Files & Notes
Hawkra provides dedicated storage for both files and notes within each workspace. Files let you upload scan results, reports, exploits, and other artifacts with full encryption and integrity verification. Notes give each user a private, encrypted notebook for capturing observations, commands, and analysis during an engagement.
Files
How It Works
Files are uploaded to a workspace via multipart upload, encrypted using the workspace's Data Encryption Key (DEK), and stored in the configured storage backend. Each file has a SHA-256 checksum computed before encryption so you can verify file integrity. When you download a file, it is automatically decrypted and delivered to your browser.
Filenames are sanitized on both upload and download to prevent path traversal attacks and ensure safe handling across operating systems.
Key Actions
Uploading a File
Navigate to the Files section of your workspace and click Upload. Select a file from your local machine. Hawkra accepts any file type -- common examples include:
- Scan results (Nmap XML, Nessus, Burp Suite)
- Reports and documentation (PDF, DOCX)
- Exploit code or proof-of-concept scripts
- Screenshots and evidence artifacts
The upload process:
- The file is read and its SHA-256 checksum is calculated.
- Your storage quota is checked to ensure you have sufficient space.
- The file is encrypted with the workspace DEK.
- The encrypted file is stored in the backend storage.
- A database record is created with the filename, content type, size, checksum, and uploader information.
Each pricing tier has a storage limit. If your upload would exceed your remaining quota, the upload is rejected with an error message. Delete unused files to reclaim storage space.
Browsing Workspace Files
The file list displays the following metadata for each file:
| Column | Description |
|---|---|
| Filename | The original filename (sanitized). |
| Content Type | The MIME type of the file (e.g., application/pdf, text/xml). |
| Size | File size in bytes. |
| SHA-256 Checksum | The hash of the original (unencrypted) file for integrity verification. |
| Uploaded By | The user who uploaded the file. |
| Upload Date | When the file was uploaded. |
Downloading a File
Click the download button on any file. Hawkra retrieves the encrypted file from storage, decrypts it using the workspace DEK, and sends the original file to your browser as an attachment download. The filename in the download header is sanitized for safety.
Deleting a File
Click the delete button on a file to permanently remove it from storage and the database. Deleting a file reclaims the storage space against your quota.
Uploading and deleting files requires the EditAssets permission. Browsing and downloading files requires the ViewAssets permission.
Security
- Encryption at rest: Every file is encrypted with a per-workspace DEK before being written to storage. The encryption flag is stored alongside the file record.
- SHA-256 checksum: A checksum is computed on the original file bytes before encryption, enabling you to verify that the downloaded file matches what was uploaded.
- Filename sanitization: Path separators, control characters, and Unicode lookalike characters are replaced with underscores. Filenames are also truncated to 255 characters. This sanitization runs on both upload and download for defense in depth.
- Quota enforcement: Storage usage is tracked per user and checked before each upload to prevent abuse.
- Audit logging: File uploads and deletions are recorded in the workspace audit log.
Notes
How It Works
Notes are a lightweight, user-scoped notebook within each workspace. Each note has a title and free-form content, both of which are encrypted at rest using the workspace DEK. Notes are private to the user who created them -- other workspace members cannot see your notes, even administrators.
Key Actions
Creating a Note
Click Create Note in the Notes section. Provide a title (1--255 characters) and optional content (up to 100,000 characters). The title and content are encrypted before being stored.
Note content supports Markdown formatting. Use headings, lists, code blocks, and other Markdown syntax to organize your observations and findings.
Viewing and Editing Notes
Your notes list shows all notes you have created in the current workspace. Click a note to view its full content. Click Edit to modify the title or content. Changes are re-encrypted before saving.
Deleting a Note
Click Delete to permanently remove a note. This action cannot be undone.
Using Notes with Ask AI
When using the Ask AI feature, you can include specific notes in the AI context selection. This allows you to feed your observations, command output, or analysis into the AI assistant for help with interpretation, next steps, or report writing.
Each user only sees their own notes within a workspace. There is no way for workspace owners, administrators, or other members to view your notes. This makes notes a safe place to record sensitive observations during testing.
Security
- Encrypted storage: Both the note title and content are encrypted with the workspace DEK before being written to the database.
- User-scoped access: The backend enforces that only the note's creator can read, update, or delete it. Requests for another user's notes return a "not found" response.
- Audit logging: Note creation, updates, and deletions are recorded in the workspace audit log.
Tips & Notes
- Use files to store raw scan output and use the import feature to parse it into structured assets and vulnerabilities.
- Keep your file storage organized by using descriptive filenames -- the file list does not support folders, so naming conventions are important.
- Use notes to document your testing methodology, record interesting findings, and track commands and output as you work through an engagement.
- The SHA-256 checksum on files is useful for chain-of-custody documentation in formal engagements.
- Deleting files frees up storage quota immediately, so clean up files you no longer need to stay within your tier limits.