{"id":15133039,"url":"https://github.com/cisagov/redeye","last_synced_at":"2026-01-14T19:24:16.780Z","repository":{"id":61428151,"uuid":"544975441","full_name":"cisagov/RedEye","owner":"cisagov","description":"RedEye is a visual analytic tool supporting Red \u0026 Blue Team operations","archived":true,"fork":false,"pushed_at":"2023-10-20T10:45:05.000Z","size":16705,"stargazers_count":2732,"open_issues_count":4,"forks_count":286,"subscribers_count":43,"default_branch":"develop","last_synced_at":"2025-09-29T02:38:10.728Z","etag":null,"topics":["blue-team","cybersecurity","red-team"],"latest_commit_sha":null,"homepage":"https://cisagov.github.io/RedEye/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cisagov.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2022-10-03T15:07:24.000Z","updated_at":"2025-09-26T21:41:35.000Z","dependencies_parsed_at":"2024-01-07T13:07:02.769Z","dependency_job_id":"e914f87e-4409-44db-ae2e-7c52c1f76d4a","html_url":"https://github.com/cisagov/RedEye","commit_stats":null,"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"purl":"pkg:github/cisagov/RedEye","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cisagov%2FRedEye","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cisagov%2FRedEye/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cisagov%2FRedEye/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cisagov%2FRedEye/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cisagov","download_url":"https://codeload.github.com/cisagov/RedEye/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cisagov%2FRedEye/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28432587,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T18:57:19.464Z","status":"ssl_error","status_checked_at":"2026-01-14T18:52:48.501Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blue-team","cybersecurity","red-team"],"created_at":"2024-09-26T04:43:33.261Z","updated_at":"2026-01-14T19:24:16.758Z","avatar_url":"https://github.com/cisagov.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# **RedEye**: Red Team C2 Log Visualization\n---\n\n## ⚠️ This Repo Currently in Maintenance Mode ⚠️\n\nThis GitHub repository is no longer under active development. We'll review community issues and pull requests for bug fixes, but won't consider any new feature additions.\n\n---\n\n\u003cp align=\"center\"\u003e\n\u003cimg alt=\"RedEye Screenshot\" src=\"https://github.com/cisagov/RedEye/blob/develop/docs/images/RedEye-Hero-Screenshot.png?raw=true\" width=\"100%\"/\u003e\n\u003c/p\u003e\n\nRedEye is an open-source analytic tool developed by [CISA](https://www.cisa.gov/) and [DOE](https://www.energy.gov/)’s [Pacific Northwest National Laboratory](https://www.pnnl.gov/) to assist [Red Teams](https://en.wikipedia.org/wiki/Red_team) with visualizing and reporting command and control activities. This tool allows an operator to assess and display complex data, evaluate mitigation strategies, and enable effective decision making in response to a Red Team assessment. The tool parses logs, such as those from [Cobalt Strike](https://www.cobaltstrike.com/), and presents the data in an easily digestible format. The users can then tag and add comments to activities displayed within the tool. The operators can use the RedEye’s presentation mode to present findings and workflow to stakeholders.\n\nRedEye can assist an operator to efficiently:\n\n- Replay and demonstrate Red Team’s assessment activities as they occurred rather than manually pouring through thousands of lines of log text.\n- Display and evaluate complex assessment data to enable effective decision making.\n- Gain a clearer understanding of the attack path taken and the hosts compromised during a Red Team assessment or penetration test.\n\n| **Red Team** | **Blue Team** |\n|:------------:|:-------------:|\n| [![Red Team](https://img.shields.io/endpoint?url=https://cloud.cypress.io/badge/simple/rsybgk\u0026style=flat\u0026logo=cypress)](https://cloud.cypress.io/projects/rsybgk/runs) | [![Blue Team](https://img.shields.io/endpoint?url=https://cloud.cypress.io/badge/simple/46ahz3\u0026style=flat\u0026logo=cypress)](https://cloud.cypress.io/projects/46ahz3/runs) |\n\n\n## Quick start\n\n1. **Download** the latest RedEye binaries for your OS[\\*](#platform-support) from the [Releases](https://github.com/cisagov/RedEye/releases) page.\n2. **Pick a mode** and **Run the server**\n   - [ **Red Team mode**](#red-team) enables the full feature set: upload C2 logs, explore data, and create presentations. _You must provide a password to run in Red Team mode._ To start the server in Red Team mode, run the following in a terminal.\n\t\t```\n    \t./RedEye --redTeam --password \u003cyour_password\u003e\n\t\t```\n   - [**Blue Team mode**](#blue-team) (default) enables a simplified, read-only UI for reviewing campaigns exported by a Red Team. To start the server in Blue Team mode, run the following in a terminal.\n\t\t```\n    \t./RedEye   # Or simplify double-click the \"RedEye\" executable \n\t\t```\n3. **Use the web app** in a browser at http://127.0.0.1:4000. The RedEye binary runs as a server in a terminal window and will automatically open the web app UI your default browser. You must close the terminal window to quit the RedEye server.\n4. Try importing the [gt.redeye](https://github.com/cisagov/RedEye/raw/develop/applications/redeye-e2e/src/fixtures/gt.redeye) example dataset to get started. Or try a different [example dataset](#example-datasets).\n\n_**MacOS Issue** - When running RedEye for the first time, you may get a \"not verified\" error. You must go to \"System Preferences\" \u003e \"Security \u0026 Privacy\" \u003e \"General\" and click \"Open Anyway.\" More info on the [Apple support page](https://support.apple.com/guide/mac-help/open-a-mac-app-from-an-unidentified-developer-mh40616/)._\n\n### Follow the [User Guide](https://github.com/cisagov/RedEye/blob/develop/docs/UserGuide.md) to learn about RedEye's feature set.\n\n---\n\n## Red Team \u0026 Blue Team Modes\n\nRedEye has two modes that cover two stages of the Red Teaming process. [Red Team mode](#red-team) allows importing C2 data, editing imported data, and making comments and presentations. After curating and annotating campaign data, Red Teams can export their campaign as a standalone `.redeye` file and [hand it off to a Blue Team](#blue-team-presentation-handoff) for reporting and remediation. [Blue Team mode](#blue-team) runs RedEye in a simplified read-only mode for viewing curated data exported by a Red Team.\n\n_Note: Both Red and Blue Team modes can be started from the same RedEye application binary._\n\n### Red Team\n\nThe downloaded binary comes in two parts:\n\n- The `RedEye` application binary\n- The `parsers` folder containing parser binaries (e.g. `cobalt-strike-parser` Cobalt Strike log parser binary)\n\nThere are three options to run RedEye in Red Team mode:\n\n1. Run the downloaded binary, passing in the `--redTeam` and password options:\n   ```\n   ./RedEye --redTeam --password \u003cyour_password\u003e\n   ```\n2. Clone, install, and run the project directly (covered in the [Local Build](#local-build) section).\n3. Docker Compose\n   1. Clone the repo\n   2. Update the environment variables in `docker-compose.yml`.\n   3. Run:\n      ```\n      docker-compose -f docker-compose.yml up -d redeye-core\n      ```\n\n### Blue Team\n\nThe Blue Team mode is a simplified, read-only UI for displaying data that has been curated, annotated, and exported by a Red Team. This mode runs by default to make startup more simple for the Blue Team.\n\nThe Blue Team version can be run by double-clicking the 'RedEye' application binary. RedEye runs at http://127.0.0.1:4000 (by default) and will automatically open your default browser.\n\n### Blue Team Presentation Handoff\n\nIf a `campaigns` folder is located in the same directory as the `RedEye` application, RedEye will attempt to import any `.redeye` campaign files within. Campaign files can be exported in the Red Team mode.\n\nTo prepare a version for the Blue Team, follow these two steps:\n\n1. Copy the `RedEye` application binary to an empty folder.\n2. Create a `campaigns` folder in the same directory and place the `.redeye` campaign files you want to send inside.\n\n```\nFolder/\n\tRedEye\n\tcampaigns/\n\t\tCampaign-01.redeye\n\t\tCampaign-02.redeye\n```\n\n`.redeye` files can also be uploaded in Blue Team mode via the \"+ Add Campaign\" dialog.