Continuous exposure → automated scanning → managed pentest workflow.
A layered modular monolith with event-driven orchestration for long-running scans.
Traditional penetration testing workflows are fragmented:
- static PDF reports
- email-based coordination
- poor visibility into change over time
- high-friction onboarding for SMBs
PenFlow makes security posture continuous and trackable by structuring assessment into a phased pipeline.
- Passive OSINT aggregation (no direct interaction with target)
- Multiple sources queried asynchronously
- Partial failure tolerant
- Results normalized into a consistent finding contract
- Ownership verification
- Controlled external perimeter scanning
- Containerized isolation per scan
- RBAC + audit logging
- Engagement dashboard
- Findings submitted and tracked in-platform
PenFlow is a layered modular monolith with an event-driven orchestration layer for long-running work.
- Frontend: Next.js (TypeScript)
- Core API: FastAPI (Python)
- Async Orchestration: Celery + RabbitMQ
- State/Updates: Redis + WebSockets
- Database: PostgreSQL
- Storage: AWS S3
- Auth: Auth0 (JWT + RBAC)
- Software Architecture (Demo 1):
docs/architecture.md - SRS:
docs/SRS.md - Design:
docs/DESIGN.md
| Component | Technology |
|---|---|
| Frontend | Next.js, React, TypeScript, Tailwind |
| API Gateway | FastAPI, Pydantic, SQLAlchemy, Alembic |
| Workers | Celery, httpx, Tenacity |
| Broker / State | RabbitMQ, Redis |
| Database | PostgreSQL 16 |
| Storage | AWS S3 |
| Auth | Auth0 (JWT + RBAC) |
| CI/CD | GitHub Actions |
| Testing | PyTest, Jest, Cypress |
Backend / Data
|
Backend / Integrations
|
Frontend / UI/UX
|
Team Lead / Architecture
|
Systems / Security
|
Contact: thebrocodetuks@gmail.com






