PentesterOPS Dashboard

A comprehensive penetration testing operations dashboard for managing projects, tasks, findings, clients, and assets. Built with Next.js, Express, and MongoDB.

🚀 Features

Project Management: Organize penetration testing projects with tasks, pages, and team collaboration
Task Management: Kanban board, table, and card views with filtering, search, and subtasks
Finding Management: Track security findings with CWE database integration
Client Management: Manage clients with photos, links, and metadata
Asset Management: Track and manage assets linked to projects and tasks
Rich Text Editor: Notion-like pages with Editor.js (headings, paragraphs, code, tables, callouts, toggles)
Checklists: Create reusable checklists and link them to tasks
Comments: Threaded comments on tasks and findings
File Attachments: Upload PDFs, DOCX, XLSX, CSV, ZIP, and images
Version History: Track changes with diff viewing and restore
Global Search: Full-text search across all entities
Dark Mode: Optimized dark theme for technical workflows
Single Container Deployment: Easy deployment with Docker

🛠 Tech Stack

Frontend: Next.js 14 (App Router), React, TypeScript, TailwindCSS
Backend: Node.js, Express, TypeScript
Database: MongoDB with Mongoose
Authentication: JWT with refresh tokens
Rich Text Editor: Editor.js with multiple plugins
File Storage: Local filesystem with multer
Containerization: Docker (single container)

📦 Prerequisites

Node.js: 18+
Docker: Latest version (for containerized deployment)
MongoDB: 5.0+ (or use MongoDB Atlas)
Git: For cloning the repository

🚀 Quick Start

Local Development

Clone the repository

git clone https://github.com/yourusername/MyPentest-Dashboard.git
cd MyPentest-Dashboard

Install dependencies

# Install root dependencies
npm install

# Install frontend dependencies
cd frontend && npm install && cd ..

# Install backend dependencies
cd backend && npm install && cd ..

Configure environment variables

Create .env file in the root directory:

# Backend
NODE_ENV=development
BACKEND_PORT=4000
MONGODB_URI=mongodb://localhost:27017/pentest-dashboard
JWT_SECRET=your-jwt-secret-key
JWT_REFRESH_SECRET=your-refresh-secret-key
CORS_ORIGIN=http://localhost:3000
ALLOW_REGISTRATION=true
MAX_FILE_SIZE=10485760
UPLOAD_DIR=./backend/uploads

# Frontend
NEXT_PUBLIC_API_URL=http://localhost:4000

Generate secure secrets:

openssl rand -base64 32  # For JWT_SECRET
openssl rand -base64 32  # For JWT_REFRESH_SECRET

Start MongoDB

# Using Docker
docker run -d --name mongodb -p 27017:27017 mongo:latest

# Or use MongoDB Atlas (update MONGODB_URI in .env)

Run development servers
```
# From root directory
npm run dev
```
Access the application
- Frontend: http://localhost:3000
- Backend API: http://localhost:4000

Create admin user

# Register via the UI at /login, or use seed script:
node scripts/seed-admin.js

🐳 Docker Deployment

Single Container (Recommended)

The application uses a single Docker container that includes MongoDB, backend, and frontend.

Build and Run

# Build the image
docker build -t pentestops-dashboard:latest .

# Run the container
docker run -d \
  --name pentestops \
  --restart unless-stopped \
  -p 3000:3000 \
  -p 4000:4000 \
  -p 27017:27017 \
  -v pentestops-data:/data/db \
  -v pentestops-uploads:/app/uploads \
  -e JWT_SECRET=$(openssl rand -base64 32) \
  -e JWT_REFRESH_SECRET=$(openssl rand -base64 32) \
  -e NODE_ENV=production \
  -e CORS_ORIGIN=https://yourdomain.com \
  -e ALLOW_REGISTRATION=false \
  pentestops-dashboard:latest

Using Environment File

Create .env file:

NODE_ENV=production
BACKEND_PORT=4000
FRONTEND_PORT=3000
MONGODB_URI=mongodb://localhost:27017/pentest-dashboard
JWT_SECRET=your-super-secret-jwt-key
JWT_REFRESH_SECRET=your-super-secret-refresh-key
CORS_ORIGIN=https://yourdomain.com
ALLOW_REGISTRATION=false
MAX_FILE_SIZE=10485760
UPLOAD_DIR=/app/uploads
NEXT_PUBLIC_API_URL=https://yourdomain.com

