Skip to content

Files

Latest commit

519135f · Jul 25, 2025

History

History
204 lines (151 loc) · 7.21 KB

README.md

File metadata and controls

204 lines (151 loc) · 7.21 KB


PurpleOps Logo
PurpleOps

An open-source self-hosted purple team management web application.

Key Features

  • Template engagements and testcases
  • Framework friendly
  • Role-based Access Control & MFA
  • Inbuilt DOCX reporting + custom template support

How PurpleOps is different:

  • No attribution needed
  • Hackable, no "no-reversing" clauses
  • No over complications with tomcat, redis, manual database transplanting and an obtuce permission model

Installation

Default

# Clone this repository
$ git clone https://github.com/CyberCX-STA/PurpleOps

# Go into the repository
$ cd PurpleOps

# Alter PurpleOps settings (if you want to customize anything but should work out the box)
$ nano .env

# Run the app with docker (add `-d` to run in background)
$ sudo docker compose up

# PurpleOps should now by available on http://localhost:5000, it is recommended to add a reverse proxy such as nginx or Apache in front of it if you want to expose this to the outside world.

Kali

# Install docker-compose
sudo apt install docker-compose -y

# Clone this repository
$ git clone https://github.com/CyberCX-STA/PurpleOps

# Go into the repository
$ cd PurpleOps

# Alter PurpleOps settings (if you want to customize anything but should work out the box)
$ nano .env

# Run the app with docker (add `-d` to run in background)
$ sudo docker-compose up

# PurpleOps should now by available on http://localhost:5000, it is recommended to add a reverse proxy such as nginx or Apache in front of it if you want to expose this to the outside world.

Manual

# Alternatively
$ sudo docker run --name mongodb -d -p 27017:27017 mongo
$ pip3 install -r requirements.txt
$ python3 seeder.py
$ python3 purpleops.py

NGINX Reverse Proxy + Certbot

Replace 2x purpleops.example.com with your FQDN and ensure your box is open internet-wide on 80/443.

sudo apt install nginx certbot python3-certbot-nginx -y
sudo nano /etc/nginx/sites-available/purpleops # Paste below file
sudo ln -s /etc/nginx/sites-available/purpleops /etc/nginx/sites-enabled/
sudo certbot --nginx -d purpleops.example.com
sudo service nginx restart
server {
  listen 80;
  server_name purpleops.example.com;

  location / {
      proxy_pass http://localhost:5000;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
  }
}

IP Whitelisting with ufw

sudo apt install ufw -y
sudo ufw allow 22
sudo ufw deny 80
sudo ufw deny 443
sudo ufw insert 1 allow from 100.100.100.100/24 to any port 443
sudo ufw enable

Compass Security Fork

The Compass Security fork includes fixes and new features!

Updated Dependencies

The Python dependencies (e.g. Flask) were updated to the latest versions.

Restructured Test Case Form and Flow-Based Approach

We have redesigned the test case form to prioritise the elements that we believe are important during a purple team engagement.
Is there anything missing? Please let us know — we are eager to hear how other analysts approach Purple Teaming engagements.


Moreover, we have implemented a flow-based approach to facilitate collaboration with the Blue Team. image

Waiting Blue:

This signals to the blue team that input is expected from their side. Once the required information has been added, the Blue team can set the state to 'Waiting Red'. Users with the 'Blue' role can only edit a test case if it is in the 'Waiting Blue' or 'Waiting Red' state.

Waiting Red:

This signals to the red team that the blue team has finished adding their details to the test case. The red team can then check that all the required information is present. If so, the state can be changed to 'Complete'.

Complete:

The blue team cannot make any more changes to the test case.

Pytests

We have created pytests for each route. This makes it easy to check whether the application has been affected by any changes made to it.

Note: We are still missing security checks (e.g. RBAC) and application logic checks, so if you would like to contribute, we would be glad to merge your pull request!

Dark Mode

Enjoy PurpleOps in dark mode. To enable this, go to the settings menu. darkmode_overview darkmode_testcase

Test Case History

The Test Case History allows you to view previous saved versions of the test case. This feature is only available after an initial save, not after an import. Please note that evidence files are not stored. test_case_history

Restore Deleted Test Cases

You can now restore deleted test cases (requires page reload). test_case_restore

Test Case Knowlege Base and Variables File

We added the option to add an knowledge base MD file for each TPP. You can find an example here: https://github.com/CompassSecurity/PurpleOps/blob/main/custom/testcaseskb/T1087_002.md

To view the KB click on the "compass" icon in the test case: test_case_kb

The KB also enables you to set placeholders for frequently used strings. For instance, you could define {{TARGET_DOMAIN_USER}} as a placeholder in an MD file for a command.

net user {{TARGET_DOMAIN_USER}} /domain 

Define a JSON file which contains all your placeholders and the coresponding text:

{
"DOMAIN_NAME" : "testlab.local",
"LOWPRIVILEGED_DOMAIN_USER" : "tmassie",
"TARGET_DOMAIN_USER" : "administrator",
"DC_IP" : "10.0.1.10"
}

Upload the JSON file to PurpleOps using your browser. The values will be stored in your session storage (cleared after browser is closed). Use the toggle in the test case KB to replace the placeholders with real data. test_case_kb_variables

Credits

License

Apache