Hardhat Enterprises is an organisation that aims to create cyber weapons and tools that can be used to empower white-hat operations. All deliverables produced by the company are open source so that anyone may use and benefit from them. These deliverables should either improve on existing tools or fill a market need that is not yet met.
The Hardhat Enterprises Website is a comprehensive Django-based cybersecurity platform that provides educational tools, security assessments, and hands-on learning experiences for cybersecurity professionals and students. The platform combines theoretical knowledge with practical application through interactive challenges, security tools, and real-world simulations.
- Interactive Cyber Challenges: Multiple choice questions and code-fixing challenges across various cybersecurity domains
- Skills Tracking: Progress monitoring for cybersecurity skills development
- Upskilling Modules: Comprehensive learning paths for different cybersecurity specialisations
- Leaderboard System: Gamified learning with points and rankings
- Penetration Testing Tools: Integration with Metasploit, Burp Suite, and custom testing frameworks
- Vulnerability Assessment: Nessus scanner integration and custom vulnerability detection
- Network Analysis: Nmap, Wireshark, and network monitoring tools
- SIEM Integration: Splunk and custom security analytics
- Identity Management: CyberArk PAM and privileged access controls
- AppAttack: Application security testing and vulnerability assessment
- Malware Visualisation: Malware analysis and threat intelligence tools
- PT-GUI (Deakin Detonator Toolkit): Comprehensive penetration testing GUI with 15+ integrated tools
- Smishing Detection: SMS phishing detection and prevention
- VR Cybersecurity: Virtual reality cybersecurity training modules
- Threat Mirror: Real-time threat intelligence and monitoring
- Job Portal: Cybersecurity job listings and application management
- Career Path Finder: Guided career planning for cybersecurity roles
- Graduate Programmes: Structured learning programmes for career advancement
- Internship Opportunities: Hands-on experience programmes
- Multi-Factor Authentication: Email OTP and Microsoft Azure AD integration
- Session Management: Secure session handling with timeout controls
- Rate Limiting: Protection against brute force attacks
- Audit Logging: Comprehensive security event logging
- Device Fingerprinting: Advanced user device tracking
- Password Security: Complex password requirements with history tracking
- Django 4.2.14: Modern Python web framework
- PostgreSQL: Primary database with SQLite fallback
- Django REST Framework: API development
- Celery & Redis: Asynchronous task processing
- Bootstrap 5: Responsive UI framework
- JavaScript: Interactive components and AJAX functionality
- TinyMCE: Rich text editing
- Chart.js: Data visualisation and analytics
- Microsoft OAuth 2.0: Enterprise authentication
- bcrypt: Secure password hashing
- CSRF Protection: Cross-site request forgery prevention
- XSS Protection: Input sanitisation with nh3
- HTTPS Enforcement: SSL/TLS security headers
- Docker: Containerised deployment
- Nginx: Reverse proxy and static file serving
- Gunicorn: WSGI application server
- PostgreSQL: Production database
- Custom User Model: Extended Django user with cybersecurity-specific fields
- Student Profiles: Academic tracking and project preferences
- Admin Sessions: Secure administrative access management
- Device Tracking: User device fingerprinting and management
- Cyber Challenges: Interactive learning challenges with multiple formats
- Skills & Progress: Competency tracking and assessment
- Resources: Educational materials and documentation
- Blog System: Content management for cybersecurity articles
- Security Events: Comprehensive audit trail
- Admin Notifications: System alerts and feedback management
- Vault Documents: Secure file storage and sharing
- Password History: Password reuse prevention
- Docker and Docker Compose
- Python 3.8+ (for local development)
- PostgreSQL (for production)
-
Clone the repository:
git clone https://github.com/Hardhat-Enterprises/website.git cd website -
Configure environment variables:
cp env.sample .env # Edit .env with your configuration -
Start the application:
docker-compose up --build
-
Create Super User:
docker-compose exec web python manage.py createsuperuser
Note any user email verfication may go to your spam folder so always check.
- Access the application:
- Website: http://localhost:8000
- Nginx (production): http://localhost:8080
-
Create virtual environment:
python -m venv venv source venv/bin/activate # On Windows: venv\Scripts\activate
-
Install dependencies:
pip install -r requirements.txt
-
Run migrations:
python manage.py makemigrations #Delete Intial migration file and run this command to generate any changes from models.py file python manage.py migrate python manage.py populate_database -
Start development server:
python manage.py runserver
-
Create Superuser:
python manage.py createsuperuser
Note any user email verfication may go to your spam folder so always check.
SECRET_KEY: Django secret key (auto-generated)DEBUG: Development mode toggleDB_ENGINE: Database engine (postgresql/sqlite3)MICROSOFT_CLIENT_ID: Azure AD application IDMICROSOFT_CLIENT_SECRET: Azure AD application secretEMAIL_HOST_USER: SMTP email configuration
- Rate limiting: 5 attempts per minute for login
- Session timeout: 30 minutes with activity reset
- Password complexity: Uppercase, lowercase, digit, and symbol required
- HSTS: 1 year with subdomain inclusion
website/
├── core/ # Django project configuration
│ ├── settings.py # Main settings and security configuration
│ ├── urls.py # URL routing
│ └── middleware.py # Custom middleware components
├── home/ # Main application
│ ├── models.py # Database models
│ ├── views.py # Business logic and controllers
│ ├── urls.py # Application URL patterns
│ ├── templates/ # HTML templates
│ └── management/ # Custom Django commands
├── custom_static/ # Static assets (CSS, JS, images)
├── nginx/ # Nginx configuration
├── Scripts/ # Deployment and utility scripts
├── utils/ # Utility functions and helpers
└── docker-compose.yml # Docker orchestration
- Authentication: Multi-factor with OTP and Microsoft OAuth
- Authorisation: Role-based access control with staff/admin levels
- Data Protection: Input sanitisation, CSRF tokens, and XSS prevention
- Session Security: Secure cookies, timeout controls, and device tracking
- Audit Trail: Comprehensive logging of security events
- Rate Limiting: Brute force protection with intelligent lockout
Supports multiple languages:
- English (default)
- Simplified Chinese
- French
- Spanish
- Japanese
- Korean
- User Activity Tracking: Comprehensive user behaviour analytics
- Security Event Monitoring: Real-time threat detection
- Performance Metrics: Application performance monitoring
- Audit Logging: Detailed security and administrative logs
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE.md file for details.
For support and questions:
- Email: hardhatwebsite@gmail.com
- Security Issues: security@hardhatenterprises.com
Hardhat Enterprises - Empowering the next generation of cybersecurity professionals through hands-on learning and cutting-edge tools.