerone_report(vulnerability_id):
 	"""
 	vulnerability = Vulnerability.objects.get(id=vulnerability_id)
 	severities = {v: k for k,v in NUCLEI_SEVERITY_MAP.items()}
-	headers = {
-		'Content-Type': 'application/json',
-		'Accept': 'application/json'
+
+	# can only send vulnerability report if team_handle exists and send_report is True and api_key exists
+	hackerone = Hackerone.objects.filter(send_report=True).first()
+	api_key = HackerOneAPIKey.objects.filter(username__isnull=False, key__isnull=False).first()
+
+	if not (vulnerability.target_domain.h1_team_handle and hackerone and api_key):
+		logger.error('Missing required data: team handle, Hackerone config, or API key.')
+		return {"status_code": 400, "message": "Missing required data"}
+
+	severity_value = severities[vulnerability.severity]
+	tpl = hackerone.report_template or ""
+
+	tpl_vars = {
+		'{vulnerability_name}': vulnerability.name,
+		'{vulnerable_url}': vulnerability.http_url,
+		'{vulnerability_severity}': severity_value,
+		'{vulnerability_description}': vulnerability.description or '',
+		'{vulnerability_extracted_results}': vulnerability.extracted_results or '',
+		'{vulnerability_reference}': vulnerability.reference or '',
 	}
 
-	# can only send vulnerability report if team_handle exists
-	if len(vulnerability.target_domain.h1_team_handle) !=0:
-		hackerone_query = Hackerone.objects.all()
-		if hackerone_query.exists():
-			hackerone = Hackerone.objects.first()
-			severity_value = severities[vulnerability.severity]
-			tpl = hackerone.report_template
-
-			# Replace syntax of report template with actual content
-			tpl = tpl.replace('{vulnerability_name}', vulnerability.name)
-			tpl = tpl.replace('{vulnerable_url}', vulnerability.http_url)
-			tpl = tpl.replace('{vulnerability_severity}', severity_value)
-			tpl = tpl.replace('{vulnerability_description}', vulnerability.description if vulnerability.description else '')
-			tpl = tpl.replace('{vulnerability_extracted_results}', vulnerability.extracted_results if vulnerability.extracted_results else '')
-			tpl = tpl.replace('{vulnerability_reference}', vulnerability.reference if vulnerability.reference else '')
-
-			data = {
-				"data": {
-					"type": "report",
-					"attributes": {
-						"team_handle": vulnerability.target_domain.h1_team_handle,
-						"title": f'{vulnerability.name} found in {vulnerability.http_url}',
-						"vulnerability_information": tpl,
-						"severity_rating": severity_value,
-						"impact": "More information about the impact and vulnerability can be found here: \n" + vulnerability.reference if vulnerability.reference else "NA",
-					}
-			  }
+	# Replace syntax of report template with actual content
+	for key, value in tpl_vars.items():
+		tpl = tpl.replace(key, value)
+
+	data = {
+		"data": {
+			"type": "report",
+			"attributes": {
+				"team_handle": vulnerability.target_domain.h1_team_handle,
+				"title": f'{vulnerability.name} found in {vulnerability.http_url}',
+				"vulnerability_information": tpl,
+				"severity_rating": severity_value,
+				"impact": "More information about the impact and vulnerability can be found here: \n" + vulnerability.reference if vulnerability.reference else "NA",
 			}
+		}
+	}
 
-			r = requests.post(
-				'https://api.hackerone.com/v1/hackers/reports',
-				auth=(hackerone.username, hackerone.api_key),
-				json=data,
-				headers=headers
-			)
-			response = r.json()
-			status_code = r.status_code
-			if status_code == 201:
-				vulnerability.hackerone_report_id = response['data']["id"]
-				vulnerability.open_status = False
-				vulnerability.save()
-			return status_code
+	headers = {
+		'Content-Type': 'application/json',
+		'Accept': 'application/json'
+	}
 
-	else:
-		logger.error('No team handle found.')
-		status_code = 111
-		return status_code
+	r = requests.post(
+		'https://api.hackerone.com/v1/hackers/reports',
+		auth=(api_key.username, api_key.key),
+		json=data,
+		headers=headers
+	)
+	response = r.json()
+	status_code = r.status_code
+	if status_code == 201:
+		vulnerability.hackerone_report_id = response['data']["id"]
+		vulnerability.open_status = False
+		vulnerability.save()
+		return {"status_code": r.status_code, "message": "Report sent successfully"}
+	logger.error(f"Error sending report to HackerOne")
+	return {"status_code": r.status_code, "message": response}
 
 
 #-------------#

From d2f3bd158404ff231615effb8fec9c9a85e55af1 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 2 Sep 2024 09:39:59 +0530
Subject: [PATCH 152/211] add test hackerone keys in api vault

---
 .../templates/scanEngine/settings/api.html    |  32 ++---
 web/static/custom/custom.js                   | 126 ++++++++++--------
 2 files changed, 88 insertions(+), 70 deletions(-)

diff --git a/web/scanEngine/templates/scanEngine/settings/api.html b/web/scanEngine/templates/scanEngine/settings/api.html
index 1ccdd792b..64da0ea21 100644
--- a/web/scanEngine/templates/scanEngine/settings/api.html
+++ b/web/scanEngine/templates/scanEngine/settings/api.html
@@ -75,27 +75,29 @@
                 <label for="key_hackerone" class="form-label">Hackerone</label>
                 <div class="row">
                 <p class="text-muted">Hackerone Keys will be used to import targets, bookmarked programs, and submit automated vulnerability report to Hackerone. This is a bug bounty specific feature.</p>
-                  <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
-                    <label for="hackerone_username"  class="form-label">Hackerone Username (Not email)</label>
-                    {% if hackerone_username %} <input class="form-control" type="text" id="username_hackerone" name="username_hackerone" placeholder="Enter Hackerone Username" value="{{hackerone_username}}"> {% else %} <input class="form-control" type="text" id="username_hackerone" name="username_hackerone" placeholder="Enter Hackerone Username"> {% endif %}
+                <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
+                  <label for="hackerone_username"  class="form-label">Hackerone Username (Not email)</label>
+                  {% if hackerone_username %} <input class="form-control" type="text" id="username_hackerone" name="username_hackerone" placeholder="Enter Hackerone Username" value="{{hackerone_username}}"> {% else %} <input class="form-control" type="text" id="username_hackerone" name="username_hackerone" placeholder="Enter Hackerone Username"> {% endif %}
+                </div>
+                <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
+                  <label for="hackerone_key" class="form-label">Generate your <a href="https://hackerone.com/settings/api_token/edit" target="_blank">API Token from here <i class="fe-external-link"></i></a></label>
+                  <div class="flex-grow-1 position-relative">
+                  {% if hackerone_key %} <input class="form-control" type="password" id="key_hackerone" name="key_hackerone" placeholder="Enter Hackerone Key" value="{{hackerone_key}}"> {% else %} <input class="form-control" type="text" id="key_hackerone" name="key_hackerone" placeholder="Enter Hackerone Token"> {% endif %}
+                  <div class="position-absolute top-50 end-0 translate-middle-y pe-2" style="cursor: pointer;" data-password="false">
+                    <span class="password-eye"></span>
                   </div>
-                  <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
-                    <label for="hackerone_key" class="form-label">Generate your <a href="https://hackerone.com/settings/api_token/edit" target="_blank">API Token from here <i class="fe-external-link"></i></a></label>
-                    <div class="flex-grow-1 position-relative">
-                    {% if hackerone_key %} <input class="form-control" type="password" id="key_hackerone" name="key_hackerone" placeholder="Enter Hackerone Key" value="{{hackerone_key}}"> {% else %} <input class="form-control" type="text" id="key_hackerone" name="key_hackerone" placeholder="Enter Hackerone Token"> {% endif %}
-                    <div class="position-absolute top-50 end-0 translate-middle-y pe-2" style="cursor: pointer;" data-password="false">
-                      <span class="password-eye"></span>
-                    </div>
-                    </div>
                   </div>
-                  <div class="col-12">
-                    <p class="text-muted float-end mt-2 mb-2">This is optional but recommended for bug hunters. Get your API key from <a href="https://api.hackerone.com/getting-started-hacker-api/#getting-started-hacker-api" class="text-primary" target="_blank">Hackerone Documentation</a>
-                  </div
+                </div>
+                <div class="col-12">
+                  <p class="text-muted float-end mt-2 mb-2">This is optional but recommended for bug hunters. Get your API key from <a href="https://api.hackerone.com/getting-started-hacker-api/#getting-started-hacker-api" class="text-primary" target="_blank">Hackerone Documentation</a></p>
+                </div>
+                <div class="col-12">
+                  <a href="#" onclick="test_hackerone()" class="text-info float-end">Test my hackerone keys <i class="fe-check-circle"></i></a>
                 </div>
               </div>
             </div>
               <div class="mb-0">
-                <button class="btn btn-info float-sm-end my-4" type="submit"> Update API Keys</button>
+                <button class="btn btn-primary float-sm-end my-4" type="submit"> Update API Keys</button>
               </div>
           </div>
         </form>
diff --git a/web/static/custom/custom.js b/web/static/custom/custom.js
index f04913b25..795deb82c 100644
--- a/web/static/custom/custom.js
+++ b/web/static/custom/custom.js
@@ -3402,60 +3402,76 @@ function show_scan_configuration(starting_path, out_of_scope_subdomains, exclude
 }
 
 
-function test_hackerone() {
-	if ($("#username").val().length == 0 || $("#api_key").val().length == 0) {
-	  if ($("#username").val().length == 0) {
-		$("#username").addClass("is-invalid");
-	  }
-	  if ($("#api_key").val().length == 0) {
-		$("#api_key").addClass("is-invalid");
-	  }
-	}
-	else{
-	  const hackerone_api = 'testHackerone/';
-	  var username = $("#username").val();
-	  var api_key = $("#api_key").val();
-	  swal.queue([{
-		title: 'Hackerone Configuration',
-		confirmButtonText: 'Test my hackerone API Key',
-		text:
-		'This will test if your hackerone API keys are working.',
-		showLoaderOnConfirm: true,
-		preConfirm: function() {
-		  return fetch(hackerone_api, {
-			method: 'POST',
-			headers: {
-			  "X-CSRFToken": getCookie("csrftoken"),
-			  "Content-Type": "application/json"
+async function test_hackerone() {
+	const username = $("#username_hackerone");
+	const apiKey = $("#key_hackerone");
+	const fields = [username, apiKey];
+
+	const isValid = fields.every(field => field.val().trim().length > 0); 
+	fields.forEach(field => {
+		field.toggleClass("is-invalid", field.val().trim().length === 0);
+	});
+
+	if (!isValid) return;
+
+	try {
+		const result = await Swal.fire({
+			title: 'HackerOne Configuration',
+			text: 'This will test if your HackerOne API keys are working.',
+			icon: 'info',
+			showCancelButton: true,
+			confirmButtonText: 'Test my HackerOne API Key',
+			showLoaderOnConfirm: true,
+			preConfirm: async () => {
+			try {
+				const response = await fetch('testHackerone/', {
+				method: 'POST',
+				headers: {
+					"X-CSRFToken": getCookie("csrftoken"),
+					"Content-Type": "application/json"
+				},
+				body: JSON.stringify({
+					username: username.val().trim(),
+					api_key: apiKey.val().trim()
+				}),
+				});
+	
+				if (!response.ok) {
+				throw new Error('Network response was not ok');
+				}
+	
+				const data = await response.json();
+				return data;
+			} catch (error) {
+				Swal.showValidationMessage(`Request failed: ${error}`);
+			}
 			},
-			body: JSON.stringify({'username': username, 'api_key': api_key}),
-		  },
-		).then(function (response) {
-		  return response.json();
-		})
-		.then(function(data) {
-		  if (data.status == 200) {
-			$("#username").addClass("is-valid");
-			$("#api_key").addClass("is-valid");
-			$("#username").removeClass("is-invalid");
-			$("#api_key").removeClass("is-invalid");
-			return swal.insertQueueStep("Your hackerone Credentials are working.")
-		  }
-		  else{
-			$("#username").addClass("is-invalid");
-			$("#api_key").addClass("is-invalid");
-			$("#username").removeClass("is-valid");
-			$("#api_key").removeClass("is-valid");
-			return swal.insertQueueStep("Oops! Your hackerone Credentials are not working, check your username and/or api_key.")
-		  }
-		})
-		.catch(function() {
-		  swal.insertQueueStep({
-			type: 'error',
-			title: 'Test Hackerone API Key',
-		  })
-		})
-	  }
-	}]);
-  }
+			allowOutsideClick: () => !Swal.isLoading()
+		});
+
+		if (result.isConfirmed) {
+			const data = result.value;
+			const isWorking = data.status === 200;
+	
+			fields.forEach(field => {
+			field.toggleClass("is-valid", isWorking);
+			field.toggleClass("is-invalid", !isWorking);
+			});
+	
+			await Swal.fire({
+			title: isWorking ? 'Success' : 'Error',
+			text: isWorking
+				? 'Your HackerOne Credentials are working.'
+				: 'Your HackerOne Credentials are not working. Please check your username and/or API key.',
+			icon: isWorking ? 'success' : 'error'
+			});
+		}
+	} catch (error) {
+		console.error('Error:', error);
+		await Swal.fire({
+			title: 'Error',
+			text: 'An unexpected error occurred while testing the HackerOne API Key.',
+			icon: 'error'
+		});
+	}
 }
\ No newline at end of file

From f9ecd61fe2563ce26b314f2b40ad6fb1db1916d8 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 2 Sep 2024 20:21:33 +0530
Subject: [PATCH 153/211] create serializers for hackerone program attributes

---
 web/api/serializers.py | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/web/api/serializers.py b/web/api/serializers.py
index 1acbfacf6..a01c9b909 100644
--- a/web/api/serializers.py
+++ b/web/api/serializers.py
@@ -10,6 +10,37 @@
 from dashboard.models import InAppNotification
 
 
+class HackerOneProgramAttributesSerializer(serializers.Serializer):
+	"""
+		Serializer for HackerOne Program
+		IMP: THIS is not a model serializer, programs will not be stored in db
+		due to ever changing nature of programs, rather cache will be used on these serializers
+	"""
+	handle = serializers.CharField(required=False)
+	name = serializers.CharField(required=False)
+	currency = serializers.CharField(required=False)
+	submission_state = serializers.CharField(required=False)
+	triage_active = serializers.BooleanField(allow_null=True, required=False)
+	state = serializers.CharField(required=False)
+	started_accepting_at = serializers.DateTimeField(required=False)
+	bookmarked = serializers.BooleanField(required=False)
+	allows_bounty_splitting = serializers.BooleanField(required=False)
+	offers_bounties = serializers.BooleanField(required=False)
+	open_scope = serializers.BooleanField(allow_null=True, required=False)
+	fast_payments = serializers.BooleanField(allow_null=True, required=False)
+	gold_standard_safe_harbor = serializers.BooleanField(allow_null=True, required=False)
+
+	def to_representation(self, instance):
+		return {key: value for key, value in instance.items()}
+
+
+class HackerOneProgramSerializer(serializers.Serializer):
+	id = serializers.CharField()
+	type = serializers.CharField()
+	attributes = HackerOneProgramAttributesSerializer()
+
+
+
 class InAppNotificationSerializer(serializers.ModelSerializer):
 	class Meta:
 		model = InAppNotification

From 789efb53558e5492247b3b02009bc00096c9a238 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 2 Sep 2024 20:21:44 +0530
Subject: [PATCH 154/211] enable caching for 30 mins

---
 web/reNgine/settings.py | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/web/reNgine/settings.py b/web/reNgine/settings.py
index 841c1172c..90a5d8172 100644
--- a/web/reNgine/settings.py
+++ b/web/reNgine/settings.py
@@ -330,4 +330,14 @@
 '''
 File upload settings
 '''
-DATA_UPLOAD_MAX_NUMBER_FIELDS = None
\ No newline at end of file
+DATA_UPLOAD_MAX_NUMBER_FIELDS = None
+
+'''
+    Caching Settings
+'''
+CACHES = {
+    'default': {
+        'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
+        'TIMEOUT': 60 * 30,  # 30 minutes caching will be used
+    }
+}
\ No newline at end of file

From 2ea5b7e44a5213d48b2a6b2d15c3e487c36693ac Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 2 Sep 2024 20:22:33 +0530
Subject: [PATCH 155/211] add api endpoints to fetch hackerone programs, this
 include mainly 3 endpoints for getting bookmarked programs, programs with
 bounty, and all programs

---
 web/api/urls.py  |  1 +
 web/api/views.py | 86 +++++++++++++++++++++++++++++++++++++++++++++---
 2 files changed, 82 insertions(+), 5 deletions(-)

diff --git a/web/api/urls.py b/web/api/urls.py
index 39ceb84a7..7a353275a 100644
--- a/web/api/urls.py
+++ b/web/api/urls.py
@@ -20,6 +20,7 @@
 router.register(r'listActivityLogs', ListActivityLogsViewSet)
 router.register(r'listScanLogs', ListScanLogsViewSet)
 router.register(r'notifications', InAppNotificationManagerViewSet, basename='notification')
+router.register(r'hackerone-programs', HackerOneProgramViewSet, basename='hackerone_program')
 
 urlpatterns = [
     url('^', include(router.urls)),
diff --git a/web/api/views.py b/web/api/views.py
index 1bcd909d2..b2fdcc4a8 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -1,13 +1,11 @@
-import logging
 import re
 import socket
-from ipaddress import IPv4Network
-
+import logging
 import requests
 import validators
-from dashboard.models import *
+
+from ipaddress import IPv4Network
 from django.db.models import CharField, Count, F, Q, Value
-from django.shortcuts import get_object_or_404
 from django.utils import timezone
 from packaging import version
 from django.template.defaultfilters import slugify
@@ -16,7 +14,9 @@
 from rest_framework.views import APIView
 from rest_framework.status import HTTP_400_BAD_REQUEST, HTTP_204_NO_CONTENT
 from rest_framework.decorators import action
+from django.core.exceptions import ObjectDoesNotExist
 
+from dashboard.models import *
 from recon_note.models import *
 from reNgine.celery import app
 from reNgine.common_func import *
@@ -28,12 +28,88 @@
 from startScan.models import *
 from startScan.models import EndPoint
 from targetApp.models import *
+from django.core.cache import cache
 
 from .serializers import *
 
 logger = logging.getLogger(__name__)
 
 
+class HackerOneProgramViewSet(viewsets.ViewSet):
+	"""
+		This class manages the HackerOne Program model, 
+		provides basic fetching of programs and caching
+	"""
+	CACHE_KEY = 'hackerone_programs'
+	CACHE_TIMEOUT = 60 * 30 # 30 minutes
+
+
+	def list(self, request):
+		programs = self.get_cached_programs()
+		serializer = HackerOneProgramSerializer(programs, many=True)
+		return Response(serializer.data)
+	
+	def get_api_credentials(self):
+		try:
+			api_key = HackerOneAPIKey.objects.first()
+			if not api_key:
+				raise ObjectDoesNotExist("HackerOne API credentials not found")
+			return api_key.username, api_key.key
+		except ObjectDoesNotExist:
+			raise Exception("HackerOne API credentials not configured")
+
+	@action(detail=False, methods=['get'])
+	def bookmarked_programs(self, request):
+		# do not cache bookmarked programs due to the user specific nature
+		programs = self.fetch_programs_from_hackerone()
+		bookmarked = [p for p in programs if p['attributes']['bookmarked']]
+		serializer = HackerOneProgramSerializer(bookmarked, many=True)
+		return Response(serializer.data)
+	
+	@action(detail=False, methods=['get'])
+	def bounty_programs(self, request):
+		programs = self.get_cached_programs()
+		bounty_programs = [p for p in programs if p['attributes']['offers_bounties']]
+		serializer = HackerOneProgramSerializer(bounty_programs, many=True)
+		return Response(serializer.data)
+
+	def get_cached_programs(self):
+		programs = cache.get(self.CACHE_KEY)
+		if programs is None:
+			programs = self.fetch_programs_from_hackerone()
+			cache.set(self.CACHE_KEY, programs, self.CACHE_TIMEOUT)
+		return programs
+
+	def fetch_programs_from_hackerone(self):
+		url = 'https://api.hackerone.com/v1/hackers/programs'
+		headers = {'Accept': 'application/json'}
+		all_programs = []
+		username, api_key = self.get_api_credentials()
+
+		while url:
+			response = requests.get(
+				url,
+				headers=headers,
+				auth=(username, api_key)
+			)
+
+			if response.status_code != 200:
+				raise Exception(f"HackerOne API request failed with status code {response.status_code}")
+
+			data = response.json()
+			all_programs.extend(data['data'])
+			
+			url = data['links'].get('next')
+
+		return all_programs
+
+	@action(detail=False, methods=['post'])
+	def refresh_cache(self, request):
+		programs = self.fetch_programs_from_hackerone()
+		cache.set(self.CACHE_KEY, programs, self.CACHE_TIMEOUT)
+		return Response({"status": "Cache refreshed successfully"})
+
+
 class InAppNotificationManagerViewSet(viewsets.ModelViewSet):
 	"""
 		This class manages the notification model, provided CRUD operation on notif model

From 51e307a805869688073196a4adc042e33fca7bdc Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 2 Sep 2024 20:24:39 +0530
Subject: [PATCH 156/211] remove debug code

---
 web/targetApp/templates/target/add.html | 45 -------------------------
 1 file changed, 45 deletions(-)

diff --git a/web/targetApp/templates/target/add.html b/web/targetApp/templates/target/add.html
index cca6d6a50..a37c05905 100644
--- a/web/targetApp/templates/target/add.html
+++ b/web/targetApp/templates/target/add.html
@@ -52,51 +52,6 @@
         </li>
       </ul>
       <div class="tab-content" id="pills-tabContent">
-        <!-- <div class="tab-pane fade show active" id="pills-add" role="tabpanel" aria-labelledby="pills-add-tab">
-          <div class="mb-4">
-            <div class="row">
-              <form class="simple-example" method="POST">
-                {% csrf_token %}
-                <div class="row mb-3">
-                  <div class="col-6">
-                    <div>
-                      <label for="simpleinput" class="form-label">Domain name</label>
-                      {{ form.name }}
-                      <span class="float-end"><a href="#" onclick="show_whois()" class="btn disabled" id="btn_view_whois">(View WHOIS)</a></span>
-                      {% if form.errors %}
-                      <div class="invalid-feedback" style="display: block;">
-                        {{ form.errors.name|striptags }}
-                      </div>
-                      {% endif %}
-                    </div>
-                  </div>
-                  <div class="col-6">
-                    <label for="domainDescription" class="form-label">Description (Optional)</label>
-                    {{ form.description }}
-                  </div>
-                </div>
-                <div class="col-12">
-                  <label for="domainDescription" class="form-label">Hackerone Target Team Handle (Optional)
-                    <br>
-                    This is used for sending vulnerability reports to Hackerone Program automatically. Team handle can be found from program url, hackerone.com/team_handle
-                  </label>
-                  {{ form.h1_team_handle }}
-                </div>
-                <div class="col-6">
-                  <div class="mt-3">
-                    <div class="form-check">
-                      <input type="checkbox" class="form-check-input" id="fetch_whois_checkbox" name="fetch_whois_checkbox" checked>
-                      <label class="form-check-label" for="fetch_whois_checkbox">Fetch WHOIS and domain related information</label>
-                      <br>
-                      <span class="text-muted">(reNgine will automatically fetch whois and domain related information if selected.)</span>
-                    </div>
-                  </div>
-                </div>
-                <button class="btn btn-primary submit-fn mt-2 float-end" disabled type="submit" name="add-single-target" id="add-single-target" value="submit"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-plus"><line x1="12" y1="5" x2="12" y2="19"></line><line x1="5" y1="12" x2="19" y2="12"></line></svg> Add Target</button>
-              </form>
-            </div>
-          </div>
-        </div> -->
         <div class="tab-pane fade" id="ip-address-tab" role="tabpanel" aria-labelledby="ip-address-tab">
           <form method="post">
             {% csrf_token %}

From 7dbcf19864a56cf0d0638f839a2c44e05dfcda05 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 2 Sep 2024 21:09:12 +0530
Subject: [PATCH 157/211] add bountyhub

---
 web/templates/base/_items/top_nav.html | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/web/templates/base/_items/top_nav.html b/web/templates/base/_items/top_nav.html
index 9f9c92751..bfea74d38 100644
--- a/web/templates/base/_items/top_nav.html
+++ b/web/templates/base/_items/top_nav.html
@@ -68,6 +68,30 @@
               {% endif %}
             </div>
           </li>
+          <li class="nav-item dropdown {{bountyhub_active}}">
+            <a class="nav-link dropdown-toggle arrow-none" href="#" id="topnav-bountyhub" role="button" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+              <i class="fe-command me-1"></i> Bounty Hub
+              <div class="arrow-down"></div>
+            </a>
+            <ul class="dropdown-menu" aria-labelledby="bountyHubDropdown">
+              <li class="dropdown-item dropdown">
+                <a class="dropdown-toggle" href="#" id="hackerOneDropdown" data-bs-toggle="dropdown" aria-expanded="false">
+                  HackerOne
+                </a>
+                <ul class="dropdown-menu" aria-labelledby="hackerOneDropdown">
+                  <li><a class="dropdown-item" href="#">
+                    <i class="fe-download me-1"></i> Import Programs
+                  </a></li>
+                  <li><a class="dropdown-item" href="#">
+                    <i class="fe-bookmark me-1"></i> Bookmarked Programs
+                  </a></li>
+                  <li><a class="dropdown-item" href="#">
+                    <i class="fe-refresh-cw me-1"></i> Sync Programs
+                  </a></li>
+                </ul>
+              </li>
+            </ul>
+          </li>
           <li class="nav-item dropdown {{settings_nav_active}}">
             <a class="nav-link dropdown-toggle arrow-none" href="#" id="topnav-settings" role="button"
               data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">

From 095fed5efc7389513ad9c383b31dca2e0d2b626f Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Mon, 2 Sep 2024 22:02:44 +0530
Subject: [PATCH 158/211] Add dummy program and list program url

---
 .../dashboard/bountyhub_programs.html         | 119 ++++++++++++++++++
 web/dashboard/urls.py                         |   4 +
 web/dashboard/views.py                        |  10 ++
 web/static/custom/custom.css                  |  23 ++++
 4 files changed, 156 insertions(+)
 create mode 100644 web/dashboard/templates/dashboard/bountyhub_programs.html

diff --git a/web/dashboard/templates/dashboard/bountyhub_programs.html b/web/dashboard/templates/dashboard/bountyhub_programs.html
new file mode 100644
index 000000000..42fc451a4
--- /dev/null
+++ b/web/dashboard/templates/dashboard/bountyhub_programs.html
@@ -0,0 +1,119 @@
+{% extends 'base/base.html' %}
+{% load humanize %}
+{% load static %}
+
+{% block title %}
+{{platform}} Programs
+{% endblock title %}
+
+{% block custom_js_css_link %}
+{% endblock custom_js_css_link %}
+
+{% block page_title %}
+{{platform}} Programs
+{% endblock page_title %}
+
+{% block breadcrumb_title %}
+<li class="breadcrumb-item"><a href="/{{current_project.slug}}/">Dashboard</a></li>
+<li class="breadcrumb-item"><a href="#">Bounty Hub</a></li>
+<li class="breadcrumb-item active">{{platform}} Programs</li>
+{% endblock breadcrumb_title %}
+
+{% block main_content %}
+<div class="row justify-content-center">
+    <div class="col-12 col-xl-12">
+        <div class="card">
+            <div class="card-body">
+                <form>
+                    <div class="row g-3 align-items-center">
+                        <div class="col-md-4 col-lg-3">
+                            <div class="input-group">
+                                <span class="input-group-text"><i class="fe-search"></i></span>
+                                <input type="search" class="form-control" placeholder="Search programs" aria-label="Search programs">
+                            </div>
+                        </div>
+                        <div class="col-md-3 col-lg-2">
+                            <select class="form-select" aria-label="Program type">
+                                <option selected>All programs</option>
+                                <option>Bounty Eligible</option>
+                                <option>VDP</option>
+                                <option>Private Programs</option>
+                            </select>
+                        </div>
+                        <div class="col-md-3 col-lg-2">
+                            <select class="form-select" id="sort-select" aria-label="Sort programs">
+                                <option selected disabled>Sort by</option>
+                                <option>Name (A to Z)</option>
+                                <option>Name (Z to A)</option>
+                                <option>Most reports</option>
+                                <option>Least reports</option>
+                            </select>
+                        </div>
+                        <div class="col-md-2 col-lg-2 ms-md-auto">
+                            <button type="submit" class="btn btn-primary w-100">Search</button>
+                        </div>
+                    </div>
+                </form>
+            </div>
+        </div>
+    </div>
+</div>
+
+<div class="row" id="program_cards">
+    <div class="col-md-6 col-lg-4 col-xl-3 mb-4">
+        <div class="card h-100 shadow-sm position-relative overflow-hidden bbp-card">
+            <div class="position-absolute top-0 end-0 p-2 bbp-bookmark-container">
+            <input type="checkbox" id="bookmark-22746" class="bbp-bookmark-checkbox d-none" checked>
+            <label for="bookmark-22746" class="bbp-bookmark-label" data-bs-toggle="tooltip" data-bs-placement="left"
+                title="Bookmarked Program">
+                <i class="fe-star fs-4"></i>
+            </label>
+            </div>
+
+            <div class="card-body">
+            <div class="d-flex align-items-center mb-3">
+                <img
+                src="https://profile-photos.hackerone-user-content.com/variants/gx1qb7440tyefirbxv1tkl1ty186/a11a5f547ea25bb14fce3951b07a50f6288859555c2028feb0c3aad3e1aea36d"
+                alt="Grammarly" class="rounded-circle me-3" width="48" height="48">
+                <div>
+                <h5 class="card-title mb-0">Grammarly</h5>
+                <small class="text-muted">@grammarly</small>
+                </div>
+            </div>
+
+            <div class="mb-3">
+                <span class="badge border border-success text-success me-1 mt-1 bbp-badge">Open for Submission</span>
+                <span class="badge border border-primary text-primary me-1 mt-1 bbp-badge">Public Program</span>
+                <span class="badge border border-info text-info me-1 mt-1 bbp-badge">Bounty $$$</span>
+                <span class="badge border border-warning text-warning mt-1 bbp-badge">Open Scope</span>
+            </div>
+
+            <div class="d-flex justify-content-between mb-3 small">
+                <div><i class="fe-file-text me-1"></i> My Reports: 0</div>
+                <div><i class="fe-dollar-sign me-1"></i> My Earnings: $0.00</div>
+            </div>
+
+            <hr>
+
+            <div class="d-flex justify-content-between text-muted small mb-3">
+                <div><i class="fe-calendar me-1"></i> Since Sep 2017</div>
+                <div><i class="fe-globe me-1"></i> USD</div>
+            </div>
+            </div>
+
+            <div class="card-footer bg-transparent border-0 pt-0">
+            <a href="#" class="btn btn-outline-primary w-100">See details</a>
+            </div>
+        </div>
+    </div>
+</div>
+
+
+{% endblock main_content %}
+
+
+{% block page_level_script %}
+<script type="text/javascript">
+
+</script>
+{% endblock page_level_script %}
diff --git a/web/dashboard/urls.py b/web/dashboard/urls.py
index cec484a42..0830493f5 100644
--- a/web/dashboard/urls.py
+++ b/web/dashboard/urls.py
@@ -40,4 +40,8 @@
         'delete/project/<int:id>',
         views.delete_project,
         name='delete_project'),
+    path(
+        '<slug:slug>/bountyhub/list/programs',
+        views.list_bountyhub_programs,
+        name='list_bountyhub_programs'),
 ]
diff --git a/web/dashboard/views.py b/web/dashboard/views.py
index d88e16662..723f3e197 100644
--- a/web/dashboard/views.py
+++ b/web/dashboard/views.py
@@ -409,3 +409,13 @@ def onboarding(request):
     context['hackerone_username'] = HackerOneAPIKey.objects.first().username
 
     return render(request, 'dashboard/onboarding.html', context)
+
+
+
+def list_bountyhub_programs(request, slug):
+    context = {}
+    # get parameter to device which platform is being requested
+    platform = request.GET.get('platform') or 'hackerone'
+    context['platform'] = platform.capitalize()
+    
+    return render(request, 'dashboard/bountyhub_programs.html', context)
\ No newline at end of file
diff --git a/web/static/custom/custom.css b/web/static/custom/custom.css
index 0f28c7916..485ecec08 100644
--- a/web/static/custom/custom.css
+++ b/web/static/custom/custom.css
@@ -586,4 +586,27 @@ mark{
 
 .optional-text {
   margin-top: 4px;
+}
+
+.bbp-bookmark-container {
+  transition: transform 0.3s ease;
+  z-index: 1;
+}
+.bbp-bookmark-checkbox:checked + .bbp-bookmark-label i {
+  color: #ffc107;
+  transform: scale(1.2);
+}
+.bbp-bookmark-label i {
+  transition: all 0.3s ease;
+  color: #6c757d;
+}
+.bbp-card:hover .bbp-bookmark-container {
+  transform: translateY(5px);
+}
+.bbp-badge {
+  transition: transform 0.3s ease;
+  background-color: transparent !important;
+}
+.bbp-badge:hover {
+  transform: translateY(-2px);
 }
\ No newline at end of file

From 363043fa582a841cdf1b5181f400a08d024f731e Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 3 Sep 2024 06:22:56 +0530
Subject: [PATCH 159/211] Added clickable cards, added import button on any
 card selection, fix card designs

---
 .../dashboard/bountyhub_programs.html         |  55 +-------
 web/static/custom/bountyhub.js                | 131 ++++++++++++++++++
 web/static/custom/custom.css                  |  93 +++++++++++++
 3 files changed, 228 insertions(+), 51 deletions(-)
 create mode 100644 web/static/custom/bountyhub.js

diff --git a/web/dashboard/templates/dashboard/bountyhub_programs.html b/web/dashboard/templates/dashboard/bountyhub_programs.html
index 42fc451a4..97d42dcfb 100644
--- a/web/dashboard/templates/dashboard/bountyhub_programs.html
+++ b/web/dashboard/templates/dashboard/bountyhub_programs.html
@@ -60,60 +60,13 @@
 </div>
 
 <div class="row" id="program_cards">
-    <div class="col-md-6 col-lg-4 col-xl-3 mb-4">
-        <div class="card h-100 shadow-sm position-relative overflow-hidden bbp-card">
-            <div class="position-absolute top-0 end-0 p-2 bbp-bookmark-container">
-            <input type="checkbox" id="bookmark-22746" class="bbp-bookmark-checkbox d-none" checked>
-            <label for="bookmark-22746" class="bbp-bookmark-label" data-bs-toggle="tooltip" data-bs-placement="left"
-                title="Bookmarked Program">
-                <i class="fe-star fs-4"></i>
-            </label>
-            </div>
-
-            <div class="card-body">
-            <div class="d-flex align-items-center mb-3">
-                <img
-                src="https://profile-photos.hackerone-user-content.com/variants/gx1qb7440tyefirbxv1tkl1ty186/a11a5f547ea25bb14fce3951b07a50f6288859555c2028feb0c3aad3e1aea36d"
-                alt="Grammarly" class="rounded-circle me-3" width="48" height="48">
-                <div>
-                <h5 class="card-title mb-0">Grammarly</h5>
-                <small class="text-muted">@grammarly</small>
-                </div>
-            </div>
-
-            <div class="mb-3">
-                <span class="badge border border-success text-success me-1 mt-1 bbp-badge">Open for Submission</span>
-                <span class="badge border border-primary text-primary me-1 mt-1 bbp-badge">Public Program</span>
-                <span class="badge border border-info text-info me-1 mt-1 bbp-badge">Bounty $$$</span>
-                <span class="badge border border-warning text-warning mt-1 bbp-badge">Open Scope</span>
-            </div>
-
-            <div class="d-flex justify-content-between mb-3 small">
-                <div><i class="fe-file-text me-1"></i> My Reports: 0</div>
-                <div><i class="fe-dollar-sign me-1"></i> My Earnings: $0.00</div>
-            </div>
-
-            <hr>
-
-            <div class="d-flex justify-content-between text-muted small mb-3">
-                <div><i class="fe-calendar me-1"></i> Since Sep 2017</div>
-                <div><i class="fe-globe me-1"></i> USD</div>
-            </div>
-            </div>
-
-            <div class="card-footer bg-transparent border-0 pt-0">
-            <a href="#" class="btn btn-outline-primary w-100">See details</a>
-            </div>
-        </div>
-    </div>
 </div>
-
-
+<button id="importProgramsBtn" class="import-programs-btn" disabled>
+    <i class="fe-download-cloud"></i> Import Programs
+</button>
 {% endblock main_content %}
 
