Free as in Freedom: Codeberg.org. Create your repos!
Open Pentesting and Security Framework (OPAS-F) Server
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
This repo is archived. You can view files and clone it, but cannot push or open issues/pull-requests.
chris 83e082ee4e prepare resending notification mail 3 months ago
accounts add contact details and other fields to user profile and implement edit profile page 3 months ago
api use api for receiving chart data 3 months ago
blogging closes #70 5 months ago
bughunting prepare resending notification mail 3 months ago
docker add basic settings page 4 months ago
master_slave add delete slave view 3 months ago
opas_f_server closes #108 , closes #109 3 months ago
pentesting fix tests 4 months ago
public use api for receiving chart data 3 months ago
static add dashboard placeholder 3 months ago
templates implement dashboard and improve bughunting api 3 months ago
.dockerignore create superuser for docker if non exists 5 months ago
.env.template update template 3 months ago
.gitignore add basic settings page 4 months ago
Dockerfile minor docker improvements 3 months ago
LICENSE first commit 6 months ago
ReadMe.md more page templates 4 months ago
disclose_vulnerabilities.py closes #108 , closes #109 3 months ago
docker-compose-dev.yml add basic settings page 4 months ago
docker-compose-hidden-service.yml docker-compose for hidden service 4 months ago
docker-compose-tor-postgres.yml update homepage 3 months ago
docker-compose.yml add basic settings page 4 months ago
local_settings.template.py switch auth mode 3 months ago
manage.py fix typos 5 months ago
requirements.txt prepare resending notification mail 3 months ago

ReadMe.md

Open Pentesting and Security Framework

This is the server part of the Open Pentesting and Security Framework.

This is an early beta state and may contain bugs

Please report bugs and other ideas through the Bug-Tracker

Setup & Usage

Our Documentation can be found at our homepage

Features

  • Pentesting

    • Unlimited amount of pentesting projects
    • Add other users to your project and specify a role like “pentester” or “project admin”
    • Tasks, which can optionally be assigned to a user
    • create pentesting reports based on the discovered information and vulnerabilities
    • optionally encrypt reports using AES-GCM or ChaCha20Poly1305 (server-side)
    • Master-Slave architecture (TODO: describe bit more, see doc at wiki)
  • Bug Bounty

    • Bug Hunters can win awards for securing websites
    • diclose vulnerabilities within 30 days (can be increased using settings)
    • bug hunter can increase per bug dislosure deadline, if admin needs more time to fix it
    • store discovered bugs as draft
    • show bug details only using sharable link, which prevent the need for domain administration to create accounts on the server
    • details of not disclosed or fixed vulnerabilities are hidden for other users
    • sending email to site admins for vulnerability notification with access link
    • Bots, that notify users on social medias about disclosed bugs
  • General

    • Disable / Enable registration of new accounts
    • User Profiles (Accessable without beeing authenticated by default)
    • User Blogs (beta; with markdown support)
  • Built-In Bug disclosure Bots:

    • Matrix

there are more features planned. For more information have a look at the issues page or our blog.