Red Team Toolkit Offensive Security Web-App for Red-Teaming
Red Team Toolkit Offensive Security Web-App for Red-Teaming

Red Team Toolkit: Offensive Security Web-App for Red-Teaming

Red Team Toolkit is an Open-Source Django Offensive Web-App containing useful offensive tools used in the red-teamming together for the security specialist to identify vulnerabilities.

The open-source projects such as nmap, rustscan, dirsearch, shreder, circl, crowbar, etc are used what will be a powerful toolkit together.

Currently it supports the following options:

  1. FullScan (scan ports and vulnerabilities/CVEs on the target – PDF output)
  2. Livehosts (scan all live hosts in the network scale – PDF output)
  3. DirScan (scan all directories on a target – PDF output)
  4. CVE Description ( CveID Search)
  5. SSH Dictionary Attack
  6. RDP BruteForce
  7. WebApps Section
    • Apache Path Traversal PoC ( CVE-2021-41773 )
    • Web Crawler for gathering URLs
    • SubDomain Enumeration
    • HTTP Verb Tampering
    • (SQLi will be added soon)
  8. Windows Section (Being updated, other major CVEs will be added)
    • Microsoft Exchange ProxyShell PoC ( CVE-2021-34523, CVE-2021-34473, CVE-2021-31207 )
  9. Linux Section to implement major Linux CVEs (UNDER MAINTENANCE)
Red Team Toolkit control panel
Red Team Toolkit control panel


Currently only tested on Debian/Ubuntu.



  • Install Required packages:
$ sudo add-apt-repository ppa:longsleep/golang-backports
$ sudo apt update && sudo apt install python3-pip python3-venv python3-django golang-go postgresql postgresql-contrib nmap git openvpn freerdp2-x11 tigervnc-viewer 
$ git clone && cd RedTeam_toolkit
$ go install
$ cp /home/$(whoami)/go/bin/hakrawler ./toolkit/scripts/webapp/
  • Set-up Postgresql DB for django: (set-up your password or you can set-up your new user & role):
sudo passwd postgres

login and create a new user and the database:

$ sudo -u postgres psql

postgres=# CREATE DATABASE redteam_toolkit_db;
postgres=# GRANT ALL PRIVILEGES ON DATABASE redteam_toolkit_db TO redteamuser;
postgres=# ALTER DATABASE redteam_toolkit_db OWNER TO redteamuser;
postgres=# \q


147r258r – we use this password in django, if you want to use another password, change the password in the too, both should be the same

  • put your SECRET_KEY in a new file .env (you can generate the key in the online sources, search: Django Secret Key Generator) . Here is where to create the file:
├─ Demo/
├─ RedTeam_toolkit/
├─ toolkit/
├─ .env
# .env file content:

SECRET_KEY = 'Your Secret Key'
  • active venv and Install the python packages:
$ python3 -m venv venv
$ source venv/bin/activate
$ pip3 install -r requirements.txt
  • Database migration:
python makemigrations
python migrate
  • Create a superuser to manage admin page:

you will need this user to login in the Web-UI

python createsuperuser
  • Start the project:
python runserver
  • You can access that via:

and you can login with your superuser or create a new user through: admin page.

Enter your superuser information and in the management page, you can add a new user.

login and start using that.

if you have any question about the Installation, ask me in the issues section.

Demo Screenshots

All pdf reports will be placed in toolkit/media/toolkit/reports/ in your local machine.
these gifs are sample to how to do that, and you can try other features yourself.

  • Fullscan
  • RDP BruteForce
  • HTTP VerbTampering
  • CVE Description
Dark Mode

RedTeam_toolkit (this link opens in a new window) by signorrayan (this link opens in a new window)

Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.