 
 {% block page_level_script %}
-<script type="text/javascript">
-
-</script>
+<script src="{% static 'custom/bountyhub.js' %}"></script>
 {% endblock page_level_script %}
diff --git a/web/static/custom/bountyhub.js b/web/static/custom/bountyhub.js
new file mode 100644
index 000000000..eee34109f
--- /dev/null
+++ b/web/static/custom/bountyhub.js
@@ -0,0 +1,131 @@
+// this js file will be used to do everything js related to the bountyhub page
+
+document.addEventListener('DOMContentLoaded', function() {
+    const api_url = '/api/hackerone-programs/';
+
+    Swal.fire({
+        title: "Loading HackerOne Programs",
+        text: "Fetching the latest data...",
+        icon: "info",
+        allowOutsideClick: false,
+        allowEscapeKey: false,
+        showConfirmButton: false,
+        didOpen: () => {
+            Swal.showLoading();
+        }
+    });
+
+    fetch(api_url, {
+        method: "GET",
+        credentials: "same-origin",
+        headers: {
+            "X-CSRFToken": getCookie("csrftoken"),
+        },
+    })
+    .then(response => {
+        if (!response.ok) {
+            throw new Error('Network response was not ok');
+        }
+        return response.json();
+    })
+    .then(data => {
+        Swal.close();
+
+        displayPrograms(data);
+    })
+    .catch(error => {
+        Swal.close();
+        displayErrorMessage("An error occurred while fetching the data. Please try again later. Make sure you have hackerone api key set in your API Vault.");
+        console.error('Error:', error);
+    });
+
+    function displayPrograms(programs) {
+        const container = document.getElementById('program_cards');
+        container.innerHTML = '';
+    
+        if (!programs || programs.length === 0) {
+            displayErrorMessage("No programs available at the moment.");
+            return;
+        }
+    
+        programs.forEach(program => {
+            const { id, attributes } = program;
+            const card = document.createElement('div');
+            card.className = 'col-md-6 col-lg-4 col-xl-3 mb-3';
+            card.innerHTML = `
+                <div class="card h-100 shadow-sm position-relative overflow-hidden bbp-card card-selectable" onclick="toggleCardSelection(this)">
+
+                    <div class="card-body py-2 px-3">
+                        <div class="d-flex align-items-center mb-2">
+                            <img src="${attributes.profile_picture}" alt="${attributes.name}" class="rounded-circle me-3" width="40" height="40">
+                            <div>
+                                <h5 class="card-title mb-0">${attributes.name}&nbsp;
+                                    ${attributes.bookmarked ? '<i class="text-warning mdi mdi-bookmark-check" data-bs-toggle="tooltip" data-bs-placement="top" title="Bookmarked Program"></i>' : ''}
+                                </h5>
+                                <small class="text-muted">@${attributes.handle}</small>
+                            </div>
+                        </div>
+
+                        <div class="mb-2">
+                            <span class="badge bg-success bg-opacity-10 text-success me-1 mb-1">${attributes.submission_state === 'open' ? 'Open for Submission' : 'Closed'}</span>
+                            <span class="badge bg-primary bg-opacity-10 text-primary me-1 mb-1">${attributes.state === 'public_mode' ? 'Public Program' : 'Private Program'}</span>
+                            ${attributes.offers_bounties ? '<span class="badge bg-info bg-opacity-10 text-info me-1 mb-1">Bounty $$$</span>' : ''}
+                            ${attributes.open_scope ? '<span class="badge bg-warning bg-opacity-10 text-warning mb-1">Open Scope</span>' : ''}
+                        </div>
+
+                        <div class="d-flex justify-content-between mb-2 small">
+                            <div><i class="bi bi-flag me-1"></i> My Reports: ${attributes.number_of_reports_for_user}</div>
+                            <div><i class="bi bi-currency-dollar me-1"></i> My Earnings: $${attributes.bounty_earned_for_user.toFixed(2)}</div>
+                        </div>
+
+                        <hr class="my-2">
+
+                        <div class="d-flex justify-content-between text-muted small mb-2">
+                            <div><i class="bi bi-calendar me-1"></i> Since ${new Date(attributes.started_accepting_at).toLocaleDateString('en-US', { month: 'short', year: 'numeric' })}</div>
+                            <div><i class="bi bi-globe me-1"></i> ${attributes.currency.toUpperCase()}</div>
+                        </div>
+                        <a href="#" class="btn btn-outline-primary btn-sm w-100 mt-2">See details</a>
+                    </div>
+                </div>
+            `;
+
+            // Initialize tooltips esp for bookmarked programs
+            const tooltips = document.querySelectorAll('[data-bs-toggle="tooltip"]');
+            tooltips.forEach((tooltip) => {
+                new bootstrap.Tooltip(tooltip);
+            });
+            container.appendChild(card);
+        });
+    }
+
+    function displayErrorMessage(message) {
+        const container = document.getElementById('program_cards');
+        container.innerHTML = `
+            <div class="col-12">
+                <div class="alert alert-danger" role="alert">
+                    <i class="fe-alert-triangle me-2"></i>
+                    ${message}
+                </div>
+            </div>
+        `;
+    }
+
+    // below has everything to do with card selection and import button
+
+    function toggleCardSelection(card) {
+        card.classList.toggle('card-selected');
+        updateImportButton();
+    }
+
+    // lets create func and listeners if cards are selected
+    const importBtn = document.getElementById('importProgramsBtn');
+    const container = document.getElementById('program_cards');
+
+    function updateImportButton() {
+        const selectedCards = container.querySelectorAll('.card-selected');
+        importBtn.disabled = selectedCards.length === 0;
+    }
+
+    window.toggleCardSelection = toggleCardSelection;
+
+});
\ No newline at end of file
diff --git a/web/static/custom/custom.css b/web/static/custom/custom.css
index 485ecec08..796329927 100644
--- a/web/static/custom/custom.css
+++ b/web/static/custom/custom.css
@@ -609,4 +609,97 @@ mark{
 }
 .bbp-badge:hover {
   transform: translateY(-2px);
+}
+
+.card-selectable {
+  transition: all 0.3s ease;
+  cursor: pointer;
+}
+.card-selectable:hover {
+  transform: translateY(-5px);
+  box-shadow: 0 10px 20px rgba(0,0,0,0.1);
+}
+.card-selected {
+  border: 2px solid #007bff;
+  background-color: rgba(0,123,255,0.05);
+}
+
+.bbp-bookmark-label {
+  cursor: pointer;
+  transition: color 0.3s ease;
+}
+.bbp-bookmark-label:hover {
+  color: #ffc107;
+}
+.bbp-bookmark-checkbox:checked + .bbp-bookmark-label {
+  color: #ffc107;
+}
+
+
+.import-programs-btn {
+  position: fixed;
+  bottom: 30px;
+  left: 50%;
+  transform: translateX(-50%);
+  padding: 12px 24px;
+  font-size: 16px;
+  font-weight: bold;
+  color: #fff;
+  background-color: #007bff;
+  border: none;
+  border-radius: 50px;
+  cursor: pointer;
+  transition: all 0.3s ease;
+  box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);
+  opacity: 0.7;
+  pointer-events: none;
+}
+
+.import-programs-btn:not(:disabled) {
+  opacity: 1;
+  pointer-events: auto;
+  animation: enableButton 0.5s ease;
+}
+
+.import-programs-btn:hover {
+  transform: translateX(-50%) translateY(-5px);
+  box-shadow: 0 6px 8px rgba(0, 0, 0, 0.15);
+}
+
+.import-programs-btn:active {
+  transform: translateX(-50%) translateY(-2px);
+  box-shadow: 0 5px 7px rgba(0, 0, 0, 0.1);
+}
+
+.import-programs-btn i {
+  margin-right: 8px;
+}
+
+@keyframes enableButton {
+  0% {
+      transform: translateX(-50%) scale(0.9);
+      opacity: 0.7;
+  }
+  50% {
+      transform: translateX(-50%) scale(1.05);
+  }
+  100% {
+      transform: translateX(-50%) scale(1);
+      opacity: 1;
+  }
+}
+
+@keyframes disableButton {
+  0% {
+      transform: translateX(-50%) scale(1);
+      opacity: 1;
+  }
+  100% {
+      transform: translateX(-50%) scale(0.9);
+      opacity: 0.7;
+  }
+}
+
+.import-programs-btn:disabled {
+  animation: disableButton 0.3s ease forwards;
 }
\ No newline at end of file

From dbcb5ee5cff11b4dc5c2d1d65703753362d5c8a3 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 3 Sep 2024 06:33:32 +0530
Subject: [PATCH 160/211] fix card selection when clicked on button for see
 details, add ripple effect when cards are selected

---
 web/static/custom/bountyhub.js | 43 ++++++++++++++++++++++++++--------
 web/static/custom/custom.css   | 34 +++++++++++++++++++++++++++
 2 files changed, 67 insertions(+), 10 deletions(-)

diff --git a/web/static/custom/bountyhub.js b/web/static/custom/bountyhub.js
index eee34109f..5372a5503 100644
--- a/web/static/custom/bountyhub.js
+++ b/web/static/custom/bountyhub.js
@@ -53,7 +53,7 @@ document.addEventListener('DOMContentLoaded', function() {
             const card = document.createElement('div');
             card.className = 'col-md-6 col-lg-4 col-xl-3 mb-3';
             card.innerHTML = `
-                <div class="card h-100 shadow-sm position-relative overflow-hidden bbp-card card-selectable" onclick="toggleCardSelection(this)">
+                <div class="card h-100 shadow-sm position-relative overflow-hidden bbp-card card-selectable">
 
                     <div class="card-body py-2 px-3">
                         <div class="d-flex align-items-center mb-2">
@@ -84,7 +84,7 @@ document.addEventListener('DOMContentLoaded', function() {
                             <div><i class="bi bi-calendar me-1"></i> Since ${new Date(attributes.started_accepting_at).toLocaleDateString('en-US', { month: 'short', year: 'numeric' })}</div>
                             <div><i class="bi bi-globe me-1"></i> ${attributes.currency.toUpperCase()}</div>
                         </div>
-                        <a href="#" class="btn btn-outline-primary btn-sm w-100 mt-2">See details</a>
+                        <a href="#" class="btn btn-outline-primary btn-sm w-100 mt-2" id="btn-see-details">See details</a>
                     </div>
                 </div>
             `;
@@ -111,21 +111,44 @@ document.addEventListener('DOMContentLoaded', function() {
     }
 
     // below has everything to do with card selection and import button
+    const container = document.getElementById('program_cards');
+    const importBtn = document.getElementById('importProgramsBtn');
+
+
+    container.addEventListener('click', function(event) {
+        const card = event.target.closest('.card-selectable');
+        if (card) {
+            toggleCardSelection(event, card);
+        }
+    });
+
+    function toggleCardSelection(event, card) {
+        if (event.target.closest('#btn-see-details')) {
+            // If it's the "See details" button, don't toggle selection, maybe we need other actions in the future here
+            return;
+        }
 
-    function toggleCardSelection(card) {
         card.classList.toggle('card-selected');
         updateImportButton();
     }
 
-    // lets create func and listeners if cards are selected
-    const importBtn = document.getElementById('importProgramsBtn');
-    const container = document.getElementById('program_cards');
-
     function updateImportButton() {
         const selectedCards = container.querySelectorAll('.card-selected');
-        importBtn.disabled = selectedCards.length === 0;
+        const count = selectedCards.length;
+        
+        if (count === 0) {
+            importBtn.disabled = true;
+            importBtn.innerHTML = '<i class="fe-download-cloud"></i> Import Programs';
+            importBtn.classList.remove('button-updated');
+        } else {
+            importBtn.disabled = false;
+            importBtn.innerHTML = `<i class="fe-download-cloud"></i> Import ${count} Program${count !== 1 ? 's' : ''}`;
+            
+            // Trigger the animation
+            importBtn.classList.remove('button-updated');
+            void importBtn.offsetWidth; // Trigger reflow
+            importBtn.classList.add('button-updated');
+        }
     }
 
-    window.toggleCardSelection = toggleCardSelection;
-
 });
\ No newline at end of file
diff --git a/web/static/custom/custom.css b/web/static/custom/custom.css
index 796329927..80e31ed84 100644
--- a/web/static/custom/custom.css
+++ b/web/static/custom/custom.css
@@ -702,4 +702,38 @@ mark{
 
 .import-programs-btn:disabled {
   animation: disableButton 0.3s ease forwards;
+}
+
+/* update on counter increase */
+@keyframes gentlePulse {
+  0% {
+      box-shadow: 0 0 0 0 rgba(0, 123, 255, 0.7);
+  }
+  70% {
+      box-shadow: 0 0 0 10px rgba(0, 123, 255, 0);
+  }
+  100% {
+      box-shadow: 0 0 0 0 rgba(0, 123, 255, 0);
+  }
+}
+
+@keyframes colorTransition {
+  0% {
+      background-color: #007bff;
+  }
+  100% {
+      background-color: #007bff;
+  }
+}
+
+.import-programs-btn {
+  transition: all 0.3s ease;
+}
+
+.import-programs-btn:not(:disabled) {
+  animation: gentlePulse 1.5s infinite;
+}
+
+.import-programs-btn.button-updated {
+  animation: gentlePulse 1.5s infinite, colorTransition 0.5s ease;
 }
\ No newline at end of file

From 3353f7e14adc77a2fdd5206debc4e2364401191b Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 3 Sep 2024 06:56:51 +0530
Subject: [PATCH 161/211] add clear all button

---
 .../dashboard/bountyhub_programs.html         |  9 ++++-
 web/static/custom/bountyhub.js                | 27 +++++++++----
 web/static/custom/custom.css                  | 39 ++++++++++++++++---
 3 files changed, 61 insertions(+), 14 deletions(-)

diff --git a/web/dashboard/templates/dashboard/bountyhub_programs.html b/web/dashboard/templates/dashboard/bountyhub_programs.html
index 97d42dcfb..e11074d13 100644
--- a/web/dashboard/templates/dashboard/bountyhub_programs.html
+++ b/web/dashboard/templates/dashboard/bountyhub_programs.html
@@ -61,9 +61,14 @@
 
 <div class="row" id="program_cards">
 </div>
-<button id="importProgramsBtn" class="import-programs-btn" disabled>
+<div class="floating-action-container">
+  <button id="importProgramsBtn" class="btn btn-primary import-programs-btn" disabled>
     <i class="fe-download-cloud"></i> Import Programs
-</button>
+  </button>
+  <a href="#" id="clearSelectionsLink" class="clear-selections-link" style="display: none;">
+    Clear all <i class="fe-x-circle"></i>
+  </a>
+</div>
 {% endblock main_content %}
 
 
diff --git a/web/static/custom/bountyhub.js b/web/static/custom/bountyhub.js
index 5372a5503..b244f11bc 100644
--- a/web/static/custom/bountyhub.js
+++ b/web/static/custom/bountyhub.js
@@ -113,7 +113,7 @@ document.addEventListener('DOMContentLoaded', function() {
     // below has everything to do with card selection and import button
     const container = document.getElementById('program_cards');
     const importBtn = document.getElementById('importProgramsBtn');
-
+    const clearBtn = document.getElementById('clearSelectionsLink');
 
     container.addEventListener('click', function(event) {
         const card = event.target.closest('.card-selectable');
@@ -139,16 +139,29 @@ document.addEventListener('DOMContentLoaded', function() {
         if (count === 0) {
             importBtn.disabled = true;
             importBtn.innerHTML = '<i class="fe-download-cloud"></i> Import Programs';
-            importBtn.classList.remove('button-updated');
+            clearBtn.style.display = 'none';
         } else {
             importBtn.disabled = false;
             importBtn.innerHTML = `<i class="fe-download-cloud"></i> Import ${count} Program${count !== 1 ? 's' : ''}`;
-            
-            // Trigger the animation
-            importBtn.classList.remove('button-updated');
-            void importBtn.offsetWidth; // Trigger reflow
-            importBtn.classList.add('button-updated');
+            clearBtn.style.display = 'inline';
         }
     }
 
+    function clearAllSelections() {
+        const selectedCards = container.querySelectorAll('.card-selected');
+        selectedCards.forEach(card => card.classList.remove('card-selected'));
+        updateImportButton();
+    }
+
+    // clear btn listener
+    clearBtn.addEventListener('click', function(event) {
+        event.preventDefault();
+        clearAllSelections();
+    });
+
+
+    // init state
+    updateImportButton();
+
+
 });
\ No newline at end of file
diff --git a/web/static/custom/custom.css b/web/static/custom/custom.css
index 80e31ed84..5d0688bbd 100644
--- a/web/static/custom/custom.css
+++ b/web/static/custom/custom.css
@@ -635,12 +635,17 @@ mark{
   color: #ffc107;
 }
 
-
-.import-programs-btn {
+.floating-action-container {
   position: fixed;
   bottom: 30px;
   left: 50%;
   transform: translateX(-50%);
+  display: flex;
+  align-items: center;
+  gap: 15px;
+}
+
+.import-programs-btn {
   padding: 12px 24px;
   font-size: 16px;
   font-weight: bold;
@@ -658,16 +663,15 @@ mark{
 .import-programs-btn:not(:disabled) {
   opacity: 1;
   pointer-events: auto;
-  animation: enableButton 0.5s ease;
 }
 
 .import-programs-btn:hover {
-  transform: translateX(-50%) translateY(-5px);
+  transform: translateY(-3px);
   box-shadow: 0 6px 8px rgba(0, 0, 0, 0.15);
 }
 
 .import-programs-btn:active {
-  transform: translateX(-50%) translateY(-2px);
+  transform: translateY(-1px);
   box-shadow: 0 5px 7px rgba(0, 0, 0, 0.1);
 }
 
@@ -675,6 +679,31 @@ mark{
   margin-right: 8px;
 }
 
+.clear-selections-link {
+  font-size: 14px;
+  color: #6c757d;
+  text-decoration: none;
+  transition: all 0.3s ease;
+  display: flex;
+  align-items: center;
+  gap: 5px;
+  padding: 8px 12px;
+  border-radius: 20px;
+  background-color: rgba(255, 255, 255, 0.9);
+  box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1);
+}
+
+.clear-selections-link:hover {
+  color: #495057;
+  background-color: #fff;
+  transform: translateY(-2px);
+  box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);
+}
+
+.clear-selections-link i {
+  font-size: 16px;
+}
+
 @keyframes enableButton {
   0% {
       transform: translateX(-50%) scale(0.9);

From 6f292cf3d335cf17545a411c2f55494cfd61f005 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 3 Sep 2024 07:06:47 +0530
Subject: [PATCH 162/211] add data attribues for filtering

---
 web/static/custom/bountyhub.js | 65 +++++++++++++++++-----------------
 1 file changed, 33 insertions(+), 32 deletions(-)

diff --git a/web/static/custom/bountyhub.js b/web/static/custom/bountyhub.js
index b244f11bc..bf7e06a8b 100644
--- a/web/static/custom/bountyhub.js
+++ b/web/static/custom/bountyhub.js
@@ -53,42 +53,43 @@ document.addEventListener('DOMContentLoaded', function() {
             const card = document.createElement('div');
             card.className = 'col-md-6 col-lg-4 col-xl-3 mb-3';
             card.innerHTML = `
-                <div class="card h-100 shadow-sm position-relative overflow-hidden bbp-card card-selectable">
-
-                    <div class="card-body py-2 px-3">
-                        <div class="d-flex align-items-center mb-2">
-                            <img src="${attributes.profile_picture}" alt="${attributes.name}" class="rounded-circle me-3" width="40" height="40">
-                            <div>
-                                <h5 class="card-title mb-0">${attributes.name}&nbsp;
-                                    ${attributes.bookmarked ? '<i class="text-warning mdi mdi-bookmark-check" data-bs-toggle="tooltip" data-bs-placement="top" title="Bookmarked Program"></i>' : ''}
-                                </h5>
-                                <small class="text-muted">@${attributes.handle}</small>
-                            </div>
-                        </div>
-
-                        <div class="mb-2">
-                            <span class="badge bg-success bg-opacity-10 text-success me-1 mb-1">${attributes.submission_state === 'open' ? 'Open for Submission' : 'Closed'}</span>
-                            <span class="badge bg-primary bg-opacity-10 text-primary me-1 mb-1">${attributes.state === 'public_mode' ? 'Public Program' : 'Private Program'}</span>
-                            ${attributes.offers_bounties ? '<span class="badge bg-info bg-opacity-10 text-info me-1 mb-1">Bounty $$$</span>' : ''}
-                            ${attributes.open_scope ? '<span class="badge bg-warning bg-opacity-10 text-warning mb-1">Open Scope</span>' : ''}
-                        </div>
-
-                        <div class="d-flex justify-content-between mb-2 small">
-                            <div><i class="bi bi-flag me-1"></i> My Reports: ${attributes.number_of_reports_for_user}</div>
-                            <div><i class="bi bi-currency-dollar me-1"></i> My Earnings: $${attributes.bounty_earned_for_user.toFixed(2)}</div>
-                        </div>
-
-                        <hr class="my-2">
-
-                        <div class="d-flex justify-content-between text-muted small mb-2">
-                            <div><i class="bi bi-calendar me-1"></i> Since ${new Date(attributes.started_accepting_at).toLocaleDateString('en-US', { month: 'short', year: 'numeric' })}</div>
-                            <div><i class="bi bi-globe me-1"></i> ${attributes.currency.toUpperCase()}</div>
-                        </div>
-                        <a href="#" class="btn btn-outline-primary btn-sm w-100 mt-2" id="btn-see-details">See details</a>
+            <div class="card h-100 shadow-sm position-relative overflow-hidden bbp-card card-selectable" data-offers-bounties="${attributes.offers_bounties}" data-program-state="${attributes.state}">
+
+                <div class="card-body py-2 px-3">
+                <div class="d-flex align-items-center mb-2">
+                    <img src="${attributes.profile_picture}" alt="${attributes.name}" class="rounded-circle me-3" width="40" height="40" loading="lazy">
+                    <div>
+                    <h5 class="card-title mb-0">${attributes.name}&nbsp;
+                        ${attributes.bookmarked ? '<i class="text-warning mdi mdi-bookmark-check" data-bs-toggle="tooltip" data-bs-placement="top" title="Bookmarked Program"></i>' : ''}
+                    </h5>
+                    <small class="text-muted">@${attributes.handle}</small>
                     </div>
                 </div>
+
+                <div class="mb-2">
+                    <span class="badge ${attributes.submission_state === 'open' ? 'bg-success' : 'bg-danger'} bg-opacity-10 text-${attributes.submission_state === 'open' ? 'success' : 'danger'} me-1 mb-1">${attributes.submission_state === 'open' ? 'Open for Submission' : 'Closed'}</span>
+                    <span class="badge bg-primary bg-opacity-10 text-primary me-1 mb-1">${attributes.state === 'public_mode' ? 'Public Program' : 'Private Program'}</span>
+                    ${attributes.offers_bounties ? '<span class="badge bg-info bg-opacity-10 text-info me-1 mb-1">Bounty $$$</span>' : ''}
+                    ${attributes.open_scope ? '<span class="badge bg-warning bg-opacity-10 text-warning mb-1">Open Scope</span>' : ''}
+                </div>
+
+                <div class="d-flex justify-content-between mb-2 small">
+                    <div><i class="bi bi-flag me-1"></i> My Reports: ${attributes.number_of_reports_for_user}</div>
+                    <div><i class="bi bi-currency-dollar me-1"></i> My Earnings: $${attributes.bounty_earned_for_user.toFixed(2)}</div>
+                </div>
+
+                <hr class="my-2">
+
+                <div class="d-flex justify-content-between text-muted small mb-2">
+                    <div><i class="bi bi-calendar me-1"></i> Since ${new Date(attributes.started_accepting_at).toLocaleDateString('en-US', { month: 'short', year: 'numeric' })}</div>
+                    <div><i class="bi bi-globe me-1"></i> ${attributes.currency.toUpperCase()}</div>
+                </div>
+                <a href="#" class="btn btn-outline-primary btn-sm w-100 mt-2" id="btn-see-details">See details</a>
+                </div>
+            </div>
             `;
 
+
             // Initialize tooltips esp for bookmarked programs
             const tooltips = document.querySelectorAll('[data-bs-toggle="tooltip"]');
             tooltips.forEach((tooltip) => {

From 48b72205b650dad0a6d68b8ed097c25da1d48585 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 3 Sep 2024 07:45:18 +0530
Subject: [PATCH 163/211] add loading animation and filtering

---
 web/static/custom/bountyhub.js | 50 +++++++++++++++++++++++++++++++++-
 web/static/custom/custom.css   |  9 ++++++
 2 files changed, 58 insertions(+), 1 deletion(-)

diff --git a/web/static/custom/bountyhub.js b/web/static/custom/bountyhub.js
index bf7e06a8b..fc5c91dcb 100644
--- a/web/static/custom/bountyhub.js
+++ b/web/static/custom/bountyhub.js
@@ -51,7 +51,7 @@ document.addEventListener('DOMContentLoaded', function() {
         programs.forEach(program => {
             const { id, attributes } = program;
             const card = document.createElement('div');
-            card.className = 'col-md-6 col-lg-4 col-xl-3 mb-3';
+            card.className = 'col-md-6 col-lg-4 col-xl-3 mb-3 program-card-wrapper';
             card.innerHTML = `
             <div class="card h-100 shadow-sm position-relative overflow-hidden bbp-card card-selectable" data-offers-bounties="${attributes.offers_bounties}" data-program-state="${attributes.state}">
 
@@ -96,6 +96,9 @@ document.addEventListener('DOMContentLoaded', function() {
                 new bootstrap.Tooltip(tooltip);
             });
             container.appendChild(card);
+
+            initializeFilter();
+
         });
     }
 
@@ -165,4 +168,49 @@ document.addEventListener('DOMContentLoaded', function() {
     updateImportButton();
 
 
+    // we begin filtering here
+    function initializeFilter() {
+        const filterSelect = document.querySelector('select[aria-label="Program type"]');
+        const container = document.getElementById('program_cards');
+        const allCards = container.querySelectorAll('.program-card-wrapper');
+    
+        function filterCards() {
+            const selectedFilter = filterSelect.value;
+            
+            allCards.forEach(card => card.classList.add('filtering-hide'));
+            
+            setTimeout(() => {
+                allCards.forEach(cardWrapper => {
+                    const card = cardWrapper.querySelector('.bbp-card');
+                    let shouldShow = false;
+                    
+                    switch(selectedFilter) {
+                        case 'All programs':
+                            shouldShow = true;
+                            break;
+                        case 'Bounty Eligible':
+                            shouldShow = card.dataset.offersBounties === 'true';
+                            break;
+                        case 'VDP':
+                            shouldShow = card.dataset.offersBounties === 'false' || card.dataset.offersBounties === 'null';
+                            break;
+                        case 'Private Programs':
+                            shouldShow = card.dataset.programState === 'private_mode';
+                            break;
+                    }
+                    
+                    if (shouldShow) {
+                        cardWrapper.style.display = '';
+                        setTimeout(() => cardWrapper.classList.remove('filtering-hide'), 10);
+                    } else {
+                        cardWrapper.style.display = 'none';
+                    }
+                });
+            }, 50);
+        }
+    
+        filterSelect.addEventListener('change', filterCards);
+        
+        filterCards(); // init call for filter state
+    }
 });
\ No newline at end of file
diff --git a/web/static/custom/custom.css b/web/static/custom/custom.css
index 5d0688bbd..ecfefffc2 100644
--- a/web/static/custom/custom.css
+++ b/web/static/custom/custom.css
@@ -703,6 +703,15 @@ mark{
 .clear-selections-link i {
   font-size: 16px;
 }
+.program-card-wrapper {
+  transition: opacity 0.3s ease-out, transform 0.3s ease-out;
+}
+
+.filtering-hide {
+  opacity: 0;
+  transform: scale(0.8);
+}
+
 
 @keyframes enableButton {
   0% {

From 2b09e06d5138c6c7c5b6ea3620eed9be58dd7f79 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 3 Sep 2024 07:55:17 +0530
Subject: [PATCH 164/211] add precomputed card data and search feature

---
 .../dashboard/bountyhub_programs.html         |  5 +-
 web/static/custom/bountyhub.js                | 89 ++++++++++++-------
 2 files changed, 56 insertions(+), 38 deletions(-)

diff --git a/web/dashboard/templates/dashboard/bountyhub_programs.html b/web/dashboard/templates/dashboard/bountyhub_programs.html
index e11074d13..198f6de5a 100644
--- a/web/dashboard/templates/dashboard/bountyhub_programs.html
+++ b/web/dashboard/templates/dashboard/bountyhub_programs.html
@@ -29,7 +29,7 @@
                         <div class="col-md-4 col-lg-3">
                             <div class="input-group">
                                 <span class="input-group-text"><i class="fe-search"></i></span>
-                                <input type="search" class="form-control" placeholder="Search programs" aria-label="Search programs">
+                                <input type="search" class="form-control" placeholder="Search programs" aria-label="Search programs" id="search-program-box">
                             </div>
                         </div>
                         <div class="col-md-3 col-lg-2">
@@ -49,9 +49,6 @@
                                 <option>Least reports</option>
                             </select>
                         </div>
-                        <div class="col-md-2 col-lg-2 ms-md-auto">
-                            <button type="submit" class="btn btn-primary w-100">Search</button>
-                        </div>
                     </div>
                 </form>
             </div>
diff --git a/web/static/custom/bountyhub.js b/web/static/custom/bountyhub.js
index fc5c91dcb..a65e9bb82 100644
--- a/web/static/custom/bountyhub.js
+++ b/web/static/custom/bountyhub.js
@@ -172,45 +172,66 @@ document.addEventListener('DOMContentLoaded', function() {
     function initializeFilter() {
         const filterSelect = document.querySelector('select[aria-label="Program type"]');
         const container = document.getElementById('program_cards');
-        const allCards = container.querySelectorAll('.program-card-wrapper');
+        const allCards = Array.from(container.querySelectorAll('.program-card-wrapper'));
+        const searchInput = document.querySelector('#search-program-box');
     
-        function filterCards() {
+        // Pre-compute card data to avoid querying the DOM on each filter/search
+        const cardData = allCards.map(cardWrapper => {
+            const card = cardWrapper.querySelector('.bbp-card');
+            return {
+                wrapper: cardWrapper,
+                name: card.querySelector('h5').textContent.toLowerCase(),
+                offersBounties: card.dataset.offersBounties === 'true',
+                isPrivate: card.dataset.programState === 'private_mode'
+            };
+        });
+    
+        let lastFilter = '';
+        let lastSearch = '';
+    
+        function filterAndSearchCards() {
             const selectedFilter = filterSelect.value;
-            
-            allCards.forEach(card => card.classList.add('filtering-hide'));
-            
-            setTimeout(() => {
-                allCards.forEach(cardWrapper => {
-                    const card = cardWrapper.querySelector('.bbp-card');
-                    let shouldShow = false;
-                    
-                    switch(selectedFilter) {
-                        case 'All programs':
-                            shouldShow = true;
-                            break;
-                        case 'Bounty Eligible':
-                            shouldShow = card.dataset.offersBounties === 'true';
-                            break;
-                        case 'VDP':
-                            shouldShow = card.dataset.offersBounties === 'false' || card.dataset.offersBounties === 'null';
-                            break;
-                        case 'Private Programs':
-                            shouldShow = card.dataset.programState === 'private_mode';
-                            break;
-                    }
-                    
-                    if (shouldShow) {
-                        cardWrapper.style.display = '';
-                        setTimeout(() => cardWrapper.classList.remove('filtering-hide'), 10);
-                    } else {
-                        cardWrapper.style.display = 'none';
-                    }
+            const searchTerm = searchInput.value.toLowerCase().trim();
+    
+            if (selectedFilter === lastFilter && searchTerm === lastSearch) return;
+            lastFilter = selectedFilter;
+            lastSearch = searchTerm;
+    
+            const visibleCards = cardData.filter(({ offersBounties, isPrivate, name }) => {
+                let shouldShow = true;
+    
+                switch(selectedFilter) {
+                    case 'Bounty Eligible':
+                        shouldShow = offersBounties;
+                        break;
+                    case 'VDP':
+                        shouldShow = !offersBounties;
+                        break;
+                    case 'Private Programs':
+                        shouldShow = isPrivate;
+                        break;
+                }
+    
+                return shouldShow && (!searchTerm || name.includes(searchTerm));
+            });
+    
+            // Batch DOM updates to avoid reflows and make the transition smoother
+            requestAnimationFrame(() => {
+                cardData.forEach(({ wrapper }) => {
+                    wrapper.style.display = 'none';
+                    wrapper.classList.add('filtering-hide');
                 });
-            }, 50);
+    
+                visibleCards.forEach(({ wrapper }) => {
+                    wrapper.style.display = '';
+                    wrapper.classList.remove('filtering-hide');
+                });
+            });
         }
     
-        filterSelect.addEventListener('change', filterCards);
+        filterSelect.addEventListener('change', filterAndSearchCards);
+        searchInput.addEventListener('input', filterAndSearchCards);
         
-        filterCards(); // init call for filter state
+        filterAndSearchCards(); // init call
     }
 });
\ No newline at end of file

From 2204ffe94c86e32ce4453d9df27dc482d49202f2 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 3 Sep 2024 08:08:22 +0530
Subject: [PATCH 165/211] hide closed programs by default

---
 .../templates/dashboard/bountyhub_programs.html | 10 +++++++++-
 web/static/custom/bountyhub.js                  | 17 +++++++++++++----
 2 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/web/dashboard/templates/dashboard/bountyhub_programs.html b/web/dashboard/templates/dashboard/bountyhub_programs.html
index 198f6de5a..cac3b6e49 100644
--- a/web/dashboard/templates/dashboard/bountyhub_programs.html
+++ b/web/dashboard/templates/dashboard/bountyhub_programs.html
@@ -24,7 +24,7 @@
     <div class="col-12 col-xl-12">
         <div class="card">
             <div class="card-body">
-                <form>
+                <form id="program-filter-form">
                     <div class="row g-3 align-items-center">
                         <div class="col-md-4 col-lg-3">
                             <div class="input-group">
@@ -49,6 +49,14 @@
                                 <option>Least reports</option>
                             </select>
                         </div>
+                        <div class="col-md-2 col-lg-2">
+                            <div class="form-check">
+                                <input class="form-check-input" type="checkbox" id="show-closed-programs">
+                                <label class="form-check-label" for="show-closed-programs">
+                                    Show closed programs
+                                </label>
+                            </div>
+                        </div>
                     </div>
                 </form>
             </div>
diff --git a/web/static/custom/bountyhub.js b/web/static/custom/bountyhub.js
index a65e9bb82..7a2dfb16d 100644
--- a/web/static/custom/bountyhub.js
+++ b/web/static/custom/bountyhub.js
@@ -174,6 +174,7 @@ document.addEventListener('DOMContentLoaded', function() {
         const container = document.getElementById('program_cards');
         const allCards = Array.from(container.querySelectorAll('.program-card-wrapper'));
         const searchInput = document.querySelector('#search-program-box');
+        const showClosedCheckbox = document.getElementById('show-closed-programs');
     
         // Pre-compute card data to avoid querying the DOM on each filter/search
         const cardData = allCards.map(cardWrapper => {
@@ -182,7 +183,8 @@ document.addEventListener('DOMContentLoaded', function() {
                 wrapper: cardWrapper,
                 name: card.querySelector('h5').textContent.toLowerCase(),
                 offersBounties: card.dataset.offersBounties === 'true',
-                isPrivate: card.dataset.programState === 'private_mode'
+                isPrivate: card.dataset.programState === 'private_mode',
+                isClosed: card.querySelector('.badge').textContent.trim() !== 'Open for Submission'
             };
         });
     
@@ -192,12 +194,14 @@ document.addEventListener('DOMContentLoaded', function() {
         function filterAndSearchCards() {
             const selectedFilter = filterSelect.value;
             const searchTerm = searchInput.value.toLowerCase().trim();
+            const showClosed = showClosedCheckbox.checked;
     
-            if (selectedFilter === lastFilter && searchTerm === lastSearch) return;
+            if (selectedFilter === lastFilter && searchTerm === lastSearch && showClosed === lastShowClosed) return;
             lastFilter = selectedFilter;
             lastSearch = searchTerm;
+            lastShowClosed = showClosed;
     
-            const visibleCards = cardData.filter(({ offersBounties, isPrivate, name }) => {
+            const visibleCards = cardData.filter(({ offersBounties, isPrivate, name, isClosed }) => {
                 let shouldShow = true;
     
                 switch(selectedFilter) {
@@ -212,7 +216,11 @@ document.addEventListener('DOMContentLoaded', function() {
                         break;
                 }
     
-                return shouldShow && (!searchTerm || name.includes(searchTerm));
+                shouldShow = shouldShow && (!searchTerm || name.includes(searchTerm));
+
+                shouldShow = shouldShow && (showClosed || !isClosed);
+
+                return shouldShow;
             });
     
             // Batch DOM updates to avoid reflows and make the transition smoother
@@ -231,6 +239,7 @@ document.addEventListener('DOMContentLoaded', function() {
     
         filterSelect.addEventListener('change', filterAndSearchCards);
         searchInput.addEventListener('input', filterAndSearchCards);
+        showClosedCheckbox.addEventListener('change', filterAndSearchCards);
         
         filterAndSearchCards(); // init call
     }

From 67fa86764deb6aec3cbfbf83126dc9245334d112 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 3 Sep 2024 19:53:57 +0530
Subject: [PATCH 166/211] add new button in latest vdp from 3 months old

---
 web/static/custom/bountyhub.js | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/web/static/custom/bountyhub.js b/web/static/custom/bountyhub.js
index 7a2dfb16d..ef5b8930a 100644
--- a/web/static/custom/bountyhub.js
+++ b/web/static/custom/bountyhub.js
@@ -38,16 +38,15 @@ document.addEventListener('DOMContentLoaded', function() {
         displayErrorMessage("An error occurred while fetching the data. Please try again later. Make sure you have hackerone api key set in your API Vault.");
         console.error('Error:', error);
     });
-
     function displayPrograms(programs) {
         const container = document.getElementById('program_cards');
         container.innerHTML = '';
-    
+
         if (!programs || programs.length === 0) {
             displayErrorMessage("No programs available at the moment.");
             return;
         }
-    
+
         programs.forEach(program => {
             const { id, attributes } = program;
             const card = document.createElement('div');
@@ -62,15 +61,16 @@ document.addEventListener('DOMContentLoaded', function() {
                     <h5 class="card-title mb-0">${attributes.name}&nbsp;
                         ${attributes.bookmarked ? '<i class="text-warning mdi mdi-bookmark-check" data-bs-toggle="tooltip" data-bs-placement="top" title="Bookmarked Program"></i>' : ''}
                     </h5>
-                    <small class="text-muted">@${attributes.handle}</small>
+                    <small class="text-muted"><a href="https://hackerone.com/${attributes.handle}" id="handle-link" target="_blank">@${attributes.handle}</a></small>
                     </div>
                 </div>
 
                 <div class="mb-2">
                     <span class="badge ${attributes.submission_state === 'open' ? 'bg-success' : 'bg-danger'} bg-opacity-10 text-${attributes.submission_state === 'open' ? 'success' : 'danger'} me-1 mb-1">${attributes.submission_state === 'open' ? 'Open for Submission' : 'Closed'}</span>
                     <span class="badge bg-primary bg-opacity-10 text-primary me-1 mb-1">${attributes.state === 'public_mode' ? 'Public Program' : 'Private Program'}</span>
-                    ${attributes.offers_bounties ? '<span class="badge bg-info bg-opacity-10 text-info me-1 mb-1">Bounty $$$</span>' : ''}
+                    ${attributes.offers_bounties ? '<span class="badge bg-info bg-opacity-10 text-info me-1 mb-1">Bounty $$$</span>' : '<span class="badge bg-danger bg-opacity-10 text-danger me-1 mb-1">VDP</span>'}
                     ${attributes.open_scope ? '<span class="badge bg-warning bg-opacity-10 text-warning mb-1">Open Scope</span>' : ''}
+                    ${isProgramNew(attributes.started_accepting_at) ? '<span class="badge bg-primary bg-opacity-10 text-primary mb-1"><i class="fe-zap"></i>&nbsp;New</span>' : ''}
                 </div>
 
                 <div class="d-flex justify-content-between mb-2 small">
@@ -102,6 +102,13 @@ document.addEventListener('DOMContentLoaded', function() {
         });
     }
 
+    function isProgramNew(startedAcceptingAt) {
+        const threeMonthsAgo = new Date();
+        threeMonthsAgo.setMonth(threeMonthsAgo.getMonth() - 3);
+        const startedAcceptingDate = new Date(startedAcceptingAt);
+        return startedAcceptingDate > threeMonthsAgo;
+    }
+
     function displayErrorMessage(message) {
         const container = document.getElementById('program_cards');
         container.innerHTML = `
@@ -127,7 +134,7 @@ document.addEventListener('DOMContentLoaded', function() {
     });
 
     function toggleCardSelection(event, card) {
-        if (event.target.closest('#btn-see-details')) {
+        if (event.target.closest('#btn-see-details') || event.target.closest('#handle-link')) {
             // If it's the "See details" button, don't toggle selection, maybe we need other actions in the future here
             return;
         }

From bfcdc1008346ef0d2d0b2e0d8c1dcab3406ea856 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 3 Sep 2024 20:20:40 +0530
Subject: [PATCH 167/211] Add sorting functionality to HackerOne programs

---
 web/api/views.py                              |  17 ++-
 .../dashboard/bountyhub_programs.html         |  10 +-
 web/static/custom/bountyhub.js                | 133 +++++++++++++-----
 web/static/custom/custom.css                  |   3 +-
 4 files changed, 122 insertions(+), 41 deletions(-)

diff --git a/web/api/views.py b/web/api/views.py
index b2fdcc4a8..af610f281 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -43,9 +43,24 @@ class HackerOneProgramViewSet(viewsets.ViewSet):
 	CACHE_KEY = 'hackerone_programs'
 	CACHE_TIMEOUT = 60 * 30 # 30 minutes
 
-
 	def list(self, request):
+		sort_by = request.query_params.get('sort_by', 'age')
+		sort_order = request.query_params.get('sort_order', 'desc')  # Changed default to 'desc'
+
 		programs = self.get_cached_programs()
+
+		if sort_by == 'name':
+			programs = sorted(programs, key=lambda x: x['attributes']['name'].lower(), 
+					reverse=(sort_order.lower() == 'desc'))
+		elif sort_by == 'reports':
+			programs = sorted(programs, key=lambda x: x['attributes'].get('number_of_reports_for_user', 0), 
+					reverse=(sort_order.lower() == 'desc'))
+		elif sort_by == 'age':
+			programs = sorted(programs, 
+				key=lambda x: datetime.strptime(x['attributes'].get('started_accepting_at', '1970-01-01T00:00:00.000Z'), '%Y-%m-%dT%H:%M:%S.%fZ'), 
+				reverse=(sort_order.lower() == 'desc')
+			)
+
 		serializer = HackerOneProgramSerializer(programs, many=True)
 		return Response(serializer.data)
 	
diff --git a/web/dashboard/templates/dashboard/bountyhub_programs.html b/web/dashboard/templates/dashboard/bountyhub_programs.html
index cac3b6e49..98a820d1d 100644
--- a/web/dashboard/templates/dashboard/bountyhub_programs.html
+++ b/web/dashboard/templates/dashboard/bountyhub_programs.html
@@ -43,10 +43,12 @@
                         <div class="col-md-3 col-lg-2">
                             <select class="form-select" id="sort-select" aria-label="Sort programs">
                                 <option selected disabled>Sort by</option>
-                                <option>Name (A to Z)</option>
-                                <option>Name (Z to A)</option>
-                                <option>Most reports</option>
-                                <option>Least reports</option>
+                                <option value="name-asc">Name (A to Z)</option>
+                                <option value="name-desc">Name (Z to A)</option>
+                                <option value="reports-desc">Most reports</option>
+                                <option value="reports-asc">Least reports</option>
+                                <option value="posted-desc">Most Recent</option>
+                                <option value="posted-asc">Least Recent</option>
                             </select>
                         </div>
                         <div class="col-md-2 col-lg-2">
diff --git a/web/static/custom/bountyhub.js b/web/static/custom/bountyhub.js
index ef5b8930a..25c75ca36 100644
--- a/web/static/custom/bountyhub.js
+++ b/web/static/custom/bountyhub.js
@@ -1,43 +1,69 @@
 // this js file will be used to do everything js related to the bountyhub page
 
 document.addEventListener('DOMContentLoaded', function() {
-    const api_url = '/api/hackerone-programs/';
-
-    Swal.fire({
-        title: "Loading HackerOne Programs",
-        text: "Fetching the latest data...",
-        icon: "info",
-        allowOutsideClick: false,
-        allowEscapeKey: false,
-        showConfirmButton: false,
-        didOpen: () => {
-            Swal.showLoading();
+
+    function fetchPrograms(isSortingRequest = false){
+        let api_url = '/api/hackerone-programs/';
+        const sortParams = updateSortingParams();
+        const queryParams = new URLSearchParams(sortParams).toString();
+
+        if (queryParams){
+            api_url += '?' + queryParams
         }
-    });
 
