{"id":46064255,"url":"https://github.com/forattini-dev/redblue","last_synced_at":"2026-04-21T23:00:38.610Z","repository":{"id":322280100,"uuid":"1088428805","full_name":"forattini-dev/redblue","owner":"forattini-dev","description":"The Ultimate Security Arsenal in a Single Binary","archived":false,"fork":false,"pushed_at":"2026-04-19T21:40:11.000Z","size":19337,"stargazers_count":1,"open_issues_count":1,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-19T22:02:20.958Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://forattini-dev.github.io/redblue/","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/forattini-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":null},"created_at":"2025-11-02T23:56:16.000Z","updated_at":"2026-04-19T21:31:12.000Z","dependencies_parsed_at":null,"dependency_job_id":"d4335855-fa42-45b1-84e8-c817a310f326","html_url":"https://github.com/forattini-dev/redblue","commit_stats":null,"previous_names":["forattini-dev/redblue"],"tags_count":95,"template":false,"template_full_name":null,"purl":"pkg:github/forattini-dev/redblue","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/forattini-dev%2Fredblue","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/forattini-dev%2Fredblue/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/forattini-dev%2Fredblue/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/forattini-dev%2Fredblue/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/forattini-dev","download_url":"https://codeload.github.com/forattini-dev/redblue/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/forattini-dev%2Fredblue/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32113748,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-21T11:25:29.218Z","status":"ssl_error","status_checked_at":"2026-04-21T11:25:28.499Z","response_time":128,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-03-01T12:03:51.757Z","updated_at":"2026-04-21T23:00:38.603Z","avatar_url":"https://github.com/forattini-dev.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n# redblue\n\n**The Ultimate Security Arsenal in a Single Binary**\n\n[![Rust](https://img.shields.io/badge/rust-1.70%2B-orange.svg)](https://www.rust-lang.org)\n[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)\n[![CI](https://github.com/forattini-dev/redblue/workflows/CI/badge.svg)](https://github.com/forattini-dev/redblue/actions/workflows/ci.yml)\n[![GitHub release](https://img.shields.io/github/v/release/forattini-dev/redblue?include_prereleases\u0026label=latest)](https://github.com/forattini-dev/redblue/releases)\n\n*90+ security commands. 40+ protocols from scratch. Zero dependencies. 100% Rust.*\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/forattini-dev/redblue/main/install.sh | bash\n```\n\n[**Documentation**](https://forattini-dev.github.io/redblue/) |\n[Quick Start](#quick-start) |\n[Install](#installation)\n\n\u003c/div\u003e\n\n### JavaScript / TypeScript\n\nUse `redblue-cli` to run `rb` from JavaScript/TypeScript ecosystems (npm, npx, CI and scripts).\n\n```bash\n# Local install (project dependency)\nnpm install redblue-cli\n\n# Run through package name\nnpx redblue-cli dns record lookup example.com --type MX\n\n# Explicit binary invocation (also supported by npm exec)\nnpm exec --package redblue-cli rb -- dns record lookup example.com --type MX\n```\n\n```bash\n# Global install\nnpm i -g redblue-cli\nrb dns record lookup example.com --type MX\n```\n\n---\n\n## What is redblue?\n\n**redblue** replaces your entire security toolkit with a single, self-contained binary.\n\nNo installation scripts. No dependency chains. No version conflicts. Just download and execute.\n\nNeed JavaScript integration? The optional `redblue-cli` npm package wraps the same `rb` binary, supports `npx` and `npm exec`, and exposes a programmatic SDK for Node.js consumers.