Skip to content


Repository files navigation

Redscan by

IntroductionHow to developPlugin listFAQs

Redscan is built to discover exposed assets of a company, detect misconfigurations and compliance deviations.

Redscan was conceived with the idea to automate the recon phase and the vulnerability assertion as referred to the Bug Bounty Methodology.

The aim of the project is to facilitate the orchestration, the integration and the exploitation of results coming from existing good tools. For that Redscan-Utils was developed.

The Michelin CERT developed and continue to maintain plenty of plugins covering most of known use-cases. You can find them on

Quick start

Setup a quick demo instance in four commands

git clone
cd Redscan/compose
python --install-dockprom
python --setup-demo

In order to be more accurate, some plugins required api keys such as subfinder, gitgrabber or alert, you can find them under conf folder. Values are surrounded by § character.

# --demo run one instance per plugin that would cause bottleneck for big scope.
python --demo

You can now use demo/demo for playing with Redscan and administrator/redscan for Mantis BT

WARNING : --setup demo is unsecure and should not be exposed over the internet. For a full configuration, please refer to the project wiki

You can display the help command using python -h



No description, website, or topics provided.







No releases published


No packages published

Contributors 4