Open Pentesting and Security Framework (OPAS-F) Server
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
This repo is archived. You can view files and clone it, but cannot push or open issues/pull-requests.
chris 83e082ee4e prepare resending notification mail 1 year ago
accounts add contact details and other fields to user profile and implement edit profile page 1 year ago
api use api for receiving chart data 1 year ago
blogging closes #70 1 year ago
bughunting prepare resending notification mail 1 year ago
docker add basic settings page 1 year ago
master_slave add delete slave view 1 year ago
opas_f_server closes #108 , closes #109 1 year ago
pentesting fix tests 1 year ago
public use api for receiving chart data 1 year ago
static add dashboard placeholder 1 year ago
templates implement dashboard and improve bughunting api 1 year ago
.dockerignore create superuser for docker if non exists 1 year ago
.env.template update template 1 year ago
.gitignore add basic settings page 1 year ago
Dockerfile minor docker improvements 1 year ago
LICENSE first commit 1 year ago
ReadMe.md more page templates 1 year ago
disclose_vulnerabilities.py closes #108 , closes #109 1 year ago
docker-compose-dev.yml add basic settings page 1 year ago
docker-compose-hidden-service.yml docker-compose for hidden service 1 year ago
docker-compose-tor-postgres.yml update homepage 1 year ago
docker-compose.yml add basic settings page 1 year ago
local_settings.template.py switch auth mode 1 year ago
manage.py fix typos 1 year ago
requirements.txt prepare resending notification mail 1 year ago

ReadMe.md

Open Pentesting and Security Framework

This is the server part of the Open Pentesting and Security Framework.

This is an early beta state and may contain bugs

Please report bugs and other ideas through the Bug-Tracker

Setup & Usage

Our Documentation can be found at our homepage

Features

  • Pentesting

    • Unlimited amount of pentesting projects
    • Add other users to your project and specify a role like “pentester” or “project admin”
    • Tasks, which can optionally be assigned to a user
    • create pentesting reports based on the discovered information and vulnerabilities
    • optionally encrypt reports using AES-GCM or ChaCha20Poly1305 (server-side)
    • Master-Slave architecture (TODO: describe bit more, see doc at wiki)
  • Bug Bounty

    • Bug Hunters can win awards for securing websites
    • diclose vulnerabilities within 30 days (can be increased using settings)
    • bug hunter can increase per bug dislosure deadline, if admin needs more time to fix it
    • store discovered bugs as draft
    • show bug details only using sharable link, which prevent the need for domain administration to create accounts on the server
    • details of not disclosed or fixed vulnerabilities are hidden for other users
    • sending email to site admins for vulnerability notification with access link
    • Bots, that notify users on social medias about disclosed bugs
  • General

    • Disable / Enable registration of new accounts
    • User Profiles (Accessable without beeing authenticated by default)
    • User Blogs (beta; with markdown support)
  • Built-In Bug disclosure Bots:

    • Matrix

there are more features planned. For more information have a look at the issues page or our blog.