feat: pentest onboarding — streaming, browser automation, reports, user cleanup (#16)

Complete pentest feature overhaul: SSE streaming, session-persistent browser tool (CDP), AES-256 credential encryption, auto-screenshots in reports, code-level remediation correlation, SAST triage chunking, context window optimization, test user cleanup (Keycloak/Auth0/Okta), wizard dropdowns, attack chain improvements, architecture docs with Mermaid diagrams. Co-authored-by: Sharang Parnerkar <parnerkarsharang@gmail.com> Reviewed-on: #16
2026-03-17 20:32:20 +00:00
parent 11e1c5f438
commit c461faa2fb
57 changed files with 8844 additions and 2423 deletions
--- a/deploy/docker-compose.mailserver.yml
+++ b/deploy/docker-compose.mailserver.yml
@@ -0,0 +1,63 @@
+version: "3.8"
+
+services:
+  mailserver:
+    image: ghcr.io/docker-mailserver/docker-mailserver:14
+    hostname: mail.scanner.meghsakha.com
+    domainname: scanner.meghsakha.com
+    container_name: mailserver
+    ports:
+      - "25:25"      # SMTP (inbound mail)
+      - "143:143"    # IMAP (orchestrator reads mail)
+      - "993:993"    # IMAPS (TLS)
+      - "587:587"    # Submission (outbound, if needed)
+    volumes:
+      - maildata:/var/mail
+      - mailstate:/var/mail-state
+      - maillogs:/var/log/mail
+      - /etc/localtime:/etc/localtime:ro
+    environment:
+      # Hostname
+      - OVERRIDE_HOSTNAME=mail.scanner.meghsakha.com
+
+      # Disable features we don't need
+      - ENABLE_SPAMASSASSIN=0
+      - ENABLE_CLAMAV=0
+      - ENABLE_FAIL2BAN=0
+      - ENABLE_POSTGREY=0
+      - ENABLE_AMAVIS=0
+
+      # Enable what we need
+      - ENABLE_IMAP=1
+      - ENABLE_POP3=0
+
+      # Plus-addressing (critical for pentest)
+      - POSTFIX_RECIPIENT_DELIMITER=+
+
+      # SSL (start with no TLS, add Let's Encrypt later)
+      - SSL_TYPE=
+
+      # Accept mail for our domain
+      - PERMIT_DOCKER=none
+
+      # Disable inbound SPF checking — we need to accept verification
+      # emails from Keycloak and other external senders
+      - ENABLE_OPENDKIM=0
+      - ENABLE_OPENDMARC=0
+      - ENABLE_POLICYD_SPF=0
+      - SPOOF_PROTECTION=0
+
+      # One domain
+      - POSTFIX_MYDESTINATION=scanner.meghsakha.com, localhost
+
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "ss", "-tlnp", "|", "grep", "25"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+
+volumes:
+  maildata:
+  mailstate:
+  maillogs: