Redshell - A shell wrapper for (lazy) web pentesters written in Python

Because shell dotfiles are awesome, but sometimes you need something more.

Run with: python -m redshell.shell

The goal

The goal is to automate all the boring stuff and provide consistent project structure in the team. The main focus is for web (and mobile) pentests.

• use docker for external tools
• autoupdate git projects for the tools
• keep your toolset in one place
• make a wrapper for the tools to automatically store console output and logs ine the designated directories and using the same name convention

~/.redshell(.conf)

~/redshell
 |-tools (ext tools)
 |-lists (wordlists)
 |-log/ (log/sslscan/2017/11/12/testssl_1130-domain.log) 
 |-outputs (output/sslscan/2017/11/12/testssl_1130-domain.log) 

• autostart the latest version of the burpsuite jar
• create a new folder structure for a new project and populate it with preconfigured skeleton files

~/Documents/reports/
 |-2017/11/12/Cutomer-Project/ 
                      |-screenshots
                      |-report
                      |-documentation
                      |-PoC
                      |-burp
                      |-tmp
                      |-log -> ~/redshell/log/
                      |-outputs -> ~/redshell/outputs/
                      |-OWASP-OTG-v4.todo
                      |-notes.txt

• start listeners local or remote and notify you on a request
• generate payloads for defined listeners
• copy predefined polyglots for fuzzing to clipboard
• run all info gathering and enumeration tools in one command
• update env variables with scope, host and cookies from burp and browser
• use the nice command prompt from powerlines