Skip to content

certmichelin/Redscan

Repository files navigation

Redscan by

IntroductionHow to developPlugin listFAQs

Redscan is built to discover exposed assets of a company, detect misconfigurations and compliance deviations.

Redscan was conceived with the idea to automate the recon phase and the vulnerability assertion as referred to the Bug Bounty Methodology.

The aim of the project is to facilitate the orchestration, the integration and the exploitation of results coming from existing good tools. For that Redscan-Utils was developed.

The Michelin CERT developed and continue to maintain plenty of plugins covering most of known use-cases. You can find them on https://github.com/certmichelin.


Quick start

Setup a quick demo instance in four commands

git clone https://github.com/certmichelin/Redscan.git
cd Redscan/compose
python red.py --install-dockprom
python red.py --setup-demo

In order to be more accurate, some plugins required api keys such as subfinder, gitgrabber or alert, you can find them under conf folder. Values are surrounded by § character.

# --demo run one instance per plugin that would cause bottleneck for big scope.
python red.py --demo

You can now use demo/demo for playing with Redscan and administrator/redscan for Mantis BT

WARNING : --setup demo is unsecure and should not be exposed over the internet. For a full configuration, please refer to the project wiki

You can display the help command using python red.py -h

Resources

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •