Skip to content


PurpleOps is super flexible, what would you like to configure?


Most options are in .env and flask.cfg. Custom knowledge bases / reports / testcase templates are done by dropping them in custom/.

Instance Name

Change the NAME var in .env. This affects the title shown in MFA apps.

Database Connection

Change the MONGO_DB, MONGO_HOST and MONGO_PORT vars in .env. Unless you have a custom database, leave these as default.

Webserver Host / Port Bindings

Change the HOST and PORT vars in .env. If you're going to open the server to the internet, you'll probably want to change these.

  • For enabling / disabling: Change the FLASK_MFA var in .env. MFA is either on or off globally, no per-user config is available.
  • For changing MFA validity: Change the SECURITY_TWO_FACTOR_LOGIN_VALIDITY var in flask.cfg.

Change the FLASK_DEBUG var in .env. Don't enable this in prod :)

Mimimum Password Length

Change the SECURITY_PASSWORD_LENGTH_MIN var in flask.cfg.


See: User Management.

Custom Testcase Templates

Using the schema from Export Testcase Templates, alter the custom/testcases.json file and rerun See: Templating.

Custom Knowledge Base Items

Using the schema from the sample custom/knowledgebase/T1003.yaml file, any file in custom/knowledgebase/*.yaml will overwrite the default Mitre writeup. Requires rerunning See Custom Knowledge Base.

Custom Reports

Drop your new Jinja .docx file in custom/reports/. See: Reporting.