Open Source Security Tools & Projects
We're passionate about open source and love contributing to a community that drives innovation and collaboration. Explore our suite of open-source security tools, created by our team and showcased at leading cybersecurity conferences.
Varunastra is an advanced tool designed to enhance Docker security. Named after the Varunastra, the water weapon in Indian mythology, it is created by Varuna, the god of the hydrosphere. This innovative tool detects and mitigates vulnerabilities within Docker environments, ensuring robust security across Docker containers and images. With Varunastra, organizations can rely on a comprehensive solution for preventing container security breaches and ensuring a secure containerized infrastructure.
Agneyastra is a powerful security tool developed for bug bounty hunters and security professionals. Inspired by the Agneyastra, the divine fire weapon in Indian mythology, it is linked to the fire element and the god Agni. This tool is tailored to identify Firebase misconfigurations with unparalleled precision. It provides extensive checks for all Firebase services, a correlation engine, secret extraction, and automated report generation, making it the ideal solution for detecting vulnerabilities and securing Firebase environments effectively.
BucketLoot is an automated S3-compatible Bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exposed storage buckets by scanning files that store data in plain-text. The tool can scan for buckets deployed on Amazon Web Services (AWS), Google Cloud Storage (GCS), DigitalOcean Spaces and even custom domains/URLs which could be connected to these platforms.
Octopii is a Personally Identifiable Information (PII) scanner that uses Optical Character Recognition (OCR), regular expression lists and Natural Language Processing (NLP) to search public-facing locations for Government ID, addresses, emails etc in images, PDFs and documents. We've encountered many instances where employee and customer have leaked PII data, giving malicious parties sensitive information.
AntiSquat is an AI-powered tool that uses advanced techniques like natural language processing (NLP) and large language models (e.g., ChatGPT) to detect typosquatting and phishing domains. By analyzing domain names for subtle misspellings, brand impersonations, and other patterns, it helps prevent malicious parties from exploiting user trust and conducting fraud.
Asset Discovery is the initial phase of any security assessment engagement, be it offensive or defensive. Through this repository, we want to put out a list of curated resources which help during asset discovery phase of a security assessment engagement. We welcome suggestions and contributions from the community in terms of resources as well as categories.
This Custom Search Tool, developed by the @RedHuntLabs Team, is designed to search for specific keywords or strings across a variety of online IDEs, paste sites, and code-sharing platforms. It helps security professionals, developers, and researchers quickly identify potentially sensitive or exposed information across these platforms. The tool scans multiple IDEs, code aggregators, and paste sites, allowing you to efficiently locate code snippets, credentials, and other critical data that may have been inadvertently shared publicly.
RedHunt OS (VM) v2 by RedHunt Labs is a comprehensive virtual machine designed for adversary emulation and threat hunting. It integrates a range of attacker's tools and defender's resources to proactively identify and mitigate threats within your environment. The distribution includes tools for attack emulation, threat hunting, OSINT collection, and threat intelligence analysis. With a base machine of Lubuntu-18.04 x64, it features tools like Metasploit, Nmap, Maltego, ELK Stack, and more.
KubeStalk is an open-source security tool designed for security professionals, penetration testers, and system administrators to assess the attack surface of Kubernetes clusters. It operates from a black-box perspective, requiring no internal credentials or infrastructure access. Instead, KubeStalk scans the public internet to identify unsecured or misconfigured Kubernetes clusters, focusing on potential entry points, misconfigurations, and vulnerabilities that could be exploited by attackers.
Burp Suite is the go-to tool for web security professionals, and we developed the Burp Suite extension, ‘Asset Discover’, to enhance its capabilities. This extension acts as a passive scanner, parsing the responses from pages in scope and continuously monitoring for assets. It identifies and classifies assets using RegEx patterns tailored to different asset types. The extension is available on the BApp store, making it easy to install directly from Burp Suite.
An OSINT framework built for comprehensive reconnaissance on companies, individuals, phone numbers, Bitcoin addresses, and more. It gathers raw data from various public and private sources, correlates the findings, and presents them in a unified, easily digestible format. The tool is capable of identifying sensitive data like credentials, API keys, subdomains, domain history, and legacy portals associated with the target. Additionally, it can generates detailed reports in HTML, JSON, and text formats.