tanzanite 2022.3.1

An open source purpleteaming and CTF platform.

Tanzanite is an open source platform for managing users and compute instances when running purpleteam training sessions, cyber exercises, and “capture the flag” contests.

• Version: 2022.3.1

• GitHub repo: https://github.com/davedittrich/tanzanite/

• License: Apache Software License 2.0

Features

• The tanzanite platform provides two user interfaces on the front end.

  • The first is a general Python command line interface (CLI) built on the OpenStack cliff (Command Line Interface Formulation Framework).

    • cliff provides many useful features like modularizing subcommands into groups, built-in help for internally documenting commands, and producing output in clean tabular form or in one of several data formats you can feed into other tools or automation platforms.

    • The CLI not only makes developing and testing API features faster and easier, but it also enables better integration with other open source tools through scripting and provides a quick remote interface for those running an exercise or CTF.

  • The second is a basic web application GUI.

    • The web app is served by FastAPI along with the API using Jinja2 HTML templates.

    • The built-in OpenAPI schema interface will help you write your own custom GUI or integrate Tanzanite with your own web application front end.

• Both of these front ends access the backend database, compute instance management, and related services via an API based on the FastAPI framework.

  • Configuration settings and storage of sensitive data on the backend uses a Python Secrets (psec) environment. This decouples storage of secrets from source code, making it easier and safer to develop and test new features or proprietary enhancements to the system.

  • The sqlalchemy SQL toolkit and Object Relational Mapper are used for generalizing access to local or remote databases. Local database support for testing and interactive debugging uses sqlite3, while Postgres is supported for more robust production deployments.

• The platform is parially self-documenting through integration of Sphinx documentation for generation both locally and through ReadTheDocs. CLI commands are documented using cliff autoprogram Sphinx integration, giving you the same output you get using the --help flag on the command line.

• The source repository comes preconfigured for unit testing with pytest, Python security vulnerability scanning with bandit, integration and system testing with BATS (bats-core), and Python library dependency security scanning with GitHub’s dependabot.

• Support for testing against multiple versions of Python is handled by Tox.

• Interactive development and debugging is supported by pre-configuration of VSCode, allowing easy debugging of the CLI client components, the web application components and server backend, or even the client components and server at the same time.

• Version numbering for development and test versions follows a date-based versioning scheme tracking Git repository status. Version number bumping is managed using bump2version.

• Development and production testing and release workflows are processed by GitHub Actions with automatic package publication to PyPI or Test PyPI when you push a new version tag on the main branch, or a special rc tag on the develop branch.

Contact

Dave Dittrich <dave.dittrich@gmail.com>

Copyright © 2019-2021 Dave Dittrich. All rights reserved.

Credits

This package was created with Cookiecutter from the <https://github.com/davedittrich/cookiecutter-cliffapp-template> project template. It derives some of its features and inspiration from <https://github.com/veit/cookiecutter-namespace-template> and <https://github.com/audreyfeldroy/cookiecutter-pypackage>.