\n\nEvery network protocol is implemented **from scratch** using only Rust's standard library. DNS, HTTP/1.1, HTTP/2, TLS 1.2, TLS 1.3, Kerberos, SSH, LDAP, SMB, and 30+ more -- all built from first principles with only `libc` as a dependency.\n\n### At a Glance\n\n| Metric | Value |\n|--------|-------|\n| CLI commands | 90+ |\n| Protocols from scratch | 40+ |\n| Secret detection patterns | 180+ |\n| Crypto primitives | 18+ |\n| Runtime dependencies | 1 (`libc`) |\n\n---\n\n## Features\n\n| Category | Capabilities |\n|----------|-------------|\n| **Network** | SYN/UDP/Stealth scanning, OS fingerprinting, service detection, traceroute, netcat, ping, health monitoring |\n| **DNS** | Record lookup, zone transfer, DNS server with hijacking, DNS-over-HTTPS, DNS fingerprinting |\n| **Recon** | Subdomain bruteforce/passive, WHOIS, RDAP, CT logs, Wayback, email/username OSINT, breach detection, IP intel, Google dorking |\n| **Web** | Fuzzing (dir/vhost/param), CMS fingerprinting, crawling, DOM parsing, CSS selectors, HAR recording, .git scanner |\n| **TLS** | Cipher enumeration, certificate audit, Heartbleed detection, OCSP check, CT log verification, JA3/JA3S fingerprinting |\n| **Auth** | Credential testing (Basic/Digest/Form/SSH/FTP/SMTP), brute-force with rate limiting and lockout detection |\n| **Exploit** | Privesc enumeration, lateral movement, persistence, reverse shells, browser exploitation, payload generation, CVE database |\n| **Binary** | ELF/PE parsing, checksec, ROP gadget finder, shellcode generation, format string analysis, packing detection |\n| **Password** | Hash cracking (dictionary/mask/hybrid), bcrypt, auto format detection, mutation rules |\n| **Evasion** | Sandbox/VM detection, string obfuscation, anti-debugging, memory encryption, AMSI bypass, process injection, track covering |\n| **Secrets** | 180+ patterns across cloud, DevOps, databases, AI/ML, payment, social media, private keys, generic tokens |\n| **Vuln Intel** | CVE search (NVD/OSV), CISA KEV, Exploit-DB, MITRE ATT\u0026CK mapping, IOC extraction, TAXII 2.1 client |\n| **Proxy** | HTTP CONNECT, SOCKS5, transparent proxy, MITM TLS interception, interactive shell (k9s-style TUI) |\n| **Agent** | C2 server/client with encrypted transports (HTTP/DNS/WebSocket), forward secrecy ratcheting, multi-agent crew |\n| **Crypto** | File vault (AES-256-GCM), encoding/decoding, classical ciphers, CyberChef-style recipes, crypto analysis |\n| **Storage** | RedDB: B-tree + graph + vector engine with SQL/Gremlin/Cypher/SPARQL queries, ACID transactions, WAL |\n| **Memory** | Process memory scanner (Cheat Engine-style), value/pattern/AOB scanning, hex editor (Linux) |\n| **Playbooks** | Automated pentest workflows with MITRE ATT\u0026CK mapping, APT emulation, variable substitution |\n| **Graph** | Attack path analysis, blast radius, lateral movement mapping, Mermaid diagram export |\n| **MCP** | Model Context Protocol server for Claude AI integration with 18 tool modules and intelligent orchestration |\n| **Code** | Static analysis, secrets scanning, dependency analysis, SARIF export |\n| **Cloud** | Subdomain takeover detection, S3 bucket scanning, cloud service enumeration |\n| **Scripting** | Built-in scripting engine for custom automation |\n| **Report** | Pentest report generation from loot, findings, and attack graphs |\n\n---\n\n## Quick Start\n\n```bash\n# Install (one command)\ncurl -fsSL https://raw.githubusercontent.com/forattini-dev/redblue/main/install.sh | bash\n\n# Network reconnaissance\nrb network ports scan 192.168.1.1 --preset common\nrb network host discover 10.0.0.0/24\nrb ping 8.8.8.8\nrb nc 192.168.1.1 80\n\n# DNS\nrb dns record lookup example.com --type MX\nrb dns-server start --hijack \"*.evil.com=10.0.0.1\"\n\n# Subdomain enumeration\nrb recon domain subdomains example.com --passive\nrb recon domain subdomains example.com --resolve -o json\nrb recon domain bruteforce example.com -w wordlists/subdomains.txt\n\n# Web fuzzing \u0026 security\nrb web