Red Team Toolkit Offensive Security Web-App for Red-Teaming
Red Team Toolkit Offensive Security Web-App for Red-Teaming

Red Team Toolkit: Offensive Security Web-App for Red-Teaming

Red Team Toolkit is an Open-Source Django Offensive Web-App containing useful offensive tools used in the red-teamming together for the security specialist to identify vulnerabilities.

The open-source projects such as nmap, rustscan, dirsearch, shreder, circl, crowbar, etc are used what will be a powerful toolkit together.

Currently it supports the following options:

  1. FullScan (scan ports and vulnerabilities/CVEs on the target – PDF output)
  2. Livehosts (scan all live hosts in the network scale – PDF output)
  3. DirScan (scan all directories on a target – PDF output)
  4. CVE Description ( CveID Search)
  5. SSH Dictionary Attack
  6. RDP BruteForce
  7. WebApps Section
    • Apache Path Traversal PoC ( CVE-2021-41773 )
    • Web Crawler for gathering URLs
    • SubDomain Enumeration
    • HTTP Verb Tampering
    • (SQLi will be added soon)
  8. Windows Section (Being updated, other major CVEs will be added)
    • Microsoft Exchange ProxyShell PoC ( CVE-2021-34523, CVE-2021-34473, CVE-2021-31207 )
  9. Linux Section to implement major Linux CVEs (UNDER MAINTENANCE)
Red Team Toolkit control panel
Red Team Toolkit control panel

Installation

Currently only tested on Debian/Ubuntu.

"
"

Ubuntu/Debian

  • Install Required packages:
$ sudo add-apt-repository ppa:longsleep/golang-backports
$ sudo apt update && sudo apt install python3-pip python3-venv python3-django golang-go postgresql postgresql-contrib nmap git openvpn freerdp2-x11 tigervnc-viewer 
$ git clone https://github.com/signorrayan/RedTeam_toolkit.git && cd RedTeam_toolkit
$ go install github.com/hakluke/hakrawler@latest
$ cp /home/$(whoami)/go/bin/hakrawler ./toolkit/scripts/webapp/
  • Set-up Postgresql DB for django: (set-up your password or you can set-up your new user & role):
sudo passwd postgres

login and create a new user and the database:

$ sudo -u postgres psql


postgres=# CREATE DATABASE redteam_toolkit_db;
postgres=# CREATE ROLE redteamuser with SUPERUSER CREATEDB LOGIN ENCRYPTED PASSWORD '147r258r';
postgres=# GRANT ALL PRIVILEGES ON DATABASE redteam_toolkit_db TO redteamuser;
postgres=# ALTER DATABASE redteam_toolkit_db OWNER TO redteamuser;
postgres=# \q

Nota

147r258r – we use this password in django settings.py, if you want to use another password, change the password in the settings.py too, both should be the same

  • put your SECRET_KEY in a new file .env (you can generate the key in the online sources, search: Django Secret Key Generator) . Here is where to create the file:
RedTeam_toolkit/
├─ Demo/
├─ RedTeam_toolkit/
├─ toolkit/
├─ manage.py
├─ .env
# .env file content:

SECRET_KEY = 'Your Secret Key'
  • active venv and Install the python packages:
$ python3 -m venv venv
$ source venv/bin/activate
$ pip3 install -r requirements.txt
  • Database migration:
python manage.py makemigrations
python manage.py migrate
  • Create a superuser to manage admin page:

you will need this user to login in the Web-UI

python manage.py createsuperuser
  • Start the project:
python manage.py runserver
  • You can access that via:
127.0.0.1:8000

and you can login with your superuser or create a new user through: http://127.0.0.1:8000/sherlockholmes admin page.

Enter your superuser information and in the management page, you can add a new user.

login and start using that.

if you have any question about the Installation, ask me in the issues section.

Demo Screenshots

All pdf reports will be placed in toolkit/media/toolkit/reports/ in your local machine.
these gifs are sample to how to do that, and you can try other features yourself.

  • Fullscan
  • RDP BruteForce
  • HTTP VerbTampering
  • CVE Description
Dark Mode

RedTeam_toolkit (this link opens in a new window) by signorrayan (this link opens in a new window)

Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.