- Template engagements and testcases
- Framework friendly
- Role-based Access Control & MFA
- Inbuilt DOCX reporting + custom template support
How PurpleOps is different:
- No attribution needed
- Hackable, no "no-reversing" clauses
- No over complications with tomcat, redis, manual database transplanting and an obtuce permission model
# Clone this repository
$ git clone https://github.com/CyberCX-STA/PurpleOps
# Go into the repository
$ cd PurpleOps
# Alter PurpleOps settings (if you want to customize anything but should work out the box)
$ nano .env
# Run the app with docker (add `-d` to run in background)
$ sudo docker compose up
# PurpleOps should now by available on http://localhost:5000, it is recommended to add a reverse proxy such as nginx or Apache in front of it if you want to expose this to the outside world.
# Install docker-compose
sudo apt install docker-compose -y
# Clone this repository
$ git clone https://github.com/CyberCX-STA/PurpleOps
# Go into the repository
$ cd PurpleOps
# Alter PurpleOps settings (if you want to customize anything but should work out the box)
$ nano .env
# Run the app with docker (add `-d` to run in background)
$ sudo docker-compose up
# PurpleOps should now by available on http://localhost:5000, it is recommended to add a reverse proxy such as nginx or Apache in front of it if you want to expose this to the outside world.
# Alternatively
$ sudo docker run --name mongodb -d -p 27017:27017 mongo
$ pip3 install -r requirements.txt
$ python3 seeder.py
$ python3 purpleops.py
Replace 2x purpleops.example.com
with your FQDN and ensure your box is open internet-wide on 80/443.
sudo apt install nginx certbot python3-certbot-nginx -y
sudo nano /etc/nginx/sites-available/purpleops # Paste below file
sudo ln -s /etc/nginx/sites-available/purpleops /etc/nginx/sites-enabled/
sudo certbot --nginx -d purpleops.example.com
sudo service nginx restart
server {
listen 80;
server_name purpleops.example.com;
location / {
proxy_pass http://localhost:5000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
sudo apt install ufw -y
sudo ufw allow 22
sudo ufw deny 80
sudo ufw deny 443
sudo ufw insert 1 allow from 100.100.100.100/24 to any port 443
sudo ufw enable
The Compass Security fork includes fixes and new features!
The Python dependencies (e.g. Flask) were updated to the latest versions.
We have redesigned the test case form to prioritise the elements that we believe are important during a purple team engagement.
Is there anything missing? Please let us know — we are eager to hear how other analysts approach Purple Teaming engagements.
Moreover, we have implemented a flow-based approach to facilitate collaboration with the Blue Team.
This signals to the blue team that input is expected from their side. Once the required information has been added, the Blue team can set the state to 'Waiting Red'. Users with the 'Blue' role can only edit a test case if it is in the 'Waiting Blue' or 'Waiting Red' state.
This signals to the red team that the blue team has finished adding their details to the test case. The red team can then check that all the required information is present. If so, the state can be changed to 'Complete'.
The blue team cannot make any more changes to the test case.
We have created pytests for each route. This makes it easy to check whether the application has been affected by any changes made to it.
Note: We are still missing security checks (e.g. RBAC) and application logic checks, so if you would like to contribute, we would be glad to merge your pull request!
Enjoy PurpleOps in dark mode. To enable this, go to the settings menu.
The Test Case History allows you to view previous saved versions of the test case. This feature is only available after an initial save, not after an import. Please note that evidence files are not stored.
You can now restore deleted test cases (requires page reload).
We added the option to add an knowledge base MD file for each TPP. You can find an example here: https://github.com/CompassSecurity/PurpleOps/blob/main/custom/testcaseskb/T1087_002.md
To view the KB click on the "compass" icon in the test case:
The KB also enables you to set placeholders for frequently used strings. For instance, you could define {{TARGET_DOMAIN_USER}} as a placeholder in an MD file for a command.
net user {{TARGET_DOMAIN_USER}} /domain
Define a JSON file which contains all your placeholders and the coresponding text:
{
"DOMAIN_NAME" : "testlab.local",
"LOWPRIVILEGED_DOMAIN_USER" : "tmassie",
"TARGET_DOMAIN_USER" : "administrator",
"DC_IP" : "10.0.1.10"
}
Upload the JSON file to PurpleOps using your browser. The values will be stored in your session storage (cleared after browser is closed). Use the toggle in the test case KB to replace the placeholders with real data.
- PurpleOps https://github.com/CyberCX-STA/PurpleOps
- Atomic Red Team (LICENSE) for sample commands
- CyberCX for foundational support
Apache