fuzz http://example.com/FUZZ -w common.txt -fc 404\nrb web asset security http://example.com\nrb web asset crawl http://example.com --har crawl.har\n\n# TLS audit\nrb tls security audit example.com\n\n# Vulnerability intelligence\nrb intel vuln search nginx 1.18.0\nrb intel vuln cve CVE-2021-44228\nrb intel vuln kev --stats\nrb intel mitre technique T1059\n\n# Credential testing\nrb auth test http://example.com/login -u users.txt -p pass.txt --type form\n\n# Password cracking\nrb password crack hashes.txt -w rockyou.txt --rules\n\n# Secrets detection\nrb code secrets scan . --git\n\n# Exploitation (AUTHORIZED USE ONLY)\nrb exploit privesc enumerate\nrb exploit payload shell bash 10.0.0.1 4444\n\n# Binary analysis\nrb binary elf analyze /usr/bin/target\nrb binary rop gadgets ./vulnerable_binary\n\n# MITM proxy\nrb proxy mitm --port 8080 --intercept\n\n# Crypto vault\nrb crypto vault encrypt secrets.txt\nrb crypto recipe \"base64_encode | hex_encode\" \"hello\"\n\n# Process memory (Linux)\nrb memory scan --pid 1234 --value 42\n\n# Attack planning \u0026 playbooks\nrb attack target plan example.com\nrb attack target run apt29 example.com --dry-run\n\n# Pentest reporting\nrb report pentest preview acme-external\nrb report pentest generate acme-external --format md\nrb report pentest stats\n\n# Compatibility (legacy automation)\nrb report pentest generate --project acme-external\n\n# Local host inventory\nrb system host inspect --json\n# Cross-platform capability map (implemented vs unavailable collectors)\nrb system host inspect --json | jq '.capabilities.collectors'\n\n# MCP server (for Claude AI)\nrb mcp serve\n```\n\n### Pentest Workflows\n\nredblue is also built for real pentest workflows, not just isolated point commands. A typical flow looks like this:\n\n```bash\n# 1. Recon and validation\nrb recon domain subdomains example.com --resolve -o json\nrb web asset security https://example.com\nrb tls security audit example.com\n\n# 2. Vulnerability intelligence and attack planning\nrb intel vuln scan https://example.com --deep\nrb attack target plan example.com\nrb exploit payload playbooks\n\n# 3. Controlled execution helpers\nrb attack target run apt29 example.com --dry-run\nrb mitm intercept generate-ca --output ./certs\nrb mitm intercept proxy --proxy-port 8080\n\n# 4. Reporting\nrb report pentest preview acme-external\nrb report pentest generate acme-external --format md\nrb report pentest stats\n```\n\n### JavaScript / npm Quick Start\n\n```bash\n# Run the wrapper without installing it globally\nnpx redblue-cli dns record lookup example.com --type MX\nnpm exec --package redblue-cli rb -- tls security audit github.com\n\n# Install the wrapper in a project\nnpm install redblue-cli\nnpx rb network ports scan 192.168.1.1 --preset common\n\n# After install, use the exposed rb bin\nnpx rb --version\n```\n\n```js\nconst { createClient } = require('redblue-cli');\n\n(async () =\u003e {\n  const rb = await createClient();\n\n  const records = await rb.dns.record.lookup({\n    target: 'example.com',\n    type: 'MX'\n  });\n\n  console.log(records);\n})();\n```\n\n### TypeScript\n\n```ts\nimport { createClient } from 'redblue-cli';\n\n(async () =\u003e {\n  const rb = await createClient();\n  const records = await rb.dns.record.lookup({\n    target: 'example.com',\n    type: 'MX'\n  });\n  console.log(records);\n})();\n```\n\n`redblue-cli` ships with bundled TypeScript declarations so `createClient`, `runCli` and SDK routes are auto-completed in editors.\n\nEvery CLI route is exposed as `client.\u003cdomain\u003e.\u003cresource\u003e.\u003cverb\u003e(payload)`. Beyond the basics above, the SDK includes route introspection (`rb.$describe`, `rb.$help`, `rb.$commands`, `rb.$complete`, `rb.