/PurpleOps

An open-source self-hosted purple team management web application.

Primary LanguageHTMLOtherNOASSERTION


PurpleOps Logo
PurpleOps

An open-source self-hosted purple team management web application.

Key FeaturesInstallationContact UsCreditLicense

Key Features

  • Template engagements and testcases
  • Framework friendly
  • Role-based Access Control & MFA
  • Inbuilt DOCX reporting + custom template support

How PurpleOps is different:

  • No attribution needed
  • Hackable, no "no-reversing" clauses
  • No over complications with tomcat, redis, manual database transplanting and an obtuce permission model

Installation

Default

# Clone this repository
$ git clone https://github.com/CyberCX-STA/PurpleOps

# Go into the repository
$ cd PurpleOps

# Alter PurpleOps settings (if you want to customize anything but should work out the box)
$ nano .env

# Run the app with docker (add `-d` to run in background)
$ sudo docker compose up

# PurpleOps should now by available on http://localhost:5000, it is recommended to add a reverse proxy such as nginx or Apache in front of it if you want to expose this to the outside world.

Kali

 
# Install docker-compose
sudo apt install docker-compose -y

# Clone this repository
$ git clone https://github.com/CyberCX-STA/PurpleOps

# Go into the repository
$ cd PurpleOps

# Alter PurpleOps settings (if you want to customize anything but should work out the box)
$ nano .env

# Run the app with docker (add `-d` to run in background)
$ sudo docker-compose up

# PurpleOps should now by available on http://localhost:5000, it is recommended to add a reverse proxy such as nginx or Apache in front of it if you want to expose this to the outside world.

Manual

 
# Alternatively
$ sudo docker run --name mongodb -d -p 27017:27017 mongo
$ pip3 install -r requirements.txt
$ python3 seeder.py
$ python3 purpleops.py

NGINX Reverse Proxy + Certbot

Replace 2x purpleops.example.com with your FQDN and ensure your box is open internet-wide on 80/443.

sudo apt install nginx certbot python3-certbot-nginx -y
sudo nano /etc/nginx/sites-available/purpleops # Paste below file
sudo ln -s /etc/nginx/sites-available/purpleops /etc/nginx/sites-enabled/
sudo certbot --nginx -d purpleops.example.com
sudo service nginx restart
server {
  listen 80;
  server_name purpleops.example.com;

  location / {
      proxy_pass http://localhost:5000;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
  }
}

IP Whitelisting with ufw

 
sudo apt install ufw -y
sudo ufw allow 22
sudo ufw deny 80
sudo ufw deny 443
sudo ufw insert 1 allow from 100.100.100.100/24 to any port 443
sudo ufw enable

Contact Us

We would love to hear back from you, if something is broken or have and idea to make it better add a ticket or ping us pops@purpleops.app | @_w_m__

Credits

  • Atomic Red Team (LICENSE) for sample commands
  • CyberCX for foundational support

License

Apache