Free as in Freedom: Codeberg.org. Create your repos!
Open Pentesting and Security Framework (OPAS-F) Server
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
chris 83e082ee4e prepare resending notification mail 1 month ago
accounts add contact details and other fields to user profile and implement edit profile page 1 month ago
api use api for receiving chart data 1 month ago
blogging closes #70 3 months ago
bughunting prepare resending notification mail 1 month ago
docker add basic settings page 2 months ago
master_slave add delete slave view 1 month ago
opas_f_server closes #108 , closes #109 1 month ago
pentesting fix tests 2 months ago
public use api for receiving chart data 1 month ago
static add dashboard placeholder 1 month ago
templates implement dashboard and improve bughunting api 1 month ago
.dockerignore create superuser for docker if non exists 3 months ago
.env.template update template 1 month ago
.gitignore add basic settings page 2 months ago
Dockerfile minor docker improvements 1 month ago
LICENSE first commit 4 months ago
ReadMe.md more page templates 2 months ago
disclose_vulnerabilities.py closes #108 , closes #109 1 month ago
docker-compose-dev.yml add basic settings page 2 months ago
docker-compose-hidden-service.yml docker-compose for hidden service 2 months ago
docker-compose-tor-postgres.yml update homepage 1 month ago
docker-compose.yml add basic settings page 2 months ago
local_settings.template.py switch auth mode 1 month ago
manage.py fix typos 3 months ago
requirements.txt prepare resending notification mail 1 month ago

ReadMe.md

Open Pentesting and Security Framework

This is the server part of the Open Pentesting and Security Framework.

This is an early beta state and may contain bugs

Please report bugs and other ideas through the Bug-Tracker

Setup & Usage

Our Documentation can be found at our homepage

Features

  • Pentesting

    • Unlimited amount of pentesting projects
    • Add other users to your project and specify a role like “pentester” or “project admin”
    • Tasks, which can optionally be assigned to a user
    • create pentesting reports based on the discovered information and vulnerabilities
    • optionally encrypt reports using AES-GCM or ChaCha20Poly1305 (server-side)
    • Master-Slave architecture (TODO: describe bit more, see doc at wiki)
  • Bug Bounty

    • Bug Hunters can win awards for securing websites
    • diclose vulnerabilities within 30 days (can be increased using settings)
    • bug hunter can increase per bug dislosure deadline, if admin needs more time to fix it
    • store discovered bugs as draft
    • show bug details only using sharable link, which prevent the need for domain administration to create accounts on the server
    • details of not disclosed or fixed vulnerabilities are hidden for other users
    • sending email to site admins for vulnerability notification with access link
    • Bots, that notify users on social medias about disclosed bugs
  • General

    • Disable / Enable registration of new accounts
    • User Profiles (Accessable without beeing authenticated by default)
    • User Blogs (beta; with markdown support)
  • Built-In Bug disclosure Bots:

    • Matrix

there are more features planned. For more information have a look at the issues page or our blog.