Run with environment file:

docker run -d \
  --name pentestops \
  --restart unless-stopped \
  -p 3000:3000 \
  -p 4000:4000 \
  -v pentestops-data:/data/db \
  -v pentestops-uploads:/app/uploads \
  --env-file .env \
  pentestops-dashboard:latest

Container Management

# View logs
docker logs -f pentestops

# Stop container
docker stop pentestops

# Start container
docker start pentestops

# Restart container
docker restart pentestops

# Remove container
docker stop pentestops && docker rm pentestops

🌐 Deployment

Install Docker

curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
sudo systemctl start docker
sudo systemctl enable docker

Clone and deploy

cd /opt
sudo git clone https://github.com/yourusername/MyPentest-Dashboard.git pentestops
cd pentestops
sudo chmod +x deploy.sh
sudo ./deploy.sh

The deploy.sh script will:

Create application directory
Generate secure JWT secrets
Build Docker image
Start container with all services

Access application
- Frontend: http://your-vps-ip:3000
- Backend API: http://your-vps-ip:4000

Domain & SSL Setup

Install Nginx and Certbot

sudo apt update
sudo apt install -y nginx certbot python3-certbot-nginx

Configure Nginx

Create /etc/nginx/sites-available/pentestops:

server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;

    location / {
        proxy_pass http://localhost:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

server {
    listen 80;
    server_name api.yourdomain.com;

    location / {
        proxy_pass http://localhost:4000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        client_max_body_size 10M;
    }
}

Enable site:

sudo ln -s /etc/nginx/sites-available/pentestops /etc/nginx/sites-enabled/
sudo rm /etc/nginx/sites-enabled/default
sudo nginx -t
sudo systemctl reload nginx

Get SSL Certificate

sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com -d api.yourdomain.com

Update environment variables

Edit /opt/pentestops/.env:

CORS_ORIGIN=https://yourdomain.com
NEXT_PUBLIC_API_URL=https://api.yourdomain.com

Restart container:

sudo docker restart pentestops

Security Hardening

Configure firewall

sudo apt install -y ufw
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

Disable root SSH login

sudo nano /etc/ssh/sshd_config
# Set: PermitRootLogin no
sudo systemctl restart sshd

Set up automatic backups

# Create backup script
sudo nano /opt/pentestops/backup.sh

#!/bin/bash
BACKUP_DIR="/opt/backups/pentestops"
DATE=$(date +%Y%m%d_%H%M%S)
mkdir -p $BACKUP_DIR
docker exec pentestops mongodump --archive=/tmp/backup.archive --db=pentest-dashboard
docker cp pentestops:/tmp/backup.archive $BACKUP_DIR/mongodb_$DATE.archive
tar -czf $BACKUP_DIR/uploads_$DATE.tar.gz /opt/pentestops/uploads
find $BACKUP_DIR -type f -mtime +7 -delete

Make executable and schedule:

chmod +x /opt/pentestops/backup.sh
crontab -e
# Add: 0 2 * * * /opt/pentestops/backup.sh

⚙️ Configuration

Environment Variables

Backend

Variable	Description	Default	Required
`NODE_ENV`	Environment mode	`development`	No
`BACKEND_PORT`	Backend API port	`4000`	No
`MONGODB_URI`	MongoDB connection string	`mongodb://localhost:27017/pentest-dashboard`	Yes
`JWT_SECRET`	JWT token secret	-	Yes
`JWT_REFRESH_SECRET`	Refresh token secret	-	Yes
`CORS_ORIGIN`	Allowed CORS origins	`*`	No
`ALLOW_REGISTRATION`	Allow public registration	`true`	No
`MAX_FILE_SIZE`	Max file upload size (bytes)	`10485760` (10MB)	No
`UPLOAD_DIR`	Upload directory path	`./uploads`	No

Frontend

Variable	Description	Default	Required
`NEXT_PUBLIC_API_URL`	Backend API URL	`http://localhost:4000`	Yes
`NODE_ENV`	Environment mode	`development`	No

File Upload Types

The application supports the following file types:

Images: JPG, JPEG, PNG, GIF, WebP
Documents: PDF, DOC, DOCX
Spreadsheets: XLS, XLSX, CSV
Text: TXT
Archives: ZIP