-    fetch(api_url, {
-        method: "GET",
-        credentials: "same-origin",
-        headers: {
-            "X-CSRFToken": getCookie("csrftoken"),
-        },
-    })
-    .then(response => {
-        if (!response.ok) {
-            throw new Error('Network response was not ok');
+
+        if (isSortingRequest) {
+            Swal.fire({
+                title: 'Sorting...',
+                text: 'Please wait',
+                allowOutsideClick: false,
+                allowEscapeKey: false,
+                showConfirmButton: false,
+                willOpen: () => {
+                    Swal.showLoading();
+                },
+                customClass: {
+                    popup: 'small-swal'
+                }
+            });
+        } else {
+            Swal.fire({
+                title: "Loading HackerOne Programs",
+                text: "Fetching the latest data...",
+                icon: "info",
+                allowOutsideClick: false,
+                allowEscapeKey: false,
+                showConfirmButton: false,
+                didOpen: () => {
+                    Swal.showLoading();
+                }
+            });
         }
-        return response.json();
-    })
-    .then(data => {
-        Swal.close();
-
-        displayPrograms(data);
-    })
-    .catch(error => {
-        Swal.close();
-        displayErrorMessage("An error occurred while fetching the data. Please try again later. Make sure you have hackerone api key set in your API Vault.");
-        console.error('Error:', error);
-    });
+    
+        fetch(api_url, {
+            method: "GET",
+            credentials: "same-origin",
+            headers: {
+                "X-CSRFToken": getCookie("csrftoken"),
+            },
+        })
+        .then(response => {
+            if (!response.ok) {
+                throw new Error('Network response was not ok');
+            }
+            return response.json();
+        })
+        .then(data => {
+            Swal.close();
+            displayPrograms(data);
+        })
+        .catch(error => {
+            Swal.close();
+            displayErrorMessage("An error occurred while fetching the hackerone programs. Please try again later. Make sure you have hackerone api key set in your API Vault.");
+            console.error('Error:', error);
+        });
+    }
+
     function displayPrograms(programs) {
         const container = document.getElementById('program_cards');
         container.innerHTML = '';
@@ -250,4 +276,43 @@ document.addEventListener('DOMContentLoaded', function() {
         
         filterAndSearchCards(); // init call
     }
+
+    // in this function, we handle the sort select
+    function updateSortingParams() {
+        const sortSelect = document.getElementById('sort-select');
+        let sortBy, sortOrder;
+    
+        if (sortSelect.value === 'Sort by' || !sortSelect.value) {
+            sortBy = 'age';
+            sortOrder = 'desc';
+        } else {
+            [sortBy, sortOrder] = sortSelect.value.split('-');
+        }
+        
+        let apiSortBy;
+        
+        switch (sortBy) {
+            case 'name':
+                apiSortBy = 'name';
+                break;
+            case 'reports':
+                apiSortBy = 'reports';
+                break;
+            case 'posted':
+                apiSortBy = 'age';
+                break;
+            default:
+                apiSortBy = 'age';
+        }
+        
+        return { sort_by: apiSortBy, sort_order: sortOrder };
+    }
+
+
+    // init call to fetch programs
+    const sortSelect = document.getElementById('sort-select');
+    sortSelect.addEventListener('change', () => fetchPrograms(true));
+
+    fetchPrograms(false);
+
 });
\ No newline at end of file
diff --git a/web/static/custom/custom.css b/web/static/custom/custom.css
index ecfefffc2..309f64324 100644
--- a/web/static/custom/custom.css
+++ b/web/static/custom/custom.css
@@ -647,8 +647,7 @@ mark{
 
 .import-programs-btn {
   padding: 12px 24px;
-  font-size: 16px;
-  font-weight: bold;
+  font-size: 14px;
   color: #fff;
   background-color: #007bff;
   border: none;

From 08e010cbcf5b15534762aa10d89ba30b0fca30e2 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 3 Sep 2024 20:29:25 +0530
Subject: [PATCH 168/211] debounce search, optimize query

---
 web/static/custom/bountyhub.js | 399 ++++++++++++++-------------------
 1 file changed, 163 insertions(+), 236 deletions(-)

diff --git a/web/static/custom/bountyhub.js b/web/static/custom/bountyhub.js
index 25c75ca36..cefa8b5b4 100644
--- a/web/static/custom/bountyhub.js
+++ b/web/static/custom/bountyhub.js
@@ -1,242 +1,141 @@
-// this js file will be used to do everything js related to the bountyhub page
+// all the js code for the bountyhub page
 
 document.addEventListener('DOMContentLoaded', function() {
+    let allPrograms = [];
+    const container = document.getElementById('program_cards');
+    const importBtn = document.getElementById('importProgramsBtn');
+    const clearBtn = document.getElementById('clearSelectionsLink');
+    const filterSelect = document.querySelector('select[aria-label="Program type"]');
+    const searchInput = document.querySelector('#search-program-box');
+    const showClosedCheckbox = document.getElementById('show-closed-programs');
+    const sortSelect = document.getElementById('sort-select');
+
+    // Debounce function for search input to avoid making too many requests
+    const debounce = (func, delay) => {
+        let timeoutId;
+        return (...args) => {
+            clearTimeout(timeoutId);
+            timeoutId = setTimeout(() => func.apply(null, args), delay);
+        };
+    };
+
+    async function fetchPrograms(isSortingRequest = false) {
+        if (isSortingRequest) {
+            showLoadingIndicator("Sorting...");
+        } else {
+            showLoadingIndicator("Loading HackerOne Programs");
+        }
 
-    function fetchPrograms(isSortingRequest = false){
         let api_url = '/api/hackerone-programs/';
         const sortParams = updateSortingParams();
         const queryParams = new URLSearchParams(sortParams).toString();
 
-        if (queryParams){
-            api_url += '?' + queryParams
+        if (queryParams) {
+            api_url += '?' + queryParams;
         }
 
-
-        if (isSortingRequest) {
-            Swal.fire({
-                title: 'Sorting...',
-                text: 'Please wait',
-                allowOutsideClick: false,
-                allowEscapeKey: false,
-                showConfirmButton: false,
-                willOpen: () => {
-                    Swal.showLoading();
+        try {
+            const response = await fetch(api_url, {
+                method: "GET",
+                credentials: "same-origin",
+                headers: {
+                    "X-CSRFToken": getCookie("csrftoken"),
                 },
-                customClass: {
-                    popup: 'small-swal'
-                }
-            });
-        } else {
-            Swal.fire({
-                title: "Loading HackerOne Programs",
-                text: "Fetching the latest data...",
-                icon: "info",
-                allowOutsideClick: false,
-                allowEscapeKey: false,
-                showConfirmButton: false,
-                didOpen: () => {
-                    Swal.showLoading();
-                }
             });
-        }
-    
-        fetch(api_url, {
-            method: "GET",
-            credentials: "same-origin",
-            headers: {
-                "X-CSRFToken": getCookie("csrftoken"),
-            },
-        })
-        .then(response => {
+
             if (!response.ok) {
                 throw new Error('Network response was not ok');
             }
-            return response.json();
-        })
-        .then(data => {
-            Swal.close();
+
+            const data = await response.json();
+            allPrograms = data;
             displayPrograms(data);
-        })
-        .catch(error => {
-            Swal.close();
+        } catch (error) {
             displayErrorMessage("An error occurred while fetching the hackerone programs. Please try again later. Make sure you have hackerone api key set in your API Vault.");
             console.error('Error:', error);
-        });
+        } finally {
+            hideLoadingIndicator();
+        }
     }
 
     function displayPrograms(programs) {
-        const container = document.getElementById('program_cards');
-        container.innerHTML = '';
+        container.innerHTML = ''; // clear up the html content
 
         if (!programs || programs.length === 0) {
             displayErrorMessage("No programs available at the moment.");
             return;
         }
 
+        const fragment = document.createDocumentFragment();
+        const template = document.createElement('template');
+
         programs.forEach(program => {
-            const { id, attributes } = program;
-            const card = document.createElement('div');
-            card.className = 'col-md-6 col-lg-4 col-xl-3 mb-3 program-card-wrapper';
-            card.innerHTML = `
-            <div class="card h-100 shadow-sm position-relative overflow-hidden bbp-card card-selectable" data-offers-bounties="${attributes.offers_bounties}" data-program-state="${attributes.state}">
-
-                <div class="card-body py-2 px-3">
-                <div class="d-flex align-items-center mb-2">
-                    <img src="${attributes.profile_picture}" alt="${attributes.name}" class="rounded-circle me-3" width="40" height="40" loading="lazy">
-                    <div>
-                    <h5 class="card-title mb-0">${attributes.name}&nbsp;
-                        ${attributes.bookmarked ? '<i class="text-warning mdi mdi-bookmark-check" data-bs-toggle="tooltip" data-bs-placement="top" title="Bookmarked Program"></i>' : ''}
-                    </h5>
-                    <small class="text-muted"><a href="https://hackerone.com/${attributes.handle}" id="handle-link" target="_blank">@${attributes.handle}</a></small>
+            const { attributes } = program;
+            template.innerHTML = `
+                <div class="col-md-6 col-lg-4 col-xl-3 mb-3 program-card-wrapper">
+                    <div class="card h-100 shadow-sm position-relative overflow-hidden bbp-card card-selectable" data-offers-bounties="${attributes.offers_bounties}" data-program-state="${attributes.state}">
+                        <div class="card-body py-2 px-3">
+                            <!-- Card content -->
+                        </div>
                     </div>
                 </div>
-
-                <div class="mb-2">
-                    <span class="badge ${attributes.submission_state === 'open' ? 'bg-success' : 'bg-danger'} bg-opacity-10 text-${attributes.submission_state === 'open' ? 'success' : 'danger'} me-1 mb-1">${attributes.submission_state === 'open' ? 'Open for Submission' : 'Closed'}</span>
-                    <span class="badge bg-primary bg-opacity-10 text-primary me-1 mb-1">${attributes.state === 'public_mode' ? 'Public Program' : 'Private Program'}</span>
-                    ${attributes.offers_bounties ? '<span class="badge bg-info bg-opacity-10 text-info me-1 mb-1">Bounty $$$</span>' : '<span class="badge bg-danger bg-opacity-10 text-danger me-1 mb-1">VDP</span>'}
-                    ${attributes.open_scope ? '<span class="badge bg-warning bg-opacity-10 text-warning mb-1">Open Scope</span>' : ''}
-                    ${isProgramNew(attributes.started_accepting_at) ? '<span class="badge bg-primary bg-opacity-10 text-primary mb-1"><i class="fe-zap"></i>&nbsp;New</span>' : ''}
-                </div>
-
-                <div class="d-flex justify-content-between mb-2 small">
-                    <div><i class="bi bi-flag me-1"></i> My Reports: ${attributes.number_of_reports_for_user}</div>
-                    <div><i class="bi bi-currency-dollar me-1"></i> My Earnings: $${attributes.bounty_earned_for_user.toFixed(2)}</div>
-                </div>
-
-                <hr class="my-2">
-
-                <div class="d-flex justify-content-between text-muted small mb-2">
-                    <div><i class="bi bi-calendar me-1"></i> Since ${new Date(attributes.started_accepting_at).toLocaleDateString('en-US', { month: 'short', year: 'numeric' })}</div>
-                    <div><i class="bi bi-globe me-1"></i> ${attributes.currency.toUpperCase()}</div>
-                </div>
-                <a href="#" class="btn btn-outline-primary btn-sm w-100 mt-2" id="btn-see-details">See details</a>
-                </div>
-            </div>
             `;
-
-
-            // Initialize tooltips esp for bookmarked programs
-            const tooltips = document.querySelectorAll('[data-bs-toggle="tooltip"]');
-            tooltips.forEach((tooltip) => {
-                new bootstrap.Tooltip(tooltip);
-            });
-            container.appendChild(card);
-
-            initializeFilter();
-
+            const cardNode = template.content.firstElementChild.cloneNode(true);
+            cardNode.querySelector('.card-body').innerHTML = generateCardContent(attributes);
+            fragment.appendChild(cardNode);
         });
-    }
 
-    function isProgramNew(startedAcceptingAt) {
-        const threeMonthsAgo = new Date();
-        threeMonthsAgo.setMonth(threeMonthsAgo.getMonth() - 3);
-        const startedAcceptingDate = new Date(startedAcceptingAt);
-        return startedAcceptingDate > threeMonthsAgo;
+        container.appendChild(fragment);
+        initializeFilter();
     }
 
-    function displayErrorMessage(message) {
-        const container = document.getElementById('program_cards');
-        container.innerHTML = `
-            <div class="col-12">
-                <div class="alert alert-danger" role="alert">
-                    <i class="fe-alert-triangle me-2"></i>
-                    ${message}
+    function generateCardContent(attributes) {
+        return `
+            <div class="d-flex align-items-center mb-2">
+                <img src="${attributes.profile_picture}" alt="${attributes.name}" class="rounded-circle me-3" width="40" height="40" loading="lazy">
+                <div>
+                    <h5 class="card-title mb-0">${attributes.name}${attributes.bookmarked ? '<i class="text-warning mdi mdi-bookmark-check" title="Bookmarked Program"></i>' : ''}</h5>
+                    <small class="text-muted"><a href="https://hackerone.com/${attributes.handle}" class="handle-link" target="_blank">@${attributes.handle}</a></small>
                 </div>
             </div>
+            <div class="mb-2">
+                <span class="badge ${attributes.submission_state === 'open' ? 'bg-success' : 'bg-danger'} bg-opacity-10 text-${attributes.submission_state === 'open' ? 'success' : 'danger'} me-1 mb-1">${attributes.submission_state === 'open' ? 'Open' : 'Closed'}</span>
+                <span class="badge bg-primary bg-opacity-10 text-primary me-1 mb-1">${attributes.state === 'public_mode' ? 'Public' : 'Private'}</span>
+                ${attributes.offers_bounties ? '<span class="badge bg-info bg-opacity-10 text-info me-1 mb-1">Bounty</span>' : '<span class="badge bg-danger bg-opacity-10 text-danger me-1 mb-1">VDP</span>'}
+                ${attributes.open_scope ? '<span class="badge bg-warning bg-opacity-10 text-warning mb-1">Open Scope</span>' : ''}
+                ${isProgramNew(attributes.started_accepting_at) ? '<span class="badge bg-primary bg-opacity-10 text-primary mb-1"><i class="fe-zap"></i> New</span>' : ''}
+            </div>
+            <div class="d-flex justify-content-between mb-2 small">
+                <div><i class="bi bi-flag me-1"></i> Reports: ${attributes.number_of_reports_for_user}</div>
+                <div><i class="bi bi-currency-dollar me-1"></i> Earnings: $${attributes.bounty_earned_for_user.toFixed(2)}</div>
+            </div>
+            <hr class="my-2">
+            <div class="d-flex justify-content-between text-muted small mb-2">
+                <div><i class="bi bi-calendar me-1"></i> Since ${new Date(attributes.started_accepting_at).toLocaleDateString('en-US', { month: 'short', year: 'numeric' })}</div>
+                <div><i class="bi bi-globe me-1"></i> ${attributes.currency.toUpperCase()}</div>
+            </div>
+            <button class="btn btn-outline-primary btn-sm w-100 mt-2 btn-see-details">See details</button>
         `;
     }
 
-    // below has everything to do with card selection and import button
-    const container = document.getElementById('program_cards');
-    const importBtn = document.getElementById('importProgramsBtn');
-    const clearBtn = document.getElementById('clearSelectionsLink');
-
-    container.addEventListener('click', function(event) {
-        const card = event.target.closest('.card-selectable');
-        if (card) {
-            toggleCardSelection(event, card);
-        }
-    });
-
-    function toggleCardSelection(event, card) {
-        if (event.target.closest('#btn-see-details') || event.target.closest('#handle-link')) {
-            // If it's the "See details" button, don't toggle selection, maybe we need other actions in the future here
-            return;
-        }
-
-        card.classList.toggle('card-selected');
-        updateImportButton();
-    }
-
-    function updateImportButton() {
-        const selectedCards = container.querySelectorAll('.card-selected');
-        const count = selectedCards.length;
-        
-        if (count === 0) {
-            importBtn.disabled = true;
-            importBtn.innerHTML = '<i class="fe-download-cloud"></i> Import Programs';
-            clearBtn.style.display = 'none';
-        } else {
-            importBtn.disabled = false;
-            importBtn.innerHTML = `<i class="fe-download-cloud"></i> Import ${count} Program${count !== 1 ? 's' : ''}`;
-            clearBtn.style.display = 'inline';
-        }
-    }
-
-    function clearAllSelections() {
-        const selectedCards = container.querySelectorAll('.card-selected');
-        selectedCards.forEach(card => card.classList.remove('card-selected'));
-        updateImportButton();
+    function isProgramNew(startedAcceptingAt) {
+        const threeMonthsAgo = new Date();
+        threeMonthsAgo.setMonth(threeMonthsAgo.getMonth() - 3);
+        return new Date(startedAcceptingAt) > threeMonthsAgo;
     }
 
-    // clear btn listener
-    clearBtn.addEventListener('click', function(event) {
-        event.preventDefault();
-        clearAllSelections();
-    });
-
-
-    // init state
-    updateImportButton();
-
-
-    // we begin filtering here
     function initializeFilter() {
-        const filterSelect = document.querySelector('select[aria-label="Program type"]');
-        const container = document.getElementById('program_cards');
         const allCards = Array.from(container.querySelectorAll('.program-card-wrapper'));
-        const searchInput = document.querySelector('#search-program-box');
-        const showClosedCheckbox = document.getElementById('show-closed-programs');
-    
-        // Pre-compute card data to avoid querying the DOM on each filter/search
-        const cardData = allCards.map(cardWrapper => {
-            const card = cardWrapper.querySelector('.bbp-card');
-            return {
-                wrapper: cardWrapper,
-                name: card.querySelector('h5').textContent.toLowerCase(),
-                offersBounties: card.dataset.offersBounties === 'true',
-                isPrivate: card.dataset.programState === 'private_mode',
-                isClosed: card.querySelector('.badge').textContent.trim() !== 'Open for Submission'
-            };
-        });
-    
-        let lastFilter = '';
-        let lastSearch = '';
-    
-        function filterAndSearchCards() {
+        const cardData = allCards.map(createCardData);
+
+        const filterAndSearchCards = debounce(() => {
             const selectedFilter = filterSelect.value;
             const searchTerm = searchInput.value.toLowerCase().trim();
             const showClosed = showClosedCheckbox.checked;
-    
-            if (selectedFilter === lastFilter && searchTerm === lastSearch && showClosed === lastShowClosed) return;
-            lastFilter = selectedFilter;
-            lastSearch = searchTerm;
-            lastShowClosed = showClosed;
-    
+
             const visibleCards = cardData.filter(({ offersBounties, isPrivate, name, isClosed }) => {
                 let shouldShow = true;
-    
+
                 switch(selectedFilter) {
                     case 'Bounty Eligible':
                         shouldShow = offersBounties;
@@ -248,71 +147,99 @@ document.addEventListener('DOMContentLoaded', function() {
                         shouldShow = isPrivate;
                         break;
                 }
-    
-                shouldShow = shouldShow && (!searchTerm || name.includes(searchTerm));
 
+                shouldShow = shouldShow && (!searchTerm || name.includes(searchTerm));
                 shouldShow = shouldShow && (showClosed || !isClosed);
 
                 return shouldShow;
             });
-    
-            // Batch DOM updates to avoid reflows and make the transition smoother
+
             requestAnimationFrame(() => {
-                cardData.forEach(({ wrapper }) => {
-                    wrapper.style.display = 'none';
-                    wrapper.classList.add('filtering-hide');
-                });
-    
-                visibleCards.forEach(({ wrapper }) => {
-                    wrapper.style.display = '';
-                    wrapper.classList.remove('filtering-hide');
-                });
+                cardData.forEach(({ wrapper }) => wrapper.style.display = 'none');
+                visibleCards.forEach(({ wrapper }) => wrapper.style.display = '');
             });
-        }
-    
+        }, 100);
+
         filterSelect.addEventListener('change', filterAndSearchCards);
         searchInput.addEventListener('input', filterAndSearchCards);
         showClosedCheckbox.addEventListener('change', filterAndSearchCards);
         
-        filterAndSearchCards(); // init call
+        filterAndSearchCards();
+    }
+
+    function createCardData(cardWrapper) {
+        const card = cardWrapper.querySelector('.bbp-card');
+        return {
+            wrapper: cardWrapper,
+            name: card.querySelector('h5').textContent.toLowerCase(),
+            offersBounties: card.dataset.offersBounties === 'true',
+            isPrivate: card.dataset.programState === 'private_mode',
+            isClosed: card.querySelector('.badge').textContent.trim() !== 'Open'
+        };
     }
 
-    // in this function, we handle the sort select
     function updateSortingParams() {
-        const sortSelect = document.getElementById('sort-select');
-        let sortBy, sortOrder;
-    
-        if (sortSelect.value === 'Sort by' || !sortSelect.value) {
-            sortBy = 'age';
-            sortOrder = 'desc';
-        } else {
-            [sortBy, sortOrder] = sortSelect.value.split('-');
-        }
-        
-        let apiSortBy;
+        const [sortBy, sortOrder] = sortSelect.value.split('-');
+        const apiSortBy = {
+            name: 'name',
+            reports: 'reports',
+            posted: 'age'
+        }[sortBy] || 'age';
         
-        switch (sortBy) {
-            case 'name':
-                apiSortBy = 'name';
-                break;
-            case 'reports':
-                apiSortBy = 'reports';
-                break;
-            case 'posted':
-                apiSortBy = 'age';
-                break;
-            default:
-                apiSortBy = 'age';
+        return { sort_by: apiSortBy, sort_order: sortOrder || 'desc' };
+    }
+
+    // Event listeners
+    sortSelect.addEventListener('change', () => fetchPrograms(true));
+    container.addEventListener('click', handleCardClick);
+    clearBtn.addEventListener('click', clearAllSelections);
+
+    function handleCardClick(event) {
+        const card = event.target.closest('.card-selectable');
+        if (card) {
+            if (event.target.closest('.btn-see-details') || event.target.closest('.handle-link')) {
+                // Handle "See details" button or handle link click
+                return;
+            }
+            toggleCardSelection(card);
         }
+    }
+
+    function toggleCardSelection(card) {
+        card.classList.toggle('card-selected');
+        updateImportButton();
+    }
+
+    function updateImportButton() {
+        const selectedCards = container.querySelectorAll('.card-selected');
+        const count = selectedCards.length;
         
-        return { sort_by: apiSortBy, sort_order: sortOrder };
+        importBtn.disabled = count === 0;
+        importBtn.innerHTML = count === 0 ? '<i class="fe-download-cloud"></i> Import Programs' : `<i class="fe-download-cloud"></i> Import ${count} Program${count !== 1 ? 's' : ''}`;
+        clearBtn.style.display = count === 0 ? 'none' : 'inline';
     }
 
+    function clearAllSelections() {
+        container.querySelectorAll('.card-selected').forEach(card => card.classList.remove('card-selected'));
+        updateImportButton();
+    }
 
-    // init call to fetch programs
-    const sortSelect = document.getElementById('sort-select');
-    sortSelect.addEventListener('change', () => fetchPrograms(true));
+    function showLoadingIndicator(message) {
+        Swal.fire({
+            title: message,
+            text: "Please wait",
+            allowOutsideClick: false,
+            allowEscapeKey: false,
+            showConfirmButton: false,
+            willOpen: () => {
+                Swal.showLoading();
+            }
+        });
+    }
 
-    fetchPrograms(false);
+    function hideLoadingIndicator() {
+        Swal.close();
+    }
 
+    fetchPrograms(false);
 });
\ No newline at end of file

From 792a12fe87852c3e346fea4f75fbda3d00ce9513 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 3 Sep 2024 20:37:10 +0530
Subject: [PATCH 169/211] show stagger anims while cards are populated

---
 web/static/custom/bountyhub.js | 31 +++++++++++++++++++++++++++----
 1 file changed, 27 insertions(+), 4 deletions(-)

diff --git a/web/static/custom/bountyhub.js b/web/static/custom/bountyhub.js
index cefa8b5b4..2d1cf933b 100644
--- a/web/static/custom/bountyhub.js
+++ b/web/static/custom/bountyhub.js
@@ -69,10 +69,10 @@ document.addEventListener('DOMContentLoaded', function() {
         const fragment = document.createDocumentFragment();
         const template = document.createElement('template');
 
-        programs.forEach(program => {
+        programs.forEach((program) => {
             const { attributes } = program;
             template.innerHTML = `
-                <div class="col-md-6 col-lg-4 col-xl-3 mb-3 program-card-wrapper">
+                <div class="col-md-6 col-lg-4 col-xl-3 mb-3 program-card-wrapper" style="opacity: 0; transform: translateY(20px); transition: opacity 0.3s ease, transform 0.3s ease;">
                     <div class="card h-100 shadow-sm position-relative overflow-hidden bbp-card card-selectable" data-offers-bounties="${attributes.offers_bounties}" data-program-state="${attributes.state}">
                         <div class="card-body py-2 px-3">
                             <!-- Card content -->
@@ -86,9 +86,20 @@ document.addEventListener('DOMContentLoaded', function() {
         });
 
         container.appendChild(fragment);
+        animateCards();
         initializeFilter();
     }
 
+    function animateCards() {
+        const cards = container.querySelectorAll('.program-card-wrapper');
+        cards.forEach((card, index) => {
+            setTimeout(() => {
+                card.style.opacity = '1';
+                card.style.transform = 'translateY(0)';
+            }, index * 50); // staggering anims for sort, search and filter and even first load
+        });
+    }
+
     function generateCardContent(attributes) {
         return `
             <div class="d-flex align-items-center mb-2">
@@ -155,8 +166,20 @@ document.addEventListener('DOMContentLoaded', function() {
             });
 
             requestAnimationFrame(() => {
-                cardData.forEach(({ wrapper }) => wrapper.style.display = 'none');
-                visibleCards.forEach(({ wrapper }) => wrapper.style.display = '');
+                cardData.forEach(({ wrapper }) => {
+                    wrapper.style.opacity = '0';
+                    wrapper.style.transform = 'translateY(20px)';
+                });
+                setTimeout(() => {
+                    cardData.forEach(({ wrapper }) => wrapper.style.display = 'none');
+                    visibleCards.forEach(({ wrapper }, index) => {
+                        wrapper.style.display = '';
+                        setTimeout(() => {
+                            wrapper.style.opacity = '1';
+                            wrapper.style.transform = 'translateY(0)';
+                        }, index * 50);
+                    });
+                }, 300);
             });
         }, 100);
 

From 9a87abe1cc50bf5e4ddf5b9807526c237dd0c951 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 3 Sep 2024 20:52:17 +0530
Subject: [PATCH 170/211] Add bookmark filtering

---
 .../dashboard/bountyhub_programs.html         | 10 +++-
 web/static/custom/bountyhub.js                | 49 ++++++++++---------
 2 files changed, 34 insertions(+), 25 deletions(-)

diff --git a/web/dashboard/templates/dashboard/bountyhub_programs.html b/web/dashboard/templates/dashboard/bountyhub_programs.html
index 98a820d1d..130d1e054 100644
--- a/web/dashboard/templates/dashboard/bountyhub_programs.html
+++ b/web/dashboard/templates/dashboard/bountyhub_programs.html
@@ -51,11 +51,19 @@
                                 <option value="posted-asc">Least Recent</option>
                             </select>
                         </div>
+                        <div class="col-md-2 col-lg-2">
+                            <div class="form-check">
+                                <input class="form-check-input" type="checkbox" id="show-bookmarked-programs">
+                                <label class="form-check-label" for="show-bookmarked-programs">
+                                    Bookmarked programs
+                                </label>
+                            </div>
+                        </div>
                         <div class="col-md-2 col-lg-2">
                             <div class="form-check">
                                 <input class="form-check-input" type="checkbox" id="show-closed-programs">
                                 <label class="form-check-label" for="show-closed-programs">
-                                    Show closed programs
+                                    Closed programs
                                 </label>
                             </div>
                         </div>
diff --git a/web/static/custom/bountyhub.js b/web/static/custom/bountyhub.js
index 2d1cf933b..287c26ab0 100644
--- a/web/static/custom/bountyhub.js
+++ b/web/static/custom/bountyhub.js
@@ -9,6 +9,7 @@ document.addEventListener('DOMContentLoaded', function() {
     const searchInput = document.querySelector('#search-program-box');
     const showClosedCheckbox = document.getElementById('show-closed-programs');
     const sortSelect = document.getElementById('sort-select');
+    const showBookmarkedCheckbox = document.getElementById('show-bookmarked-programs');
 
     // Debounce function for search input to avoid making too many requests
     const debounce = (func, delay) => {
@@ -19,14 +20,17 @@ document.addEventListener('DOMContentLoaded', function() {
         };
     };
 
-    async function fetchPrograms(isSortingRequest = false) {
+    async function fetchPrograms(isSortingRequest = false, isBookmarkedRequest = false) {
         if (isSortingRequest) {
             showLoadingIndicator("Sorting...");
+        } else if (isBookmarkedRequest) {
+            showLoadingIndicator("Loading Bookmarked Programs");
         } else {
             showLoadingIndicator("Loading HackerOne Programs");
         }
 
-        let api_url = '/api/hackerone-programs/';
+        let api_url = isBookmarkedRequest ? '/api/hackerone-programs/bookmarked_programs/' : '/api/hackerone-programs/';
+
         const sortParams = updateSortingParams();
         const queryParams = new URLSearchParams(sortParams).toString();
 
@@ -136,15 +140,18 @@ document.addEventListener('DOMContentLoaded', function() {
     }
 
     function initializeFilter() {
-        const allCards = Array.from(container.querySelectorAll('.program-card-wrapper'));
-        const cardData = allCards.map(createCardData);
-
         const filterAndSearchCards = debounce(() => {
             const selectedFilter = filterSelect.value;
             const searchTerm = searchInput.value.toLowerCase().trim();
             const showClosed = showClosedCheckbox.checked;
 
-            const visibleCards = cardData.filter(({ offersBounties, isPrivate, name, isClosed }) => {
+            const visibleCards = Array.from(container.querySelectorAll('.program-card-wrapper')).filter(cardWrapper => {
+                const card = cardWrapper.querySelector('.bbp-card');
+                const name = card.querySelector('h5').textContent.toLowerCase();
+                const offersBounties = card.dataset.offersBounties === 'true';
+                const isPrivate = card.dataset.programState === 'private_mode';
+                const isClosed = card.querySelector('.badge').textContent.trim() !== 'Open';
+
                 let shouldShow = true;
 
                 switch(selectedFilter) {
@@ -165,27 +172,21 @@ document.addEventListener('DOMContentLoaded', function() {
                 return shouldShow;
             });
 
-            requestAnimationFrame(() => {
-                cardData.forEach(({ wrapper }) => {
-                    wrapper.style.opacity = '0';
-                    wrapper.style.transform = 'translateY(20px)';
-                });
-                setTimeout(() => {
-                    cardData.forEach(({ wrapper }) => wrapper.style.display = 'none');
-                    visibleCards.forEach(({ wrapper }, index) => {
-                        wrapper.style.display = '';
-                        setTimeout(() => {
-                            wrapper.style.opacity = '1';
-                            wrapper.style.transform = 'translateY(0)';
-                        }, index * 50);
-                    });
-                }, 300);
-            });
+            container.querySelectorAll('.program-card-wrapper').forEach(card => card.style.display = 'none');
+            visibleCards.forEach(card => card.style.display = '');
         }, 100);
 
         filterSelect.addEventListener('change', filterAndSearchCards);
         searchInput.addEventListener('input', filterAndSearchCards);
         showClosedCheckbox.addEventListener('change', filterAndSearchCards);
+        showBookmarkedCheckbox.addEventListener('change', async (event) => {
+            if (event.target.checked) {
+                await fetchPrograms(false, true);
+            } else {
+                await fetchPrograms(false, false);
+            }
+            filterAndSearchCards();
+        });
         
         filterAndSearchCards();
     }
@@ -213,7 +214,7 @@ document.addEventListener('DOMContentLoaded', function() {
     }
 
     // Event listeners
-    sortSelect.addEventListener('change', () => fetchPrograms(true));
+    sortSelect.addEventListener('change', () => fetchPrograms(true, false));
     container.addEventListener('click', handleCardClick);
     clearBtn.addEventListener('click', clearAllSelections);
 
@@ -264,5 +265,5 @@ document.addEventListener('DOMContentLoaded', function() {
         Swal.close();
     }
 
-    fetchPrograms(false);
+    fetchPrograms(false, false);
 });
\ No newline at end of file

From 482ff95666569b09d8f4c8dc5edf88674c45f5cc Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 3 Sep 2024 20:53:07 +0530
Subject: [PATCH 171/211] fix nav bar

---
 web/templates/base/_items/top_nav.html | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/web/templates/base/_items/top_nav.html b/web/templates/base/_items/top_nav.html
index bfea74d38..8e65e16fa 100644
--- a/web/templates/base/_items/top_nav.html
+++ b/web/templates/base/_items/top_nav.html
@@ -83,10 +83,7 @@
                     <i class="fe-download me-1"></i> Import Programs
                   </a></li>
                   <li><a class="dropdown-item" href="#">
-                    <i class="fe-bookmark me-1"></i> Bookmarked Programs
-                  </a></li>
-                  <li><a class="dropdown-item" href="#">
-                    <i class="fe-refresh-cw me-1"></i> Sync Programs
+                    <i class="fe-refresh-cw me-1"></i> Sync Bookmarked Programs
                   </a></li>
                 </ul>
               </li>

From d4023487f78ae506a39bab6d9211d1cd21f7d836 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 3 Sep 2024 21:13:01 +0530
Subject: [PATCH 172/211] add program detail and asset filtering

---
 web/api/views.py | 47 ++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 46 insertions(+), 1 deletion(-)

diff --git a/web/api/views.py b/web/api/views.py
index af610f281..fda2edccc 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -42,6 +42,11 @@ class HackerOneProgramViewSet(viewsets.ViewSet):
 	"""
 	CACHE_KEY = 'hackerone_programs'
 	CACHE_TIMEOUT = 60 * 30 # 30 minutes
+	PROGRAM_CACHE_KEY = 'hackerone_program_{}'
+
+	API_BASE = 'https://api.hackerone.com/v1/hackers'
+
+	ALLOWED_ASSET_TYPES = ["WILDCARD", "DOMAIN", "IP_ADDRESS", "CIDR", "URL"]
 
 	def list(self, request):
 		sort_by = request.query_params.get('sort_by', 'age')
@@ -96,7 +101,7 @@ def get_cached_programs(self):
 		return programs
 
 	def fetch_programs_from_hackerone(self):
-		url = 'https://api.hackerone.com/v1/hackers/programs'
+		url = f'{self.API_BASE}/programs'
 		headers = {'Accept': 'application/json'}
 		all_programs = []
 		username, api_key = self.get_api_credentials()
@@ -123,6 +128,46 @@ def refresh_cache(self, request):
 		programs = self.fetch_programs_from_hackerone()
 		cache.set(self.CACHE_KEY, programs, self.CACHE_TIMEOUT)
 		return Response({"status": "Cache refreshed successfully"})
+	
+	@action(detail=True, methods=['get'])
+	def program_details(self, request, pk=None):
+		program_handle = pk
+		cache_key = self.PROGRAM_CACHE_KEY.format(program_handle)
+		program_details = cache.get(cache_key)
+
+		if program_details is None:
+			program_details = self.fetch_program_details_from_hackerone(program_handle)
+			if program_details:
+				cache.set(cache_key, program_details, self.CACHE_TIMEOUT)
+
+		if program_details:
+			filtered_scopes = [
+				scope for scope in program_details.get('relationships', {}).get('structured_scopes', {}).get('data', [])
+				if scope.get('attributes', {}).get('asset_type') in self.ALLOWED_ASSET_TYPES
+			]
+
+			program_details['relationships']['structured_scopes']['data'] = filtered_scopes
+
+			return Response(program_details)
+		else:
+			return Response({"error": "Program not found"}, status=404)
+		
+
+	def fetch_program_details_from_hackerone(self, program_handle):
+		url = f'{self.API_BASE}/programs/{program_handle}'
+		headers = {'Accept': 'application/json'}
+		username, api_key = self.get_api_credentials()
+
+		response = requests.get(
+			url,
+			headers=headers,
+			auth=(username, api_key)
+		)
+
+		if response.status_code == 200:
+			return response.json()
+		else:
+			return None
 
 
 class InAppNotificationManagerViewSet(viewsets.ModelViewSet):

From e202f05115ac274dd9c7e1b8033e82c9437239c2 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Tue, 3 Sep 2024 22:00:31 +0530
Subject: [PATCH 173/211] add program detail modal

---
 web/static/custom/bountyhub.js | 205 +++++++++++++++++++++++++++++++--
 web/static/custom/custom.css   |  52 +++++++++
 2 files changed, 249 insertions(+), 8 deletions(-)

diff --git a/web/static/custom/bountyhub.js b/web/static/custom/bountyhub.js
index 287c26ab0..3545e91c7 100644
--- a/web/static/custom/bountyhub.js
+++ b/web/static/custom/bountyhub.js
@@ -129,16 +129,10 @@ document.addEventListener('DOMContentLoaded', function() {
                 <div><i class="bi bi-calendar me-1"></i> Since ${new Date(attributes.started_accepting_at).toLocaleDateString('en-US', { month: 'short', year: 'numeric' })}</div>
                 <div><i class="bi bi-globe me-1"></i> ${attributes.currency.toUpperCase()}</div>
             </div>
-            <button class="btn btn-outline-primary btn-sm w-100 mt-2 btn-see-details">See details</button>
+            <button class="btn btn-outline-primary btn-sm w-100 mt-2 btn-see-details" onclick="see_detail('${attributes.handle}')">See details</button>
         `;
     }
 
