The Minion platform from Mozilla allows various teams like Development, QA, and Security members to perform automated web security scans. The targeted users by this platform are the developers because they can use once the written code is ready for testing.
Principles:
- Minion should be as easy to use as possible
- It is aimed at developers with potentially very little security experience
- The actual scanning will be performed by ‘external’ tools
- It should be as easy as possible to add tools
- It will need to be _very_ secure, as it will be holding very sensitive data
The front-end of Minion is based on Angular.js that invokes a set of Api on the backend, where the backend consists of a set of services. Minion features three working extensions like a port scanner, web fuzzer and a pentesting tool and is in still in process and of course if you’re a developer, you can write own codes . Minion will be supporting a whole range of different types of plugins like for scanning, static analysis, reporting, etc .Right now there are few basic web scanners likes Zed attack proxy, garmr, Skipfish.
You can download a 640bit VM for minion from https://boily.me/assets/minion-730-x86_64.ova
To know more about Minion, please visit https://wiki.mozilla.org/Security/Projects/Minion
