Skip to content

For Developers

Itching to add a new feature or tweak the app? Look no further.

Tech Stack

PurpleOps uses the following components:

  • Flask (python webserver backend)
    • Flask-Security (manages auth/MFA)
  • Jinja (HTML templating engine)
  • MongoDB (database)

File Structure

  • blueprints/ - Houses the backend python / flask code, broken up per area. Large files are broken e.g.
  • custom/ - Houses custom data, sample data comes bundled, but this is for you to add your own custom files
    • knowledgebase/ - Houses custom writeups to overwrite default MITRE TTP descriptions / remedial advice
    • reports/ - Houses custom Jinja .docx files for reporting
    • testcases.json - Houses custom testcases templates to inject alongside Atomic Red Team testcase templates
  • files/ - Houses engagment evidence and exports
    • <assessmentid>/
      • <testcaseid>/
  • static/ - Houses JS (broken up by area) and images
    • images/
    • scripts/
  • templates/ - Houses HTML marked up with Jinja to be rendered by the backend code - broken up by area - large files are further fragmented e.g. testcase_modals.html
    • master.html - Rendered with every page, contains JS libs and styling
    • ...
  • .env - Houses environment variables. Secret related vars are populated by
  • flask.cfg - Stores oodles of flask configuration settings
  • - Database object schema definitions and object helper functions e.g. TestCase.to_json()
  • - The "main" file. Loads dependencies and starts flask
  • - Pretty page for GitHub
  • requirements.txt - Python dependancies
  • - Populates the database (KBs, testcases, MITRE writeups, secrets, users...)
  • - Backend helper functions shared between app areas