Cervantes is an open-source, collaborative platform designed specifically for pentesters and red teams. It serves as a comprehensive management tool, streamlining the organization of projects, clients, vulnerabilities, and reports in a single, centralized location.
By facilitating efficient data management and providing a unified workspace, Cervantes aims to significantly reduce the time and effort required in the coordination and execution of penetration testing activities.
Cervantes is an OWASP Foundation Project
- OpenSource
- Multiplatform
- Multilanguage
- Team Collaboration
- Checklists
- OWASP Compliance Reports
- BuiltIn dashboards and analytics
- Manage your clients and Offensive Security projects
- One click reports creation
- And more
- Docker
- Docker compose
- First you need to clone this repository
git clone https://github.com/CervantesSec/docker.git
- After that you need to start your docker containers:
docker-compose -p cervantes -f docker-compose.yml up -d
- After this, open your browser at http://localhost or https://localhost and you will see the Cervantes login page.
When you first launch the Cervantes application, a default user is created for you. The default username is [email protected]
.
The password for this user is generated randomly during the creation of the application container and the first launch of the application. This means that the password is unique for each instance of the application and provides an additional layer of security.
Please note that it's important to change the default password as soon as possible to ensure the security of your application. You can do this by logging in with the default user and navigating to the user settings page.
Remember, the security of your application is paramount. Always use strong, unique passwords and change them regularly.
- .NET 8
- PostgreSQL
- Atlassian Jira Server (Optional only if you want to use Jira Integration)
To install the Cervantes application from the source code, you can follow these steps:
- Clone the Repository: First, you need to clone the repository from GitHub. You can do this by running the following command in your terminal:
git clone https://github.com/CervantesSec/cervantes.git
- Navigate to the Project Directory: Once the repository is cloned, navigate to the project directory:
cd Cervantes
- Edit appsettings.json: To use the application you need to edit the appsettings.json file inside the Cervantes.Web folder.
Database Connection String
The database connection string is used to connect your application to your database. It usually includes the server name, database name, and authentication details. Here's an example of how it might look in your appsettings.json
:
{
"ConnectionStrings": {
"DefaultConnection": "Server=myServerAddress;Database=myDataBase;Username=myUsername;Password=myPassword"
},
}
Replace myServerAddress
, myDataBase
, myUsername
, and myPassword
with your actual database details.
- Install Dependencies: The project uses .NET 8.0, so you need to have it installed on your machine. If you don't have it, you can download it from the official .NET website. Once .NET is installed, you can install the project dependencies by running:
dotnet restore
- Build the Project: After the dependencies are installed, you can build the project:
dotnet build
- Run the Project: Finally, you can run the project:
dotnet run --project Cervantes.Web/Cervantes.Web.csproj
The application should now be running at http://localhost:5000
.
Please note that this is a basic installation guide and the actual process might vary depending on the project's specific configuration and requirements. For example, if the project uses a database, you might need to set up the database and update the connection string in the configuration file.
Here are some things you could do to become a contributor:
- ★ Star this project on Github ★
- Suggest new features or ideas
- Improve the code of the platform components
- Report security issues
Before you jump to make any changes make sure you have read the contributing guidelines. This would save us all time. Thanks!
Please report Security issues via our disclosure policy.
If you have bugs to report please use the issues tab on Github to submit the details.