Red Team Toolkit is an Open-Source Django Offensive Web-App containing useful offensive tools used in the red-teamming together for the security specialist to identify vulnerabilities.
The open-source projects such as nmap, rustscan, dirsearch, shreder, circl, crowbar, etc are used what will be a powerful toolkit together.
Currently it supports the following options:
- FullScan (scan ports and vulnerabilities/CVEs on the target – PDF output)
- Livehosts (scan all live hosts in the network scale – PDF output)
- DirScan (scan all directories on a target – PDF output)
- CVE Description ( CveID Search)
- SSH Dictionary Attack
- RDP BruteForce
- WebApps Section
- Apache Path Traversal PoC ( CVE-2021-41773 )
- Web Crawler for gathering URLs
- SubDomain Enumeration
- HTTP Verb Tampering
- (SQLi will be added soon)
- Windows Section (Being updated, other major CVEs will be added)
- Microsoft Exchange ProxyShell PoC ( CVE-2021-34523, CVE-2021-34473, CVE-2021-31207 )
- Linux Section to implement major Linux CVEs (UNDER MAINTENANCE)
Installation
Currently only tested on Debian/Ubuntu.
Ubuntu/Debian
- Install Required packages:
$ sudo add-apt-repository ppa:longsleep/golang-backports
$ sudo apt update && sudo apt install python3-pip python3-venv python3-django golang-go postgresql postgresql-contrib nmap git openvpn freerdp2-x11 tigervnc-viewer
$ git clone https://github.com/signorrayan/RedTeam_toolkit.git && cd RedTeam_toolkit
$ go install github.com/hakluke/hakrawler@latest
$ cp /home/$(whoami)/go/bin/hakrawler ./toolkit/scripts/webapp/
- Set-up Postgresql DB for django: (set-up your password or you can set-up your new user & role):
sudo passwd postgres
login and create a new user and the database:
$ sudo -u postgres psql
postgres=# CREATE DATABASE redteam_toolkit_db;
postgres=# CREATE ROLE redteamuser with SUPERUSER CREATEDB LOGIN ENCRYPTED PASSWORD '147r258r';
postgres=# GRANT ALL PRIVILEGES ON DATABASE redteam_toolkit_db TO redteamuser;
postgres=# ALTER DATABASE redteam_toolkit_db OWNER TO redteamuser;
postgres=# \q
- put your
SECRET_KEY
in a new file.env
(you can generate the key in the online sources, search: Django Secret Key Generator) . Here is where to create the file:
RedTeam_toolkit/
├─ Demo/
├─ RedTeam_toolkit/
├─ toolkit/
├─ manage.py
├─ .env
# .env file content:
SECRET_KEY = 'Your Secret Key'
- active venv and Install the python packages:
$ python3 -m venv venv
$ source venv/bin/activate
$ pip3 install -r requirements.txt
- Database migration:
python manage.py makemigrations
python manage.py migrate
- Create a superuser to manage admin page:
you will need this user to login in the Web-UI
python manage.py createsuperuser
- Start the project:
python manage.py runserver
- You can access that via:
127.0.0.1:8000
and you can login with your superuser or create a new user through: http://127.0.0.1:8000/sherlockholmes
admin page.
Enter your superuser information and in the management page, you can add a new user.
login and start using that.
if you have any question about the Installation, ask me in the issues section.
Demo Screenshots
All pdf reports will be placed in toolkit/media/toolkit/reports/
in your local machine.
these gifs are sample to how to do that, and you can try other features yourself.
- RDP BruteForce
- HTTP VerbTampering
- CVE Description
RedTeam_toolkit (this link opens in a new window) by signorrayan (this link opens in a new window)
Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.