\n\n## Example Datasets\nThere are example datasets in this repo available for download. These are located in the [./applications/redeye-e2e/src/fixtures](https://github.com/cisagov/RedEye/tree/develop/applications/redeye-e2e/src/fixtures) folder. \n- **gtdataset** - available as [gt.redeye](https://github.com/cisagov/RedEye/raw/develop/applications/redeye-e2e/src/fixtures/gt.redeye) and as [Cobalt Strike Logs](https://github.com/cisagov/RedEye/tree/develop/applications/redeye-e2e/src/fixtures/gtdataset) \n- **smalldata** - available as [smalldata.redeye](https://github.com/cisagov/RedEye/raw/develop/applications/redeye-e2e/src/fixtures/smalldata.redeye) and as [Cobalt Strike Logs](https://github.com/cisagov/RedEye/tree/develop/applications/redeye-e2e/src/fixtures/smalldata) \n- **testdata** - available as [Cobalt Strike Logs](https://github.com/cisagov/RedEye/tree/develop/applications/redeye-e2e/src/fixtures/testdata)\n\nYou may want to use a tool like [download-directory.github.io](https://download-directory.github.io/) to download just one folder of a github repo\n\n\u003c!--\n## RedEye Server Settings\nRedEye runs as a server and can be setup to serve the UI on a network..\n\n***{instructions}***\n--\u003e\n\n## RedEye Server Parameters\n\nType `./Redeye -h` to view the options\n\n```\n-d, --developmentMode [boolean]  put the database and server in development mode\n-r, --redTeam [boolean]          run the server in red team mode\n--port [number]                  the port the server should be exposed at\n-p, --password [string]          the password for user authentication\n--parsers [string...]            A list of parsers to use or a flag to use all parsers in the parsers folder\n-t, --childProcesses [number]    max # of child processes the parser can use\n-h, --help                       display help for command\n```\n\nyou can also configure the server parameters in a `config.json` file that sits next to the `RedEye` binary\n```json5\n\n{\n\t\"password\": \"937038570\",\n\t\"redTeam\": true,\n\t\"parsers\": [\"cobalt-strike-parser\", \"brute-ratel-parser\"] // or true/false\n}\n```\n\n## Local Build\n\n### Required Packages\n\n- [Node.js](https://nodejs.org/en/) \u003e= v16\n- Install yarn: `npm install -g yarn`\n- Run: `yarn install` // Installs all packages\n- Run either:\n  1.  `yarn release:all` to build a binary for Linux, macOS, and Windows\n  2.  `yarn release:(mac|windows|linux)` .\n- platform options:\n  - mac\n  - windows\n  - linux\n\n## Development\n\n### Setup\n\nInstall [Node.js](https://nodejs.org/en/) \u003e= v16\nInstall [yarn](https://yarnpkg.com/) globally via [npm](https://www.npmjs.com/package/yarn)\n\n```\nnpm install -g yarn\n```\n\nInstall package dependencies\n\n```\nyarn install\n```\n\n#### Quick Start Development\n\nRuns the project in development mode\n\n```sh\nyarn start\n```\n\n#### Advanced Development\n\nIt is recommended to run the server and client in two separate terminals\n\n```sh\nyarn start:client\n```\n\n...in another terminal\n\n```sh\nyarn start:server\n```\n\n#### Build\n\nto build a binary for Linux, macOS, and Windows\n\n```shell\nyarn release:all\n```\n\nto build for a specific platform, replace `all` with the platform name\n\n```shell\nyarn release:(mac|windows|linux)\n```\n\n## Platform support\n\n- Linux\n  - Ubuntu 18 and newer\n  - Kali Linux 2020.1 and newer\n  - Others may be supported but are untested\n- macOS\n  - El Capitan and newer\n- Windows\n  - Windows 7 and newer\n  - ARM support is experimental\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n\u003cimg alt=\"CISA Logo\" src=\"https://github.com/cisagov/RedEye/blob/develop/docs/images/CISA Logo.png?raw=true\" height=\"35%\" width=\"35%\"/\u003e\n\n\u003cimg alt=\"RedEye Logo\" src=\"https://raw.githubusercontent.com/cisagov/RedEye/2e0279ad4bdc798eb2ee6aa018bcd6ad66079d0e/applications/client/public/logos/Logo-Dark.svg\" height=\"35%\" width=\"35%\"/\u003e\n\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcisagov%2Fredeye","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcisagov%2Fredeye","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcisagov%2Fredeye/lists"}