The Open-Source Purple Team Platform for Continuous Security Validation
Browse a git-synced library of security tests with MITRE ATT&CK mapping. Filter by technique, tactic, platform, and severity. Build, sign, and download binaries directly from the UI.
Measure your defensive posture with 30+ Elasticsearch query endpoints. Defense scores, heatmaps, treemaps, trend analysis, and risk acceptance tracking.
Deploy a lightweight Go agent to Windows, Linux, and macOS endpoints. Token-based enrollment, heartbeat monitoring, task execution, and self-updating.
Cross-compile test binaries for any platform from the web UI. Authenticode signing for Windows, ad-hoc signing for macOS, and multi-certificate management.
Connect Microsoft 365 Defender for Secure Score and alert cross-correlation. Set up Slack and email alerting with configurable thresholds.
Deploy anywhere: Docker Compose, Railway, Render, Fly.io, or Vercel (serverless). Each target has a dedicated guide with production hardening steps.