-    function isProgramNew(startedAcceptingAt) {
-        const threeMonthsAgo = new Date();
-        threeMonthsAgo.setMonth(threeMonthsAgo.getMonth() - 3);
-        return new Date(startedAcceptingAt) > threeMonthsAgo;
-    }
-
     function initializeFilter() {
         const filterAndSearchCards = debounce(() => {
             const selectedFilter = filterSelect.value;
@@ -266,4 +260,199 @@ document.addEventListener('DOMContentLoaded', function() {
     }
 
     fetchPrograms(false, false);
-});
\ No newline at end of file
+});
+
+function isProgramNew(startedAcceptingAt) {
+    const threeMonthsAgo = new Date();
+    threeMonthsAgo.setMonth(threeMonthsAgo.getMonth() - 3);
+    return new Date(startedAcceptingAt) > threeMonthsAgo;
+}
+
+// see detail function call
+function see_detail(handle) {
+    Swal.fire({
+        title: 'Loading...',
+        html: 'Fetching program details',
+        allowOutsideClick: false,
+        allowEscapeKey: false,
+        showConfirmButton: false,
+        willOpen: () => {
+            Swal.showLoading();
+        }
+    });
+
+    fetch(`/api/hackerone-programs/${handle}/program_details/`)
+        .then(response => {
+            if (!response.ok) {
+                throw new Error('Network response was not ok');
+            }
+            return response.json();
+        })
+        .then(data => {
+            Swal.close();
+
+            populateModal(data);
+        })
+        .catch(error => {
+            console.error('Error:', error);
+            
+            Swal.fire({
+                icon: 'error',
+                title: 'Oops...',
+                text: 'There was an error fetching the program details. Please try again.',
+            });
+        });
+}
+
+
+function populateModal(data) {
+    const attributes = data.attributes;
+
+    const modalHTML = `
+    <div class="modal fade" id="programDetailModal" tabindex="-1" aria-labelledby="programDetailModalLabel" aria-hidden="true">
+        <div class="modal-dialog modal-dialog-centered modal-dialog-scrollable modal-lg">
+            <div class="modal-content">
+                <div class="modal-header">
+                    <h5 class="modal-title" id="programDetailModalLabel">
+                        <img src="${attributes.profile_picture}" alt="${attributes.name}" class="program-profile-picture me-3">
+                        <span class="program-name">${attributes.name}</span>
+                        ${attributes.bookmarked ? '<i class="fas fa-bookmark text-muted ms-2" title="Bookmarked Program"></i>' : ''}
+                    </h5>
+                    <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
+                </div>
+                <div class="modal-body">
+                    <div class="row mb-4">
+                        <div class="col-md-8">
+                            <div id="badgeContainer" class="mb-3"></div>
+                            <p class="text-muted">
+                                <i class="fas fa-user me-2"></i>
+                                <a href="https://hackerone.com/${attributes.handle}" class="handle-link" target="_blank">@${attributes.handle}</a>
+                            </p>
+                            <p class="text-muted">
+                                <i class="fas fa-calendar-alt me-2"></i>
+                                Program active since ${new Date(attributes.started_accepting_at).toLocaleDateString('en-US', { month: 'long', year: 'numeric' })}
+                            </p>
+                        </div>
+                        <div class="col-md-4">
+                            <div class="program-stat-card mb-3">
+                                <h6 class="text-muted">Reports</h6>
+                                <h3>${attributes.number_of_reports_for_user || '0'}</h3>
+                            </div>
+                            <div class="program-stat-card">
+                                <h6 class="text-muted">Earnings</h6>
+                                <h3>$${(attributes.bounty_earned_for_user || 0).toFixed(2)} ${attributes.currency.toUpperCase()}</h3>
+                            </div>
+                        </div>
+                    </div>
+
+                    <h5 class="section-title mb-3">Assets on Scope</h5>
+                    <div class="accordion custom-program-accordion" id="assetAccordion"></div>
+                </div>
+                <div class="modal-footer">
+                    <button type="button" class="btn btn-outline-secondary" data-bs-dismiss="modal">Close</button>
+                    <a href="https://hackerone.com/${attributes.handle}" target="_blank" class="btn btn-primary">See full details</a>
+                </div>
+            </div>
+        </div>
+    </div>
+    `;
+
+    // Remove any existing modal
+    const existingModal = document.getElementById('programDetailModal');
+    if (existingModal) {
+        existingModal.remove();
+    }
+
+    document.body.insertAdjacentHTML('beforeend', modalHTML);
+
+    populateBadges(attributes);
+
+    populateAssetAccordion(data);
+
+    const modal = new bootstrap.Modal(document.getElementById('programDetailModal'));
+    modal.show();
+}
+function populateBadges(attributes) {
+    const badgeContainer = document.getElementById('badgeContainer');
+    const badges = [
+        {
+            condition: true,
+            classes: `${attributes.submission_state === 'open' ? 'bg-success' : 'bg-danger'} text-white`,
+            text: attributes.submission_state === 'open' ? 'Open' : 'Closed'
+        },
+        {
+            condition: true,
+            classes: 'bg-primary text-white',
+            text: attributes.state === 'public_mode' ? 'Public' : 'Private'
+        },
+        {
+            condition: true,
+            classes: attributes.offers_bounties ? 'badge bg-info bg-opacity-10 text-info' : 'badge bg-danger bg-opacity-10 text-danger',
+            text: attributes.offers_bounties ? 'Bounty' : 'VDP'
+        },
+        {
+            condition: attributes.open_scope,
+            classes: 'bg-success text-white',
+            text: 'Open Scope'
+        },
+        {
+            condition: isProgramNew(attributes.started_accepting_at),
+            classes: 'bg-primary text-white',
+            text: 'New',
+            icon: 'fe-zap'
+        }
+    ];
+
+    badges.forEach(badge => {
+        if (badge.condition) {
+            badgeContainer.innerHTML += `
+                <span class="badge ${badge.classes}">
+                    ${badge.icon ? `<i class="${badge.icon} me-1"></i>` : ''}${badge.text}
+                </span>
+            `;
+        }
+    });
+}
+
+function populateAssetAccordion(data) {
+    const accordion = document.getElementById('assetAccordion');
+    const assetTypes = {
+        WILDCARD: [], DOMAIN: [], IP_ADDRESS: [], CIDR: [], URL: []
+    };
+
+    data.relationships.structured_scopes.data.forEach(scope => {
+        const type = scope.attributes.asset_type;
+        if (assetTypes.hasOwnProperty(type)) {
+            assetTypes[type].push(scope.attributes.asset_identifier);
+        }
+    });
+
+    Object.entries(assetTypes).forEach(([type, assets], index) => {
+        if (assets.length > 0) {
+            const item = createAccordionItem(type, assets, index);
+            accordion.appendChild(item);
+        }
+    });
+}
+
+function createAccordionItem(type, assets, index) {
+    const item = document.createElement('div');
+    item.className = 'accordion-item border-0 mb-2';
+    item.innerHTML = `
+        <h2 class="accordion-header" id="heading${type}">
+            <button class="accordion-button collapsed" type="button" data-bs-toggle="collapse" 
+                    data-bs-target="#collapse${type}" aria-expanded="">
+                ${type}s (${assets.length})
+            </button>
+        </h2>
+        <div id="collapse${type}" class="accordion-collapse collapse" 
+             aria-labelledby="heading${type}" data-bs-parent="#assetAccordion">
+            <div class="accordion-body">
+                <ul>
+                    ${assets.map(asset => `<li>${asset}</li>`).join('')}
+                </ul>
+            </div>
+        </div>
+    `;
+    return item;
+}
\ No newline at end of file
diff --git a/web/static/custom/custom.css b/web/static/custom/custom.css
index 309f64324..dac8b4e5e 100644
--- a/web/static/custom/custom.css
+++ b/web/static/custom/custom.css
@@ -773,4 +773,56 @@ mark{
 
 .import-programs-btn.button-updated {
   animation: gentlePulse 1.5s infinite, colorTransition 0.5s ease;
+}
+
+
+
+.program-profile-picture {
+  width: 60px;
+  height: 60px;
+  object-fit: cover;
+  border-radius: 50%;
+  border: 2px solid #e9ecef;
+}
+
+.program-stat-card {
+  background-color: #f8f9fa;
+  border-radius: 8px;
+  padding: 1.25rem;
+  transition: all 0.2s ease;
+}
+
+.program-stat-card:hover {
+  background-color: #e9ecef;
+}
+
+.custom-program-accordion .accordion-button {
+  background-color: #f8f9fa;
+  color: #333;
+  font-weight: 500;
+  padding: 0.75rem 1rem;
+  border-radius: 4px;
+  margin-bottom: 0.5rem;
+}
+
+.custom-program-accordion .accordion-button:not(.collapsed) {
+  background-color: #e9ecef;
+  color: #0d6efd;
+}
+
+.custom-program-accordion .accordion-body {
+  background-color: #ffffff;
+  border-radius: 0 0 4px 4px;
+  border: 1px solid #e9ecef;
+  padding: 0.75rem;
+}
+
+.custom-program-accordion .accordion-body ul {
+  list-style-type: none;
+  padding-left: 0;
+  margin-bottom: 0;
+}
+
+.custom-program-accordion .accordion-body li {
+  padding: 0.25rem 0;
 }
\ No newline at end of file

From 0c83daebf56707147214827d5788014eefddd8f8 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 4 Sep 2024 09:05:08 +0530
Subject: [PATCH 174/211] fix accordion asset cards

---
 web/static/custom/bountyhub.js | 57 +++++++++++++++++++------
 web/static/custom/custom.css   | 77 ++++++++++++++++++++++------------
 2 files changed, 95 insertions(+), 39 deletions(-)

diff --git a/web/static/custom/bountyhub.js b/web/static/custom/bountyhub.js
index 3545e91c7..d857796d8 100644
--- a/web/static/custom/bountyhub.js
+++ b/web/static/custom/bountyhub.js
@@ -129,7 +129,14 @@ document.addEventListener('DOMContentLoaded', function() {
                 <div><i class="bi bi-calendar me-1"></i> Since ${new Date(attributes.started_accepting_at).toLocaleDateString('en-US', { month: 'short', year: 'numeric' })}</div>
                 <div><i class="bi bi-globe me-1"></i> ${attributes.currency.toUpperCase()}</div>
             </div>
-            <button class="btn btn-outline-primary btn-sm w-100 mt-2 btn-see-details" onclick="see_detail('${attributes.handle}')">See details</button>
+            <div class="d-flex justify-content-between mt-3">
+                <!-- <button class="btn btn-primary btn-sm flex-grow-1 me-2 btn-import-hackerone" onclick="import_hackerone_program('${attributes.handle}')">
+                    <i class="fas fa-file-import me-1"></i> Import
+                </button> -->
+                <button class="btn btn-outline-primary btn-sm flex-grow-1 btn-see-details" onclick="see_detail('${attributes.handle}')">
+                    <i class="fas fa-info-circle me-1"></i> Details
+                </button>
+            </div>
         `;
     }
 
@@ -215,7 +222,7 @@ document.addEventListener('DOMContentLoaded', function() {
     function handleCardClick(event) {
         const card = event.target.closest('.card-selectable');
         if (card) {
-            if (event.target.closest('.btn-see-details') || event.target.closest('.handle-link')) {
+            if (event.target.closest('.btn-see-details') || event.target.closest('.handle-link') || event.target.closest('.btn-import-hackerone')) {
                 // Handle "See details" button or handle link click
                 return;
             }
@@ -320,7 +327,7 @@ function populateModal(data) {
                     </h5>
                     <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
                 </div>
-                <div class="modal-body">
+                <div class="modal-body program-modal-body" data-simplebar>
                     <div class="row mb-4">
                         <div class="col-md-8">
                             <div id="badgeContainer" class="mb-3"></div>
@@ -387,7 +394,7 @@ function populateBadges(attributes) {
         },
         {
             condition: true,
-            classes: attributes.offers_bounties ? 'badge bg-info bg-opacity-10 text-info' : 'badge bg-danger bg-opacity-10 text-danger',
+            classes: attributes.offers_bounties ? 'bg-info text-white' : 'badge bg-danger bg-opacity-10 text-danger',
             text: attributes.offers_bounties ? 'Bounty' : 'VDP'
         },
         {
@@ -437,22 +444,48 @@ function populateAssetAccordion(data) {
 
 function createAccordionItem(type, assets, index) {
     const item = document.createElement('div');
-    item.className = 'accordion-item border-0 mb-2';
+    item.className = 'accordion-item border-0 mb-3';
     item.innerHTML = `
         <h2 class="accordion-header" id="heading${type}">
-            <button class="accordion-button collapsed" type="button" data-bs-toggle="collapse" 
-                    data-bs-target="#collapse${type}" aria-expanded="">
-                ${type}s (${assets.length})
+            <button class="accordion-button collapsed bg-light" type="button" data-bs-toggle="collapse" 
+                    data-bs-target="#collapse${type}" aria-expanded="false">
+                <i class="fe-folder me-2"></i> ${type}s <span class="badge bg-primary ms-2">${assets.length}</span>
             </button>
         </h2>
         <div id="collapse${type}" class="accordion-collapse collapse" 
              aria-labelledby="heading${type}" data-bs-parent="#assetAccordion">
-            <div class="accordion-body">
-                <ul>
-                    ${assets.map(asset => `<li>${asset}</li>`).join('')}
-                </ul>
+            <div class="accordion-body p-4">
+                <div class="row row-cols-1 row-cols-md-2 row-cols-lg-3 g-4">
+                    ${assets.map(asset => `
+                        <div class="col">
+                            <div class="card h-100 asset-card shadow-sm program-modal-asset-card" onclick="add_target('${asset}')">
+                                <div class="card-body d-flex flex-column justify-content-between">
+                                    <h5 class="card-title program-asset-name" data-bs-toggle="tooltip" title="${asset}">
+                                        <i class="${getIconForAssetType(type)} me-2"></i>
+                                        <span class="program-asset-name-text">${asset}</span>
+                                    </h5>
+                                    <small class="text-muted">${asset}</small>
+                                </div>
+                                <div class="card-footer bg-transparent border-top-0">
+                                    <button class="btn btn-outline-primary btn-sm w-100">
+                                        <i class="fe-plus-circle me-2"></i>Add Target
+                                    </button>
+                                </div>
+                            </div>
+                        </div>
+                    `).join('')}
+                </div>
             </div>
         </div>
     `;
     return item;
+}
+
+function getIconForAssetType(type) {
+    const iconMap = {
+        'Domain': 'fe-globe',
+        'IP': 'fe-server',
+        'URL': 'fe-link',
+    };
+    return iconMap[type] || 'fe-file';
 }
\ No newline at end of file
diff --git a/web/static/custom/custom.css b/web/static/custom/custom.css
index dac8b4e5e..062063eb2 100644
--- a/web/static/custom/custom.css
+++ b/web/static/custom/custom.css
@@ -584,33 +584,6 @@ mark{
 }
 
 
-.optional-text {
-  margin-top: 4px;
-}
-
-.bbp-bookmark-container {
-  transition: transform 0.3s ease;
-  z-index: 1;
-}
-.bbp-bookmark-checkbox:checked + .bbp-bookmark-label i {
-  color: #ffc107;
-  transform: scale(1.2);
-}
-.bbp-bookmark-label i {
-  transition: all 0.3s ease;
-  color: #6c757d;
-}
-.bbp-card:hover .bbp-bookmark-container {
-  transform: translateY(5px);
-}
-.bbp-badge {
-  transition: transform 0.3s ease;
-  background-color: transparent !important;
-}
-.bbp-badge:hover {
-  transform: translateY(-2px);
-}
-
 .card-selectable {
   transition: all 0.3s ease;
   cursor: pointer;
@@ -825,4 +798,54 @@ mark{
 
 .custom-program-accordion .accordion-body li {
   padding: 0.25rem 0;
+}
+
+.program-modal-asset-card {
+  transition: all 0.3s ease;
+  cursor: pointer;
+}
+
+.program-modal-asset-card:hover {
+  transform: translateY(-5px);
+  box-shadow: 0 0.5rem 1rem rgba(0, 0, 0, 0.15) !important;
+}
+
+.program-modal-asset-card:active {
+  transform: translateY(-2px);
+}
+
+.accordion-button:not(.collapsed) {
+  color: #0d6efd;
+  background-color: #e7f1ff;
+}
+
+.accordion-button:focus {
+  box-shadow: none;
+  border-color: rgba(0,0,0,.125);
+}
+
+.program-asset-name {
+  line-height: 1.2;
+  max-height: 2.4em;
+  overflow: hidden;
+  display: -webkit-box;
+  -webkit-box-orient: vertical;
+}
+
+.program-asset-name-text {
+  word-break: break-word;
+  font-size: small;
+}
+
+.program-modal-body {
+  max-height: 500px;
+  overflow-y: auto;
+}
+
+.program-modal-body::-webkit-scrollbar {
+  display: none; /* replace with data scrollbar */
+}
+
+.program-modal-body {
+  scrollbar-width: none; /* firefox */
 }
\ No newline at end of file

From d8a3e143365f9bc84e17f6e2cb1d722f4e02f861 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 4 Sep 2024 09:21:22 +0530
Subject: [PATCH 175/211] make animation effect faster for search

---
 web/static/custom/bountyhub.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/web/static/custom/bountyhub.js b/web/static/custom/bountyhub.js
index d857796d8..60736c3e2 100644
--- a/web/static/custom/bountyhub.js
+++ b/web/static/custom/bountyhub.js
@@ -100,7 +100,7 @@ document.addEventListener('DOMContentLoaded', function() {
             setTimeout(() => {
                 card.style.opacity = '1';
                 card.style.transform = 'translateY(0)';
-            }, index * 50); // staggering anims for sort, search and filter and even first load
+            }, index * 5); // staggering anims for sort, search and filter and even first load
         });
     }
 
@@ -109,7 +109,7 @@ document.addEventListener('DOMContentLoaded', function() {
             <div class="d-flex align-items-center mb-2">
                 <img src="${attributes.profile_picture}" alt="${attributes.name}" class="rounded-circle me-3" width="40" height="40" loading="lazy">
                 <div>
-                    <h5 class="card-title mb-0">${attributes.name}${attributes.bookmarked ? '<i class="text-warning mdi mdi-bookmark-check" title="Bookmarked Program"></i>' : ''}</h5>
+                    <h5 class="card-title mb-0">${attributes.name}&nbsp;&nbsp;${attributes.bookmarked ? '<i class="text-warning mdi mdi-bookmark-check" title="Bookmarked Program"></i>' : ''}</h5>
                     <small class="text-muted"><a href="https://hackerone.com/${attributes.handle}" class="handle-link" target="_blank">@${attributes.handle}</a></small>
                 </div>
             </div>

From 4f7d0b16805e649a7c7b1ad40b30887c84e58de7 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 4 Sep 2024 09:43:46 +0530
Subject: [PATCH 176/211] implement click import functionality

---
 web/static/custom/bountyhub.js | 94 +++++++++++++++++++++++++++++++++-
 1 file changed, 92 insertions(+), 2 deletions(-)

diff --git a/web/static/custom/bountyhub.js b/web/static/custom/bountyhub.js
index 60736c3e2..0dcb3d814 100644
--- a/web/static/custom/bountyhub.js
+++ b/web/static/custom/bountyhub.js
@@ -77,7 +77,7 @@ document.addEventListener('DOMContentLoaded', function() {
             const { attributes } = program;
             template.innerHTML = `
                 <div class="col-md-6 col-lg-4 col-xl-3 mb-3 program-card-wrapper" style="opacity: 0; transform: translateY(20px); transition: opacity 0.3s ease, transform 0.3s ease;">
-                    <div class="card h-100 shadow-sm position-relative overflow-hidden bbp-card card-selectable" data-offers-bounties="${attributes.offers_bounties}" data-program-state="${attributes.state}">
+                    <div class="card h-100 shadow-sm position-relative overflow-hidden bbp-card card-selectable" data-offers-bounties="${attributes.offers_bounties}" data-program-state="${attributes.state}" data-handle="${attributes.handle}">
                         <div class="card-body py-2 px-3">
                             <!-- Card content -->
                         </div>
@@ -267,6 +267,25 @@ document.addEventListener('DOMContentLoaded', function() {
     }
 
     fetchPrograms(false, false);
+
+    // event listener for multiple program cards click
+    document.getElementById('importProgramsBtn').addEventListener('click', () => {
+        const selectedHandles = getSelectedProgramHandles();
+        if (selectedHandles.length > 0) {
+            handleProgramImportswal(selectedHandles);
+        }
+    });
+
+    // event btn listener for individual click from modal
+    document.body.addEventListener('click', (event) => {
+        if (event.target.id === 'importIndividualProgram') {
+            event.preventDefault();
+            const handle = event.target.closest('.modal-content').querySelector('.handle-link').textContent.slice(1);
+            handleProgramImportswal([handle]);
+        }
+    });
+
+
 });
 
 function isProgramNew(startedAcceptingAt) {
@@ -357,7 +376,8 @@ function populateModal(data) {
                 </div>
                 <div class="modal-footer">
                     <button type="button" class="btn btn-outline-secondary" data-bs-dismiss="modal">Close</button>
-                    <a href="https://hackerone.com/${attributes.handle}" target="_blank" class="btn btn-primary">See full details</a>
+                    <a href="#" class="btn btn-outline-primary" id="importIndividualProgram"><i class="fe-download-cloud me-2"></i> Import Program</a>
+                    <a href="https://hackerone.com/${attributes.handle}" target="_blank" class="btn btn-primary"><i class="fe-info me-2"></i> See full details</a>
                 </div>
             </div>
         </div>
@@ -488,4 +508,74 @@ function getIconForAssetType(type) {
         'URL': 'fe-link',
     };
     return iconMap[type] || 'fe-file';
+}
+
+// now we handle import functionalities
+function getSelectedProgramHandles() {
+    const selectedCards = document.querySelectorAll('.card-selected');
+    return Array.from(selectedCards).map(card => card.dataset.handle);
+}
+
+async function importPrograms(handles) {
+    // this function accepts a list of handles that are to be imported
+    try {
+        const response = await fetch('/import', {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'X-CSRFToken': getCookie("csrftoken")
+            },
+            body: JSON.stringify({ handles })
+        });
+
+        if (!response.ok) {
+            throw new Error('Import failed');
+        }
+
+        return await response.json();
+    } catch (error) {
+        console.error('Error importing programs:', error);
+        throw error;
+    }
+}
+
+function handleProgramImportswal(handles) {
+    // swal loader to handle the import
+    Swal.fire({
+        title: 'Confirm Import',
+        text: `Are you sure you want to import ${handles.length} program(s)?`,
+        icon: 'question',
+        showCancelButton: true,
+        confirmButtonText: 'Yes, import',
+        cancelButtonText: 'Cancel'
+    }).then((result) => {
+        if (result.isConfirmed) {
+            Swal.fire({
+                title: 'Importing...',
+                text: 'Please wait while we import the selected programs.',
+                allowOutsideClick: false,
+                allowEscapeKey: false,
+                showConfirmButton: false,
+                willOpen: () => {
+                    Swal.showLoading();
+                }
+            });
+
+            importPrograms(handles)
+                .then(() => {
+                    Swal.fire(
+                        'Import Successful',
+                        'The selected programs have been imported successfully.',
+                        'success'
+                    );
+                })
+                .catch(() => {
+                    Swal.fire(
+                        'Import Failed',
+                        'There was an error importing the selected programs. Please try again.',
+                        'error'
+                    );
+                });
+        }
+    });
 }
\ No newline at end of file

From 9e2c760ab5f16d50c6b09d91410003235d279762 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 4 Sep 2024 10:59:03 +0530
Subject: [PATCH 177/211] Added celery worker for shared api tasks, added
 import hackerone_program_tasks, on ui make import button functionable

---
 web/api/shared_api_tasks.py    | 79 ++++++++++++++++++++++++++++++++++
 web/api/views.py               | 29 +++++++++++--
 web/celery-entrypoint.sh       |  1 +
 web/static/custom/bountyhub.js | 56 +++++++++++++-----------
 web/templates/base/base.html   |  2 +-
 5 files changed, 138 insertions(+), 29 deletions(-)
 create mode 100644 web/api/shared_api_tasks.py

diff --git a/web/api/shared_api_tasks.py b/web/api/shared_api_tasks.py
new file mode 100644
index 000000000..bb37f303e
--- /dev/null
+++ b/web/api/shared_api_tasks.py
@@ -0,0 +1,79 @@
+# include all the celery tasks to be used in the API, do not put in tasks.py
+import requests
+
+from reNgine.common_func import create_inappnotification, get_hackerone_key_username
+from reNgine.definitions import PROJECT_LEVEL_NOTIFICATION
+from reNgine.celery import app
+
+@app.task(name='import_hackerone_programs_task', bind=False, queue='api_queue')
+def import_hackerone_programs_task(handles, project_slug):
+	"""
+	Runs in the background to import programs from HackerOne
+
+	Args:
+		handles (list): List of handles to import
+		project_slug (str): Slug of the project
+	Returns:
+		None
+		rather creates inapp notifications
+	"""
+	def fetch_program_details_from_hackerone(program_handle):
+		url = f'https://api.hackerone.com/v1/hackers/programs/{program_handle}'
+		headers = {'Accept': 'application/json'}
+		username, api_key = get_hackerone_key_username()
+
+		response = requests.get(
+			url,
+			headers=headers,
+			auth=(username, api_key)
+		)
+
+		if response.status_code == 200:
+			return response.json()
+		else:
+			return None
+
+	for handle in handles:
+		program_details = fetch_program_details_from_hackerone(handle)
+		if program_details:
+			# TODO: Implement actual import logic to reNgine here
+
+			program_name = program_details['attributes']['name']
+			
+			try:
+				create_inappnotification(
+					title=f"HackerOne Program Imported: {handle}",
+					description=f"The program '{program_name}' from hackerone has been successfully imported.",
+					notification_type=PROJECT_LEVEL_NOTIFICATION,
+					project_slug=project_slug,
+					icon="mdi-check-circle",
+					status='success'
+				)
+
+			except Exception as e:
+				create_inappnotification(
+				title=f"HackerOne Program Import Failed: {handle}",
+				description=f"Failed to import program from hackerone with handle '{handle}'. {str(e)}",
+				notification_type=PROJECT_LEVEL_NOTIFICATION,
+				project_slug=project_slug,
+				icon="mdi-alert-circle",
+				status='error'
+			)
+		else:
+			create_inappnotification(
+				title=f"HackerOne Program Import Failed: {handle}",
+				description=f"Failed to import program from hackerone with handle '{handle}'. Program details could not be fetched.",
+				notification_type=PROJECT_LEVEL_NOTIFICATION,
+				project_slug=project_slug,
+				icon="mdi-alert-circle",
+				status='error'
+			)
+
+	create_inappnotification(
+		title="HackerOne Program Import Completed",
+		description=f"Import process for {len(handles)} program(s) has completed.",
+		notification_type=PROJECT_LEVEL_NOTIFICATION,
+		project_slug=project_slug,
+		icon="mdi-check-all",
+		status='success'
+	)
\ No newline at end of file
diff --git a/web/api/views.py b/web/api/views.py
index fda2edccc..38e0d561e 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -12,9 +12,11 @@
 from rest_framework import viewsets
 from rest_framework.response import Response
 from rest_framework.views import APIView
-from rest_framework.status import HTTP_400_BAD_REQUEST, HTTP_204_NO_CONTENT
+from rest_framework.status import HTTP_400_BAD_REQUEST, HTTP_204_NO_CONTENT, HTTP_202_ACCEPTED
 from rest_framework.decorators import action
 from django.core.exceptions import ObjectDoesNotExist
+from django.core.cache import cache
+
 
 from dashboard.models import *
 from recon_note.models import *
@@ -28,7 +30,7 @@
 from startScan.models import *
 from startScan.models import EndPoint
 from targetApp.models import *
-from django.core.cache import cache
+from api.shared_api_tasks import import_hackerone_programs_task
 
 from .serializers import *
 
@@ -101,7 +103,7 @@ def get_cached_programs(self):
 		return programs
 
 	def fetch_programs_from_hackerone(self):
-		url = f'{self.API_BASE}/programs'
+		url = f'{self.API_BASE}/programs?page[size]=100'
 		headers = {'Accept': 'application/json'}
 		all_programs = []
 		username, api_key = self.get_api_credentials()
@@ -168,6 +170,27 @@ def fetch_program_details_from_hackerone(self, program_handle):
 			return response.json()
 		else:
 			return None
+		
+	@action(detail=False, methods=['post'])
+	def import_programs(self, request):
+		project_slug = request.query_params.get('project_slug')
+		handles = request.data.get('handles', [])
+
+		if not handles:
+			return Response({"error": "No program handles provided"}, status=HTTP_400_BAD_REQUEST)
+
+		import_hackerone_programs_task.delay(handles, project_slug)
+
+		create_inappnotification(
+			title="HackerOne Program Import Started",
+			description=f"Import process for {len(handles)} program(s) has begun.",
+			notification_type=PROJECT_LEVEL_NOTIFICATION,
+			project_slug=project_slug,
+			icon="mdi-download",
+			status='info'
+		)
+
+		return Response({"message": f"Import process for {len(handles)} program(s) has begun."}, status=HTTP_202_ACCEPTED)
 
 
 class InAppNotificationManagerViewSet(viewsets.ModelViewSet):
diff --git a/web/celery-entrypoint.sh b/web/celery-entrypoint.sh
index 6d7968fff..15171f2d6 100755
--- a/web/celery-entrypoint.sh
+++ b/web/celery-entrypoint.sh
@@ -171,6 +171,7 @@ fi
 echo "Starting Workers..."
 echo "Starting Main Scan Worker with Concurrency: $MAX_CONCURRENCY,$MIN_CONCURRENCY"
 watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --loglevel=$loglevel --autoscale=$MAX_CONCURRENCY,$MIN_CONCURRENCY -Q main_scan_queue &
+watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/api/" -- celery -A api.shared_api_tasks worker --loglevel=$loglevel --concurrency=30 -Q api_queue &
 watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=30 --loglevel=$loglevel -Q initiate_scan_queue -n initiate_scan_worker &
 watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=30 --loglevel=$loglevel -Q subscan_queue -n subscan_worker &
 watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=20 --loglevel=$loglevel -Q report_queue -n report_worker &
diff --git a/web/static/custom/bountyhub.js b/web/static/custom/bountyhub.js
index 0dcb3d814..d11fa719a 100644
--- a/web/static/custom/bountyhub.js
+++ b/web/static/custom/bountyhub.js
@@ -518,8 +518,10 @@ function getSelectedProgramHandles() {
 
 async function importPrograms(handles) {
     // this function accepts a list of handles that are to be imported
+    const currentProjectSlug = document.body.getAttribute('data-current-project');
+    console.log(JSON.stringify({ handles }));
     try {
-        const response = await fetch('/import', {
+        const response = await fetch(`/api/hackerone-programs/import_programs/?project_slug=${currentProjectSlug}`, {
             method: 'POST',
             headers: {
                 'Content-Type': 'application/json',
@@ -543,39 +545,43 @@ function handleProgramImportswal(handles) {
     // swal loader to handle the import
     Swal.fire({
         title: 'Confirm Import',
-        text: `Are you sure you want to import ${handles.length} program(s)?`,
+        html: `
+            <p>Are you sure you want to import ${handles.length} program(s)?</p>
+            <p class="text-muted">This process will run in the background.</p>
+        `,
         icon: 'question',
         showCancelButton: true,
-        confirmButtonText: 'Yes, import',
-        cancelButtonText: 'Cancel'
+        confirmButtonText: 'Yes, start import',
+        cancelButtonText: 'Cancel',
+        confirmButtonColor: '#3085d6',
+        cancelButtonColor: '#d33',
     }).then((result) => {
         if (result.isConfirmed) {
-            Swal.fire({
-                title: 'Importing...',
-                text: 'Please wait while we import the selected programs.',
-                allowOutsideClick: false,
-                allowEscapeKey: false,
-                showConfirmButton: false,
-                willOpen: () => {
-                    Swal.showLoading();
-                }
-            });
-
             importPrograms(handles)
                 .then(() => {
-                    Swal.fire(
-                        'Import Successful',
-                        'The selected programs have been imported successfully.',
-                        'success'
-                    );
+                    Swal.fire({
+                        title: 'Import Started',
+                        html: `
+                            <p>The import process for ${handles.length} program(s) has begun.</p>
+                            <p>You will receive notifications about the progress and completion of the import.</p>
+                        `,
+                        icon: 'info',
+                        confirmButtonText: 'Got it',
+                        confirmButtonColor: '#3085d6',
+                    });
                 })
                 .catch(() => {
-                    Swal.fire(
-                        'Import Failed',
-                        'There was an error importing the selected programs. Please try again.',
-                        'error'
-                    );
+                    Swal.fire({
+                        title: 'Import Initiation Failed',
+                        text: 'There was an error starting the import process. Please try again.',
+                        icon: 'error',
+                        confirmButtonText: 'OK',
+                        confirmButtonColor: '#3085d6',
+                    });
                 });
+                // clear all selected cards
+                const container = document.getElementById('program_cards');
+                container.querySelectorAll('.card-selected').forEach(card => card.classList.remove('card-selected'));
         }
     });
 }
\ No newline at end of file
diff --git a/web/templates/base/base.html b/web/templates/base/base.html
index fc94c33c2..7e2a63620 100644
--- a/web/templates/base/base.html
+++ b/web/templates/base/base.html
@@ -57,7 +57,7 @@
     {% endblock custom_js_css_link %}
   </head>
 
-  <body class="loading" data-layout-mode="horizontal" data-rengine-version="{{ RENGINE_CURRENT_VERSION }}">
+  <body class="loading" data-layout-mode="horizontal" data-rengine-version="{{ RENGINE_CURRENT_VERSION }}" data-current-project="{{ current_project.slug }}">
     <!-- Topbar begins -->
     {% include 'base/_items/top_bar.html' %}
     {# topbar ends #}

From 76a3660412f08de0e866a55c787dc489d58831bb Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 4 Sep 2024 20:54:31 +0530
Subject: [PATCH 178/211] bulk save/import targets

---
 web/api/shared_api_tasks.py                   |  39 +++-
 web/reNgine/common_func.py                    |  24 ++-
 web/reNgine/database_utils.py                 | 172 ++++++++++++++++++
 web/reNgine/definitions.py                    |   5 +-
 web/reNgine/tasks.py                          | 152 ----------------
 .../templates/organization/list.html          |   6 +-
 web/targetApp/urls.py                         |   4 -
 web/targetApp/views.py                        |  26 +--
 web/templates/base/_items/top_nav.html        |   4 +-
 9 files changed, 238 insertions(+), 194 deletions(-)
 create mode 100644 web/reNgine/database_utils.py

diff --git a/web/api/shared_api_tasks.py b/web/api/shared_api_tasks.py
index bb37f303e..418097114 100644
--- a/web/api/shared_api_tasks.py
+++ b/web/api/shared_api_tasks.py
@@ -2,8 +2,9 @@
 import requests
 
 from reNgine.common_func import create_inappnotification, get_hackerone_key_username
-from reNgine.definitions import PROJECT_LEVEL_NOTIFICATION
+from reNgine.definitions import PROJECT_LEVEL_NOTIFICATION, HACKERONE_ALLOWED_ASSET_TYPES
 from reNgine.celery import app
+from reNgine.database_utils import bulk_import_targets
 
 @app.task(name='import_hackerone_programs_task', bind=False, queue='api_queue')
 def import_hackerone_programs_task(handles, project_slug):
@@ -36,11 +37,41 @@ def fetch_program_details_from_hackerone(program_handle):
 	for handle in handles:
 		program_details = fetch_program_details_from_hackerone(handle)
 		if program_details:
-			# TODO: Implement actual import logic to reNgine here
+			# Thanks, some parts of this logics were originally written by @null-ref-0000
+			# via PR https://github.com/yogeshojha/rengine/pull/1410
+			try:
+				program_name = program_details['attributes']['name']
+
+				assets = []
+				scopes = program_details['relationships']['structured_scopes']['data']
+				for scope in scopes:
+					asset_type = scope['attributes']['asset_type']
+					asset_identifier = scope['attributes']['asset_identifier']
+
+					# we need to filter the scope that are supported by reNgine now
+					if asset_type in HACKERONE_ALLOWED_ASSET_TYPES:
+						assets.append(asset_identifier)
+					
+					# in some cases asset_type is OTHER and may contain the asset
+					elif asset_type == 'OTHER' and ('.' in asset_identifier or asset_identifier.startswith('http')):
+						assets.append(asset_identifier)
+
+				# cleanup assets
+				assets = list(set(assets))
 
-			program_name = program_details['attributes']['name']
+				# convert assets to list of dict with name and description
+				assets = [{'name': asset, 'description': None} for asset in assets]
+				print('0'*100)
+				print(assets)
+				print('0'*100)
+				bulk_import_targets(
+					targets=assets,
+					project_slug=project_slug,
+					organization_name=program_name,
+					org_description=None,
+					h1_team_handle=handle
+				)
 			
-			try:
 				create_inappnotification(
 					title=f"HackerOne Program Imported: {handle}",
 					description=f"The program '{program_name}' from hackerone has been successfully imported.",
diff --git a/web/reNgine/common_func.py b/web/reNgine/common_func.py
index 29e24c548..ad58a94a8 100644
--- a/web/reNgine/common_func.py
+++ b/web/reNgine/common_func.py
@@ -6,14 +6,14 @@
 import random
 import shutil
 import traceback
-from time import sleep
-
+import ipaddress
 import humanize
 import redis
 import requests
 import tldextract
 import xmltodict
 
