Skip to main content

Security Services

Security tools for identity management, secrets storage, intrusion prevention, and security testing.

Available Services

Authentik

Port: 9015 (HTTP), 9443 (HTTPS) | Memory: 2048 MB | Maturity: StableThe open-source Identity Provider that unifies your identity infrastructure.Features:
  • SSO (Single Sign-On)
  • SAML, OIDC, OAuth2
  • LDAP provider
  • Multi-factor authentication
  • User provisioning
  • Policy engine
Requires: PostgreSQL, RedisDocumentation

Vaultwarden

Port: 8843 | Memory: 128 MB | Maturity: StableUnofficial Bitwarden compatible server written in Rust, perfect for self-hosted password management.Features:
  • Bitwarden compatible
  • Password management
  • Secure notes
  • TOTP generator
  • Browser extensions
  • Mobile apps
Recommends: Caddy or Traefik (for HTTPS)Documentation

CrowdSec

Port: 8186 | Memory: 256 MB | Maturity: StableFree, open-source and collaborative IPS designed to protect servers, services, and containers.Features:
  • Intrusion prevention
  • Collaborative threat intelligence
  • Scenario-based detection
  • Bouncer integrations
  • Log analysis
  • Community blocklists
Documentation

HexStrike AI

Port: 8888 | Memory: 2048 MB | Maturity: ExperimentalAI-Powered MCP Cybersecurity Automation Platform with 150+ pentesting tools.Features:
  • 150+ pentesting tools
  • MCP (Model Context Protocol) server
  • Automated security testing
  • Vulnerability scanning
  • AI-powered analysis
  • OpenClaw integration
OpenClaw Integration:
  • Skill: hexstrike-mcp
Documentation

PentAGI

Port: 8089 | Memory: 4096 MB | Maturity: ExperimentalFully autonomous AI Agents system capable of performing complex penetration testing tasks.Features:
  • Autonomous pentesting
  • Multi-agent system
  • Automated exploitation
  • Report generation
  • AI-powered reconnaissance
  • Vulnerability assessment
OpenClaw Integration:
  • Skill: pentagi-orchestrator
Note: Minimum 4GB RAM requiredDocumentation

PentestAgent

Port: 8090 | Memory: 2048 MB | Maturity: ExperimentalAI-powered penetration testing agent for automated security assessments.Features:
  • Automated pentesting
  • Network scanning
  • Vulnerability detection
  • Exploitation framework
  • Reporting tools
  • AI-assisted analysis
Documentation

SolidityGuard

Port: 8091 | Memory: 1024 MB | Maturity: ExperimentalAI-powered smart contract security analyzer for detecting vulnerabilities in Solidity code.Features:
  • Smart contract analysis
  • Vulnerability detection
  • Gas optimization
  • Best practices checking
  • Automated auditing
  • Report generation
Documentation

Usage Examples

Identity & Access Management

npx create-better-openclaw \
  --services authentik,vaultwarden,postgresql,redis \
  --yes

Security Monitoring

npx create-better-openclaw \
  --services crowdsec,grafana,prometheus \
  --yes

Penetration Testing Suite

npx create-better-openclaw \
  --services hexstrike,pentagi,pentestagent \
  --yes

Smart Contract Security

npx create-better-openclaw \
  --services solidityguard,redis \
  --yes

Security Categories

Identity & Access Management

  • Authentik: Enterprise SSO and identity provider
  • Vaultwarden: Password management and secrets storage

Intrusion Prevention

  • CrowdSec: Collaborative IPS with threat intelligence

Penetration Testing

  • HexStrike AI: MCP-based pentesting platform (150+ tools)
  • PentAGI: Autonomous AI pentesting agents
  • PentestAgent: AI-powered security assessments

Smart Contract Security

  • SolidityGuard: Solidity vulnerability scanner

Service Comparison

ServiceCategoryAI-PoweredMemoryMaturity
AuthentikIAM2048 MBStable
VaultwardenSecrets128 MBStable
CrowdSecIPS256 MBStable
HexStrikePentesting2048 MBExperimental
PentAGIPentesting4096 MBExperimental
PentestAgentPentesting2048 MBExperimental
SolidityGuardSmart Contracts1024 MBExperimental

Authentik Configuration

Initial Setup

  1. Access web UI at http://localhost:9015
  2. Complete initial setup wizard
  3. Configure authentication flow
  4. Add applications
  5. Create user groups
  6. Set up providers (SAML/OIDC)

SSO Integration

# Add application to Authentik
# Configure OIDC provider
# Get client ID and secret
# Configure app to use Authentik for auth

Multi-Factor Authentication

  • TOTP (Time-based One-Time Password)
  • WebAuthn (hardware keys)
  • SMS (with external provider)
  • Email verification
  • Push notifications

