Community / Community Profiles

Community Profiles

Community profiles are GitHub repositories made by users. They can save time, but you must inspect them first.

What is a community profile?

A community profile is a repository with a profile.yaml file at the root. DPM reads this file to find tools and optional dotfiles.

profile.yaml
id: pentest-basics name: Pentest Basics description: Basic pentesting tools for lab sessions version: "1.0.0" tools: - nmap - binwalk dotfiles: - .tmux.conf

DPM uses profile.yaml and dotfiles listed inside it. For example, in AskDatDude/MD, DPM uses profile.yaml and dotfiles/.tmux.conf. Other files like LICENSE or extra notes are not used as install instructions.

Community profiles are not reviewed by the DPM team. A profile can include unsafe tool choices or malicious dotfiles. Inspect every listed file before you install anything.

Finding community profiles

Search the community profile index from the CLI:

sh
dpm -s --community pentest 1 github.com/user/pentest-kit Penetration testing starter kit 2 github.com/org/red-team-tools Red team tooling, 22 tools dpm -s --community --all # list entire community index

The community index is local data shipped with DPM releases. Search reads this local index, then dpm inspect fetches real file content from GitHub.

Applying a community profile

Start with inspect. In the current CLI build, remote community apply is limited, so treat inspect as the required first step:

sh
dpm -s --community pentest dpm -x 1 # review tools and dotfiles before any install
Never run unknown dotfiles without reading them first. Dotfiles can run commands, change shell startup files, or leak secrets.

Sharing your own profile

Create a public GitHub repository. Put profile.yaml in the root. Put dotfiles in a dotfiles/ folder. Then reference those filenames in the dotfiles list.

Repository layout
profile.yaml dotfiles/ .tmux.conf

When ready, submit your repository URL to the DPM community index in the DPM repository. After merge, users can find it with dpm search --community.

Community index and sync

The community index is a snapshot of known repositories. It ships with DPM and is refreshed in later releases. Search does not query GitHub live.

Actual profile content is fetched when you run dpm inspect.

prev
← Install Methods
next
Inspecting Profiles →