+from time import sleep
 from bs4 import BeautifulSoup
 from urllib.parse import urlparse
 from celery.utils.log import get_task_logger
@@ -1627,4 +1627,22 @@ def create_inappnotification(
 		open_in_new_tab=open_in_new_tab
 	)
 	notification.save()
-	return notification
\ No newline at end of file
+	return notification
+
+def get_ip_info(ip_address):
+	is_ipv4 = bool(validators.ipv4(ip_address))
+	is_ipv6 = bool(validators.ipv6(ip_address))
+	ip_data = None
+	if is_ipv4:
+		ip_data = ipaddress.IPv4Address(ip_address)
+	elif is_ipv6:
+		ip_data = ipaddress.IPv6Address(ip_address)
+	else:
+		return None
+	return ip_data
+
+def get_ips_from_cidr_range(target):
+	try:
+		return [str(ip) for ip in ipaddress.IPv4Network(target, False)]
+	except Exception as e:
+		logger.error(f'{target} is not a valid CIDR range. Skipping.')
diff --git a/web/reNgine/database_utils.py b/web/reNgine/database_utils.py
new file mode 100644
index 000000000..148daabbc
--- /dev/null
+++ b/web/reNgine/database_utils.py
@@ -0,0 +1,172 @@
+import re
+import validators
+import logging
+
+from urllib.parse import urlparse
+from django.db import transaction
+from django.utils import timezone
+
+from dashboard.models import Project
+from targetApp.models import Organization, Domain
+from startScan.models import EndPoint, IpAddress
+from reNgine.settings import LOGGING
+from reNgine.common_func import *
+
+logger = logging.getLogger(__name__)
+
+@transaction.atomic
+def bulk_import_targets(
+	targets: list[dict], 
+	project_slug: str, 
+	organization_name: str = None, 
+	org_description: str = None, 
+	h1_team_handle: str = None):
+	""" 
+		Used to import targets in reNgine
+
+		Args:
+			targets (list[dict]): list of targets to import, [{'target': 'target1.com', 'description': 'desc1'}, ...]
+			project_slug (str): slug of the project
+			organization_name (str): name of the organization to tag these targets
+			org_description (str): description of the organization
+			h1_team_handle (str): hackerone team handle (if imported from hackerone)
+	"""
+	project = Project.objects.get(slug=project_slug)
+
+	all_targets = []
+
+	for target in targets:
+		name = target.get('name', '').strip()
+		description = target.get('description', '')
+		
+		if not name:
+			logger.warning(f"Skipping target with empty name")
+			continue
+		
+		is_domain = validators.domain(name)
+		is_ip = validators.ipv4(name) or validators.ipv6(name)
+		is_url = validators.url(name)
+
+		logger.info(f'{name} | Domain? {is_domain} | IP? {is_ip} | URL? {is_url}')
+
+		if is_domain:
+			target_obj = store_domain(name, project, description, h1_team_handle)
+		elif is_url:
+			target_obj = store_url(name, project, description, h1_team_handle)
+		elif is_ip:
+			target_obj = store_ip(name, project, description, h1_team_handle)
+		else:
+			logger.warning(f'{name} is not supported by reNgine')
+			continue
+
+		if target_obj:
+			all_targets.append(target_obj)
+
+		if organization_name and all_targets:
+			org_name = organization_name.strip()
+			org, created = Organization.objects.get_or_create(
+				name=org_name,
+				defaults={
+					'project': project,
+					'description': org_description or '',
+					'insert_date': timezone.now()
+				}
+			)
+
+			if not created:
+				org.project = project
+				if org_description:
+					org.description = org_description
+				if org.insert_date is None:
+					org.insert_date = timezone.now()
+				org.save()
+
+			# Associate all targets with the organization
+			for target in all_targets:
+				org.domains.add(target)
+
+			logger.info(f"{'Created' if created else 'Updated'} organization {org_name} with {len(all_targets)} targets")
+
+
+
+def remove_wildcard(input_string):
+	"""
+		Remove wildcard (*) from the beginning of the input string.
+		In future, we may find the meaning of wildcards and try to use in target configs such as out of scope etc
+	"""
+	return re.sub(r'^\*\.', '', input_string)
+
+def store_domain(domain_name, project, description, h1_team_handle):
+	"""
+		This function is used to store domain in reNgine
+	"""
+	existing_domain = Domain.objects.filter(name=domain_name).first()
+
+	if existing_domain:
+		logger.info(f'Domain {domain_name} already exists. skipping.')
+		return
+	
+	current_time = timezone.now()
+
+	new_domain = Domain.objects.create(
+		name=domain_name,
+		description=description,
+		h1_team_handle=h1_team_handle,
+		project=project,
+		insert_date=current_time
+	)
+
+	logger.info(f'Added new domain {new_domain.name}')
+
+def store_url(url, project, description, h1_team_handle):
+	parsed_url = urlparse(url)
+	http_url = parsed_url.geturl()
+	domain_name = parsed_url.netloc
+
+	existing_domain = Domain.objects.filter(name=domain_name).first()
+
+	if existing_domain:
+		logger.info(f'Domain {domain_name} already exists. skipping...')
+		domain = existing_domain
+
+	else:
+		domain = Domain.objects.create(
+			name=domain_name,
+			description=description,
+			h1_team_handle=h1_team_handle,
+			project=project,
+			insert_date=timezone.now()
+		)
+		logger.info(f'Added new domain {domain.name}')
+
+	EndPoint.objects.get_or_create(
+		target_domain=domain,
+		http_url=sanitize_url(http_url)
+	)
+
+def store_ip(ip_address, project, description, h1_team_handle):
+	domain, created = Domain.objects.get_or_create(
+		name=ip_address,
+		defaults={
+			'description': description,
+			'h1_team_handle': h1_team_handle,
+			'project': project,
+			'insert_date': timezone.now(),
+			'ip_address_cidr': ip_address
+		}
+	)
+	if created:
+		logger.info(f'Added new IP domain {domain.name}')
+	elif description:
+		domain.description = description
+		domain.save()
+	
+	ip_data = get_ip_info(ip_address)
+	ip, _ = IpAddress.objects.get_or_create(
+		address=ip_address,
+		defaults={
+			'reverse_pointer': ip_data.reverse_pointer,
+			'is_private': ip_data.is_private,
+			'version': ip_data.version
+		}
+	)
\ No newline at end of file
diff --git a/web/reNgine/definitions.py b/web/reNgine/definitions.py
index 58fce2dd5..abe599156 100644
--- a/web/reNgine/definitions.py
+++ b/web/reNgine/definitions.py
@@ -562,4 +562,7 @@
     ('info', 'Informational'),
     ('warning', 'Warning'),
     ('error', 'Error'),
-)
\ No newline at end of file
+)
+
+# Bountyhub Definitions
+HACKERONE_ALLOWED_ASSET_TYPES = ["WILDCARD", "DOMAIN", "IP_ADDRESS", "URL"]
\ No newline at end of file
diff --git a/web/reNgine/tasks.py b/web/reNgine/tasks.py
index c7eea5119..2fa1b89cf 100644
--- a/web/reNgine/tasks.py
+++ b/web/reNgine/tasks.py
@@ -4727,155 +4727,3 @@ def llm_vulnerability_description(vulnerability_id):
 			vuln.save()
 
 	return response
-
-def fetch_h1_bookmarked():
-	"""
-    Fetches bookmarked programs from HackerOne API using pagination.
-
-    Returns:
-        list: A list of bookmarked program objects.
-    """
-	ALLOWED_SCOPE_TYPES = ["WILDCARD", "DOMAIN", "IP_ADDRESS", "CIDR", "URL"]
-
-	bookmarked_programs = []
-	next_link = True
-	programs_url = "https://api.hackerone.com/v1/hackers/programs?size=100"
-
-	hackerone_query = Hackerone.objects.all()
-
-	if hackerone_query.exists():
-		hackerone = Hackerone.objects.first()
-
-		headers = {
-			'Content-Type': 'application/json',
-			'Accept': 'application/json'
-		}
-
-		while next_link:
-			try:
-				response = requests.get(programs_url, auth=(hackerone.username, hackerone.api_key), headers=headers)
-				response.raise_for_status()  # Raise an exception for non-200 status codes
-
-				response_json = response.json()
-				for program in response_json["data"]:
-					if program["attributes"]["bookmarked"]:
-						program_url = f"https://api.hackerone.com/v1/hackers/programs/{program['attributes']['handle']}"
-						program_response = requests.get(program_url, auth=(hackerone.username, hackerone.api_key), headers=headers)
-						program_response.raise_for_status()
-
-						program_json = program_response.json()
-						program_scopes = []
-						for scope in program_json["relationships"]["structured_scopes"]["data"]:
-							if (
-								scope["attributes"]["asset_type"] in ALLOWED_SCOPE_TYPES
-								and scope["attributes"]["eligible_for_submission"] is True
-							):
-								program_scopes.append(scope["attributes"])
-
-						program["scopes"] = program_scopes
-						bookmarked_programs.append(program)
-
-				if "links" in response_json and "next" in response_json["links"]:
-					programs_url = response_json["links"]["next"]
-				else:
-					next_link = False
-
-			except requests.exceptions.RequestException as e:
-				logger.error(f"Error fetching HackerOne programs: {e}")
-				break
-
-	return bookmarked_programs
-
-@app.task(name='sync_h1_bookmarked', bind=False, queue='h1_sync_queue')
-def sync_h1_bookmarked():
-    """
-    Sync HackerOne bookmarked programs to organizations
-    """
-    try:
-        logger.info('Starting HackerOne Bookmark Sync')
-
-        # Fetch bookmarked programs and project details
-        bookmarked_programs = fetch_h1_bookmarked()
-        project = Project.objects.get(slug="default")
-        bookmarked_handles = {program['attributes']['handle']
-                              for program in bookmarked_programs}
-
-		# Get current organizations and their handles
-        current_organizations = Organization.objects.filter(project=project)
-        current_handles = {org.name for org in current_organizations}
-
-		# Delete organizations not in the bookmarked programs
-        handles_to_delete = current_handles - bookmarked_handles
-
-		# Delete organizations
-        for handle in handles_to_delete:
-            try:
-                org_to_delete = get_object_or_404(Organization, name=handle, project=project)
-                # Check if organization was added via H1 Bookmark Sync
-                if(org_to_delete.description == 'Added via H1 Bookmark Sync'):
-                    for domain in org_to_delete.get_domains():
-                        domain.delete()
-                    org_to_delete.delete()
-                    logger.info(f'Deleted organization: {handle}')
-            except Exception as e:
-                logger.error(f"Error deleting organization {handle}: {e}")
-
-        # Process bookmarked programs and create domains
-        for program in bookmarked_programs:
-
-            if program['attributes']['handle'] not in current_handles:
-                domains = []
-
-                for scope in program["scopes"]:
-                    domain_name = None
-                    description = ''
-                    ip_address_cidr = None
-
-                    if scope["asset_type"] == "WILDCARD":
-                        domain_name = scope["asset_identifier"].replace('*.', '')
-                    elif scope["asset_type"] == "DOMAIN":
-                        domain_name = scope["asset_identifier"]
-                    elif scope["asset_type"] in ["IP_ADDRESS", "CIDR"]:
-                        domain_name = scope["asset_identifier"]
-                        ip_address_cidr = scope["asset_identifier"]
-                    elif scope["asset_type"] == "URL":
-                        parsed_url = urlparse(scope["asset_identifier"])
-                        domain_name = parsed_url.netloc
-
-                    if domain_name:
-                        try:
-                            domain, created = Domain.objects.get_or_create(
-                                name=domain_name,
-                                description=description,
-                                h1_team_handle=program['attributes']['handle'],
-                                project=project,
-                                ip_address_cidr=ip_address_cidr
-                            )
-                            domain.insert_date = timezone.now()
-                            domain.save()
-                            
-                            domains.append(domain)
-                        except Exception as e:
-                            logger.error(f"Error creating/updating domain {domain_name}: {e}")
-
-                try:
-                    organization, created = Organization.objects.get_or_create(
-                        name=program['attributes']['handle'],
-                        project=project,
-                        defaults={'description': 'Added via H1 Bookmark Sync', 'insert_date': timezone.now()}
-                    )
-                    
-                    if not created:
-                        organization.insert_date = timezone.now()
-                    
-                    for domain in domains:
-                        organization.domains.add(domain)
-
-                    organization.save()
-                    logger.info(f"Added organization: program['attributes']['handle']")
-                except Exception as e:
-                    logger.error(f"Error creating/updating organization {program['attributes']['handle']}: {e}")
-
-        logger.info('Completed HackerOne Bookmark Sync')
-    except Exception as e:
-        logger.error(f"Error in sync_h1_bookmarked task: {e}")
\ No newline at end of file
diff --git a/web/targetApp/templates/organization/list.html b/web/targetApp/templates/organization/list.html
index a7edd761a..c301a0d81 100644
--- a/web/targetApp/templates/organization/list.html
+++ b/web/targetApp/templates/organization/list.html
@@ -28,7 +28,7 @@
           </div>
           <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
             {% if user|can:'modify_targets' %}
-            <a class="btn btn-soft-primary float-end ms-1" href="{% url 'sync_organization' current_project.slug %}" data-toggle="tooltip" data-placement="top" title="Sync Organization">Sync Organizations</a>
+            {% comment %} <a class="btn btn-soft-primary float-end ms-1" href="{% url 'sync_organization' current_project.slug %}" data-toggle="tooltip" data-placement="top" title="Sync Organization">Sync Organizations</a> {% endcomment %}
             <a class="btn btn-soft-primary float-end ms-1" href="{% url 'add_organization' current_project.slug %}" data-toggle="tooltip" data-placement="top" title="Add Organization">Add New Organization</a>
             {% endif %}
           </div>
@@ -71,10 +71,10 @@
                       <a class="dropdown-item" href="{% url 'schedule_organization_scan' current_project.slug organization.id %}"><i class="fe-clock"></i>&nbsp;&nbsp;Schedule Scan</a>
                     {% endif %}
                     {% if user|can:'modify_targets' %}
-                      <a class="dropdown-item" href="/target/{{current_project.slug}}/update/organization/{{organization.id}}"><i class="fe-edit-2"></i>&nbsp;&nbsp;Edit Target</a>
+                      <a class="dropdown-item" href="/target/{{current_project.slug}}/update/organization/{{organization.id}}"><i class="fe-edit-2"></i>&nbsp;&nbsp;Edit Organization</a>
                     {% endif %}
                     {% if user|can:'modify_targets' %}
-                    <a class="dropdown-item text-danger" href="#" onclick="delete_organization({{ organization.id }})"><i class="fe-trash-2"></i>&nbsp;&nbsp;Delete target</a>
+                    <a class="dropdown-item text-danger" href="#" onclick="delete_organization({{ organization.id }})"><i class="fe-trash-2"></i>&nbsp;&nbsp;Delete Organization</a>
                     {% endif %}
                   </div>
                 <div>
diff --git a/web/targetApp/urls.py b/web/targetApp/urls.py
index d0e2d8a91..5d7f64142 100644
--- a/web/targetApp/urls.py
+++ b/web/targetApp/urls.py
@@ -31,10 +31,6 @@
         '<slug:slug>/list/organization',
         views.list_organization,
         name='list_organization'),
-    path(
-        '<slug:slug>/sync/organization',
-        views.sync_organization,
-        name='sync_organization'),
     path(
         'delete/target/<int:id>',
         views.delete_target,
diff --git a/web/targetApp/views.py b/web/targetApp/views.py
index df05e6e2e..24265faf6 100644
--- a/web/targetApp/views.py
+++ b/web/targetApp/views.py
@@ -1,6 +1,5 @@
 import csv
 import io
-import ipaddress
 import logging
 import validators
 
@@ -17,7 +16,7 @@
 from rolepermissions.decorators import has_permission_decorator
 
 from reNgine.common_func import *
-from reNgine.tasks import run_command, sanitize_url, sync_h1_bookmarked
+from reNgine.tasks import run_command, sanitize_url
 from scanEngine.models import *
 from startScan.models import *
 from targetApp.forms import *
@@ -542,12 +541,6 @@ def list_organization(request, slug):
     }
     return render(request, 'organization/list.html', context)
 
-def sync_organization(request, slug):
-    # Start the celery task
-    sync_h1_bookmarked.apply_async()
-    
-    return http.HttpResponseRedirect(reverse('list_organization', kwargs={'slug': slug}))
-
 
 @has_permission_decorator(PERM_MODIFY_TARGETS, redirect_url=FOUR_OH_FOUR_URL)
 def delete_organization(request, id):
@@ -608,20 +601,3 @@ def update_organization(request, slug, id):
     }
     return render(request, 'organization/update.html', context)
 
-def get_ip_info(ip_address):
-    is_ipv4 = bool(validators.ipv4(ip_address))
-    is_ipv6 = bool(validators.ipv6(ip_address))
-    ip_data = None
-    if is_ipv4:
-        ip_data = ipaddress.IPv4Address(ip_address)
-    elif is_ipv6:
-        ip_data = ipaddress.IPv6Address(ip_address)
-    else:
-        return None
-    return ip_data
-
-def get_ips_from_cidr_range(target):
-    try:
-        return [str(ip) for ip in ipaddress.IPv4Network(target, False)]
-    except Exception as e:
-        logger.error(f'{target} is not a valid CIDR range. Skipping.')
diff --git a/web/templates/base/_items/top_nav.html b/web/templates/base/_items/top_nav.html
index 8e65e16fa..fe5b1f362 100644
--- a/web/templates/base/_items/top_nav.html
+++ b/web/templates/base/_items/top_nav.html
@@ -79,8 +79,8 @@
                   HackerOne
                 </a>
                 <ul class="dropdown-menu" aria-labelledby="hackerOneDropdown">
-                  <li><a class="dropdown-item" href="#">
-                    <i class="fe-download me-1"></i> Import Programs
+                  <li><a class="dropdown-item" href="{% url 'list_bountyhub_programs' current_project.slug %}">
+                    <i class="fe-life-buoy me-1"></i> Programs Dashboard
                   </a></li>
                   <li><a class="dropdown-item" href="#">
                     <i class="fe-refresh-cw me-1"></i> Sync Bookmarked Programs

From 81a7d3c9d9cbf8fd186f18c324df72cb05f2155d Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 4 Sep 2024 21:00:42 +0530
Subject: [PATCH 179/211] fix organization import

---
 web/reNgine/database_utils.py | 55 ++++++++++++++++++-----------------
 1 file changed, 29 insertions(+), 26 deletions(-)

diff --git a/web/reNgine/database_utils.py b/web/reNgine/database_utils.py
index 148daabbc..8ea812cfa 100644
--- a/web/reNgine/database_utils.py
+++ b/web/reNgine/database_utils.py
@@ -118,16 +118,17 @@ def store_domain(domain_name, project, description, h1_team_handle):
 
 	logger.info(f'Added new domain {new_domain.name}')
 
+	return new_domain
+
 def store_url(url, project, description, h1_team_handle):
 	parsed_url = urlparse(url)
 	http_url = parsed_url.geturl()
 	domain_name = parsed_url.netloc
 
-	existing_domain = Domain.objects.filter(name=domain_name).first()
+	domain = Domain.objects.filter(name=domain_name).first()
 
-	if existing_domain:
+	if domain:
 		logger.info(f'Domain {domain_name} already exists. skipping...')
-		domain = existing_domain
 
 	else:
 		domain = Domain.objects.create(
@@ -144,29 +145,31 @@ def store_url(url, project, description, h1_team_handle):
 		http_url=sanitize_url(http_url)
 	)
 
+	return domain
+
 def store_ip(ip_address, project, description, h1_team_handle):
-	domain, created = Domain.objects.get_or_create(
-		name=ip_address,
-		defaults={
-			'description': description,
-			'h1_team_handle': h1_team_handle,
-			'project': project,
-			'insert_date': timezone.now(),
-			'ip_address_cidr': ip_address
-		}
-	)
-	if created:
-		logger.info(f'Added new IP domain {domain.name}')
-	elif description:
-		domain.description = description
-		domain.save()
+
+	domain = Domain.objects.filter(name=ip_address).first()
+	
+	if domain:
+		logger.info(f'Domain {ip_address} already exists. skipping...')
+	else:
+		domain = Domain.objects.create(
+			name=ip_address,
+			description=description,
+			h1_team_handle=h1_team_handle,
+			project=project,
+			insert_date=timezone.now(),
+			ip_address_cidr=ip_address
+		)
+		logger.info(f'Added new domain {domain.name}')
 	
 	ip_data = get_ip_info(ip_address)
-	ip, _ = IpAddress.objects.get_or_create(
-		address=ip_address,
-		defaults={
-			'reverse_pointer': ip_data.reverse_pointer,
-			'is_private': ip_data.is_private,
-			'version': ip_data.version
-		}
-	)
\ No newline at end of file
+	ip_data = get_ip_info(ip_address)
+	ip, created = IpAddress.objects.get_or_create(address=ip_address)
+	ip.reverse_pointer = ip_data.reverse_pointer
+	ip.is_private = ip_data.is_private
+	ip.version = ip_data.version
+	ip.save()
+
+	return domain
\ No newline at end of file

From f115029b70b7c9c313934e5b3df9e9b09208e500 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Wed, 4 Sep 2024 21:17:10 +0530
Subject: [PATCH 180/211] remove debug code

---
 web/api/shared_api_tasks.py | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/web/api/shared_api_tasks.py b/web/api/shared_api_tasks.py
index 418097114..d07234543 100644
--- a/web/api/shared_api_tasks.py
+++ b/web/api/shared_api_tasks.py
@@ -61,9 +61,6 @@ def fetch_program_details_from_hackerone(program_handle):
 
 				# convert assets to list of dict with name and description
 				assets = [{'name': asset, 'description': None} for asset in assets]
-				print('0'*100)
-				print(assets)
-				print('0'*100)
 				bulk_import_targets(
 					targets=assets,
 					project_slug=project_slug,

From 8231a7dec4bd0272286db6700d267d9d4e8eba67 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Thu, 5 Sep 2024 06:17:59 +0530
Subject: [PATCH 181/211] Added sync program endpoint

---
 web/api/shared_api_tasks.py            | 76 +++++++++++++++++++++++++-
 web/api/views.py                       | 23 +++++++-
 web/static/custom/custom.js            | 54 ++++++++++++++++++
 web/templates/base/_items/top_nav.html |  2 +-
 4 files changed, 152 insertions(+), 3 deletions(-)

diff --git a/web/api/shared_api_tasks.py b/web/api/shared_api_tasks.py
index d07234543..ccd8b3d18 100644
--- a/web/api/shared_api_tasks.py
+++ b/web/api/shared_api_tasks.py
@@ -104,4 +104,78 @@ def fetch_program_details_from_hackerone(program_handle):
 		project_slug=project_slug,
 		icon="mdi-check-all",
 		status='success'
-	)
\ No newline at end of file
+	)
+
+
+@app.task(name='sync_bookmarked_programs_task', bind=False, queue='api_queue')
+def sync_bookmarked_programs_task(project_slug):
+	"""
+		Runs in the background to sync bookmarked programs from HackerOne
+
+		Args:
+			project_slug (str): Slug of the project
+		Returns:
+			None
+			Creates in-app notifications for progress and results
+	"""
+
+	def fetch_bookmarked_programs():
+		url = f'https://api.hackerone.com/v1/hackers/programs?&page[size]=100'
+		headers = {'Accept': 'application/json'}
+		bookmarked_programs = []
+		username, api_key = get_hackerone_key_username()
+
+		while url:
+			response = requests.get(
+				url,
+				headers=headers,
+				auth=(username, api_key)
+			)
+
+			if response.status_code != 200:
+				raise Exception(f"HackerOne API request failed with status code {response.status_code}")
+
+			data = response.json()
+			programs = data['data']
+			bookmarked = [p for p in programs if p['attributes']['bookmarked']]
+			bookmarked_programs.extend(bookmarked)
+			
+			url = data['links'].get('next')
+
+		return bookmarked_programs
+
+	try:
+		bookmarked_programs = fetch_bookmarked_programs()
+		handles = [program['attributes']['handle'] for program in bookmarked_programs]
+
+		if not handles:
+			create_inappnotification(
+				title="HackerOne Bookmarked Programs Sync Completed",
+				description="No bookmarked programs found.",
+				notification_type=PROJECT_LEVEL_NOTIFICATION,
+				project_slug=project_slug,
+				icon="mdi-information",
+				status='info'
+			)
+			return
+
+		import_hackerone_programs_task.delay(handles, project_slug)
+
+		create_inappnotification(
+			title="HackerOne Bookmarked Programs Sync Progress",
+			description=f"Found {len(handles)} bookmarked program(s). Starting import process.",
+			notification_type=PROJECT_LEVEL_NOTIFICATION,
+			project_slug=project_slug,
+			icon="mdi-progress-check",
+			status='info'
+		)
+
+	except Exception as e:
+		create_inappnotification(
+			title="HackerOne Bookmarked Programs Sync Failed",
+			description=f"Failed to sync bookmarked programs: {str(e)}",
+			notification_type=PROJECT_LEVEL_NOTIFICATION,
+			project_slug=project_slug,
+			icon="mdi-alert-circle",
+			status='error'
+		)
diff --git a/web/api/views.py b/web/api/views.py
index 38e0d561e..4fd27fd0a 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -30,7 +30,7 @@
 from startScan.models import *
 from startScan.models import EndPoint
 from targetApp.models import *
-from api.shared_api_tasks import import_hackerone_programs_task
+from api.shared_api_tasks import import_hackerone_programs_task, sync_bookmarked_programs_task
 
 from .serializers import *
 
@@ -174,6 +174,8 @@ def fetch_program_details_from_hackerone(self, program_handle):
 	@action(detail=False, methods=['post'])
 	def import_programs(self, request):
 		project_slug = request.query_params.get('project_slug')
+		if not project_slug:
+			return Response({"error": "Project slug is required"}, status=HTTP_400_BAD_REQUEST)
 		handles = request.data.get('handles', [])
 
 		if not handles:
@@ -191,6 +193,25 @@ def import_programs(self, request):
 		)
 
 		return Response({"message": f"Import process for {len(handles)} program(s) has begun."}, status=HTTP_202_ACCEPTED)
+	
+	@action(detail=False, methods=['get'])
+	def sync_bookmarked(self, request):
+		project_slug = request.query_params.get('project_slug')
+		if not project_slug:
+			return Response({"error": "Project slug is required"}, status=HTTP_400_BAD_REQUEST)
+
+		sync_bookmarked_programs_task.delay(project_slug)
+
+		create_inappnotification(
+			title="HackerOne Bookmarked Programs Sync Started",
+			description="Sync process for bookmarked programs has begun.",
+			notification_type=PROJECT_LEVEL_NOTIFICATION,
+			project_slug=project_slug,
+			icon="mdi-sync",
+			status='info'
+		)
+
+		return Response({"message": "Sync process for bookmarked programs has begun."}, status=HTTP_202_ACCEPTED)
 
 
 class InAppNotificationManagerViewSet(viewsets.ModelViewSet):
diff --git a/web/static/custom/custom.js b/web/static/custom/custom.js
index 795deb82c..233e5201c 100644
--- a/web/static/custom/custom.js
+++ b/web/static/custom/custom.js
@@ -3474,4 +3474,58 @@ async function test_hackerone() {
 			icon: 'error'
 		});
 	}
+}
+
+function handleSyncBookmarkedProgramsSwal() {
+	Swal.fire({
+		title: 'Sync Bookmarked Programs',
+		html: `
+			<p>Are you sure you want to sync your bookmarked HackerOne programs?</p>
+			<p class="text-muted">This process will run in the background and may take some time.</p>
+		`,
+		icon: 'question',
+		showCancelButton: true,
+		confirmButtonText: 'Yes, start sync',
+		cancelButtonText: 'Cancel',
+		confirmButtonColor: '#3085d6',
+		cancelButtonColor: '#d33',
+	}).then((result) => {
+		if (result.isConfirmed) {
+			const currentProjectSlug = document.body.getAttribute('data-current-project');
+			fetch(`/api/hackerone-programs/sync_bookmarked?project_slug=${currentProjectSlug}`, {
+				method: 'GET',
+				headers: {
+					'Content-Type': 'application/json',
+					'X-CSRFToken': getCookie("csrftoken")
+				},
+			})
+			.then(response => {
+				if (!response.ok) {
+					throw new Error('Network response was not ok');
+				}
+				return response.json();
+			})
+			.then(() => {
+				Swal.fire({
+					title: 'Sync Process Initiated',
+					html: `
+						<p>The sync process for your bookmarked HackerOne programs has begun.</p>
+						<p>You will receive notifications about the progress and completion of the sync process.</p>
+					`,
+					icon: 'info',
+					confirmButtonText: 'Got it',
+					confirmButtonColor: '#3085d6',
+				});
+			})
+			.catch((error) => {
+				Swal.fire({
+					title: 'Sync Process Initiation Failed',
+					text: `There was an error starting the sync process: ${error.message}`,
+					icon: 'error',
+					confirmButtonText: 'OK',
+					confirmButtonColor: '#3085d6',
+				});
+			});
+		}
+	});
 }
\ No newline at end of file
diff --git a/web/templates/base/_items/top_nav.html b/web/templates/base/_items/top_nav.html
index fe5b1f362..2c58bbc5e 100644
--- a/web/templates/base/_items/top_nav.html
+++ b/web/templates/base/_items/top_nav.html
@@ -82,7 +82,7 @@
                   <li><a class="dropdown-item" href="{% url 'list_bountyhub_programs' current_project.slug %}">
                     <i class="fe-life-buoy me-1"></i> Programs Dashboard
                   </a></li>
-                  <li><a class="dropdown-item" href="#">
+                  <li><a class="dropdown-item" href="#" onclick="handleSyncBookmarkedProgramsSwal()">
                     <i class="fe-refresh-cw me-1"></i> Sync Bookmarked Programs
                   </a></li>
                 </ul>

From e237b0028b02281ed9f228acfdd7e096482f3608 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Thu, 5 Sep 2024 06:35:43 +0530
Subject: [PATCH 182/211] fix sync process and apt notification message

---
 web/api/shared_api_tasks.py   | 37 ++++++++++++++++++++++-------------
 web/reNgine/database_utils.py |  4 ++++
 2 files changed, 27 insertions(+), 14 deletions(-)

diff --git a/web/api/shared_api_tasks.py b/web/api/shared_api_tasks.py
index ccd8b3d18..04876e8db 100644
--- a/web/api/shared_api_tasks.py
+++ b/web/api/shared_api_tasks.py
@@ -7,13 +7,14 @@
 from reNgine.database_utils import bulk_import_targets
 
 @app.task(name='import_hackerone_programs_task', bind=False, queue='api_queue')
-def import_hackerone_programs_task(handles, project_slug):
+def import_hackerone_programs_task(handles, project_slug, is_sync = False):
 	"""
 	Runs in the background to import programs from HackerOne
 
 	Args:
 		handles (list): List of handles to import
 		project_slug (str): Slug of the project
+		is_sync (bool): If the import is a sync operation
 	Returns:
 		None
 		rather creates inapp notifications
@@ -61,22 +62,23 @@ def fetch_program_details_from_hackerone(program_handle):
 
 				# convert assets to list of dict with name and description
 				assets = [{'name': asset, 'description': None} for asset in assets]
-				bulk_import_targets(
+				new_targets_added = bulk_import_targets(
 					targets=assets,
 					project_slug=project_slug,
 					organization_name=program_name,
 					org_description=None,
 					h1_team_handle=handle
 				)
-			
-				create_inappnotification(
-					title=f"HackerOne Program Imported: {handle}",
-					description=f"The program '{program_name}' from hackerone has been successfully imported.",
-					notification_type=PROJECT_LEVEL_NOTIFICATION,
-					project_slug=project_slug,
-					icon="mdi-check-circle",
-					status='success'
-				)
+
+				if new_targets_added:
+					create_inappnotification(
+						title=f"HackerOne Program Imported: {handle}",
+						description=f"The program '{program_name}' from hackerone has been successfully imported.",
+						notification_type=PROJECT_LEVEL_NOTIFICATION,
+						project_slug=project_slug,
+						icon="mdi-check-circle",
+						status='success'
+					)
 
 			except Exception as e:
 				create_inappnotification(
@@ -97,9 +99,16 @@ def fetch_program_details_from_hackerone(program_handle):
 				status='error'
 			)
 
+	if is_sync:
+		title = "HackerOne Program Sync Completed"
+		description = f"Sync process for {len(handles)} program(s) has completed."
+	else:
+		title = "HackerOne Program Import Completed"
+		description = f"Import process for {len(handles)} program(s) has completed."
+
 	create_inappnotification(
-		title="HackerOne Program Import Completed",
-		description=f"Import process for {len(handles)} program(s) has completed.",
+		title=title,
+		description=description,
 		notification_type=PROJECT_LEVEL_NOTIFICATION,
 		project_slug=project_slug,
 		icon="mdi-check-all",
@@ -159,7 +168,7 @@ def fetch_bookmarked_programs():
 			)
 			return
 
-		import_hackerone_programs_task.delay(handles, project_slug)
+		import_hackerone_programs_task.delay(handles, project_slug, is_sync=True)
 
 		create_inappnotification(
 			title="HackerOne Bookmarked Programs Sync Progress",
diff --git a/web/reNgine/database_utils.py b/web/reNgine/database_utils.py
index 8ea812cfa..48cdabfcc 100644
--- a/web/reNgine/database_utils.py
+++ b/web/reNgine/database_utils.py
@@ -31,6 +31,7 @@ def bulk_import_targets(
 			org_description (str): description of the organization
 			h1_team_handle (str): hackerone team handle (if imported from hackerone)
 	"""
+	new_targets_imported = False
 	project = Project.objects.get(slug=project_slug)
 
 	all_targets = []
@@ -61,6 +62,7 @@ def bulk_import_targets(
 
 		if target_obj:
 			all_targets.append(target_obj)
+			new_targets_imported = True
 
 		if organization_name and all_targets:
 			org_name = organization_name.strip()
@@ -87,6 +89,8 @@ def bulk_import_targets(
 
 			logger.info(f"{'Created' if created else 'Updated'} organization {org_name} with {len(all_targets)} targets")
 
+	return new_targets_imported
+
 
 
 def remove_wildcard(input_string):

From 459ef1ab5ac27a28ed93df32b2632fbc7ea51167 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Thu, 5 Sep 2024 07:07:53 +0530
Subject: [PATCH 183/211] fix errors when api keys are not set

---
 web/api/shared_api_tasks.py    |  14 ++-
 web/api/views.py               | 216 ++++++++++++++++++++-------------
 web/dashboard/admin.py         |   1 +
 web/static/custom/bountyhub.js |  54 +++++----
 4 files changed, 176 insertions(+), 109 deletions(-)

diff --git a/web/api/shared_api_tasks.py b/web/api/shared_api_tasks.py
index 04876e8db..1d17f25a7 100644
--- a/web/api/shared_api_tasks.py
+++ b/web/api/shared_api_tasks.py
@@ -22,7 +22,12 @@ def import_hackerone_programs_task(handles, project_slug, is_sync = False):
 	def fetch_program_details_from_hackerone(program_handle):
 		url = f'https://api.hackerone.com/v1/hackers/programs/{program_handle}'
 		headers = {'Accept': 'application/json'}
-		username, api_key = get_hackerone_key_username()
+		creds = get_hackerone_key_username()
+
+		if not creds:
+			raise Exception("HackerOne API credentials not configured")
+		
+		username, api_key = creds
 
 		response = requests.get(
 			url,
@@ -132,7 +137,12 @@ def fetch_bookmarked_programs():
 		url = f'https://api.hackerone.com/v1/hackers/programs?&page[size]=100'
 		headers = {'Accept': 'application/json'}
 		bookmarked_programs = []
-		username, api_key = get_hackerone_key_username()
+		
+		credentials = get_hackerone_key_username()
+		if not credentials:
+			raise Exception("HackerOne API credentials not configured")
+		
+		username, api_key = credentials
 
 		while url:
 			response = requests.get(
diff --git a/web/api/views.py b/web/api/views.py
index 4fd27fd0a..7efe0b595 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -37,6 +37,15 @@
 logger = logging.getLogger(__name__)
 
 
+from rest_framework import viewsets, status
+from rest_framework.decorators import action
+from rest_framework.response import Response
+from django.core.cache import cache
+from django.core.exceptions import ObjectDoesNotExist
+from datetime import datetime
+import requests
+
+
 class HackerOneProgramViewSet(viewsets.ViewSet):
 	"""
 		This class manages the HackerOne Program model, 
@@ -51,25 +60,28 @@ class HackerOneProgramViewSet(viewsets.ViewSet):
 	ALLOWED_ASSET_TYPES = ["WILDCARD", "DOMAIN", "IP_ADDRESS", "CIDR", "URL"]
 
 	def list(self, request):
-		sort_by = request.query_params.get('sort_by', 'age')
-		sort_order = request.query_params.get('sort_order', 'desc')  # Changed default to 'desc'
-
-		programs = self.get_cached_programs()
-
-		if sort_by == 'name':
-			programs = sorted(programs, key=lambda x: x['attributes']['name'].lower(), 
-					reverse=(sort_order.lower() == 'desc'))
-		elif sort_by == 'reports':
-			programs = sorted(programs, key=lambda x: x['attributes'].get('number_of_reports_for_user', 0), 
-					reverse=(sort_order.lower() == 'desc'))
-		elif sort_by == 'age':
-			programs = sorted(programs, 
-				key=lambda x: datetime.strptime(x['attributes'].get('started_accepting_at', '1970-01-01T00:00:00.000Z'), '%Y-%m-%dT%H:%M:%S.%fZ'), 
-				reverse=(sort_order.lower() == 'desc')
-			)
+		try:
+			sort_by = request.query_params.get('sort_by', 'age')
+			sort_order = request.query_params.get('sort_order', 'desc')
+
+			programs = self.get_cached_programs()
+
+			if sort_by == 'name':
+				programs = sorted(programs, key=lambda x: x['attributes']['name'].lower(), 
+						reverse=(sort_order.lower() == 'desc'))
+			elif sort_by == 'reports':
+				programs = sorted(programs, key=lambda x: x['attributes'].get('number_of_reports_for_user', 0), 
+						reverse=(sort_order.lower() == 'desc'))
+			elif sort_by == 'age':
+				programs = sorted(programs, 
+					key=lambda x: datetime.strptime(x['attributes'].get('started_accepting_at', '1970-01-01T00:00:00.000Z'), '%Y-%m-%dT%H:%M:%S.%fZ'), 
+					reverse=(sort_order.lower() == 'desc')
+				)
 
-		serializer = HackerOneProgramSerializer(programs, many=True)
-		return Response(serializer.data)
+			serializer = HackerOneProgramSerializer(programs, many=True)
+			return Response(serializer.data)
+		except Exception as e:
+			return self.handle_exception(e)
 	
 	def get_api_credentials(self):
 		try:
@@ -82,18 +94,24 @@ def get_api_credentials(self):
 
 	@action(detail=False, methods=['get'])
 	def bookmarked_programs(self, request):
-		# do not cache bookmarked programs due to the user specific nature
-		programs = self.fetch_programs_from_hackerone()
-		bookmarked = [p for p in programs if p['attributes']['bookmarked']]
-		serializer = HackerOneProgramSerializer(bookmarked, many=True)
-		return Response(serializer.data)
+		try:
+			# do not cache bookmarked programs due to the user specific nature
+			programs = self.fetch_programs_from_hackerone()
+			bookmarked = [p for p in programs if p['attributes']['bookmarked']]
+			serializer = HackerOneProgramSerializer(bookmarked, many=True)
+			return Response(serializer.data)
+		except Exception as e:
+			return self.handle_exception(e)
 	
 	@action(detail=False, methods=['get'])
 	def bounty_programs(self, request):
-		programs = self.get_cached_programs()
-		bounty_programs = [p for p in programs if p['attributes']['offers_bounties']]
-		serializer = HackerOneProgramSerializer(bounty_programs, many=True)
-		return Response(serializer.data)
+		try:
+			programs = self.get_cached_programs()
+			bounty_programs = [p for p in programs if p['attributes']['offers_bounties']]
+			serializer = HackerOneProgramSerializer(bounty_programs, many=True)
+			return Response(serializer.data)
+		except Exception as e:
+			return self.handle_exception(e)
 
 	def get_cached_programs(self):
 		programs = cache.get(self.CACHE_KEY)
@@ -106,7 +124,10 @@ def fetch_programs_from_hackerone(self):
 		url = f'{self.API_BASE}/programs?page[size]=100'
 		headers = {'Accept': 'application/json'}
 		all_programs = []
-		username, api_key = self.get_api_credentials()
+		try:
+			username, api_key = self.get_api_credentials()
+		except Exception as e:
+			raise Exception("API credentials error: " + str(e))
 
 		while url:
 			response = requests.get(
@@ -115,7 +136,9 @@ def fetch_programs_from_hackerone(self):
 				auth=(username, api_key)
 			)
 
-			if response.status_code != 200:
+			if response.status_code == 401:
+				raise Exception("Invalid API credentials")
+			elif response.status_code != 200:
 				raise Exception(f"HackerOne API request failed with status code {response.status_code}")
 
 			data = response.json()
@@ -127,38 +150,46 @@ def fetch_programs_from_hackerone(self):
 
 	@action(detail=False, methods=['post'])
 	def refresh_cache(self, request):
-		programs = self.fetch_programs_from_hackerone()
-		cache.set(self.CACHE_KEY, programs, self.CACHE_TIMEOUT)
-		return Response({"status": "Cache refreshed successfully"})
+		try:
+			programs = self.fetch_programs_from_hackerone()
+			cache.set(self.CACHE_KEY, programs, self.CACHE_TIMEOUT)
+			return Response({"status": "Cache refreshed successfully"})
+		except Exception as e:
+			return self.handle_exception(e)
 	
 	@action(detail=True, methods=['get'])
 	def program_details(self, request, pk=None):
-		program_handle = pk
-		cache_key = self.PROGRAM_CACHE_KEY.format(program_handle)
-		program_details = cache.get(cache_key)
+		try:
+			program_handle = pk
+			cache_key = self.PROGRAM_CACHE_KEY.format(program_handle)
+			program_details = cache.get(cache_key)
 
-		if program_details is None:
-			program_details = self.fetch_program_details_from_hackerone(program_handle)
-			if program_details:
-				cache.set(cache_key, program_details, self.CACHE_TIMEOUT)
+			if program_details is None:
+				program_details = self.fetch_program_details_from_hackerone(program_handle)
+				if program_details:
+					cache.set(cache_key, program_details, self.CACHE_TIMEOUT)
 
-		if program_details:
-			filtered_scopes = [
-				scope for scope in program_details.get('relationships', {}).get('structured_scopes', {}).get('data', [])
-				if scope.get('attributes', {}).get('asset_type') in self.ALLOWED_ASSET_TYPES
-			]
+			if program_details:
+				filtered_scopes = [
+					scope for scope in program_details.get('relationships', {}).get('structured_scopes', {}).get('data', [])
+					if scope.get('attributes', {}).get('asset_type') in self.ALLOWED_ASSET_TYPES
+				]
 
-			program_details['relationships']['structured_scopes']['data'] = filtered_scopes
+				program_details['relationships']['structured_scopes']['data'] = filtered_scopes
 
-			return Response(program_details)
-		else:
-			return Response({"error": "Program not found"}, status=404)
-		
+				return Response(program_details)
+			else:
+				return Response({"error": "Program not found"}, status=status.HTTP_404_NOT_FOUND)
+		except Exception as e:
+			return self.handle_exception(e)
 
 	def fetch_program_details_from_hackerone(self, program_handle):
 		url = f'{self.API_BASE}/programs/{program_handle}'
 		headers = {'Accept': 'application/json'}
-		username, api_key = self.get_api_credentials()
+		try:
+			username, api_key = self.get_api_credentials()
+		except Exception as e:
+			raise Exception("API credentials error: " + str(e))
 
 		response = requests.get(
 			url,
@@ -166,53 +197,68 @@ def fetch_program_details_from_hackerone(self, program_handle):
 			auth=(username, api_key)
 		)
 