Vaultwarden Configuration

Admin Panel

Access admin panel: http://localhost:8843/admin

User Registration

# Allow signups
SIGNUPS_ALLOWED=true

# Or use invite-only mode
SIGNUPS_ALLOWED=false

HTTPS Setup (Required for Browser Extensions)

# Use Caddy or Traefik for HTTPS
npx create-better-openclaw \
  --services vaultwarden,caddy \
  --proxy caddy \
  --domain vault.example.com \
  --yes

CrowdSec Configuration

Install Collections

# List available collections
docker exec crowdsec cscli collections list

# Install collection
docker exec crowdsec cscli collections install crowdsecurity/nginx

Add Bouncers

# Install firewall bouncer
docker exec crowdsec cscli bouncers add firewall-bouncer

# Install nginx bouncer
docker exec crowdsec cscli bouncers add nginx-bouncer

View Decisions

# View active bans
docker exec crowdsec cscli decisions list

# View alerts
docker exec crowdsec cscli alerts list

Penetration Testing with HexStrike

MCP Integration

HexStrike runs as an MCP server that OpenClaw can connect to: 
# HexStrike exposes 150+ pentesting tools via MCP
# OpenClaw agents can invoke tools through the MCP protocol

Available Tool Categories

  • Network scanning (nmap, masscan)
  • Web application testing (sqlmap, xsstrike)
  • Password cracking (hashcat, john)
  • Exploitation frameworks (metasploit)
  • Reconnaissance (theHarvester, recon-ng)
  • Wireless testing (aircrack-ng)

Safety Considerations

⚠️ WARNING: Only use on systems you own or have explicit permission to test.

PentAGI Autonomous Testing

Agent Workflow

  1. Reconnaissance: Gather information about target
  2. Scanning: Identify open ports and services
  3. Enumeration: Discover vulnerabilities
  4. Exploitation: Attempt to exploit findings
  5. Reporting: Generate detailed security report

Configuration

# Configure target scope
# Set testing parameters
# Define rules of engagement
# Enable/disable aggressive checks

SolidityGuard Smart Contract Analysis

Supported Checks

  • Reentrancy vulnerabilities
  • Integer overflow/underflow
  • Access control issues
  • Gas optimization
  • Unchecked external calls
  • Front-running risks

Usage

# Upload Solidity contract
# Run automated analysis
# Review vulnerability report
# Apply recommended fixes

Best Practices

Identity & Access Management

  1. MFA: Always enable multi-factor authentication
  2. Strong Passwords: Enforce password complexity
  3. Regular Audits: Review access logs regularly
  4. Least Privilege: Grant minimal necessary permissions
  5. Session Management: Configure appropriate session timeouts

Password Management

  1. HTTPS: Always use HTTPS for Vaultwarden
  2. Backups: Regular backups of password database
  3. Master Password: Use strong master password
  4. 2FA: Enable two-factor authentication
  5. Organization: Use folders and collections

Intrusion Prevention

  1. Regular Updates: Keep CrowdSec scenarios updated
  2. Log Collection: Ensure all services send logs
  3. Bouncer Deployment: Deploy bouncers on all entry points
  4. Alert Response: Define incident response procedures
  5. Whitelisting: Maintain whitelist of trusted IPs

Penetration Testing

  1. Authorization: Only test authorized systems
  2. Documentation: Document all testing activities
  3. Scope: Clearly define testing scope
  4. Backup: Ensure backups exist before testing
  5. Reporting: Generate detailed findings reports

Security Hardening

Network Security

# Use Docker networks for isolation
# Configure firewall rules
# Enable rate limiting
# Use reverse proxy with SSL/TLS
# Implement network segmentation

Application Security

# Keep services updated
# Use strong authentication
# Enable audit logging
# Configure CORS properly
# Validate all inputs

Container Security

# Use official images
# Scan images for vulnerabilities
# Run containers as non-root
# Limit container resources
# Enable security profiles (AppArmor/SELinux)

Compliance

GDPR Compliance

  • Data encryption at rest and in transit
  • User data export capabilities
  • Right to deletion
  • Audit logging
  • Data processing agreements

SOC 2 Considerations

  • Access control and authentication
  • Encryption standards
  • Monitoring and alerting
  • Incident response procedures
  • Regular security assessments

Integration Examples

Complete Security Stack

npx create-better-openclaw \
  --services authentik,vaultwarden,crowdsec,postgresql,redis,grafana \
  --yes

AI-Powered Security Testing

npx create-better-openclaw \
  --services hexstrike,pentagi,redis \
  --yes

Identity + Secrets Management

npx create-better-openclaw \
  --services authentik,vaultwarden,postgresql,redis,caddy \
  --proxy caddy \
  --yes

Build docs developers (and LLMs) love

Get started for freeTalk to us