Maximum file size: 10MB (configurable via MAX_FILE_SIZE)

📚 API Documentation

Authentication

POST /api/auth/register - Register new user
POST /api/auth/login - Login
POST /api/auth/refresh - Refresh access token
GET /api/auth/profile - Get user profile
PUT /api/auth/profile - Update user profile

Projects

GET /api/projects - List all projects
POST /api/projects - Create project
GET /api/projects/:id - Get project details
PUT /api/projects/:id - Update project
DELETE /api/projects/:id - Delete project

Tasks

GET /api/tasks - List all tasks
POST /api/tasks - Create task
GET /api/tasks/:id - Get task details
PUT /api/tasks/:id - Update task
DELETE /api/tasks/:id - Delete task

Findings

GET /api/findings - List all findings
POST /api/findings - Create finding
GET /api/findings/:id - Get finding details
PUT /api/findings/:id - Update finding
DELETE /api/findings/:id - Delete finding

Clients

GET /api/clients - List all clients
POST /api/clients - Create client
GET /api/clients/:id - Get client details
PUT /api/clients/:id - Update client
DELETE /api/clients/:id - Delete client

Pages (Checklists)

GET /api/pages - List all pages
POST /api/pages - Create page
GET /api/pages/:slug - Get page details
PUT /api/pages/:slug - Update page
DELETE /api/pages/:slug - Delete page

CWE Database

GET /api/cwes - List all CWEs
GET /api/cwes/:id - Get CWE details
POST /api/cwes/import - Import CWE database from CSV

Attachments

POST /api/attachments - Upload file
GET /api/attachments/:id/download - Download file
GET /api/attachments/:id/view - View file (images)

Search

GET /api/search?q=query - Global search

All API endpoints require authentication except:

/api/auth/register (if ALLOW_REGISTRATION=true)
/api/auth/login
/api/attachments/:id/view (public images)

📁 Project Structure

MyPentest-Dashboard/
├── frontend/              # Next.js frontend application
│   ├── app/              # Next.js app router pages
│   ├── components/       # React components
│   ├── lib/              # Utilities and API client
│   ├── public/           # Static assets
│   └── types/            # TypeScript types
├── backend/              # Express backend API
│   ├── src/
│   │   ├── routes/       # API routes
│   │   ├── models/       # Mongoose models
│   │   ├── middleware/   # Express middleware
│   │   ├── config/       # Configuration files
│   │   └── utils/        # Utility functions
│   └── uploads/          # File uploads directory
├── scripts/              # Utility scripts
│   ├── seed-admin.js     # Create admin user
│   └── test-crud.js      # Test CRUD operations
├── Dockerfile            # Single container Dockerfile
├── docker-entrypoint.sh  # Container entrypoint script
├── deploy.sh             # VPS deployment script
└── README.md             # This file

📝 License

MIT License - see LICENSE file for details

🤝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

📧 Support

For issues, questions, or contributions:

Open an issue on GitHub
Check the troubleshooting section
Review the logs: docker logs pentestops

Built with ❤️ for penetration testing teams

Name		Name	Last commit message	Last commit date
Latest commit History 52 Commits
.github/workflows		.github/workflows
backend		backend
frontend		frontend
k8s		k8s
scripts		scripts
.DS_Store		.DS_Store
.gitattributes		.gitattributes
DEPLOYMENT.md		DEPLOYMENT.md
Dockerfile		Dockerfile
Dockerfile.backend		Dockerfile.backend
Dockerfile.frontend		Dockerfile.frontend
LICENSE		LICENSE
Pentest.png		Pentest.png
QUICKSTART.md		QUICKSTART.md
README.md		README.md
RUN_LOCAL.md		RUN_LOCAL.md
SETUP_MONGODB_ATLAS.md		SETUP_MONGODB_ATLAS.md
deploy.sh		deploy.sh
docker-compose.dev.yml		docker-compose.dev.yml
docker-compose.yml		docker-compose.yml
docker-entrypoint.sh		docker-entrypoint.sh
ecosystem.config.js		ecosystem.config.js
package-lock.json		package-lock.json
package.json		package.json

License

0xBugatti/PentestOPS

Folders and files

Latest commit

History

Repository files navigation