-		if response.status_code == 200:
+		if response.status_code == 401:
+			raise Exception("Invalid API credentials")
+		elif response.status_code == 200:
 			return response.json()
 		else:
 			return None
 		
 	@action(detail=False, methods=['post'])
 	def import_programs(self, request):
-		project_slug = request.query_params.get('project_slug')
-		if not project_slug:
-			return Response({"error": "Project slug is required"}, status=HTTP_400_BAD_REQUEST)
-		handles = request.data.get('handles', [])
-
-		if not handles:
-			return Response({"error": "No program handles provided"}, status=HTTP_400_BAD_REQUEST)
-
-		import_hackerone_programs_task.delay(handles, project_slug)
-
-		create_inappnotification(
-			title="HackerOne Program Import Started",
-			description=f"Import process for {len(handles)} program(s) has begun.",
-			notification_type=PROJECT_LEVEL_NOTIFICATION,
-			project_slug=project_slug,
-			icon="mdi-download",
-			status='info'
-		)
+		try:
+			project_slug = request.query_params.get('project_slug')
+			if not project_slug:
+				return Response({"error": "Project slug is required"}, status=status.HTTP_400_BAD_REQUEST)
+			handles = request.data.get('handles', [])
+
+			if not handles:
+				return Response({"error": "No program handles provided"}, status=status.HTTP_400_BAD_REQUEST)
+
+			import_hackerone_programs_task.delay(handles, project_slug)
+
+			create_inappnotification(
+				title="HackerOne Program Import Started",
+				description=f"Import process for {len(handles)} program(s) has begun.",
+				notification_type=PROJECT_LEVEL_NOTIFICATION,
+				project_slug=project_slug,
+				icon="mdi-download",
+				status='info'
+			)
 
-		return Response({"message": f"Import process for {len(handles)} program(s) has begun."}, status=HTTP_202_ACCEPTED)
+			return Response({"message": f"Import process for {len(handles)} program(s) has begun."}, status=status.HTTP_202_ACCEPTED)
+		except Exception as e:
+			return self.handle_exception(e)
 	
 	@action(detail=False, methods=['get'])
 	def sync_bookmarked(self, request):
-		project_slug = request.query_params.get('project_slug')
-		if not project_slug:
-			return Response({"error": "Project slug is required"}, status=HTTP_400_BAD_REQUEST)
-
-		sync_bookmarked_programs_task.delay(project_slug)
-
-		create_inappnotification(
-			title="HackerOne Bookmarked Programs Sync Started",
-			description="Sync process for bookmarked programs has begun.",
-			notification_type=PROJECT_LEVEL_NOTIFICATION,
-			project_slug=project_slug,
-			icon="mdi-sync",
-			status='info'
-		)
+		try:
+			project_slug = request.query_params.get('project_slug')
+			if not project_slug:
+				return Response({"error": "Project slug is required"}, status=status.HTTP_400_BAD_REQUEST)
+
+			sync_bookmarked_programs_task.delay(project_slug)
+
+			create_inappnotification(
+				title="HackerOne Bookmarked Programs Sync Started",
+				description="Sync process for bookmarked programs has begun.",
+				notification_type=PROJECT_LEVEL_NOTIFICATION,
+				project_slug=project_slug,
+				icon="mdi-sync",
+				status='info'
+			)
 
-		return Response({"message": "Sync process for bookmarked programs has begun."}, status=HTTP_202_ACCEPTED)
+			return Response({"message": "Sync process for bookmarked programs has begun."}, status=status.HTTP_202_ACCEPTED)
+		except Exception as e:
+			return self.handle_exception(e)
 
+	def handle_exception(self, exc):
+		if isinstance(exc, ObjectDoesNotExist):
+			return Response({"error": "HackerOne API credentials not configured"}, status=status.HTTP_503_SERVICE_UNAVAILABLE)
+		elif str(exc) == "Invalid API credentials":
+			return Response({"error": "Invalid HackerOne API credentials"}, status=status.HTTP_401_UNAUTHORIZED)
+		else:
+			return Response({"error": str(exc)}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
 
 class InAppNotificationManagerViewSet(viewsets.ModelViewSet):
 	"""
diff --git a/web/dashboard/admin.py b/web/dashboard/admin.py
index 19aa70806..d7e513525 100644
--- a/web/dashboard/admin.py
+++ b/web/dashboard/admin.py
@@ -6,4 +6,5 @@
 admin.site.register(OpenAiAPIKey)
 admin.site.register(NetlasAPIKey)
 admin.site.register(ChaosAPIKey)
+admin.site.register(HackerOneAPIKey)
 admin.site.register(InAppNotification)
\ No newline at end of file
diff --git a/web/static/custom/bountyhub.js b/web/static/custom/bountyhub.js
index d11fa719a..6cc7985e2 100644
--- a/web/static/custom/bountyhub.js
+++ b/web/static/custom/bountyhub.js
@@ -28,16 +28,16 @@ document.addEventListener('DOMContentLoaded', function() {
         } else {
             showLoadingIndicator("Loading HackerOne Programs");
         }
-
+    
         let api_url = isBookmarkedRequest ? '/api/hackerone-programs/bookmarked_programs/' : '/api/hackerone-programs/';
-
+    
         const sortParams = updateSortingParams();
         const queryParams = new URLSearchParams(sortParams).toString();
-
+    
         if (queryParams) {
             api_url += '?' + queryParams;
         }
-
+    
         try {
             const response = await fetch(api_url, {
                 method: "GET",
@@ -46,17 +46,23 @@ document.addEventListener('DOMContentLoaded', function() {
                     "X-CSRFToken": getCookie("csrftoken"),
                 },
             });
-
+    
             if (!response.ok) {
-                throw new Error('Network response was not ok');
+                const errorData = await response.json();
+                throw new Error(errorData.error || 'An error occurred while fetching the programs.');
             }
-
+    
             const data = await response.json();
             allPrograms = data;
             displayPrograms(data);
         } catch (error) {
-            displayErrorMessage("An error occurred while fetching the hackerone programs. Please try again later. Make sure you have hackerone api key set in your API Vault.");
             console.error('Error:', error);
+            Swal.fire({
+                icon: 'error',
+                title: 'Error',
+                text: error.message,
+                confirmButtonText: 'OK'
+            });
         } finally {
             hideLoadingIndicator();
         }
@@ -263,7 +269,10 @@ document.addEventListener('DOMContentLoaded', function() {
     }
 
     function hideLoadingIndicator() {
-        Swal.close();
+        // Only close the Swal if it's a loading indicator
+        if (Swal.isVisible() && Swal.getTitle().textContent.includes('Loading')) {
+            Swal.close();
+        }
     }
 
     fetchPrograms(false, false);
@@ -310,7 +319,9 @@ function see_detail(handle) {
     fetch(`/api/hackerone-programs/${handle}/program_details/`)
         .then(response => {
             if (!response.ok) {
-                throw new Error('Network response was not ok');
+                return response.json().then(errorData => {
+                    throw new Error(errorData.error || 'An error occurred while fetching program details.');
+                });
             }
             return response.json();
         })
@@ -321,11 +332,10 @@ function see_detail(handle) {
         })
         .catch(error => {
             console.error('Error:', error);
-            
             Swal.fire({
                 icon: 'error',
-                title: 'Oops...',
-                text: 'There was an error fetching the program details. Please try again.',
+                title: 'Error',
+                text: error.message,
             });
         });
 }
@@ -531,7 +541,8 @@ async function importPrograms(handles) {
         });
 
         if (!response.ok) {
-            throw new Error('Import failed');
+            const errorData = await response.json();
+            throw new Error(errorData.error || 'Import failed');
         }
 
         return await response.json();
@@ -542,7 +553,6 @@ async function importPrograms(handles) {
 }
 
 function handleProgramImportswal(handles) {
-    // swal loader to handle the import
     Swal.fire({
         title: 'Confirm Import',
         html: `
@@ -558,11 +568,11 @@ function handleProgramImportswal(handles) {
     }).then((result) => {
         if (result.isConfirmed) {
             importPrograms(handles)
-                .then(() => {
+                .then((response) => {
                     Swal.fire({
                         title: 'Import Started',
                         html: `
-                            <p>The import process for ${handles.length} program(s) has begun.</p>
+                            <p>${response.message}</p>
                             <p>You will receive notifications about the progress and completion of the import.</p>
                         `,
                         icon: 'info',
@@ -570,18 +580,18 @@ function handleProgramImportswal(handles) {
                         confirmButtonColor: '#3085d6',
                     });
                 })
-                .catch(() => {
+                .catch((error) => {
                     Swal.fire({
                         title: 'Import Initiation Failed',
-                        text: 'There was an error starting the import process. Please try again.',
+                        text: error.message,
                         icon: 'error',
                         confirmButtonText: 'OK',
                         confirmButtonColor: '#3085d6',
                     });
                 });
-                // clear all selected cards
-                const container = document.getElementById('program_cards');
-                container.querySelectorAll('.card-selected').forEach(card => card.classList.remove('card-selected'));
+            // clear all selected cards
+            const container = document.getElementById('program_cards');
+            container.querySelectorAll('.card-selected').forEach(card => card.classList.remove('card-selected'));
         }
     });
 }
\ No newline at end of file

From 2afc16df45e25a2e3447f1c509510c500bc26da0 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Thu, 5 Sep 2024 07:09:39 +0530
Subject: [PATCH 184/211] fix hackerone api key not set in vault

---
 web/scanEngine/views.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/web/scanEngine/views.py b/web/scanEngine/views.py
index 06a3518df..e5eff94ee 100644
--- a/web/scanEngine/views.py
+++ b/web/scanEngine/views.py
@@ -547,8 +547,13 @@ def api_vault(request, slug):
     openai_key = OpenAiAPIKey.objects.first()
     netlas_key = NetlasAPIKey.objects.first()
     chaos_key = ChaosAPIKey.objects.first()
-    hackerone_key = HackerOneAPIKey.objects.first().key
-    hackerone_username = HackerOneAPIKey.objects.first().username
+    h1_key = HackerOneAPIKey.objects.first()
+    if h1_key:
+        hackerone_key = h1_key.key
+        hackerone_username = h1_key.username
+    else:
+        hackerone_key = None
+        hackerone_username = None
 
     context['openai_key'] = openai_key
     context['netlas_key'] = netlas_key

From 79f09446a3a1843decf7e5fdfa5588b0d4277938 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Thu, 5 Sep 2024 07:15:05 +0530
Subject: [PATCH 185/211] fix errors on invalid h1 key

---
 web/api/shared_api_tasks.py    | 7 ++++++-
 web/static/custom/bountyhub.js | 4 ++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/web/api/shared_api_tasks.py b/web/api/shared_api_tasks.py
index 1d17f25a7..258b2ad25 100644
--- a/web/api/shared_api_tasks.py
+++ b/web/api/shared_api_tasks.py
@@ -35,6 +35,9 @@ def fetch_program_details_from_hackerone(program_handle):
 			auth=(username, api_key)
 		)
 
+		if response.status_code == 401:
+			raise Exception("HackerOne API credentials are invalid")
+
 		if response.status_code == 200:
 			return response.json()
 		else:
@@ -151,7 +154,9 @@ def fetch_bookmarked_programs():
 				auth=(username, api_key)
 			)
 
-			if response.status_code != 200:
+			if response.status_code == 401:
+				raise Exception("HackerOne API credentials are invalid")
+			elif response.status_code != 200:
 				raise Exception(f"HackerOne API request failed with status code {response.status_code}")
 
 			data = response.json()
diff --git a/web/static/custom/bountyhub.js b/web/static/custom/bountyhub.js
index 6cc7985e2..d298c3d77 100644
--- a/web/static/custom/bountyhub.js
+++ b/web/static/custom/bountyhub.js
@@ -269,8 +269,8 @@ document.addEventListener('DOMContentLoaded', function() {
     }
 
     function hideLoadingIndicator() {
-        // Only close the Swal if it's a loading indicator
-        if (Swal.isVisible() && Swal.getTitle().textContent.includes('Loading')) {
+        // Only close the Swal if it's a loading indicator and not an error
+        if (Swal.isVisible() && !Swal.getTitle().textContent.includes('Error')) {
             Swal.close();
         }
     }

From cb7cd2268b39faec88f7b7395c4fe0348266378e Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Thu, 5 Sep 2024 20:04:06 +0530
Subject: [PATCH 186/211] Add option to delete multiple organizations

---
 web/api/views.py                              |   3 +
 .../templates/organization/list.html          | 111 ++++++++++++++----
 2 files changed, 89 insertions(+), 25 deletions(-)

diff --git a/web/api/views.py b/web/api/views.py
index 7efe0b595..3f788dd98 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -1055,6 +1055,9 @@ def post(self, request):
 			if data['type'] == 'subscan':
 				for row in data['rows']:
 					SubScan.objects.get(id=row).delete()
+			elif data['type'] == 'organization':
+				for row in data['rows']:
+					Organization.objects.get(id=row).delete()
 			response = True
 		except Exception as e:
 			response = False
diff --git a/web/targetApp/templates/organization/list.html b/web/targetApp/templates/organization/list.html
index c301a0d81..94ec4713f 100644
--- a/web/targetApp/templates/organization/list.html
+++ b/web/targetApp/templates/organization/list.html
@@ -28,7 +28,7 @@
           </div>
           <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
             {% if user|can:'modify_targets' %}
-            {% comment %} <a class="btn btn-soft-primary float-end ms-1" href="{% url 'sync_organization' current_project.slug %}" data-toggle="tooltip" data-placement="top" title="Sync Organization">Sync Organizations</a> {% endcomment %}
+            <a class="btn btn-soft-danger float-end disabled ms-1" href="#" onclick="deleteMultipleOrganizations()" id="delete_multiple_button">Delete Multiple Organizations</a>
             <a class="btn btn-soft-primary float-end ms-1" href="{% url 'add_organization' current_project.slug %}" data-toggle="tooltip" data-placement="top" title="Add Organization">Add New Organization</a>
             {% endif %}
           </div>
@@ -43,6 +43,11 @@
       <table id="list_organization_table" class="table dt-responsive w-100">
         <thead>
           <tr>
+            <th class="checkbox-column text-center">
+              <div class="form-check mb-2 form-check-primary">
+                <input type="checkbox" class="form-check-input" id="select_all_checkbox" onchange="selectAllOrganizations(this)">
+              </div>
+            </th>
             <th class="">Organization</th>
             <th class="text-center">Description</th>
             <th class="text-center">Total Targets</th>
@@ -53,12 +58,17 @@
         <tbody>
           {% for organization in organizations.all %}
           <tr>
+            <td class="checkbox-column text-center">
+              <div class="form-check mb-2 form-check-primary">
+                <input type="checkbox" class="form-check-input organization-checkbox" value="{{ organization.id }}" onchange="toggleMultipleOrganizationButton()">
+              </div>
+            </td>
             <td class="">{{ organization.name|capfirst }}</td>
             <td class="text-center">{% if organization.description %}{{organization.description}}{% endif %}</td>
             <td class="text-center"><span class="badge bg-primary badge-link" onclick="get_target_modal({{organization.id}})">{{organization.get_domains.count}}</span></td>
-            <td class="text-center"><span data-toggle="tooltip" data-placement="top" title="{{organization.insert_date}}">{{organization.insert_date|naturaltime}}</span></td></td>
+            <td class="text-center"><span data-toggle="tooltip" data-placement="top" title="{{organization.insert_date}}">{{organization.insert_date|naturaltime}}</span></td>
             <td class="text-center">
-              <div class-"btn-group float-end">
+              <div class="btn-group float-end">
                 {% if user|can:'initiate_scans_subscans' %}
                   <a href="/scan/{{current_project.slug}}/start/organization/{{organization.id}}" class="btn btn-soft-primary"><i class="fe-zap"></i>&nbsp;&nbsp;Initiate Scan</a>
                 {% endif %}
@@ -77,7 +87,7 @@
                     <a class="dropdown-item text-danger" href="#" onclick="delete_organization({{ organization.id }})"><i class="fe-trash-2"></i>&nbsp;&nbsp;Delete Organization</a>
                     {% endif %}
                   </div>
-                <div>
+                </div>
               </div>
             </td>
           </tr>
@@ -89,7 +99,6 @@
 </div>
 {% endblock main_content %}
 
-
 {% block page_level_script %}
 <script src="{% static 'custom/custom.js' %}"></script>
 <script src="{% static 'targetApp/js/custom_organization.js' %}"></script>
@@ -106,7 +115,7 @@
     "dom": "<'dt--top-section'<'row'<'col-12 col-sm-6 d-flex justify-content-sm-start justify-content-center mt-sm-0 mt-3'f><'col-12 col-sm-6 d-flex justify-content-sm-end justify-content-center'l>>>" +
     "<'table-responsive'tr>" +
     "<'dt--bottom-section d-sm-flex justify-content-sm-between text-center'<'dt--pages-count  mb-sm-0 mb-3'i><'dt--pagination'p>>",
-    "lengthMenu": [5, 10, 20, 30, 50, 100, 500, 1000],
+    "lengthMenu": [5, 10, 20, 30, 50, 100],
     "pageLength": 10,
     "initComplete": function(settings, json) {
       $('[data-toggle="tooltip"]').tooltip();
@@ -115,25 +124,77 @@
   multiCheck(list_organization_table);
 });
 
-function get_target_modal(organization_id){
-  $('.modal-title').html(`<b>Loading targets...</b>`);
-  $('#modal_dialog').modal('show');
-  $('.modal-text').empty();
-  $('.modal-text').append(`<div class='outer-div' id="modal-loader"><span class="inner-div spinner-border text-info align-self-center loader-sm"></span></div>`);
-  $.getJSON(`/api/queryTargetsInOrganization/?organization_id=${organization_id}&format=json`, function(data) {
-    organization_name = htmlEncode(data['organization'][0]['name']);
-    $('#modal-loader').empty();
-    $('.modal-title').html(`${data['domains'].length} targets in organization ${organization_name}`);
-    $('#modal-content').append(`<ul id="target-detail-modal-ul"></ul>`);
-    for (domain in data['domains']){
-      domain_obj = data['domains'][domain];
-      $("#target-detail-modal-ul").append(`<li>${domain_obj['name']}</li>`);
-    }
-  }).fail(function(){
-    $('#modal-loader').empty();
-    $("#modal-content").append(`<p class='text-danger'>Error loading Vulnerabilities Summary</p>`);
-  });
+function selectAllOrganizations(checkbox) {
+  $('.organization-checkbox').prop('checked', checkbox.checked);
+  toggleMultipleOrganizationButton();
 }
 
+function toggleMultipleOrganizationButton() {
+  var checkedCount = $('.organization-checkbox:checked').length;
+  if (checkedCount > 0) {
+    $("#delete_multiple_button").removeClass("disabled");
+  } else {
+    $("#delete_multiple_button").addClass("disabled");
+  }
+  
+  // Update the "select all" checkbox
+  var totalCount = $('.organization-checkbox').length;
+  $('#select_all_checkbox').prop('checked', checkedCount === totalCount);
+}
+
+function deleteMultipleOrganizations() {
+  var checkedCount = $('.organization-checkbox:checked').length;
+  if (!checkedCount) {
+    swal({
+      title: '',
+      text: "Oops! No organizations have been selected!",
+      type: 'error',
+      padding: '2em'
+    })
+  } else {
+    swal.queue([{
+      title: 'Are you sure you want to delete ' + checkedCount + ' Organizations?',
+      text: "This action is irreversible.",
+      type: 'warning',
+      showCancelButton: true,
+      confirmButtonText: 'Delete',
+      padding: '2em',
+      showLoaderOnConfirm: true,
+      preConfirm: function() {
+        var selectedOrganizations = [];
+
+        $('.organization-checkbox:checked').each(function() {
+          selectedOrganizations.push($(this).val());
+        });
+
+        var data = {'type': 'organization', 'rows': selectedOrganizations}
+
+        return fetch('/api/action/rows/delete/', {
+          method: 'post',
+          headers: {
+            "X-CSRFToken": getCookie("csrftoken"),
+            "Content-Type": "application/json"
+          },
+          body: JSON.stringify(data)
+        }).then(res => res.json())
+        .then(function (response) {
+          if (response['status']) {
+            // reload page
+            location.reload();
+          }
+          else {
+            Snackbar.show({
+              text: 'Oops! Failed to delete organizations!',
+              pos: 'top-right',
+              duration: 1500,
+              actionTextColor: '#fff',
+              backgroundColor: '#e7515a',
+            });
+          }
+        });
+      }
+    }])
+  }
+}
 </script>
-{% endblock page_level_script %}
+{% endblock page_level_script %}
\ No newline at end of file

From 205f2860580b4c60d200d44a2b9833ddf7e7496d Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Thu, 5 Sep 2024 20:42:24 +0530
Subject: [PATCH 187/211] update onboarding ui

---
 .../templates/dashboard/onboarding.html       | 274 ++++++++----------
 1 file changed, 115 insertions(+), 159 deletions(-)

diff --git a/web/dashboard/templates/dashboard/onboarding.html b/web/dashboard/templates/dashboard/onboarding.html
index 55685ecf1..969ffd230 100644
--- a/web/dashboard/templates/dashboard/onboarding.html
+++ b/web/dashboard/templates/dashboard/onboarding.html
@@ -8,68 +8,33 @@
     <link href="{% static 'bootstrap/bootstrap.min.css' %}" rel="stylesheet" type="text/css" id="bootstrap-stylesheet" />
     <link href="{% static 'assets/css/app.min.css' %}" rel="stylesheet" type="text/css" id="main-stylesheet" />
     <style>
-      .accordion-item {
-        border: none;
-        margin-bottom: 15px;
-        border-radius: 8px;
-        overflow: hidden;
-        box-shadow: 0 2px 5px rgba(0, 0, 0, 0.05);
-        transition: box-shadow 0.3s ease;
-      }
-
-      .accordion-item:hover {
-        box-shadow: 0 5px 15px rgba(0, 0, 0, 0.1);
-      }
-
-      .accordion-button {
-        background-color: #f8f9fa;
-        color: #333333;
-        font-weight: 500;
-        padding: 15px 20px;
+      .card {
         transition: all 0.3s ease;
+        border: none;
+        box-shadow: 0 0.125rem 0.25rem rgba(0, 0, 0, 0.075);
       }
-
-      .accordion-item:first-child {
-        margin-top: 0;
-      }
-
-      .accordion-button:hover {
-        background-color: #e9ecef;
-      }
-
-      .accordion-button:not(.collapsed) {
-        background-color: #e9ecef;
-        box-shadow: none;
-      }
-
-      .accordion-button:focus {
-        box-shadow: none;
-        border-color: transparent;
-      }
-
-      .accordion-button::after {
-        transition: transform 0.3s ease;
+      .card:hover {
+        transform: translateY(-5px);
+        box-shadow: 0 0.5rem 1rem rgba(0, 0, 0, 0.15);
       }
-
-      .accordion-button:not(.collapsed)::after {
-        transform: rotate(-180deg);
+      .form-control:focus, .form-select:focus {
+        border-color: #80bdff;
+        box-shadow: 0 0 0 0.2rem rgba(0, 123, 255, 0.25);
       }
-
-      .accordion-body {
-        background-color: #ffffff;
-        padding: 20px;
+      .form-switch {
+        padding-left: 0;
+        display: flex;
+        align-items: center;
+        justify-content: space-between;
       }
-
-      .form-control {
-        border: 1px solid #ced4da;
-        border-radius: 4px;
-        padding: 10px 15px;
-        transition: border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;
+      .form-switch .form-check-input {
+        margin-left: 0.5em;
+        width: 3em;
+        height: 1.5em;
       }
-
-      .form-control:focus {
-        border-color: #80bdff;
-        box-shadow: 0 0 0 0.2rem rgba(0, 123, 255, 0.25);
+      .form-check-input:checked {
+        background-color: #0d6efd;
+        border-color: #0d6efd;
       }
     </style>
   </head>
@@ -77,114 +42,105 @@
     <div class="account-pages mt-5 mb-5">
       <div class="container">
         <div class="row justify-content-center">
-          <div class="col-xl-9">
-            <form method="POST" autocomplete="off"> {% csrf_token %} <div class="card bg-pattern">
-                <div class="card-body p-4">
-                  <h3 class="text-center">Hey {{user.username}}! Welcome to reNgine</h3>
-                  <p>To get started with reNgine, you'll need to create your first project. Projects help you organize and manage your security assessments efficiently. <a href="https://rengine.wiki/usage/projects/" target="_blank">Learn more about projects.</a>
-                  </p> {% if error %} <div class="alert alert-danger">
-                    {{error}}
-                  </div> 
-                  {% endif %} 
-                  <div class="row">
-                    <div class="col-lg-12">
-                      <div class="p-sm-3">
-                        <h4 class="mt-0">Project</h4>
-                        <div class="mb-2">
-                          <label for="project_name" class="form-label">Project name</label>
-                          <input class="form-control" type="text" id="project_name" name="project_name" required value="Default">
-                        </div>
-                        <h4 class="mt-0">Additional User</h4>
-                        <p class="text-muted">You can add additional users and assign them roles. You can manage users and their roles anytime in the future.</p>
-                        <div class="mb-2">
-                          <label for="create_username" class="form-label">User name</label>
-                          <input class="form-control" type="text" id="create_username" name="create_username" autocomplete="off">
-                        </div>
-                        <div class="mb-2">
-                          <label for="create_password" class="form-label">Password</label>
-                          <input class="form-control" type="password" id="create_password" name="create_password" autocomplete="new-password">
-                        </div>
-                        <div class="form">
-                          <label for="create_user_role" class="form-label float-start">Role</label>
-                          <select class="form-select" id="create_user_role" name="create_user_role">
-                            <option value='sys_admin'>Sys Admin</option>
-                            <option value='penetration_tester'>Penetration Tester</option>
-                            <option value='auditor'>Auditor</option>
-                          </select>
-                        </div>
-                      </div>
-                    </div>
-                    <div class="col-lg-12">
-                      <div class="p-sm-3">
-                        <h4 class="mt-lg-0">API Keys</h4>
-                        <p class="text-muted mb-2">If you have API keys for these services, please enter them here.</p>
-                        <div class="accordion" id="apiKeysAccordion">
-                          <div class="accordion-item">
-                            <h2 class="accordion-header" id="headingOpenAI">
-                              <button class="accordion-button collapsed" type="button" data-bs-toggle="collapse" data-bs-target="#collapseOpenAI" aria-expanded="true" aria-controls="collapseOpenAI">OpenAI</button>
-                            </h2>
-                            <div id="collapseOpenAI" class="accordion-collapse collapse" aria-labelledby="headingOpenAI" data-bs-parent="#apiKeysAccordion">
-                              <div class="accordion-body">
-                                <p class="text-muted">OpenAI keys will be used to generate vulnerability description, remediation, impact and vulnerability report writing using ChatGPT.</p> {% if openai_key %} <input class="form-control" type="text" id="key_openai" name="key_openai" placeholder="Enter OpenAI Key" value="{{openai_key}}"> {% else %} <input class="form-control" type="text" id="key_openai" name="key_openai" placeholder="Enter OpenAI Key"> {% endif %} <small class="text-muted float-end mt-2 mb-2">This is optional but recommended.</small>
-                              </div>
-                            </div>
-                          </div>
-                          <div class="accordion-item">
-                            <h2 class="accordion-header" id="headingNetlas">
-                              <button class="accordion-button collapsed" type="button" data-bs-toggle="collapse" data-bs-target="#collapseNetlas" aria-expanded="false" aria-controls="collapseNetlas"> Netlas </button>
-                            </h2>
-                            <div id="collapseNetlas" class="accordion-collapse collapse" aria-labelledby="headingNetlas" data-bs-parent="#apiKeysAccordion">
-                              <div class="accordion-body">
-                                <p class="text-muted">Netlas keys will be used to get whois information and other OSINT data.</p> {% if netlas_key %} <input class="form-control" type="text" id="key_netlas" name="key_netlas" placeholder="Enter Netlas Key" value="{{netlas_key}}"> {% else %} <input class="form-control" type="text" id="key_netlas" name="key_netlas" placeholder="Enter Netlas Key"> {% endif %} <small class="text-muted float-end mt-2 mb-2">This is optional</small>
-                              </div>
-                            </div>
-                          </div>
-                          <div class="accordion-item">
-                            <h2 class="accordion-header" id="headingChaos">
-                              <button class="accordion-button collapsed" type="button" data-bs-toggle="collapse" data-bs-target="#collapseChaos" aria-expanded="false" aria-controls="collapseChaos"> Chaos by Project Discovery </button>
-                            </h2>
-                            <div id="collapseChaos" class="accordion-collapse collapse" aria-labelledby="headingChaos" data-bs-parent="#apiKeysAccordion">
-                              <div class="accordion-body">
-                                <p class="text-muted">Chaos keys enhance your reconnaissance capabilities by providing subdomain enumeration and valuable data for Public Bug Bounty Programs.</p> {% if chaos_key %} <input class="form-control" type="text" id="key_chaos" name="key_chaos" placeholder="Enter Chaos Key" value="{{chaos_key}}"> {% else %} <input class="form-control" type="text" id="key_chaos" name="key_chaos" placeholder="Enter Chaos Key"> {% endif %} <small class="text-muted float-end mt-2 mb-2">This is optional but recommended. Get your API key from <a href="https://cloud.projectdiscovery.io" target="_blank">https://cloud.projectdiscovery.io</a>
-                                </small>
-                              </div>
-                            </div>
-                          </div>
-                          <div class="accordion-item">
-                            <h2 class="accordion-header" id="headingHackerone">
-                              <button class="accordion-button collapsed" type="button" data-bs-toggle="collapse" data-bs-target="#collapseHackerone" aria-expanded="false" aria-controls="collapseChaos"> Hackerone </button>
-                            </h2>
-                            <div id="collapseHackerone" class="accordion-collapse collapse" aria-labelledby="headingHackerone" data-bs-parent="#apiKeysAccordion">
-                              <div class="accordion-body">
-                                <div class="row">
-                                  <p class="text-muted">Hackerone Keys can be used to import targets, bookmarked programs, and submit automated vulnerability report to Hackerone. This is a bug bounty specific feature.</p> 
-                                  </small>
-                                  <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
-                                    <label for="hackerone_username"  class="form-label">Hackerone Username (Not email)</label>
-                                    {% if hackerone_username %} <input class="form-control" type="text" id="username_hackerone" name="username_hackerone" placeholder="Enter Hackerone Username" value="{{hackerone_username}}"> {% else %} <input class="form-control" type="text" id="username_hackerone" name="username_hackerone" placeholder="Enter Hackerone Username"> {% endif %}
-                                  </div>
-                                  <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
-                                    <label for="hackerone_key" class="form-label">Generate your <a href="https://hackerone.com/settings/api_token/edit" target="_blank">API Token from here <i class="fe-external-link"></i></a></label>
-                                    <div class="flex-grow-1 position-relative">
-                                    {% if hackerone_key %} <input class="form-control" type="text" id="key_hackerone" name="key_hackerone" placeholder="Enter Hackerone Key" value="{{hackerone_key}}"> {% else %} <input class="form-control" type="text" id="key_hackerone" name="key_hackerone" placeholder="Enter Hackerone Token"> {% endif %}
-                                    </div>
-                                  </div>
-                                  <div class="col-12">
-                                    <small class="text-muted float-end mt-2 mb-2">This is optional but recommended for bug hunters. Get your API key from <a href="https://api.hackerone.com/getting-started-hacker-api/#getting-started-hacker-api" class="text-primary" target="_blank">Hackerone Documentation</a>
-                                  </div
-                                </div>
-                              </div>
-                            </div>
-                          </div>
-                        </div>
-                      </div>
+          <div class="col-xl-10">
+            <form method="POST" autocomplete="off"> {% csrf_token %}
+              <div class="text-center mb-4">
+                <h3 class="text-white">Welcome to reNgine</h3>
+                <p class="text-muted">Let's set up your environment to get started with reNgine.</p>
+              </div>
+              {% if error %}
+              <div class="alert alert-danger">
+                {{error}}
+              </div>
+              {% endif %}
+              <div class="card mb-4">
+                <div class="card-body">
+                  <h5 class="card-title"><i class="fe-folder text-primary me-2"></i>Project</h5>
+                  <p class="card-text text-muted">Create your first project to organize and manage your security assessments.</p>
+                  <div class="mb-3">
+                    <label for="project_name" class="form-label">Project name</label>
+                    <input class="form-control" type="text" id="project_name" name="project_name" required value="Default">
+                  </div>
+                </div>
+              </div>
+              <div class="card mb-4">
+                <div class="card-body">
+                  <h5 class="card-title"><i class="fe-user-plus text-primary me-2"></i>Additional User</h5>
+                  <p class="card-text text-muted">Add an additional user and assign them a role. You can manage users and their roles anytime in the future.</p>
+                  <div class="mb-3">
+                    <label for="create_username" class="form-label">Username</label>
+                    <input class="form-control" type="text" id="create_username" name="create_username" autocomplete="off">
+                  </div>
+                  <div class="mb-3">
+                    <label for="create_password" class="form-label">Password</label>
+                    <input class="form-control" type="password" id="create_password" name="create_password" autocomplete="new-password">
+                  </div>
+                  <div class="mb-3">
+                    <label for="create_user_role" class="form-label">Role</label>
+                    <select class="form-select" id="create_user_role" name="create_user_role">
+                      <option value='sys_admin'>Sys Admin</option>
+                      <option value='penetration_tester'>Penetration Tester</option>
+                      <option value='auditor'>Auditor</option>
+                    </select>
+                  </div>
+                </div>
+              </div>
+              <div class="card mb-4">
+                <div class="card-body">
+                  <h5 class="card-title"><i class="fe-settings text-primary me-2"></i>User Preferences</h5>
+                  <p class="card-text text-muted">Customize your reNgine experience with these preferences.</p>
+                  <div class="mb-3">
+                    <div class="form-check form-switch">
+                      <label class="form-check-label" for="bug_bounty_mode">
+                        <i class="fe-target text-primary me-2"></i>
+                        <span class="fw-bold">Bug Bounty Mode</span>
+                      </label>
+                      <input class="form-check-input" type="checkbox" id="bug_bounty_mode" name="bug_bounty_mode" {% if user_preferences.bug_bounty_mode %}checked{% endif %}>
                     </div>
+                    <small class="text-muted d-block mt-2">
+                      Enabling Bug Bounty Mode will:
+                      <ul class="mt-1">
+                        <li>Activate automatic reporting to HackerOne</li>
+                        <li>Enable the Bounty Hub for importing HackerOne programs</li>
+                        <li>Provide bug bounty specific features and optimizations</li>
+                      </ul>
+                    </small>
                   </div>
-                  <div class="mb-0">
-                    <button class="btn btn-info float-sm-end my-4" type="submit"> Proceed </button>
+                </div>
+              </div>
+              <div class="card mb-4">
+                <div class="card-body">
+                  <h5 class="card-title"><i class="fe-key text-primary me-2"></i>API Keys</h5>
+                  <p class="card-text text-muted">Enter your API keys for various services to enhance reNgine's capabilities.</p>
+                  <div class="mb-3">
+                    <label for="key_openai" class="form-label">OpenAI Key</label>
+                    <input class="form-control" type="text" id="key_openai" name="key_openai" placeholder="Enter OpenAI Key" value="{{openai_key}}">
+                    <small class="text-muted">Used for generating vulnerability descriptions, remediation, impact, and report writing using ChatGPT.</small>
+                  </div>
+                  <div class="mb-3">
+                    <label for="key_netlas" class="form-label">Netlas Key</label>
+                    <input class="form-control" type="text" id="key_netlas" name="key_netlas" placeholder="Enter Netlas Key" value="{{netlas_key}}">
+                    <small class="text-muted">Used to get whois information and other OSINT data.</small>
+                  </div>
+                  <div class="mb-3">
+                    <label for="key_chaos" class="form-label">Chaos Key</label>
+                    <input class="form-control" type="text" id="key_chaos" name="key_chaos" placeholder="Enter Chaos Key" value="{{chaos_key}}">
+                    <small class="text-muted">Enhances reconnaissance capabilities for Public Bug Bounty Programs. <a href="https://cloud.projectdiscovery.io" target="_blank">Get your API key</a></small>
+                  </div>
+                  <div class="mb-3">
+                    <label for="username_hackerone" class="form-label">HackerOne Username</label>
+                    <input class="form-control" type="text" id="username_hackerone" name="username_hackerone" placeholder="Enter HackerOne Username" value="{{hackerone_username}}">
+                  </div>
+                  <div class="mb-3">
+                    <label for="key_hackerone" class="form-label">HackerOne API Token</label>
+                    <input class="form-control" type="text" id="key_hackerone" name="key_hackerone" placeholder="Enter HackerOne Token" value="{{hackerone_key}}">
+                    <small class="text-muted">Used for importing targets, bookmarked programs, and submitting automated vulnerability reports. <a href="https://hackerone.com/settings/api_token/edit" target="_blank">Generate your API Token</a></small>
                   </div>
                 </div>
               </div>
+              <div class="text-end">
+                <button class="btn btn-primary" type="submit">Complete Setup</button>
+              </div>
             </form>
           </div>
         </div>

From ddcd96629f9c433bb5bbd123b9decdc9de9ace4a Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Thu, 5 Sep 2024 20:42:34 +0530
Subject: [PATCH 188/211] Add user preference model

---
 .../migrations/0010_userpreferences.py        | 24 +++++++++++++++++++
 web/dashboard/models.py                       | 10 ++++++++
 2 files changed, 34 insertions(+)
 create mode 100644 web/dashboard/migrations/0010_userpreferences.py

diff --git a/web/dashboard/migrations/0010_userpreferences.py b/web/dashboard/migrations/0010_userpreferences.py
new file mode 100644
index 000000000..ad643af93
--- /dev/null
+++ b/web/dashboard/migrations/0010_userpreferences.py
@@ -0,0 +1,24 @@
+# Generated by Django 3.2.23 on 2024-09-05 14:43
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('dashboard', '0009_hackeroneapikey'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='UserPreferences',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('bug_bounty_mode', models.BooleanField(default=True)),
+                ('user', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
+            ],
+        ),
+    ]
diff --git a/web/dashboard/models.py b/web/dashboard/models.py
index cbec67787..a1ed47a7a 100644
--- a/web/dashboard/models.py
+++ b/web/dashboard/models.py
@@ -1,5 +1,7 @@
 from django.db import models
 from reNgine.definitions import *
+from django.contrib.auth.models import User
+
 
 class SearchHistory(models.Model):
 	query = models.CharField(max_length=1000)
@@ -85,3 +87,11 @@ def __str__(self):
 	def is_system_wide(self):
 		# property to determine if the notification is system wide or project specific
 		return self.notification_type == 'system'
+
+
+class UserPreferences(models.Model):
+	user = models.OneToOneField(User, on_delete=models.CASCADE)
+	bug_bounty_mode = models.BooleanField(default=True)
+	
+	def __str__(self):
+		return f"{self.user.username}'s preferences"

From 5c249021ae6a75b7b7103e5e6aa88cb39fd432f5 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Thu, 5 Sep 2024 20:42:56 +0530
Subject: [PATCH 189/211] Add storing bug bounty mode in ui

---
 web/dashboard/views.py            | 24 ++++++++++++++++++++----
 web/reNgine/context_processors.py |  5 +++++
 web/reNgine/middleware.py         | 10 ++++++++++
 web/reNgine/settings.py           |  4 +++-
 4 files changed, 38 insertions(+), 5 deletions(-)
 create mode 100644 web/reNgine/middleware.py

diff --git a/web/dashboard/views.py b/web/dashboard/views.py
index 723f3e197..13e685044 100644
--- a/web/dashboard/views.py
+++ b/web/dashboard/views.py
@@ -337,6 +337,7 @@ def onboarding(request):
         key_chaos = request.POST.get('key_chaos')
         key_hackerone = request.POST.get('key_hackerone')
         username_hackerone = request.POST.get('username_hackerone')
+        bug_bounty_mode = request.POST.get('bug_bounty_mode') == 'on'
 
         insert_date = timezone.now()
 
