Free as in Freedom: Codeberg.org. Create your repos and join us!
Join Donate
Open Pentesting and Security Framework (OPAS-F) Server
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
chris 276eca115e more page templates 1 week ago
accounts more page templates 1 week ago
api integrate frontend 1 week ago
blogging closes #70 1 month ago
bughunting more page templates 1 week ago
docker add basic settings page 1 week ago
master_slave update tests for client_credentials instead of password 1 month ago
opas_f_server more page templates 1 week ago
pentesting fix tests 2 weeks ago
public more page templates 1 week ago
static allow updating bug 1 week ago
templates more page templates 1 week ago
.dockerignore create superuser for docker if non exists 1 month ago
.env.template update version 1 week ago
.gitignore add basic settings page 1 week ago
Dockerfile add basic settings page 1 week ago
LICENSE first commit 2 months ago
ReadMe.md more page templates 1 week ago
disclose_vulnerabilities.py disclose only approved bugs 1 week ago
docker-compose-dev.yml add basic settings page 1 week ago
docker-compose-hidden-service.yml docker-compose for hidden service 1 month ago
docker-compose-tor-postgres.yml docker-compose for hidden service 1 month ago
docker-compose.yml add basic settings page 1 week ago
local_settings.template.py approve bugs before notify owner 2 weeks ago
manage.py fix typos 1 month ago
requirements.txt integrate frontend 1 week ago

ReadMe.md

Open Pentesting and Security Framework

This is the server part of the Open Pentesting and Security Framework.

This is an early beta state and may contain bugs

Please report bugs and other ideas through the Bug-Tracker

Setup & Usage

Our Documentation can be found at our homepage

Features

  • Pentesting

    • Unlimited amount of pentesting projects
    • Add other users to your project and specify a role like “pentester” or “project admin”
    • Tasks, which can optionally be assigned to a user
    • create pentesting reports based on the discovered information and vulnerabilities
    • optionally encrypt reports using AES-GCM or ChaCha20Poly1305 (server-side)
    • Master-Slave architecture (TODO: describe bit more, see doc at wiki)
  • Bug Bounty

    • Bug Hunters can win awards for securing websites
    • diclose vulnerabilities within 30 days (can be increased using settings)
    • bug hunter can increase per bug dislosure deadline, if admin needs more time to fix it
    • store discovered bugs as draft
    • show bug details only using sharable link, which prevent the need for domain administration to create accounts on the server
    • details of not disclosed or fixed vulnerabilities are hidden for other users
    • sending email to site admins for vulnerability notification with access link
    • Bots, that notify users on social medias about disclosed bugs
  • General

    • Disable / Enable registration of new accounts
    • User Profiles (Accessable without beeing authenticated by default)
    • User Blogs (beta; with markdown support)
  • Built-In Bug disclosure Bots:

    • Matrix

there are more features planned. For more information have a look at the issues page or our blog.