This is just an all in one version of PenFlow. All credit goes to to original creator at: https://github.com/rb-x/penflow
The credentials are listed in the log output.
This Dockerfile automatically installs and runs PenFlow, a visual methodology tracking platform tailored for offensive security assessments.
PenFlow is a mind-mapping platform designed specifically for cybersecurity professionals. It helps you visualize, track, and share your security testing methodologies while maintaining complete control over your sensitive data.
- πΊοΈ Interactive Mind Maps: Create and navigate complex security testing workflows
- π€ AI-Powered Assistance: Generate node suggestions and expand methodologies
- π Command Templates: Save and reuse CLI commands with variable substitution
- π Progress Tracking: Visualize testing progress and methodology coverage
- π Self-Hosted: Run entirely on your infrastructure
- π Encrypted Exports: AES-256-GCM encryption for secure sharing
- Docker installed on your system
- At least 4GB of available RAM
- Ports 5173, 8000, 7474, 7687, 6379, and 8081 available
-
Build the Docker image:
docker build -t penflow . -
Run the container:
docker run -d --name='PenFlow' --net='interface' --ip='192.168.0.1' --pids-limit 2048 -e TZ="America/New_York" -e HOST_HOSTNAME="Hostname" -e HOST_CONTAINERNAME="PenFlow" -e 'ADMIN_USERNAME'='admin' -e 'ADMIN_EMAIL'='admin@krakensec.tech' -e 'ADMIN_PASSWORD'='Password123!' -e 'SECRET_KEY'='secret-key-change-me' -e 'HOST_PORT'='80' -e 'HOST_IP'='192.168.70.114'
Note: No
--privilegedflag needed! This container runs all services directly without Docker-in-Docker. -
Monitor the startup process:
docker logs -f penflow-container
Wait for all services to be ready (this may take 2-3 minutes on first run).
-
Access the application:
- Frontend (Main App): http://localhost:5173
- Backend API: http://localhost:8000
- API Documentation: http://localhost:8000/docs
- Neo4j Browser: http://localhost:7474 (username:
neo4j, password:password) - Redis: Available on port 6379 (no web interface included)
This container runs all PenFlow services directly using supervisor for process management:
- Frontend: React 19 + TypeScript + Vite (built and served with
serve) - Backend: FastAPI (Python 3.12) with pipenv dependencies
- Database: Neo4j graph database (Community Edition)
- Cache: Redis server
- Process Manager: Supervisor manages all services
- Neo4j Database:
- Username:
neo4j - Password:
password
- Username:
- Application: No authentication required in development mode
The container automatically creates a .env.development file with secure defaults. To customize:
-
Access the container:
docker exec -it penflow-container bash -
Edit the environment file:
cd /home/penflow/penflow nano .env.development -
Restart services:
./run.sh stop ./run.sh dev
To enable AI-powered assistance:
- Get a Gemini API Key
- Access the container and edit the environment file:
docker exec -it penflow-container bash cd /home/penflow/penflow nano .env.development
- Add your API key:
GOOGLE_API_KEY=your_api_key_here - Restart the services:
./run.sh stop ./run.sh dev
# Container logs
docker logs penflow-container
# PenFlow service logs
docker exec -it penflow-container bash
cd /home/penflow/penflow
docker-compose -f docker-compose.dev.yml logsdocker stop penflow-containerdocker start penflow-containerdocker stop penflow-container
docker rm penflow-containerBy default, data is stored inside the container and will be lost when the container is removed. To persist data:
docker run
-d
--name='PenFlow' \
--net='interface' \
--ip='192.168.0.1' \
--pids-limit 2048 \
-e TZ="America/New_York" \
-e HOST_HOSTNAME="Hostname" \
-e HOST_CONTAINERNAME="PenFlow" \
-e 'ADMIN_USERNAME'='admin' \
-e 'ADMIN_EMAIL'='admin@krakensec.tech' \
-e 'ADMIN_PASSWORD'='Password123!' \
-e 'SECRET_KEY'='secret-key-change-me' \
-e 'HOST_PORT'='80' \
-e 'HOST_IP'='192.168.70.114' \
-v penflow-neo4j-data:/home/penflow/penflow/neo4j-data-dev \
-v penflow-redis-data:/home/penflow/penflow/redis-data-dev \
penflow- Docker version: Ensure you're using a recent version of Docker (20.10+)
- Build failures: Check that you have sufficient disk space and memory during build
- Ensure Docker is running on your host system
- Check that required ports are not in use:
netstat -tulpn | grep -E '(5173|8000|7474|7687|6379)' - Verify you have sufficient system resources (minimum 2GB RAM recommended)
- Check if the container started:
docker ps -a
- Wait a few minutes for all services to fully start (monitor with
docker logs -f penflow-container) - Check container logs:
docker logs penflow-container - Verify port mappings are correct
- Test individual services:
curl http://localhost:8000/health # Backend health check curl http://localhost:5173 # Frontend
- Increase Docker memory allocation (recommended: 2GB+)
- Close unnecessary applications to free up resources
- Monitor resource usage:
docker stats penflow-container
- Check individual service logs:
docker exec penflow-container supervisorctl status - Restart a specific service:
docker exec penflow-container supervisorctl restart <service_name> - View service logs:
docker exec penflow-container tail -f /var/log/<service>.log
- This container runs in privileged mode for Docker-in-Docker functionality
- Default credentials are used for development convenience
- For production use, consider the official PenFlow production deployment guide
- The container is designed for local development and testing
For issues specific to PenFlow functionality, visit:
For Docker container issues, please check the troubleshooting section above.