@@ -350,18 +351,29 @@ def onboarding(request):
             error = ' Could not create project, Error: ' + str(e)
 
 
+        # update currently logged in user's preferences for bug bounty mode
+        user_preferences, _ = UserPreferences.objects.get_or_create(user=request.user)
+        user_preferences.bug_bounty_mode = bug_bounty_mode
+        user_preferences.save()
+
+
         try:
             if create_username and create_password and create_user_role:
                 UserModel = get_user_model()
-                user = UserModel.objects.create_user(
+                new_user = UserModel.objects.create_user(
                     username=create_username,
                     password=create_password
                 )
-                assign_role(user, create_user_role)
-        except Exception as e:
-            error = ' Could not create User, Error: ' + str(e)
+                assign_role(new_user, create_user_role)
 
 
+                # initially bug bounty mode is enabled for new user as selected for current user
+                new_user_preferences, _ = UserPreferences.objects.get_or_create(user=new_user)
+                new_user_preferences.bug_bounty_mode = bug_bounty_mode
+                new_user_preferences.save()
+                
+        except Exception as e:
+            error = ' Could not create User, Error: ' + str(e)
 
         if key_openai:
             openai_api_key = OpenAiAPIKey.objects.first()
@@ -408,6 +420,10 @@ def onboarding(request):
     context['hackerone_key'] = HackerOneAPIKey.objects.first().key
     context['hackerone_username'] = HackerOneAPIKey.objects.first().username
 
+    context['user_preferences'], _ = UserPreferences.objects.get_or_create(
+        user=request.user
+    )
+
     return render(request, 'dashboard/onboarding.html', context)
 
 
diff --git a/web/reNgine/context_processors.py b/web/reNgine/context_processors.py
index 356289a97..c2255ef9b 100644
--- a/web/reNgine/context_processors.py
+++ b/web/reNgine/context_processors.py
@@ -18,3 +18,8 @@ def version_context(request):
     return {
         'RENGINE_CURRENT_VERSION': settings.RENGINE_CURRENT_VERSION
     }
+
+def user_preferences(request):
+    if hasattr(request, 'user_preferences'):
+        return {'user_preferences': request.user_preferences}
+    return {}
\ No newline at end of file
diff --git a/web/reNgine/middleware.py b/web/reNgine/middleware.py
new file mode 100644
index 000000000..e301bb917
--- /dev/null
+++ b/web/reNgine/middleware.py
@@ -0,0 +1,10 @@
+from dashboard.models import UserPreferences
+
+class UserPreferencesMiddleware:
+	def __init__(self, get_response):
+		self.get_response = get_response
+
+	def __call__(self, request):
+		if request.user.is_authenticated:
+			request.user_preferences, created = UserPreferences.objects.get_or_create(user=request.user)
+		return self.get_response(request)
diff --git a/web/reNgine/settings.py b/web/reNgine/settings.py
index 90a5d8172..408a6554f 100644
--- a/web/reNgine/settings.py
+++ b/web/reNgine/settings.py
@@ -105,6 +105,7 @@
     'login_required.middleware.LoginRequiredMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    'reNgine.middleware.UserPreferencesMiddleware',
 ]
 TEMPLATES = [
     {
@@ -118,7 +119,8 @@
                 'django.contrib.auth.context_processors.auth',
                 'django.contrib.messages.context_processors.messages',
                 'reNgine.context_processors.projects',
-                'reNgine.context_processors.version_context'
+                'reNgine.context_processors.version_context',
+                'reNgine.context_processors.user_preferences',
             ],
     },
 }]

From 26fe826a87dbedc825d30d5e96acffc8818c593a Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Thu, 5 Sep 2024 20:46:17 +0530
Subject: [PATCH 190/211] Add conditions in nav bar

---
 web/dashboard/admin.py                 |  3 +-
 web/templates/base/_items/top_nav.html | 48 ++++++++++++++------------
 2 files changed, 28 insertions(+), 23 deletions(-)

diff --git a/web/dashboard/admin.py b/web/dashboard/admin.py
index d7e513525..0c44dd932 100644
--- a/web/dashboard/admin.py
+++ b/web/dashboard/admin.py
@@ -7,4 +7,5 @@
 admin.site.register(NetlasAPIKey)
 admin.site.register(ChaosAPIKey)
 admin.site.register(HackerOneAPIKey)
-admin.site.register(InAppNotification)
\ No newline at end of file
+admin.site.register(InAppNotification)
+admin.site.register(UserPreferences)
\ No newline at end of file
diff --git a/web/templates/base/_items/top_nav.html b/web/templates/base/_items/top_nav.html
index 2c58bbc5e..64ea4b2aa 100644
--- a/web/templates/base/_items/top_nav.html
+++ b/web/templates/base/_items/top_nav.html
@@ -68,27 +68,29 @@
               {% endif %}
             </div>
           </li>
-          <li class="nav-item dropdown {{bountyhub_active}}">
-            <a class="nav-link dropdown-toggle arrow-none" href="#" id="topnav-bountyhub" role="button" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
-              <i class="fe-command me-1"></i> Bounty Hub
-              <div class="arrow-down"></div>
-            </a>
-            <ul class="dropdown-menu" aria-labelledby="bountyHubDropdown">
-              <li class="dropdown-item dropdown">
-                <a class="dropdown-toggle" href="#" id="hackerOneDropdown" data-bs-toggle="dropdown" aria-expanded="false">
-                  HackerOne
-                </a>
-                <ul class="dropdown-menu" aria-labelledby="hackerOneDropdown">
-                  <li><a class="dropdown-item" href="{% url 'list_bountyhub_programs' current_project.slug %}">
-                    <i class="fe-life-buoy me-1"></i> Programs Dashboard
-                  </a></li>
-                  <li><a class="dropdown-item" href="#" onclick="handleSyncBookmarkedProgramsSwal()">
-                    <i class="fe-refresh-cw me-1"></i> Sync Bookmarked Programs
-                  </a></li>
-                </ul>
-              </li>
-            </ul>
-          </li>
+          {% if user_preferences.bug_bounty_mode %}
+            <li class="nav-item dropdown {{bountyhub_active}}">
+              <a class="nav-link dropdown-toggle arrow-none" href="#" id="topnav-bountyhub" role="button" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+                <i class="fe-command me-1"></i> Bounty Hub
+                <div class="arrow-down"></div>
+              </a>
+              <ul class="dropdown-menu" aria-labelledby="bountyHubDropdown">
+                <li class="dropdown-item dropdown">
+                  <a class="dropdown-toggle" href="#" id="hackerOneDropdown" data-bs-toggle="dropdown" aria-expanded="false">
+                    HackerOne
+                  </a>
+                  <ul class="dropdown-menu" aria-labelledby="hackerOneDropdown">
+                    <li><a class="dropdown-item" href="{% url 'list_bountyhub_programs' current_project.slug %}">
+                      <i class="fe-life-buoy me-1"></i> Programs Dashboard
+                    </a></li>
+                    <li><a class="dropdown-item" href="#" onclick="handleSyncBookmarkedProgramsSwal()">
+                      <i class="fe-refresh-cw me-1"></i> Sync Bookmarked Programs
+                    </a></li>
+                  </ul>
+                </li>
+              </ul>
+            </li>
+          {% endif %}
           <li class="nav-item dropdown {{settings_nav_active}}">
             <a class="nav-link dropdown-toggle arrow-none" href="#" id="topnav-settings" role="button"
               data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
@@ -112,7 +114,9 @@
               <a href="{% url 'rengine_settings' current_project.slug %}" class="dropdown-item">reNgine Settings</a>
               {% endif %}
               {% if user|can:'modify_scan_configurations' %}
-              <a href="{% url 'hackerone_settings' current_project.slug %}" class="dropdown-item">Hackerone Settings</a>
+                {% if user_preferences.bug_bounty_mode %}
+                  <a href="{% url 'hackerone_settings' current_project.slug %}" class="dropdown-item">Hackerone Settings</a>
+                {% endif %}
               <a href="{% url 'notification_settings' current_project.slug %}" class="dropdown-item">Notification Settings</a>
               {% endif %}
             </div>

From 0c3b4f95618274c0f7d1096b71c3a12fb8d05ccb Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Thu, 5 Sep 2024 20:52:56 +0530
Subject: [PATCH 191/211] put condition in all hackerone/bug bounty related
 features

---
 .../templates/scanEngine/settings/api.html    | 45 ++++++++++---------
 .../templates/startScan/detail_scan.html      | 10 ++++-
 .../templates/startScan/vulnerabilities.html  |  4 +-
 web/targetApp/templates/target/summary.html   |  4 +-
 4 files changed, 38 insertions(+), 25 deletions(-)

diff --git a/web/scanEngine/templates/scanEngine/settings/api.html b/web/scanEngine/templates/scanEngine/settings/api.html
index 64da0ea21..c1d6520b6 100644
--- a/web/scanEngine/templates/scanEngine/settings/api.html
+++ b/web/scanEngine/templates/scanEngine/settings/api.html
@@ -71,31 +71,34 @@
                 </div>
                 <span class="text-muted float-end optional-text mt-2">This is optional but recommended. Get your API key from <a href="https://cloud.projectdiscovery.io" target="_blank">https://cloud.projectdiscovery.io</a></span>
               </div>
-              <div class="mb-3">
-                <label for="key_hackerone" class="form-label">Hackerone</label>
-                <div class="row">
-                <p class="text-muted">Hackerone Keys will be used to import targets, bookmarked programs, and submit automated vulnerability report to Hackerone. This is a bug bounty specific feature.</p>
-                <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
-                  <label for="hackerone_username"  class="form-label">Hackerone Username (Not email)</label>
-                  {% if hackerone_username %} <input class="form-control" type="text" id="username_hackerone" name="username_hackerone" placeholder="Enter Hackerone Username" value="{{hackerone_username}}"> {% else %} <input class="form-control" type="text" id="username_hackerone" name="username_hackerone" placeholder="Enter Hackerone Username"> {% endif %}
-                </div>
-                <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
-                  <label for="hackerone_key" class="form-label">Generate your <a href="https://hackerone.com/settings/api_token/edit" target="_blank">API Token from here <i class="fe-external-link"></i></a></label>
-                  <div class="flex-grow-1 position-relative">
-                  {% if hackerone_key %} <input class="form-control" type="password" id="key_hackerone" name="key_hackerone" placeholder="Enter Hackerone Key" value="{{hackerone_key}}"> {% else %} <input class="form-control" type="text" id="key_hackerone" name="key_hackerone" placeholder="Enter Hackerone Token"> {% endif %}
-                  <div class="position-absolute top-50 end-0 translate-middle-y pe-2" style="cursor: pointer;" data-password="false">
-                    <span class="password-eye"></span>
+              {% if user_preferences.bug_bounty_mode %}
+                <div class="mb-3">
+                  <label for="key_hackerone" class="form-label">Hackerone</label>
+                  <div class="row">
+                  <p class="text-muted">Hackerone Keys will be used to import targets, bookmarked programs, and submit automated vulnerability report to Hackerone. This is a bug bounty specific feature.</p>
+                  <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
+                    <label for="hackerone_username"  class="form-label">Hackerone Username (Not email)</label>
+                    {% if hackerone_username %} <input class="form-control" type="text" id="username_hackerone" name="username_hackerone" placeholder="Enter Hackerone Username" value="{{hackerone_username}}"> {% else %} <input class="form-control" type="text" id="username_hackerone" name="username_hackerone" placeholder="Enter Hackerone Username"> {% endif %}
                   </div>
+                  <div class="col-xl-6 col-lg-6 col-md-6 col-sm-12 col-12">
+                    <label for="hackerone_key" class="form-label">Generate your <a href="https://hackerone.com/settings/api_token/edit" target="_blank">API Token from here <i class="fe-external-link"></i></a></label>
+                    <div class="flex-grow-1 position-relative">
+                    {% if hackerone_key %} <input class="form-control" type="password" id="key_hackerone" name="key_hackerone" placeholder="Enter Hackerone Key" value="{{hackerone_key}}"> {% else %} <input class="form-control" type="text" id="key_hackerone" name="key_hackerone" placeholder="Enter Hackerone Token"> {% endif %}
+                    <div class="position-absolute top-50 end-0 translate-middle-y pe-2" style="cursor: pointer;" data-password="false">
+                      <span class="password-eye"></span>
+                    </div>
+                    </div>
+                  </div>
+                  <div class="col-12">
+                    <p class="text-muted float-end mt-2 mb-2">This is optional but recommended for bug hunters. Get your API key from <a href="https://api.hackerone.com/getting-started-hacker-api/#getting-started-hacker-api" class="text-primary" target="_blank">Hackerone Documentation</a></p>
+                  </div>
+                  <div class="col-12">
+                    <a href="#" onclick="test_hackerone()" class="text-info float-end">Test my hackerone keys <i class="fe-check-circle"></i></a>
                   </div>
                 </div>
-                <div class="col-12">
-                  <p class="text-muted float-end mt-2 mb-2">This is optional but recommended for bug hunters. Get your API key from <a href="https://api.hackerone.com/getting-started-hacker-api/#getting-started-hacker-api" class="text-primary" target="_blank">Hackerone Documentation</a></p>
-                </div>
-                <div class="col-12">
-                  <a href="#" onclick="test_hackerone()" class="text-info float-end">Test my hackerone keys <i class="fe-check-circle"></i></a>
-                </div>
               </div>
-            </div>
+              {% endif %}
+              </div>
               <div class="mb-0">
                 <button class="btn btn-primary float-sm-end my-4" type="submit"> Update API Keys</button>
               </div>
diff --git a/web/startScan/templates/startScan/detail_scan.html b/web/startScan/templates/startScan/detail_scan.html
index f704affd4..c1487f099 100644
--- a/web/startScan/templates/startScan/detail_scan.html
+++ b/web/startScan/templates/startScan/detail_scan.html
@@ -1710,7 +1710,11 @@ <h4 class="header-title mb-0"><span id="endpoint_change_count"><span class="spin
 							// if (cve_cwe_badge != "") {
 							// 	cve_cwe_badge
 							// }
-							hackerone_report = row['hackerone_report_id'] ? `<div><a class="badge badge-soft-danger mt-1 me-1" href="https://hackerone.com/reports/${row['hackerone_report_id']}" target="_blank">Reported to hackerone</a></div>` : "";
+							{% if user_preferences.bug_bounty_mode %}
+								hackerone_report = row['hackerone_report_id'] ? `<div><a class="badge badge-soft-danger mt-1 me-1" href="https://hackerone.com/reports/${row['hackerone_report_id']}" target="_blank">Reported to hackerone</a></div>` : "";
+							{% else %}
+								hackerone_report = "";
+							{% endif %}
 							return `<b class="text-${color}">` + data + `</b>` + cvss_metrics_badge + cve_cwe_badge + tags + hackerone_report;
 						},
 						"targets": 3,
@@ -1772,7 +1776,9 @@ <h4 class="header-title mb-0"><span id="endpoint_change_count"><span class="spin
 								</a>
 								<div class="dropdown-menu" style="">
 								<a class="dropdown-item" href="javascript:fetch_gpt_vuln_details(${row['id']}, '${row['name']}');">Fetch GPT Vulnerability Details</a>
-								<a class="dropdown-item" href="javascript:report_hackerone(${row['id']}, '${row['severity']}');">Report to Hackerone</a>
+								{% if user_preferences.bug_bounty_mode %}
+									<a class="dropdown-item" href="javascript:report_hackerone(${row['id']}, '${row['severity']}');">Report to Hackerone</a>
+								{% endif %}
 								<a class="text-danger dropdown-item" href="javascript:delete_vulnerability(${row['id']});">Delete Vulnerability</a>
 								</div>
 								</div>`;
diff --git a/web/startScan/templates/startScan/vulnerabilities.html b/web/startScan/templates/startScan/vulnerabilities.html
index 5aba4922c..364b22ab5 100644
--- a/web/startScan/templates/startScan/vulnerabilities.html
+++ b/web/startScan/templates/startScan/vulnerabilities.html
@@ -223,7 +223,9 @@
 						</a>
 						<div class="dropdown-menu" style="">
 						<a class="dropdown-item" href="javascript:fetch_gpt_vuln_details(${row['id']}, '${row['name']}');">Fetch GPT Vulnerability Details</a>
-						<a class="dropdown-item" href="javascript:report_hackerone(${row['id']}, '${row['severity']}');">Report to Hackerone</a>
+						{% if user_preferences.bug_bounty_mode %}
+							<a class="dropdown-item" href="javascript:report_hackerone(${row['id']}, '${row['severity']}');">Report to Hackerone</a>
+						{% endif %}
 						<a class="text-danger dropdown-item btn-delete-vulnerability" href="#" id="${row['id']}">Delete Vulnerability</a>
 						</div>
 						</div>`;
diff --git a/web/targetApp/templates/target/summary.html b/web/targetApp/templates/target/summary.html
index c8d309585..28a4ac7b7 100644
--- a/web/targetApp/templates/target/summary.html
+++ b/web/targetApp/templates/target/summary.html
@@ -1535,7 +1535,9 @@ <h4 class="header-title mb-0"><span id="technologies-count"><span class="spinner
 									</a>
 									<div class="dropdown-menu" style="">
 									<a class="dropdown-item" href="javascript:fetch_gpt_vuln_details(${row['id']}, '${row['name']}');">Fetch GPT Vulnerability Details</a>
-									<a class="dropdown-item" href="javascript:report_hackerone(${row['id']}, '${row['severity']}');">Report to Hackerone</a>
+									{% if user_preferences.bug_bounty_mode %}
+										<a class="dropdown-item" href="javascript:report_hackerone(${row['id']}, '${row['severity']}');">Report to Hackerone</a>
+									{% endif %}
 									<a class="text-danger dropdown-item btn-delete-vulnerability" href="#" id="${row['id']}">Delete Vulnerability</a>
 									</div>
 									</div>`;

From 05da3cb93edf0de1326cd785ec5b2cce447d580c Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Thu, 5 Sep 2024 21:10:52 +0530
Subject: [PATCH 192/211] Add viewset and menu to toggle bug bounty mode

---
 web/api/urls.py                        |  1 +
 web/api/views.py                       | 24 +++++++++++++++---------
 web/templates/base/_items/top_bar.html | 11 +++++++++++
 web/templates/base/base.html           | 18 ++++++++++++++++++
 4 files changed, 45 insertions(+), 9 deletions(-)

diff --git a/web/api/urls.py b/web/api/urls.py
index 7a353275a..92486d7cc 100644
--- a/web/api/urls.py
+++ b/web/api/urls.py
@@ -241,6 +241,7 @@
         'action/create/project',
         CreateProjectApi.as_view(),
         name='create_project'),
+    path('toggle-bug-bounty-mode/', ToggleBugBountyModeView.as_view(), name='toggle_bug_bounty_mode'),
 ]
 
 urlpatterns += router.urls
diff --git a/web/api/views.py b/web/api/views.py
index 3f788dd98..2ecbaf523 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -3,13 +3,15 @@
 import logging
 import requests
 import validators
+import requests
 
 from ipaddress import IPv4Network
 from django.db.models import CharField, Count, F, Q, Value
 from django.utils import timezone
 from packaging import version
 from django.template.defaultfilters import slugify
-from rest_framework import viewsets
+from datetime import datetime
+from rest_framework import viewsets, status
 from rest_framework.response import Response
 from rest_framework.views import APIView
 from rest_framework.status import HTTP_400_BAD_REQUEST, HTTP_204_NO_CONTENT, HTTP_202_ACCEPTED
@@ -31,19 +33,23 @@
 from startScan.models import EndPoint
 from targetApp.models import *
 from api.shared_api_tasks import import_hackerone_programs_task, sync_bookmarked_programs_task
-
 from .serializers import *
 
+
 logger = logging.getLogger(__name__)
 
 
-from rest_framework import viewsets, status
-from rest_framework.decorators import action
-from rest_framework.response import Response
-from django.core.cache import cache
-from django.core.exceptions import ObjectDoesNotExist
-from datetime import datetime
-import requests
+class ToggleBugBountyModeView(APIView):
+	"""
+		This class manages the user bug bounty mode
+	"""
+	def post(self, request, *args, **kwargs):
+		user_preferences = get_object_or_404(UserPreferences, user=request.user)
+		user_preferences.bug_bounty_mode = not user_preferences.bug_bounty_mode
+		user_preferences.save()
+		return Response({
+			'bug_bounty_mode': user_preferences.bug_bounty_mode
+		}, status=status.HTTP_200_OK)
 
 
 class HackerOneProgramViewSet(viewsets.ViewSet):
diff --git a/web/templates/base/_items/top_bar.html b/web/templates/base/_items/top_bar.html
index 6e73f277e..2859b174e 100644
--- a/web/templates/base/_items/top_bar.html
+++ b/web/templates/base/_items/top_bar.html
@@ -170,6 +170,17 @@ <h6 class="text-overflow m-0">Welcome {{user.get_username}}!</h6>
             <i class="fe-user"></i>
             <span>My Account</span>
           </a>
+          <div class="dropdown-divider"></div>
+          <a href="javascript:toggleBugBountyMode()" class="dropdown-item notify-item">
+            <i class="fe-target"></i>
+            <span>
+              {% if user_preferences.bug_bounty_mode %}
+                Disable Bug Bounty Mode
+              {% else %}
+                Enable Bug Bounty Mode
+              {% endif %}
+            </span>
+          </a>
           {% if user|can:'modify_system_configurations' %}
           <a href="{% url 'admin_interface' current_project.slug %}" class="dropdown-item notify-item">
             <i class="fe-settings"></i>
diff --git a/web/templates/base/base.html b/web/templates/base/base.html
index 7e2a63620..d17a363e8 100644
--- a/web/templates/base/base.html
+++ b/web/templates/base/base.html
@@ -161,6 +161,24 @@ <h4 class="page-title">{% block page_title %}{% endblock page_title %}</h4>
         });
       }
 
+      function toggleBugBountyMode() {
+        fetch('/api/toggle-bug-bounty-mode/', {
+            method: 'POST',
+            headers: {
+                'X-CSRFToken': getCookie('csrftoken'),
+                'Content-Type': 'application/json',
+            },
+        })
+        .then(response => response.json())
+        .then(data => {
+            location.reload();
+        })
+        .catch(error => {
+            console.error('Error:', error);
+            showNotification('Failed to toggle Bug Bounty Mode', 'error');
+        });
+    }
+
     </script>
     {% if messages %}
       {% for message in messages %}

From cf0672040a9ac8b210726b1ff862262340540784 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Thu, 5 Sep 2024 21:16:21 +0530
Subject: [PATCH 193/211] add snackbar notification and reload timeout

---
 web/templates/base/base.html | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/web/templates/base/base.html b/web/templates/base/base.html
index d17a363e8..dd2c6992f 100644
--- a/web/templates/base/base.html
+++ b/web/templates/base/base.html
@@ -171,7 +171,19 @@ <h4 class="page-title">{% block page_title %}{% endblock page_title %}</h4>
         })
         .then(response => response.json())
         .then(data => {
-            location.reload();
+            Snackbar.show({
+              {% if user_preferences.bug_bounty_mode %}
+                text: 'Bug Bounty Mode disabled successfully',
+              {% else %}
+                text: 'Bug Bounty Mode enabled successfully',
+              {% endif %}
+              pos: 'top-right',
+              actionTextColor: '#42A5F5',
+              duration: 1400
+            });
+            setTimeout(() => {
+              window.location.reload();
+            }, 1500);
         })
         .catch(error => {
             console.error('Error:', error);

From dad36852f69215cfbf34eabf607dd5db3ee2bd11 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Thu, 5 Sep 2024 21:35:30 +0530
Subject: [PATCH 194/211] make minor changes

---
 web/api/urls.py              | 6 +++++-
 web/templates/base/base.html | 1 -
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/web/api/urls.py b/web/api/urls.py
index 92486d7cc..7c1c12802 100644
--- a/web/api/urls.py
+++ b/web/api/urls.py
@@ -241,7 +241,11 @@
         'action/create/project',
         CreateProjectApi.as_view(),
         name='create_project'),
-    path('toggle-bug-bounty-mode/', ToggleBugBountyModeView.as_view(), name='toggle_bug_bounty_mode'),
+    path(
+        'toggle-bug-bounty-mode/', 
+        ToggleBugBountyModeView.as_view(), 
+        name='toggle_bug_bounty_mode'
+    ),
 ]
 
 urlpatterns += router.urls
diff --git a/web/templates/base/base.html b/web/templates/base/base.html
index dd2c6992f..23a6871d7 100644
--- a/web/templates/base/base.html
+++ b/web/templates/base/base.html
@@ -187,7 +187,6 @@ <h4 class="page-title">{% block page_title %}{% endblock page_title %}</h4>
         })
         .catch(error => {
             console.error('Error:', error);
-            showNotification('Failed to toggle Bug Bounty Mode', 'error');
         });
     }
 

From d01e3bd05f13af707abd30703c8bfc2a397b241a Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 6 Sep 2024 07:18:10 +0530
Subject: [PATCH 195/211] cleanup migrations

---
 web/dashboard/migrations/0001_initial.py      | 47 ++++++++++++++++++-
 web/dashboard/migrations/0002_notification.py | 27 -----------
 .../migrations/0003_auto_20240830_0135.py     | 24 ----------
 ...4_rename_notification_inappnotification.py | 17 -------
 ...ter_inappnotification_notification_type.py | 18 -------
 .../0006_inappnotification_status.py          | 18 -------
 .../migrations/0007_auto_20240831_0608.py     | 23 ---------
 web/dashboard/migrations/0008_chaosapikey.py  | 20 --------
 .../migrations/0009_hackeroneapikey.py        | 21 ---------
 .../migrations/0010_userpreferences.py        | 24 ----------
 web/recon_note/migrations/0001_initial.py     |  4 +-
 web/scanEngine/migrations/0001_initial.py     |  3 +-
 .../migrations/0002_hackerone_send_report.py  | 18 -------
 web/startScan/migrations/0001_initial.py      |  6 ++-
 .../migrations/0002_auto_20240821_1518.py     | 29 ------------
 ...url_scanhistory_cfg_starting_point_path.py | 18 -------
 ...004_scanhistory_cfg_imported_subdomains.py | 19 --------
 web/targetApp/migrations/0001_initial.py      |  2 +-
 18 files changed, 56 insertions(+), 282 deletions(-)
 delete mode 100644 web/dashboard/migrations/0002_notification.py
 delete mode 100644 web/dashboard/migrations/0003_auto_20240830_0135.py
 delete mode 100644 web/dashboard/migrations/0004_rename_notification_inappnotification.py
 delete mode 100644 web/dashboard/migrations/0005_alter_inappnotification_notification_type.py
 delete mode 100644 web/dashboard/migrations/0006_inappnotification_status.py
 delete mode 100644 web/dashboard/migrations/0007_auto_20240831_0608.py
 delete mode 100644 web/dashboard/migrations/0008_chaosapikey.py
 delete mode 100644 web/dashboard/migrations/0009_hackeroneapikey.py
 delete mode 100644 web/dashboard/migrations/0010_userpreferences.py
 delete mode 100644 web/scanEngine/migrations/0002_hackerone_send_report.py
 delete mode 100644 web/startScan/migrations/0002_auto_20240821_1518.py
 delete mode 100644 web/startScan/migrations/0003_rename_cfg_starting_point_url_scanhistory_cfg_starting_point_path.py
 delete mode 100644 web/startScan/migrations/0004_scanhistory_cfg_imported_subdomains.py

diff --git a/web/dashboard/migrations/0001_initial.py b/web/dashboard/migrations/0001_initial.py
index 44e9ac9a7..542cb1f17 100644
--- a/web/dashboard/migrations/0001_initial.py
+++ b/web/dashboard/migrations/0001_initial.py
@@ -1,6 +1,8 @@
-# Generated by Django 3.2.23 on 2024-06-19 02:43
+# Generated by Django 3.2.23 on 2024-09-06 01:47
 
+from django.conf import settings
 from django.db import migrations, models
+import django.db.models.deletion
 
 
 class Migration(migrations.Migration):
@@ -8,9 +10,25 @@ class Migration(migrations.Migration):
     initial = True
 
     dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
     ]
 
     operations = [
+        migrations.CreateModel(
+            name='ChaosAPIKey',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False)),
+                ('key', models.CharField(max_length=500)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='HackerOneAPIKey',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False)),
+                ('username', models.CharField(max_length=500)),
+                ('key', models.CharField(max_length=500)),
+            ],
+        ),
         migrations.CreateModel(
             name='NetlasAPIKey',
             fields=[
@@ -49,4 +67,31 @@ class Migration(migrations.Migration):
                 ('query', models.CharField(max_length=1000)),
             ],
         ),
+        migrations.CreateModel(
+            name='UserPreferences',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('bug_bounty_mode', models.BooleanField(default=True)),
+                ('user', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='InAppNotification',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('notification_type', models.CharField(choices=[('system', 'system'), ('project', 'project')], default='system', max_length=10)),
+                ('status', models.CharField(choices=[('success', 'Success'), ('info', 'Informational'), ('warning', 'Warning'), ('error', 'Error')], default='info', max_length=10)),
+                ('title', models.CharField(max_length=255)),
+                ('description', models.TextField()),
+                ('icon', models.CharField(max_length=50)),
+                ('is_read', models.BooleanField(default=False)),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('redirect_link', models.URLField(blank=True, max_length=255, null=True)),
+                ('open_in_new_tab', models.BooleanField(default=False)),
+                ('project', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to='dashboard.project')),
+            ],
+            options={
+                'ordering': ['-created_at'],
+            },
+        ),
     ]
diff --git a/web/dashboard/migrations/0002_notification.py b/web/dashboard/migrations/0002_notification.py
deleted file mode 100644
index 6e9faf78d..000000000
--- a/web/dashboard/migrations/0002_notification.py
+++ /dev/null
@@ -1,27 +0,0 @@
-# Generated by Django 3.2.23 on 2024-08-30 00:47
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('dashboard', '0001_initial'),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name='Notification',
-            fields=[
-                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('title', models.CharField(max_length=255)),
-                ('description', models.TextField()),
-                ('icon', models.CharField(max_length=50)),
-                ('is_read', models.BooleanField(default=False)),
-                ('created_at', models.DateTimeField(auto_now_add=True)),
-            ],
-            options={
-                'ordering': ['-created_at'],
-            },
-        ),
-    ]
diff --git a/web/dashboard/migrations/0003_auto_20240830_0135.py b/web/dashboard/migrations/0003_auto_20240830_0135.py
deleted file mode 100644
index 5e7628e00..000000000
--- a/web/dashboard/migrations/0003_auto_20240830_0135.py
+++ /dev/null
@@ -1,24 +0,0 @@
-# Generated by Django 3.2.23 on 2024-08-30 01:35
-
-from django.db import migrations, models
-import django.db.models.deletion
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('dashboard', '0002_notification'),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name='notification',
-            name='notification_type',
-            field=models.CharField(choices=[('system', 'System-wide'), ('project', 'Project-specific')], default='system', max_length=10),
-        ),
-        migrations.AddField(
-            model_name='notification',
-            name='project',
-            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to='dashboard.project'),
-        ),
-    ]
diff --git a/web/dashboard/migrations/0004_rename_notification_inappnotification.py b/web/dashboard/migrations/0004_rename_notification_inappnotification.py
deleted file mode 100644
index 2bc145eed..000000000
--- a/web/dashboard/migrations/0004_rename_notification_inappnotification.py
+++ /dev/null
@@ -1,17 +0,0 @@
-# Generated by Django 3.2.23 on 2024-08-30 01:40
-
-from django.db import migrations
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('dashboard', '0003_auto_20240830_0135'),
-    ]
-
-    operations = [
-        migrations.RenameModel(
-            old_name='Notification',
-            new_name='InAppNotification',
-        ),
-    ]
diff --git a/web/dashboard/migrations/0005_alter_inappnotification_notification_type.py b/web/dashboard/migrations/0005_alter_inappnotification_notification_type.py
deleted file mode 100644
index 49a5af804..000000000
--- a/web/dashboard/migrations/0005_alter_inappnotification_notification_type.py
+++ /dev/null
@@ -1,18 +0,0 @@
-# Generated by Django 3.2.23 on 2024-08-31 01:21
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('dashboard', '0004_rename_notification_inappnotification'),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name='inappnotification',
-            name='notification_type',
-            field=models.CharField(choices=[('system', 'system'), ('project', 'project')], default='system', max_length=10),
-        ),
-    ]
diff --git a/web/dashboard/migrations/0006_inappnotification_status.py b/web/dashboard/migrations/0006_inappnotification_status.py
deleted file mode 100644
index c674b7844..000000000
--- a/web/dashboard/migrations/0006_inappnotification_status.py
+++ /dev/null
@@ -1,18 +0,0 @@
-# Generated by Django 3.2.23 on 2024-08-31 02:29
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('dashboard', '0005_alter_inappnotification_notification_type'),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name='inappnotification',
-            name='status',
-            field=models.CharField(choices=[('success', 'Success'), ('info', 'Informational'), ('warning', 'Warning'), ('error', 'Error')], default='info', max_length=10),
-        ),
-    ]
diff --git a/web/dashboard/migrations/0007_auto_20240831_0608.py b/web/dashboard/migrations/0007_auto_20240831_0608.py
deleted file mode 100644
index 34acda1c6..000000000
--- a/web/dashboard/migrations/0007_auto_20240831_0608.py
+++ /dev/null
@@ -1,23 +0,0 @@
-# Generated by Django 3.2.23 on 2024-08-31 06:08
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('dashboard', '0006_inappnotification_status'),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name='inappnotification',
-            name='open_in_new_tab',
-            field=models.BooleanField(default=False),
-        ),
-        migrations.AddField(
-            model_name='inappnotification',
-            name='redirect_link',
-            field=models.URLField(blank=True, max_length=255, null=True),
-        ),
-    ]
diff --git a/web/dashboard/migrations/0008_chaosapikey.py b/web/dashboard/migrations/0008_chaosapikey.py
deleted file mode 100644
index 0ffdbb929..000000000
--- a/web/dashboard/migrations/0008_chaosapikey.py
+++ /dev/null
@@ -1,20 +0,0 @@
-# Generated by Django 3.2.23 on 2024-08-31 12:27
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('dashboard', '0007_auto_20240831_0608'),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name='ChaosAPIKey',
-            fields=[
-                ('id', models.AutoField(primary_key=True, serialize=False)),
-                ('key', models.CharField(max_length=500)),
-            ],
-        ),
-    ]
diff --git a/web/dashboard/migrations/0009_hackeroneapikey.py b/web/dashboard/migrations/0009_hackeroneapikey.py
deleted file mode 100644
index 74799e4a3..000000000
--- a/web/dashboard/migrations/0009_hackeroneapikey.py
+++ /dev/null
@@ -1,21 +0,0 @@
-# Generated by Django 3.2.23 on 2024-09-02 01:51
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('dashboard', '0008_chaosapikey'),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name='HackerOneAPIKey',
-            fields=[
-                ('id', models.AutoField(primary_key=True, serialize=False)),
-                ('username', models.CharField(max_length=500)),
-                ('key', models.CharField(max_length=500)),
-            ],
-        ),
-    ]
diff --git a/web/dashboard/migrations/0010_userpreferences.py b/web/dashboard/migrations/0010_userpreferences.py
deleted file mode 100644
index ad643af93..000000000
--- a/web/dashboard/migrations/0010_userpreferences.py
+++ /dev/null
@@ -1,24 +0,0 @@
-# Generated by Django 3.2.23 on 2024-09-05 14:43
-
-from django.conf import settings
-from django.db import migrations, models
-import django.db.models.deletion
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
-        ('dashboard', '0009_hackeroneapikey'),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name='UserPreferences',
-            fields=[
-                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
-                ('bug_bounty_mode', models.BooleanField(default=True)),
-                ('user', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
-            ],
-        ),
-    ]
diff --git a/web/recon_note/migrations/0001_initial.py b/web/recon_note/migrations/0001_initial.py
index c9dff4ce9..b4763f571 100644
--- a/web/recon_note/migrations/0001_initial.py
+++ b/web/recon_note/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 3.2.23 on 2024-06-19 02:43
+# Generated by Django 3.2.23 on 2024-09-06 01:47
 
 from django.db import migrations, models
 import django.db.models.deletion
@@ -9,8 +9,8 @@ class Migration(migrations.Migration):
     initial = True
 
     dependencies = [
-        ('startScan', '0001_initial'),
         ('dashboard', '0001_initial'),
+        ('startScan', '0001_initial'),
     ]
 
     operations = [
diff --git a/web/scanEngine/migrations/0001_initial.py b/web/scanEngine/migrations/0001_initial.py
index aa0dcfc18..2d58745f2 100644
--- a/web/scanEngine/migrations/0001_initial.py
+++ b/web/scanEngine/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 3.2.23 on 2024-06-19 02:43
+# Generated by Django 3.2.23 on 2024-09-06 01:47
 
 from django.db import migrations, models
 
@@ -35,6 +35,7 @@ class Migration(migrations.Migration):
                 ('id', models.AutoField(primary_key=True, serialize=False)),
                 ('username', models.CharField(blank=True, max_length=100, null=True)),
                 ('api_key', models.CharField(blank=True, max_length=200, null=True)),
+                ('send_report', models.BooleanField(blank=True, default=False, null=True)),
                 ('send_critical', models.BooleanField(default=True)),
                 ('send_high', models.BooleanField(default=True)),
                 ('send_medium', models.BooleanField(default=False)),
diff --git a/web/scanEngine/migrations/0002_hackerone_send_report.py b/web/scanEngine/migrations/0002_hackerone_send_report.py
deleted file mode 100644
index 7c40fa8fa..000000000
--- a/web/scanEngine/migrations/0002_hackerone_send_report.py
+++ /dev/null
@@ -1,18 +0,0 @@
-# Generated by Django 3.2.23 on 2024-09-02 02:51
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('scanEngine', '0001_initial'),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name='hackerone',
-            name='send_report',
-            field=models.BooleanField(blank=True, default=False, null=True),
-        ),
-    ]
diff --git a/web/startScan/migrations/0001_initial.py b/web/startScan/migrations/0001_initial.py
index a27191207..303f2c6da 100644
--- a/web/startScan/migrations/0001_initial.py
+++ b/web/startScan/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 3.2.23 on 2024-06-19 02:43
+# Generated by Django 3.2.23 on 2024-09-06 01:47
 
 from django.conf import settings
 import django.contrib.postgres.fields
@@ -158,6 +158,10 @@ class Migration(migrations.Migration):
                 ('stop_scan_date', models.DateTimeField(blank=True, null=True)),
                 ('used_gf_patterns', models.CharField(blank=True, max_length=500, null=True)),
                 ('error_message', models.CharField(blank=True, max_length=300, null=True)),
+                ('cfg_out_of_scope_subdomains', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(max_length=200), blank=True, default=list, null=True, size=None)),
+                ('cfg_starting_point_path', models.CharField(blank=True, max_length=200, null=True)),
+                ('cfg_excluded_paths', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(max_length=200), blank=True, default=list, null=True, size=None)),
+                ('cfg_imported_subdomains', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(max_length=200), blank=True, default=list, null=True, size=None)),
                 ('aborted_by', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='aborted_scans', to=settings.AUTH_USER_MODEL)),
                 ('buckets', models.ManyToManyField(blank=True, related_name='buckets', to='startScan.S3Bucket')),
                 ('domain', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='targetApp.domain')),
diff --git a/web/startScan/migrations/0002_auto_20240821_1518.py b/web/startScan/migrations/0002_auto_20240821_1518.py
deleted file mode 100644
index 03dd158b3..000000000
--- a/web/startScan/migrations/0002_auto_20240821_1518.py
+++ /dev/null
@@ -1,29 +0,0 @@
-# Generated by Django 3.2.23 on 2024-08-21 15:18
-
-import django.contrib.postgres.fields
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('startScan', '0001_initial'),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name='scanhistory',
-            name='cfg_excluded_paths',
-            field=django.contrib.postgres.fields.ArrayField(base_field=models.CharField(max_length=200), blank=True, default=list, null=True, size=None),
-        ),
-        migrations.AddField(
-            model_name='scanhistory',
-            name='cfg_out_of_scope_subdomains',
-            field=django.contrib.postgres.fields.ArrayField(base_field=models.CharField(max_length=200), blank=True, default=list, null=True, size=None),
-        ),
-        migrations.AddField(
-            model_name='scanhistory',
-            name='cfg_starting_point_url',
-            field=models.CharField(blank=True, max_length=200, null=True),
-        ),
-    ]
diff --git a/web/startScan/migrations/0003_rename_cfg_starting_point_url_scanhistory_cfg_starting_point_path.py b/web/startScan/migrations/0003_rename_cfg_starting_point_url_scanhistory_cfg_starting_point_path.py
deleted file mode 100644
index e5f005bf1..000000000
--- a/web/startScan/migrations/0003_rename_cfg_starting_point_url_scanhistory_cfg_starting_point_path.py
+++ /dev/null
@@ -1,18 +0,0 @@
-# Generated by Django 3.2.23 on 2024-08-21 15:40
-
-from django.db import migrations
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('startScan', '0002_auto_20240821_1518'),
-    ]
-
-    operations = [
-        migrations.RenameField(
-            model_name='scanhistory',
-            old_name='cfg_starting_point_url',
-            new_name='cfg_starting_point_path',
-        ),
-    ]
diff --git a/web/startScan/migrations/0004_scanhistory_cfg_imported_subdomains.py b/web/startScan/migrations/0004_scanhistory_cfg_imported_subdomains.py
deleted file mode 100644
index 992199df5..000000000
--- a/web/startScan/migrations/0004_scanhistory_cfg_imported_subdomains.py
+++ /dev/null
@@ -1,19 +0,0 @@
-# Generated by Django 3.2.23 on 2024-08-22 04:26
-
-import django.contrib.postgres.fields
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('startScan', '0003_rename_cfg_starting_point_url_scanhistory_cfg_starting_point_path'),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name='scanhistory',
-            name='cfg_imported_subdomains',
-            field=django.contrib.postgres.fields.ArrayField(base_field=models.CharField(max_length=200), blank=True, default=list, null=True, size=None),
-        ),
-    ]
diff --git a/web/targetApp/migrations/0001_initial.py b/web/targetApp/migrations/0001_initial.py
index fb74ba395..0bfbc1a50 100644
--- a/web/targetApp/migrations/0001_initial.py
+++ b/web/targetApp/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 3.2.23 on 2024-06-19 02:43
+# Generated by Django 3.2.23 on 2024-09-06 01:47
 
 from django.db import migrations, models
 import django.db.models.deletion

From 3e87a768415b4d7e257171c0e77adac60bff7f14 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 6 Sep 2024 11:40:15 +0530
Subject: [PATCH 196/211] remove watchmedo in production