$findRoute`), three invocation modes per route (`.raw`, `.spawn`, default JSON), typed errors (`RedblueError`, `RedblueBinaryNotFoundError`, `RedblueRouteError`, `RedblueParseError`, `RedblueTimeoutError`, `RedblueChecksumError`, `RedblueNetworkError`), consolidated `describe` bundles, and a managed `ensureInstalled({ skipIfFresh })` with explicit `status: 'ready' | 'downloaded' | 'stale' | 'offline'`.\n\nBinary resolution prefers the package-local binary (`node_modules/redblue-cli/.redblue/bin/rb`) over any managed or system-wide install, so every SDK consumer runs the version its package shipped with. Use `createClient({ preferSystemBinary: true })` or `REDBLUE_PREFER_SYSTEM_BINARY=1` to reverse that.\n\nThe full SDK reference (route table, invocation modes, typed errors, `ensureInstalled` contract, persistence model) lives in [docs/guides/javascript-sdk.md](docs/guides/javascript-sdk.md).\n\n---\n\n## Protocols from Scratch\n\nEvery protocol is implemented from first principles -- no external crates, no wrappers.\n\n| Category | Protocols |\n|----------|-----------|\n| **Web** | HTTP/1.1 (RFC 2616), HTTP/2 (RFC 7540) with HPACK/Huffman, HTTPS |\n| **Security** | TLS 1.2 (RFC 5246) with ECDHE + AES-GCM + X.509 verification, TLS 1.3 key schedule |\n| **Name Resolution** | DNS (RFC 1035), DoH (RFC 8484), WHOIS (RFC 3912), RDAP (RFC 7480) |\n| **Authentication** | Kerberos 5 (RFC 4120) with PKINIT + S4U, SSH (RFC 4253) |\n| **Directory** | LDAP (RFC 4511), SNMP (RFC 1157) |\n| **File Transfer** | FTP (RFC 959), SMB/CIFS |\n| **Mail** | SMTP (RFC 5321) |\n| **Remote Access** | Telnet (RFC 854) |\n| **Databases** | MySQL, PostgreSQL, MSSQL (TDS), MongoDB, Redis |\n| **Network** | TCP, UDP, ICMP (RFC 792), raw sockets, packet crafting |\n| **Encoding** | ASN.1/DER (RFC 2459), X.509 certificates, HAR 1.2, CSS selectors |\n\n### Cryptography (Pure Rust)\n\n| Type | Implementations |\n|------|----------------|\n| **Hash** | SHA-256, SHA-384, SHA-512, SHA-1, MD5 |\n| **Symmetric** | AES-128, AES-256-GCM, ChaCha20-Poly1305 |\n| **Asymmetric** | RSA, ECDH, P-256 (NIST), X25519 |\n| **Key Derivation** | PBKDF2, HKDF (RFC 5869), TLS PRF (1.0/1.1/1.2), TLS 1.3 key schedule |\n| **MAC** | HMAC-SHA256, HMAC-SHA384, HMAC-SHA1, HMAC-MD5 |\n| **Utility** | CSPRNG (OS-backed), UUID, Base64, Hex, BigInt arithmetic |\n\n---\n\n## Exploitation Framework\n\n\u003e **AUTHORIZED USE ONLY** -- pentesting, CTF, bug bounty, education, your own audits.\n\n```bash\n# Privilege escalation enumeration\nrb exploit payload privesc\nrb exploit payload suggest example.com\n\n# Attack planning and playbooks\nrb exploit payload plan example.com\nrb exploit payload playbooks\nrb exploit payload apt\nrb attack target plan example.com\nrb attack target run apt29 example.com --dry-run\n\n# Reverse shells\nrb exploit payload shell bash 10.0.0.1 4444\n\n# CVE database\nrb intel vuln cve CVE-2021-44228\n```\n\n---\n\n## MITM Proxy \u0026 Interactive Shell\n\nFull man-in-the-middle proxy with a k9s-style TUI for real-time traffic inspection.\n\n```bash\n# Generate a local CA for interception\nrb mitm intercept generate-ca --output ./certs\n\n# Start MITM proxy with TLS interception\nrb mitm intercept proxy --proxy-port 8080 --ca-cert ./certs/mitm-ca.pem --ca-key ./certs/mitm-ca-key.pem\n\n# Full DNS hijack + TLS interception flow\nrb mitm intercept start --target *.example.com --proxy-ip 10.0.0.5\n\n# Interactive proxy shell\nrb mitm intercept shell --proxy-port 8080\n```\n\n**Interactive shell features:**\n- Real-time request/response streaming\n- Intercept and modify requests on-the-fly\n- History browsing, filtering, and replay\n- Security header stripping for testing\n- WebSocket upgrade support\n\n---\n\n## C2 Agent Framework\n\n\u003e **AUTHORIZED USE ONLY**\n\nLightweight C2 framework with encrypted communications and forward secrecy.