Quick Start
Setup and execution guide for Fleetfolio Pentest Module to perform structured penetration testing and generate evidence for Operational Acceptance Testing (OAT).
Quick Start Guide
This guide explains how to set up and run Fleetfolio Pentest Module via Docker to perform continuous security assessments and generate inputs for Operational Acceptance Testing (OAT).
Install Docker
Ensure Docker is installed and running on your system.
sudo apt update && sudo apt install docker.io -y && sudo systemctl enable docker --nowError Fix
If the update fails, run:
sudo sed -i 's|http://http.kali.org|https://http.kali.org|' /etc/apt/sources.list && sudo apt-get clean && sudo apt-get update --fix-missingConfigure Environment
Create your .env configuration using the following block:
sudo tee -a .env > /dev/null << 'EOF'
# Scope configuration
OPSFOLIO_EAA_HOME=/opt/eaa/sessions
OPSFOLIO_EAA_TENANT_ID=NET1234
OPSFOLIO_EAA_TENANT_NAME=Netspective
OPSFOLIO_EAA_PURPOSE=Threat
OPSFOLIO_EAA_DESCRIPTION=Demo_Threat
OPSFOLIO_EAA_CONTEXT_JSON='{ \"Sample\": \"Value\" }'
OPSFOLIO_EAA_EXIT_EMAIL_ADDRESSES=example@nespective.com,example2@nespective.com,example3@gmal.com
OPSFOLIO_EAA_DOMAINS=netspective.com
OPSFOLIO_EAA_KEY_URLS=https://netspective.com
OPSFOLIO_EAA_SUBDOMAINS=
OPSFOLIO_EAA_IP_RANGES=
OPSFOLIO_EAA_EXCLUDES=
OPSFOLIO_EAA_KEY_APIS=
OPSFOLIO_EAA_KEY_GIT_URLS=
OPSFOLIO_EAA_CORSY_PATH=/opt/eaa/Corsy
OPSFOLIO_EAA_WAF_BYPASS_PATH=/opt/eaa/waf-bypass
OPSFOLIO_EAA_WP_TOKEN=
OPSFOLIO_EAA_VIRUSTOTAL_API_KEY=
OPSFOLIO_EAA_RATE_LIMIT=200
OPSFOLIO_EAA_CONCURRENCY=50
OPSFOLIO_EAA_NAABU_PORTS=top-100
OPSFOLIO_EAA_NUCLEI_TEMPLATES=cves,default
EOFDocker Run
Launch the container.
- For Lightweight Testing:
sudo docker run --rm -it \
--env-file .env \
-v $(pwd)/.env:/opt/eaa/.env \
-v $(pwd)/results:/opt/eaa/sessions/ \
fleetfolio/fleetfolio- For Thorough Testing:
sudo docker run --rm -it \
--env-file .env \
-v $(pwd)/.env:/opt/eaa/.env \
-v $(pwd)/results:/opt/eaa/sessions/ \
fleetfolio/fleetfolio --graph thoroughBy default the docker image is set to scan for lightweight pentesting. To get a thorough pentesting, use the --graph thorough switch.
During execution, a timestamped session is created inside the results/ directory in your current path, containing all generated data.
Example:
results/
├── 2026-03-04T10-20-10/
│ └── *.sqlite.db
├── 2026-03-04T11-05-30/
│ └── *.sqlite.dbHow is this guide?
Last updated on
Download Operational Truth™ - Fleetfolio Pentest Module
Operational Truth™ is a downloadable platform for continuous compliance and Operational Acceptance Testing (OAT), enabling real-world validation of security and operational readiness. The Fleetfolio Pentest module (powered by Opsfolio) runs locally on a workstation or server and requires installation of dependencies followed by the module setup using the provided instructions.
Download Operational Truth™ - Fleetfolio Threat Exposure Module
Fleetfolio Threat Exposure Module is the Operational Acceptance Testing (OAT) layer of Fleetfolio, designed to validate real-world threat exposure and operational risk. It converts technical findings into actionable insights and workflows and is deployed locally on a workstation or server with the required dependencies installed beforehand.