---
 web/celery-entrypoint.sh | 97 ++++++++++++++++++++++++++++------------
 1 file changed, 69 insertions(+), 28 deletions(-)

diff --git a/web/celery-entrypoint.sh b/web/celery-entrypoint.sh
index 15171f2d6..1893ddee6 100755
--- a/web/celery-entrypoint.sh
+++ b/web/celery-entrypoint.sh
@@ -1,5 +1,8 @@
 #!/bin/bash
 
+# print * 100 times
+printf "*%.0s" {1..100}
+
 python3 manage.py makemigrations
 python3 manage.py migrate
 python3 manage.py collectstatic --no-input --clear
@@ -151,8 +154,6 @@ then
   chmod +x /usr/src/github/goofuzz/GooFuzz
 fi
 
-exec "$@"
-
 # httpx seems to have issue, use alias instead!!!
 echo 'alias httpx="/go/bin/httpx"' >> ~/.bashrc
 
@@ -167,29 +168,69 @@ if [ "$DEBUG" == "1" ]; then
     loglevel='debug'
 fi
 
-# watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --autoscale=10,0 -l INFO -Q scan_queue &
-echo "Starting Workers..."
-echo "Starting Main Scan Worker with Concurrency: $MAX_CONCURRENCY,$MIN_CONCURRENCY"
-watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --loglevel=$loglevel --autoscale=$MAX_CONCURRENCY,$MIN_CONCURRENCY -Q main_scan_queue &
-watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/api/" -- celery -A api.shared_api_tasks worker --loglevel=$loglevel --concurrency=30 -Q api_queue &
-watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=30 --loglevel=$loglevel -Q initiate_scan_queue -n initiate_scan_worker &
-watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=30 --loglevel=$loglevel -Q subscan_queue -n subscan_worker &
-watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=20 --loglevel=$loglevel -Q report_queue -n report_worker &
-watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=10 --loglevel=$loglevel -Q send_notif_queue -n send_notif_worker &
-watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=10 --loglevel=$loglevel -Q send_scan_notif_queue -n send_scan_notif_worker &
-watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=10 --loglevel=$loglevel -Q send_task_notif_queue -n send_task_notif_worker &
-watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=5 --loglevel=$loglevel -Q send_file_to_discord_queue -n send_file_to_discord_worker &
-watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=5 --loglevel=$loglevel -Q send_hackerone_report_queue -n send_hackerone_report_worker &
-watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=10 --loglevel=$loglevel -Q parse_nmap_results_queue -n parse_nmap_results_worker &
-watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=20 --loglevel=$loglevel -Q geo_localize_queue -n geo_localize_worker &
-watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=10 --loglevel=$loglevel -Q query_whois_queue -n query_whois_worker &
-watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=30 --loglevel=$loglevel -Q remove_duplicate_endpoints_queue -n remove_duplicate_endpoints_worker &
-watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=50 --loglevel=$loglevel -Q run_command_queue -n run_command_worker &
-watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=10 --loglevel=$loglevel -Q query_reverse_whois_queue -n query_reverse_whois_worker &
-watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=10 --loglevel=$loglevel -Q query_ip_history_queue -n query_ip_history_worker &
-watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=30 --loglevel=$loglevel -Q llm_queue -n llm_worker &
-watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=10 --loglevel=$loglevel -Q dorking_queue -n dorking_worker &
-watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=10 --loglevel=$loglevel -Q osint_discovery_queue -n osint_discovery_worker &
-watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=10 --loglevel=$loglevel -Q h8mail_queue -n h8mail_worker &
-watchmedo auto-restart --recursive --pattern="*.py" --directory="/usr/src/app/reNgine/" -- celery -A reNgine.tasks worker --pool=gevent --concurrency=10 --loglevel=$loglevel -Q theHarvester_queue -n theHarvester_worker
-exec "$@"
+generate_worker_command() {
+    local queue=$1
+    local concurrency=$2
+    local worker_name=$3
+    local app=${4:-"reNgine.tasks"}
+    local directory=${5:-"/usr/src/app/reNgine/"}
+
+    local base_command="celery -A $app worker --pool=gevent --autoscale=$concurrency,1 --loglevel=$loglevel -Q $queue -n $worker_name" --optimization=fair
+
+    if [ "$DEBUG" == "1" ]; then
+        echo "watchmedo auto-restart --recursive --pattern=\"*.py\" --directory=\"$directory\" -- $base_command &"
+    else
+        echo "$base_command &"
+    fi
+}
+
+echo "Starting Celery Workers..."
+
+commands=""
+
+# Main scan worker
+if [ "$DEBUG" == "1" ]; then
+    commands+="watchmedo auto-restart --recursive --pattern=\"*.py\" --directory=\"/usr/src/app/reNgine/\" -- celery -A reNgine.tasks worker --loglevel=$loglevel --optimization=fair --autoscale=$MAX_CONCURRENCY,$MIN_CONCURRENCY -Q main_scan_queue &"$'\n'
+else
+    commands+="celery -A reNgine.tasks worker --loglevel=$loglevel --optimization=fair --autoscale=$MAX_CONCURRENCY,$MIN_CONCURRENCY -Q main_scan_queue &"$'\n'
+fi
+
+# API shared task worker
+if [ "$DEBUG" == "1" ]; then
+    commands+="watchmedo auto-restart --recursive --pattern=\"*.py\" --directory=\"/usr/src/app/api/\" -- celery -A api.shared_api_tasks worker --pool=gevent --optimization=fair --concurrency=30 --loglevel=$loglevel -Q api_queue -n api_worker &"$'\n'
+else
+    commands+="celery -A api.shared_api_tasks worker --pool=gevent --concurrency=30 --optimization=fair --loglevel=$loglevel -Q api_queue -n api_worker &"$'\n'
+fi
+
+# worker format: "queue_name:concurrency:worker_name"
+workers=(
+    "initiate_scan_queue:30:initiate_scan_worker"
+    "subscan_queue:30:subscan_worker"
+    "report_queue:20:report_worker"
+    "send_notif_queue:10:send_notif_worker"
+    "send_task_notif_queue:10:send_task_notif_worker"
+    "send_file_to_discord_queue:5:send_file_to_discord_worker"
+    "send_hackerone_report_queue:5:send_hackerone_report_worker"
+    "parse_nmap_results_queue:10:parse_nmap_results_worker"
+    "geo_localize_queue:20:geo_localize_worker"
+    "query_whois_queue:10:query_whois_worker"
+    "remove_duplicate_endpoints_queue:30:remove_duplicate_endpoints_worker"
+    "run_command_queue:50:run_command_worker"
+    "query_reverse_whois_queue:10:query_reverse_whois_worker"
+    "query_ip_history_queue:10:query_ip_history_worker"
+    "llm_queue:30:llm_worker"
+    "dorking_queue:10:dorking_worker"
+    "osint_discovery_queue:10:osint_discovery_worker"
+    "h8mail_queue:10:h8mail_worker"
+    "theHarvester_queue:10:theHarvester_worker"
+)
+
+for worker in "${workers[@]}"; do
+    IFS=':' read -r queue concurrency worker_name <<< "$worker"
+    commands+="$(generate_worker_command "$queue" "$concurrency" "$worker_name")"$'\n'
+done
+commands="${commands%&}"
+
+eval "$commands"
+
+wait
\ No newline at end of file

From 95e2a2f38f40cea531fd89e9f2986b01ed9cba07 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 6 Sep 2024 11:41:59 +0530
Subject: [PATCH 197/211] remove debug code

---
 web/celery-entrypoint.sh | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/web/celery-entrypoint.sh b/web/celery-entrypoint.sh
index 1893ddee6..952ebbe6a 100755
--- a/web/celery-entrypoint.sh
+++ b/web/celery-entrypoint.sh
@@ -1,8 +1,5 @@
 #!/bin/bash
 
-# print * 100 times
-printf "*%.0s" {1..100}
-
 python3 manage.py makemigrations
 python3 manage.py migrate
 python3 manage.py collectstatic --no-input --clear

From 83fdccf3fb487534b172ee29c616932330c3bb3b Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 6 Sep 2024 11:58:06 +0530
Subject: [PATCH 198/211] fix inapp notifications

---
 web/celery-entrypoint.sh | 1 +
 web/reNgine/tasks.py     | 5 ++---
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/web/celery-entrypoint.sh b/web/celery-entrypoint.sh
index 952ebbe6a..54e014cc3 100755
--- a/web/celery-entrypoint.sh
+++ b/web/celery-entrypoint.sh
@@ -220,6 +220,7 @@ workers=(
     "osint_discovery_queue:10:osint_discovery_worker"
     "h8mail_queue:10:h8mail_worker"
     "theHarvester_queue:10:theHarvester_worker"
+    "send_scan_notif_queue:10:send_scan_notif_worker"
 )
 
 for worker in "${workers[@]}"; do
diff --git a/web/reNgine/tasks.py b/web/reNgine/tasks.py
index 2fa1b89cf..e08c1f9e9 100644
--- a/web/reNgine/tasks.py
+++ b/web/reNgine/tasks.py
@@ -3090,7 +3090,8 @@ def send_scan_notif(
 		subscan_id (int, optional): SuScan id.
 		engine_id (int, optional): EngineType id.
 	"""
-
+	# send inmap notification in any case
+	generate_inapp_notification(scan, subscan, status, engine, fields)
 	# Skip send if notification settings are not configured
 	notif = Notification.objects.first()
 	if not (notif and notif.send_scan_status_notif):
@@ -3120,8 +3121,6 @@ def send_scan_notif(
 	}
 	logger.warning(f'Sending notification "{title}" [{severity}]')
 
-	generate_inapp_notification(scan, subscan, status, engine, fields)
-
 	# Send notification
 	send_notif(
 		msg,

From 21bd8d3e5728670cad7c0e69345a793e83b9dd8d Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 6 Sep 2024 12:09:33 +0530
Subject: [PATCH 199/211] fix reverse whois task

---
 web/reNgine/tasks.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/reNgine/tasks.py b/web/reNgine/tasks.py
index e08c1f9e9..2806746d0 100644
--- a/web/reNgine/tasks.py
+++ b/web/reNgine/tasks.py
@@ -4643,7 +4643,7 @@ def query_reverse_whois(lookup_keyword):
 		dict: Reverse WHOIS information.
 	"""
 
-	return get_associated_domains(lookup_keyword)
+	return reverse_whois(lookup_keyword)
 
 
 @app.task(name='query_ip_history', bind=False, queue='query_ip_history_queue')

From 03b60a982d94d7245063d9b288fce657e9dafb3f Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 6 Sep 2024 12:16:35 +0530
Subject: [PATCH 200/211] Add hackerone imported organization description

---
 web/api/shared_api_tasks.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/api/shared_api_tasks.py b/web/api/shared_api_tasks.py
index 258b2ad25..1b9a58106 100644
--- a/web/api/shared_api_tasks.py
+++ b/web/api/shared_api_tasks.py
@@ -74,7 +74,7 @@ def fetch_program_details_from_hackerone(program_handle):
 					targets=assets,
 					project_slug=project_slug,
 					organization_name=program_name,
-					org_description=None,
+					org_description='Imported from Hackerone',
 					h1_team_handle=handle
 				)
 

From bb35333216a4d511f9946606b3e15290fde20af4 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 6 Sep 2024 13:02:48 +0530
Subject: [PATCH 201/211] remove assets that are not eligible for submission

---
 web/api/shared_api_tasks.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/web/api/shared_api_tasks.py b/web/api/shared_api_tasks.py
index 1b9a58106..d21ca23fa 100644
--- a/web/api/shared_api_tasks.py
+++ b/web/api/shared_api_tasks.py
@@ -56,9 +56,13 @@ def fetch_program_details_from_hackerone(program_handle):
 				for scope in scopes:
 					asset_type = scope['attributes']['asset_type']
 					asset_identifier = scope['attributes']['asset_identifier']
+					eligible_for_submission = scope['attributes']['eligible_for_submission']
+
+					# for now we should ignore the scope that are not eligible for submission
+					# in future release we will add this in target out_of_scope
 
 					# we need to filter the scope that are supported by reNgine now
-					if asset_type in HACKERONE_ALLOWED_ASSET_TYPES:
+					if asset_type in HACKERONE_ALLOWED_ASSET_TYPES and eligible_for_submission:
 						assets.append(asset_identifier)
 					
 					# in some cases asset_type is OTHER and may contain the asset

From 6dfce27136988feac14a66120089f4d7f79697c8 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 6 Sep 2024 13:18:50 +0530
Subject: [PATCH 202/211] fix swal while deleting multiple targets

---
 .../static/targetApp/js/custom_domain.js      | 45 ++++++++++++-------
 web/targetApp/views.py                        |  3 +-
 2 files changed, 32 insertions(+), 16 deletions(-)

diff --git a/web/targetApp/static/targetApp/js/custom_domain.js b/web/targetApp/static/targetApp/js/custom_domain.js
index f78a9bf07..9d2b24a57 100644
--- a/web/targetApp/static/targetApp/js/custom_domain.js
+++ b/web/targetApp/static/targetApp/js/custom_domain.js
@@ -64,32 +64,47 @@ function scanMultipleTargets(slug) {
 
 function deleteMultipleTargets(slug) {
   if (!checkedCount()) {
-    swal({
+    Swal.fire({
       title: '',
-      text: "Oops! No targets has been selected!",
-      type: 'error',
+      text: "Oops! No targets have been selected!",
+      icon: 'error',
       padding: '2em'
-    })
-  }
-  else {
-    // atleast one target is selected
-    swal.queue([{
-      title: 'Are you sure you want to delete '+ checkedCount() +' targets?',
+    });
+  } else {
+    // At least one target is selected
+    Swal.fire({
+      title: 'Are you sure you want to delete ' + checkedCount() + ' targets?',
       text: "This action is irreversible.\nThis will also delete all the scan history and vulnerabilities related to the targets.",
-      type: 'warning',
+      icon: 'warning',
       showCancelButton: true,
       confirmButtonText: 'Delete',
       padding: '2em',
       showLoaderOnConfirm: true,
-      preConfirm: function() {
-        deleteForm = document.getElementById("multiple_targets_form");
-        deleteForm.action = `/target/${slug}/delete/multiple`;
-        deleteForm.submit();
+      preConfirm: () => {
+        return new Promise((resolve) => {
+          Swal.update({
+            title: '',
+            text: 'Deleting ' + checkedCount() + ' targets..., this may take a while.',
+            icon: 'warning',
+            showCancelButton: false,
+            showConfirmButton: false,
+            allowOutsideClick: false,
+          });
+          
+          setTimeout(() => {
+            const deleteForm = document.getElementById("multiple_targets_form");
+            deleteForm.action = `/target/${slug}/delete/multiple`;
+            deleteForm.submit();
+          }, 500);  // 500ms delay
+        });
       }
-    }])
+    });
   }
 }
 
+
+
+
 function toggleMultipleTargetButton() {
   if (checkedCount() > 0) {
     $("#scan_multiple_button").removeClass("disabled");
diff --git a/web/targetApp/views.py b/web/targetApp/views.py
index 24265faf6..39991ccce 100644
--- a/web/targetApp/views.py
+++ b/web/targetApp/views.py
@@ -331,11 +331,12 @@ def delete_targets(request, slug):
         list_of_domains = []
         for key, value in request.POST.items():
             if key != "list_target_table_length" and key != "csrfmiddlewaretoken":
+                list_of_domains.append(value)
                 Domain.objects.filter(id=value).delete()
         messages.add_message(
             request,
             messages.INFO,
-            'Targets deleted!')
+            f'{len(list_of_domains)} targets deleted!')
     return http.HttpResponseRedirect(reverse('list_target', kwargs={'slug': slug}))
 
 

From 25ec1b6ec666e82fab702184cd190d571fb58af8 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 6 Sep 2024 13:38:40 +0530
Subject: [PATCH 203/211] remove out of scope items from modal

---
 web/static/custom/bountyhub.js | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/web/static/custom/bountyhub.js b/web/static/custom/bountyhub.js
index d298c3d77..b7a2c61dd 100644
--- a/web/static/custom/bountyhub.js
+++ b/web/static/custom/bountyhub.js
@@ -328,7 +328,7 @@ function see_detail(handle) {
         .then(data => {
             Swal.close();
 
-            populateModal(data);
+            populateHackeroneDetailModel(data);
         })
         .catch(error => {
             console.error('Error:', error);
@@ -341,7 +341,7 @@ function see_detail(handle) {
 }
 
 
-function populateModal(data) {
+function populateHackeroneDetailModel(data) {
     const attributes = data.attributes;
 
     const modalHTML = `
@@ -409,6 +409,7 @@ function populateModal(data) {
     const modal = new bootstrap.Modal(document.getElementById('programDetailModal'));
     modal.show();
 }
+
 function populateBadges(attributes) {
     const badgeContainer = document.getElementById('badgeContainer');
     const badges = [
@@ -459,20 +460,22 @@ function populateAssetAccordion(data) {
 
     data.relationships.structured_scopes.data.forEach(scope => {
         const type = scope.attributes.asset_type;
-        if (assetTypes.hasOwnProperty(type)) {
+        const eligible_for_submission = scope.attributes.eligible_for_submission;
+        if (assetTypes.hasOwnProperty(type) && eligible_for_submission) {
             assetTypes[type].push(scope.attributes.asset_identifier);
         }
     });
 
     Object.entries(assetTypes).forEach(([type, assets], index) => {
+        console.log(assets)
         if (assets.length > 0) {
-            const item = createAccordionItem(type, assets, index);
+            const item = createInScopeAccordionItem(type, assets, index);
             accordion.appendChild(item);
         }
     });
 }
 
-function createAccordionItem(type, assets, index) {
+function createInScopeAccordionItem(type, assets, index) {
     const item = document.createElement('div');
     item.className = 'accordion-item border-0 mb-3';
     item.innerHTML = `

From cf6448ddf5ddb626416d749e75f8b150b793fe5c Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 6 Sep 2024 14:08:57 +0530
Subject: [PATCH 204/211] Add hackerone handle while adding target

---
 web/api/views.py               | 5 +++++
 web/static/custom/bountyhub.js | 8 +++++---
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/web/api/views.py b/web/api/views.py
index 2ecbaf523..2b0dde37f 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -920,6 +920,11 @@ def post(self, request):
 		h1_team_handle = data.get('h1_team_handle')
 		description = data.get('description')
 		domain_name = data.get('domain_name')
+		# remove wild card from domain
+		domain_name = domain_name.replace('*', '')
+		# if domain_name begins with . remove that
+		if domain_name.startswith('.'):
+			domain_name = domain_name[1:]
 		organization_name = data.get('organization')
 		slug = data.get('slug')
 
diff --git a/web/static/custom/bountyhub.js b/web/static/custom/bountyhub.js
index b7a2c61dd..1dbcf30a6 100644
--- a/web/static/custom/bountyhub.js
+++ b/web/static/custom/bountyhub.js
@@ -454,6 +454,8 @@ function populateBadges(attributes) {
 
 function populateAssetAccordion(data) {
     const accordion = document.getElementById('assetAccordion');
+    const hackerone_handle = data.attributes.handle;
+    const program_name = data.attributes.name;
     const assetTypes = {
         WILDCARD: [], DOMAIN: [], IP_ADDRESS: [], CIDR: [], URL: []
     };
@@ -469,13 +471,13 @@ function populateAssetAccordion(data) {
     Object.entries(assetTypes).forEach(([type, assets], index) => {
         console.log(assets)
         if (assets.length > 0) {
-            const item = createInScopeAccordionItem(type, assets, index);
+            const item = createInScopeAccordionItem(type, assets, hackerone_handle, program_name);
             accordion.appendChild(item);
         }
     });
 }
 
-function createInScopeAccordionItem(type, assets, index) {
+function createInScopeAccordionItem(type, assets, hackerone_handle, program_name) {
     const item = document.createElement('div');
     item.className = 'accordion-item border-0 mb-3';
     item.innerHTML = `
@@ -491,7 +493,7 @@ function createInScopeAccordionItem(type, assets, index) {
                 <div class="row row-cols-1 row-cols-md-2 row-cols-lg-3 g-4">
                     ${assets.map(asset => `
                         <div class="col">
-                            <div class="card h-100 asset-card shadow-sm program-modal-asset-card" onclick="add_target('${asset}')">
+                            <div class="card h-100 asset-card shadow-sm program-modal-asset-card" onclick="add_target(domain_name='${asset}', h1_handle='${hackerone_handle}', description='${program_name} (Hackerone Program)')">
                                 <div class="card-body d-flex flex-column justify-content-between">
                                     <h5 class="card-title program-asset-name" data-bs-toggle="tooltip" title="${asset}">
                                         <i class="${getIconForAssetType(type)} me-2"></i>

From 7ad2eb2ff51a270cc875821f44d06a5922e9bb45 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 6 Sep 2024 14:18:29 +0530
Subject: [PATCH 205/211] Add hackerone team handle badge in target section

---
 web/targetApp/templates/target/list.html | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/web/targetApp/templates/target/list.html b/web/targetApp/templates/target/list.html
index e0940982e..db287e4ab 100644
--- a/web/targetApp/templates/target/list.html
+++ b/web/targetApp/templates/target/list.html
@@ -150,10 +150,13 @@ <h4 class="headline-title">Filters</h4>
 				{
 					'data': 'start_scan_date_humanized'
 				},
+				{
+					'data': 'h1_team_handle'
+				}
 			],
 			"columnDefs":[
 				{ 'orderable': false, 'targets': [0, 3, 6]},
-				{ 'visible': false, 'targets': [1, 7, 8, 9, 10, 11] },
+				{ 'visible': false, 'targets': [1, 7, 8, 9, 10, 11, 12] },
 				{
 					"targets":0, "width":"20px", "className":"", "orderable":!1, render:function(e, a, t, n) {
 					return'<div class="form-check mb-2 form-check-primary"><input type="checkbox" name="targets_checkbox['+ e + ']" class="float-start form-check-input targets_checkbox" value="' + e + '" onchange=toggleMultipleTargetButton()>\n<span class="new-control-indicator"></span><span style="visibility:hidden">c</span></div>'
@@ -174,6 +177,11 @@ <h4 class="headline-title">Filters</h4>
 							content += `<br><a href="/scan/{{current_project.slug}}/detail/${row.most_recent_scan}" class="text-primary">Recent Scan&nbsp;<svg xmlns="http://www.w3.org/2000/svg" width="15" height="15" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" class="feather feather-external-link"><path d="M18 13v6a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2V8a2 2 0 0 1 2-2h6"></path><polyline points="15 3 21 3 21 9"></polyline><line x1="10" y1="14" x2="21" y2="3"></line></svg></a>`;
 						}
 
+						// if bounty mode is enabled show target hackerone handle, when clicked must take to hackerone program
+						{% if user_preferences.bug_bounty_mode %}
+							content += `<br><a class="badge badge-soft-pink me-1 mb-1" data-toggle="tooltip" data-placement="top" title="Hackerone Handle" href="https://hackerone.com/${row.h1_team_handle}" target="_blank">${row.h1_team_handle}</a>`;
+						{% endif %}
+
 						return content;
 					},
 					"targets": 2,

From d3631ceed7731f1765f198778a1d82e0382f30b7 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 6 Sep 2024 14:28:29 +0530
Subject: [PATCH 206/211] Add organization while adding target

---
 web/api/views.py              | 46 +++++++++++++++--------------------
 web/reNgine/database_utils.py |  3 +++
 2 files changed, 22 insertions(+), 27 deletions(-)

diff --git a/web/api/views.py b/web/api/views.py
index 2b0dde37f..fcea8abd9 100644
--- a/web/api/views.py
+++ b/web/api/views.py
@@ -24,6 +24,7 @@
 from recon_note.models import *
 from reNgine.celery import app
 from reNgine.common_func import *
+from reNgine.database_utils import *
 from reNgine.definitions import ABORTED_TASK
 from reNgine.tasks import *
 from reNgine.llm import *
@@ -932,35 +933,26 @@ def post(self, request):
 		if not validators.domain(domain_name):
 			return Response({'status': False, 'message': 'Invalid domain or IP'})
 
-		project = Project.objects.get(slug=slug)
-
-		# Create domain object in DB
-		domain, _ = Domain.objects.get_or_create(name=domain_name)
-		domain.project = project
-		domain.h1_team_handle = h1_team_handle
-		domain.description = description
-		if not domain.insert_date:
-			domain.insert_date = timezone.now()
-		domain.save()
-
-		# Create org object in DB
-		if organization_name:
-			organization_obj = None
-			organization_query = Organization.objects.filter(name=organization_name)
-			if organization_query.exists():
-				organization_obj = organization_query[0]
-			else:
-				organization_obj = Organization.objects.create(
-					name=organization_name,
-					project=project,
-					insert_date=timezone.now())
-			organization_obj.domains.add(domain)
+		status = bulk_import_targets(
+			targets=[{
+				'name': domain_name,
+				'description': description,
+			}],
+			organization_name=organization_name,
+			h1_team_handle=h1_team_handle,
+			project_slug=slug
+		)
 
+		if status:
+			return Response({
+				'status': True,
+				'message': 'Domain successfully added as target !',
+				'domain_name': domain_name,
+				# 'domain_id': domain.id
+			})
 		return Response({
-			'status': True,
-			'message': 'Domain successfully added as target !',
-			'domain_name': domain_name,
-			'domain_id': domain.id
+			'status': False,
+			'message': 'Failed to add as target !'
 		})
 
 
diff --git a/web/reNgine/database_utils.py b/web/reNgine/database_utils.py
index 48cdabfcc..1faaa3580 100644
--- a/web/reNgine/database_utils.py
+++ b/web/reNgine/database_utils.py
@@ -30,6 +30,9 @@ def bulk_import_targets(
 			organization_name (str): name of the organization to tag these targets
 			org_description (str): description of the organization
 			h1_team_handle (str): hackerone team handle (if imported from hackerone)
+
+		Returns:
+			bool: True if new targets are imported, False otherwise
 	"""
 	new_targets_imported = False
 	project = Project.objects.get(slug=project_slug)

From 8bcdfa156d89550f56caa4d9145d9a4d7271dfd5 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 6 Sep 2024 14:40:22 +0530
Subject: [PATCH 207/211] put hackerone handle inside user pref enable bug
 bounty mode

---
 web/targetApp/templates/target/add.html    | 4 ++++
 web/targetApp/templates/target/update.html | 2 ++
 web/targetApp/views.py                     | 4 ++--
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/web/targetApp/templates/target/add.html b/web/targetApp/templates/target/add.html
index a37c05905..3a008a48e 100644
--- a/web/targetApp/templates/target/add.html
+++ b/web/targetApp/templates/target/add.html
@@ -80,6 +80,7 @@
                 <label for="targetDescription" class="form-label">Target Description (Optional)</label>
                 <input type="text" class="form-control form-control-lg" id="targetDescription" placeholder="Interesting Target" name="targetDescription">
               </div>
+              {% if user_preferences.bug_bounty_mode %}
               <div class="col-12 mt-3">
                 <label for="domainDescription" class="form-label">HackerOne Target Team Handle
                   <br>
@@ -88,6 +89,7 @@
                 <input type="text" class="form-control form-control-lg" id="targetH1TeamHandle" placeholder="team_handle" name="targetH1TeamHandle">
                 <button class="btn btn-primary submit-fn mt-2 float-end" disabled type="submit" name="add-ip-target" id="add-ip-target" value="submit"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-plus"><line x1="12" y1="5" x2="12" y2="19"></line><line x1="5" y1="12" x2="19" y2="12"></line></svg> <span id="add_ip_target_btn">Add Target</span></button>
               </div>
+              {% endif %}
             </form>
           </div>
         </div>
@@ -103,6 +105,7 @@
                 <label for="targetDescription">Target Description (Optional)</label>
                 <input type="text" class="form-control form-control-lg" id="targetDescription" placeholder="Interesting Target" name="targetDescription">
               </div>
+              {% if user_preferences.bug_bounty_mode %}
               <div class="col-12 mt-3">
                 <label for="domainDescription" class="form-label">HackerOne Target Team Handle
                   <br>
@@ -110,6 +113,7 @@
                 </label>
                 <input type="text" class="form-control form-control-lg" id="targetH1TeamHandle" placeholder="team_handle" name="targetH1TeamHandle">
               </div>
+              {% endif %}
               <div class="col-12 mt-3">
                 <label for="targetDescription">Target Organization (Optional)</label>
                 <input type="text" class="form-control form-control-lg" id="targetOrganization" placeholder="Example Org" name="targetOrganization">
diff --git a/web/targetApp/templates/target/update.html b/web/targetApp/templates/target/update.html
index 6d6163b81..24aede378 100644
--- a/web/targetApp/templates/target/update.html
+++ b/web/targetApp/templates/target/update.html
@@ -38,6 +38,7 @@ <h4 class="header-title">Update Target</h4>
               {{ form.description }}
             </div>
           </div>
+          {% if user_preferences.bug_bounty_mode %}
           <div class="col-12">
             <label for="domainDescription" class="form-label">HackerOne Target Team Handle
               <br>
@@ -45,6 +46,7 @@ <h4 class="header-title">Update Target</h4>
             </label>
             {{ form.h1_team_handle }}
           </div>
+          {% endif %}
           <button class="btn btn-primary submit-fn mt-2 float-end" type="submit">Update Target</button>
         </form>
       </div>
diff --git a/web/targetApp/views.py b/web/targetApp/views.py
index 39991ccce..370905b05 100644
--- a/web/targetApp/views.py
+++ b/web/targetApp/views.py
@@ -50,7 +50,7 @@ def add_target(request, slug):
                 bulk_targets = [t.rstrip() for t in request.POST['addTargets'].split('\n') if t]
                 logger.info(f'Adding multiple targets: {bulk_targets}')
                 description = request.POST.get('targetDescription', '')
-                h1_team_handle = request.POST.get('targetH1TeamHandle')
+                h1_team_handle = request.POST.get('targetH1TeamHandle', '')
                 organization_name = request.POST.get('targetOrganization')
                 for target in bulk_targets:
                     target = target.rstrip('\n')
@@ -242,7 +242,7 @@ def add_target(request, slug):
                     is_domain = bool(validators.domain(ip))
                     is_ip = bool(validators.ipv4(ip)) or bool(validators.ipv6(ip))
                     description = request.POST.get('targetDescription', '')
-                    h1_team_handle = request.POST.get('targetH1TeamHandle')
+                    h1_team_handle = request.POST.get('targetH1TeamHandle', '')
                     if not Domain.objects.filter(name=ip).exists():
                         domain, created = Domain.objects.get_or_create(
                             name=ip,

From 384c6c9eea9aea4d8246b489d5066b143e178979 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Fri, 6 Sep 2024 14:50:18 +0530
Subject: [PATCH 208/211] update readme

---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index fd4f0f2dd..a788b1dc8 100644
--- a/README.md
+++ b/README.md
@@ -30,6 +30,12 @@
 <a href="https://opensourcesecurityindex.io/" target="_blank" rel="noopener">
 <img style="width: 282px; height: 56px" src="https://opensourcesecurityindex.io/badge.svg" alt="Open Source Security Index - Fastest Growing Open Source Security Projects" width="282" height="56" /> </a>
 </p>
+<h4>reNgine 2.2.0 is released!</h4>
+<p>
+  reNgine 2.2.0 comes with bounty hub where you can sync and import your hackerone programs, in app notifications, chaos as subdomain enumeration tool, ability to upload multiple nuclei and gf patterns, support for regex in out of scope subdomain config, additional pdf report template and many more. 
+  <b>Check out <a href="https://rengine.wiki/whatisnew/2.2.0">What's new in reNgine 2.2.0!</a></b>
+</p>
+
 
 <h4>What is reNgine?</h4>
 reNgine is your ultimate web application reconnaissance suite, designed to supercharge the recon process for security pros, pentesters, and bug bounty hunters. It is go-to web application reconnaissance suite that's designed to simplify and streamline the reconnaissance process for all the needs of security professionals, penetration testers, and bug bounty hunters. With its highly configurable engines, data correlation capabilities, continuous monitoring, database-backed reconnaissance data, and an intuitive user interface, reNgine redefines how you gather critical information about your target web applications.

From 0eaf19e518c6db3b538441ba4347148b22486c37 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sat, 7 Sep 2024 18:26:40 +0530
Subject: [PATCH 209/211] update notif exception

---
 README.md            |  4 +++-
 web/reNgine/tasks.py | 25 ++++++++++++-------------
 2 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/README.md b/README.md
index a788b1dc8..fb285f178 100644
--- a/README.md
+++ b/README.md
@@ -162,6 +162,7 @@ reNgine is not an ordinary reconnaissance suite; it's a game-changer! We've turb
 * Identification of related domains and related TLDs for targets
 * Find actionable insights such as Most Common Vulnerability, Most Common CVE ID, Most Vulnerable Target/Subdomain, etc.
 * You can now use local LLMs for Attack surface identification and vulnerability description (NEW: reNgine 2.1.0)
+* BountyHub, a central hub to manage your hackerone targets
 
 ![-----------------------------------------------------](https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/aqua.png)
 
@@ -266,11 +267,12 @@ reNgine has a vibrant community that often creates helpful content about install
 
 Always refer to the official documentation for the most up-to-date and accurate information. If you've created a video about reNgine and would like it featured here, please send a pull request updating this table.
 
-| Video Title | Language | Uploader | Date | Link |
+| Video Title | Language | Publisher | Date | Link |
 |-------------|----------|----------|------|------|
 | reNgine Installation on Kali Linux | English | Secure the Cyber World | 2024-02-29 | [Watch](https://www.youtube.com/watch?v=7OFfrU6VrWw) |
 | Resultados do ReNgine - Automação para Recon | Portuguese | Guia Anônima | 2023-04-18 | [Watch](https://www.youtube.com/watch?v=6aNvDy1FzIM) |
 | reNgine Introduction | Moroccan Arabic | Th3 Hacker News Bdarija | 2021-07-27 | [Watch](https://www.youtube.com/watch?v=9FuRrcmWgWU) |
+| Automated recon? ReNgine - Hacker Tools | English | Intigriti | 2021-07-21 | [Watch](https://www.youtube.com/watch?v=9FuRrcmWgWU) |
 
 We appreciate the community's contributions in creating these resources.
 
diff --git a/web/reNgine/tasks.py b/web/reNgine/tasks.py
index 2806746d0..3fc3e5b89 100644
--- a/web/reNgine/tasks.py
+++ b/web/reNgine/tasks.py
@@ -3090,13 +3090,6 @@ def send_scan_notif(
 		subscan_id (int, optional): SuScan id.
 		engine_id (int, optional): EngineType id.
 	"""
-	# send inmap notification in any case
-	generate_inapp_notification(scan, subscan, status, engine, fields)
-	# Skip send if notification settings are not configured
-	notif = Notification.objects.first()
-	if not (notif and notif.send_scan_status_notif):
-		return
-
 	# Get domain, engine, scan_history objects
 	engine = EngineType.objects.filter(pk=engine_id).first()
 	scan = ScanHistory.objects.filter(pk=scan_history_id).first()
@@ -3121,12 +3114,18 @@ def send_scan_notif(
 	}
 	logger.warning(f'Sending notification "{title}" [{severity}]')
 
-	# Send notification
-	send_notif(
-		msg,
-		scan_history_id,
-		subscan_id,
-		**opts)
+	# inapp notification has to be sent eitherways
+	generate_inapp_notification(scan, subscan, status, engine, fields)
+
+	notif = Notification.objects.first()
+
+	if notif and notif.send_scan_status_notif:
+		# Send notification
+		send_notif(
+			msg,
+			scan_history_id,
+			subscan_id,
+			**opts)
 	
 def generate_inapp_notification(scan, subscan, status, engine, fields):
 	scan_type = "Subscan" if subscan else "Scan"

From 4840cbb7d0dd78d917d2d41e59b7f0e7ec9d87f1 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sat, 7 Sep 2024 20:35:45 +0530
Subject: [PATCH 210/211] update what's new

---
 web/static/custom/update.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/static/custom/update.js b/web/static/custom/update.js
index ee03ac99a..24d823e0a 100644
--- a/web/static/custom/update.js
+++ b/web/static/custom/update.js
@@ -179,7 +179,7 @@ function showAfterUpdatePopup() {
       cancelButtonText: "No, thanks",
     }).then((result) => {
       if (result.isConfirmed) {
-        window.open(`https://rengine.wiki/whatisnew/${currentVersion}`, "_blank");
+        window.open(`https://rengine.wiki/whatisnew/${currentVersion.replace(/\./g, "_")}`, "_blank");
       }
       localStorage.setItem("lastShownUpdateVersion", currentVersion);
     });

From 589a7f36a8a1f546c129787b20c8ebf73945c506 Mon Sep 17 00:00:00 2001
From: Yogesh Ojha <yogesh.ojha11@gmail.com>
Date: Sat, 7 Sep 2024 20:37:20 +0530
Subject: [PATCH 211/211] fix url in whats new

---
 web/static/custom/update.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/static/custom/update.js b/web/static/custom/update.js
index 24d823e0a..d807967cf 100644
--- a/web/static/custom/update.js
+++ b/web/static/custom/update.js
@@ -179,7 +179,7 @@ function showAfterUpdatePopup() {
       cancelButtonText: "No, thanks",
     }).then((result) => {
       if (result.isConfirmed) {
-        window.open(`https://rengine.wiki/whatisnew/${currentVersion.replace(/\./g, "_")}`, "_blank");
+        window.open(`https://rengine.wiki/whats-new/${currentVersion.replace(/\./g, "_")}`, "_blank");
       }
       localStorage.setItem("lastShownUpdateVersion", currentVersion);
     });