Component Reference¶

Detailed reference for all PenLocal-AI services and their configurations.

Core Services¶

Pentest Manager (Webapp)¶

The central management interface for pentests, users, and configurations.

Property	Value
Image	Custom (Flask)
Container	`pentest-webapp`
Internal Port	8000
External Port	8000 (via proxy)
Database	PostgreSQL (`pentest_db`)

Features: - User authentication with MFA - Pentest lifecycle management - Vulnerability tracking with edit history - Team collaboration - Real-time execution updates (SSE) - PDF report generation

Environment Variables: | Variable | Description | |----------|-------------| | SECRET_KEY | Flask session encryption | | DB_HOST, DB_PORT, DB_NAME | PostgreSQL connection | | DB_USER, DB_PASSWORD | Database credentials | | VAULT_MASTER_KEY | Encryption key for secrets |

n8n Workflow Engine¶

Orchestrates pentest execution through automated workflows.

Property	Value
Image	Custom (`n8n-ollama:patched`)
Container	`n8n`
Internal Port	5678
External Port	443 (via proxy)
Database	PostgreSQL (`n8n_db`)

Network Configuration: - Connected to both internal-services and kali-network - Listens only on 10.150.0.250 (internal network) - SSH access to Kali via kali-network

Features: - Visual workflow builder - AI tool integrations (Ollama, Qdrant) - Credential management - Webhook triggers from webapp

PostgreSQL Database¶

Primary data store for both webapp and n8n.

Property	Value
Image	`postgres:16-alpine`
Container	`postgres`
Port	5432 (internal)
Databases	`n8n_db`, `pentest_db`

Health Check:

pg_isready -h localhost -U ${POSTGRES_USER} -d ${POSTGRES_DB}

Initialization: - init-db.sh creates additional databases on first run

Ollama LLM Server¶

Local large language model inference.

Property	Value
Image	`ollama/ollama` (or `:rocm` for AMD)
Container	`ollama`
Port	11434 (via authenticated proxy)
Model	Qwen3:14b (default)

Profiles: | Profile | GPU Support | |---------|-------------| | cpu | None | | gpu-nvidia | NVIDIA CUDA | | gpu-amd | AMD ROCm |

Model Download: On first run, ollama-pull-llama container downloads the default model.

Qdrant Vector Database¶

Stores embeddings for semantic search and knowledge retrieval.

Property	Value
Image	`qdrant/qdrant`
Container	`qdrant`
Port	6333 (HTTPS, internal)
Auth	API key

Configuration (qdrant/config.yaml):

service:
  enable_tls: true
  api_key: ${QDRANT_API_KEY}

tls:
  cert: /qdrant/tls/qdrant.crt
  key: /qdrant/tls/qdrant.key

Use Cases: - Pentest knowledge base (security methodologies) - Target knowledge base (crawled content) - Per-pentest collection isolation

Storage Services¶

MinIO Object Storage¶

S3-compatible object storage for files and artifacts.

Property	Value
Image	`minio/minio`
Container	`minio`
API Port	9000 (internal)
Console Port	9001 (internal)

Command: server /data --console-address ":9001"

MinIO API¶

Secure API layer for MinIO operations.

Property	Value
Image	Custom (FastAPI)
Container	`minio-api`
Port	8080 (internal)

Features: - Path traversal protection - Bucket ownership validation - HTML to PDF conversion - PDF to Markdown conversion

Credential Vault¶

Encrypted credential storage service.

Property	Value
Image	Custom
Container	`credential-vault`
Network	`internal-services`

Encryption: Fernet (AES-128-CBC) with VAULT_MASTER_KEY

Security Services¶

Kali Linux Agent¶

Isolated penetration testing environment.

Property	Value
Image	Custom
Container	`kali`
Network	`kali-network` only

Capabilities: - NET_ADMIN for network testing - SSH access from n8n - Internet access (outbound)

Isolation: - Cannot access internal-services network - Cannot reach PostgreSQL, Qdrant, etc. - Credentials passed via RAM-only tmpfs

Volumes:

volumes:
  - kali_storage:/home/pentest-agent
  - ./kali-linux:/ssh-keys:ro
tmpfs:
  - /tmp/credentials:size=10M,mode=0700
  - /dev/shm:size=50M

Initialization Services¶

These run once at startup and exit:

SSL Certificate Generator¶

Generates self-signed certificates for all services.

ssl-cert-generator:
  image: alpine:latest
  command: ./generate-ssl-certs.sh
  restart: "no"

SSH Key Generator¶

Creates SSH keypair for n8n ↔ Kali communication.

ssh-key-generator:
  image: alpine:latest
  command: ./generate-ssh-keys.sh
  restart: "no"

Credential Initializer¶

Injects initial secrets into configuration files.

credential-initializer:
  image: alpine:latest
  command: ./init-credentials.sh
  depends_on:
    ssh-key-generator:
      condition: service_completed_successfully

Service Dependencies¶

flowchart TD
    subgraph Init["Initialization (run once)"]
        SSL["ssl-cert-generator"]
        SSH["ssh-key-generator"]
        Cred["credential-initializer"]
    end

    subgraph Core["Core Services"]
        PG[(PostgreSQL)]
        n8n["n8n"]
        Webapp["Webapp"]
        Ollama["Ollama"]
        Qdrant["Qdrant"]
    end

    subgraph Proxies["Proxies"]
        n8nP["n8n-proxy"]
        WebP["webapp-proxy"]
        OllP["ollama-proxy"]
    end

    SSH --> Cred
    SSL --> n8nP
    SSL --> WebP
    SSL --> Qdrant

    PG --> n8n
    PG --> Webapp

    n8n --> n8nP
    Webapp --> WebP
    Ollama --> OllP

Volume Reference¶

Volume	Service	Path	Purpose
`n8n_storage`	n8n	`/home/node/.n8n`	Workflows, settings
`postgres_storage`	PostgreSQL	`/var/lib/postgresql/data`	Database files
`ollama_storage`	Ollama	`/root/.ollama`	Models
`qdrant_storage`	Qdrant	`/qdrant/storage`	Vector data
`kali_storage`	Kali	`/home/pentest-agent`	Kali home
`webapp_storage`	Webapp	`/app/data`	Uploaded files
`zip_storage`	MinIO	`/data`	Object storage