\n\n```bash\n# Start C2 server\nrb agent server --port 4444\n\n# Connect agent to server\nrb agent connect --server 10.0.0.1:4444\n\n# Interactive agent shell\nrb agent shell\n```\n\n**Features:**\n- Multiple transports: HTTP/HTTPS, DNS covert channel, WebSocket\n- Forward secrecy with key ratcheting\n- Multi-agent crew coordination\n- Custom encrypted protocol\n\n---\n\n## Binary Analysis\n\n```bash\n# ELF analysis\nrb binary elf analyze ./target_binary\nrb binary elf checksec ./target_binary\n\n# PE analysis\nrb binary pe analyze ./target.exe\n\n# ROP gadgets\nrb binary rop gadgets ./vulnerable_binary\n\n# Shellcode generation\nrb binary shellcode generate --arch x86_64 --type reverse_shell\n```\n\n---\n\n## Evasion Suite\n\n\u003e **AUTHORIZED USE ONLY** -- for testing defenses and security controls.\n\n16 evasion techniques for testing security products:\n\n```bash\n# Sandbox/VM detection\nrb evasion sandbox detect\n\n# String obfuscation\nrb evasion obfuscate --input payload.bin\n\n# Anti-debugging\nrb evasion antidebug check\n\n# Memory encryption\nrb evasion memory encrypt --pid 1234\n\n# Track covering\nrb evasion tracks clear --logs --history\n```\n\n---\n\n## Password Cracking\n\n```bash\n# Dictionary attack\nrb password crack hashes.txt -w rockyou.txt\n\n# Mask attack (hashcat-style)\nrb password crack hashes.txt --mask \"?u?l?l?l?d?d?d?d\"\n\n# Hybrid (dictionary + mask)\nrb password crack hashes.txt -w words.txt --mask \"?d?d?d\"\n\n# Auto-detect hash format\nrb password crack auto hashes.txt\n```\n\nSupports: MD5, SHA-1, SHA-256, SHA-512, bcrypt, NTLM, and more.\n\n---\n\n## Process Memory Scanner\n\nLinux-only, Cheat Engine-style memory inspection:\n\n```bash\n# Scan for a value\nrb memory scan --pid 1234 --value 100\n\n# Pattern/AOB scan\nrb memory scan --pid 1234 --pattern \"48 8B ?? ?? 89\"\n\n# Hex editor\nrb hex view /path/to/binary\nrb hex edit /path/to/file --offset 0x100\n```\n\n---\n\n## Vulnerability Intelligence\n\nAggregates data from multiple authoritative sources:\n\n| Source | Description |\n|--------|-------------|\n| **NVD** | NIST National Vulnerability Database -- CVE details, CVSS scores, CPE matches |\n| **OSV** | Open Source Vulnerabilities -- Package-specific vulns (npm, PyPI, Cargo) |\n| **CISA KEV** | Known Exploited Vulnerabilities -- Actively exploited CVEs with deadlines |\n| **Exploit-DB** | Public exploits, PoCs, Metasploit modules |\n| **MITRE ATT\u0026CK** | Tactics, techniques, and procedures mapping |\n\n```bash\nrb intel vuln search nginx 1.18.0\nrb intel vuln cve CVE-2021-44228\nrb intel vuln kev --stats\nrb intel vuln exploit \"Apache Struts\"\nrb intel mitre technique T1059\nrb intel ioc extract report.txt\nrb intel taxii discover https://taxii.example.com\n```\n\n### Risk Score\n\n```\nRisk = (CVSS x 10) + Exploit Bonus (+25) + KEV Bonus (+30) + Age Factor + Impact Modifier\n```\n\n---\n\n## Pentest Playbooks\n\nAutomated security assessment workflows with MITRE ATT\u0026CK mapping:\n\n```bash\n# Build recommendations from recon\nrb attack target plan example.com\n\n# List available exploit playbooks\nrb exploit payload playbooks\n\n# Run APT emulation\nrb attack target run apt29 10.0.0.0/24\n\n# Dry run\nrb attack target run apt29 10.0.0.1 --dry-run\n```\n\nPlaybooks support variable substitution, conditional execution, and action recording.\n\n---\n\n## MCP Server (Claude AI Integration)\n\nredblue includes a full Model Context Protocol server enabling Claude to use all security tools:\n\n```bash\n# Start MCP server\nrb mcp serve\n```\n\n**18 tool modules:** network, DNS, web, recon, TLS, crypto, binary, code, password, evasion, vulnerability, intelligence, file, wordlist, vector search, and auto-exploitation.\n\n**10 prompt generators:** API security, attack planning, cloud security, compliance, container security, defense, mobile security, network security, recon guidance, threat modeling.\n\n---\n\n## Crypto Toolkit\n\nBeyond the vault, redblue includes a full crypto toolkit:\n\n```bash\n# File encryption vault (AES-256-GCM)\nrb crypto vault encrypt secrets.txt\nrb crypto vault decrypt secrets.vault\n\n# Encoding/decoding\nrb crypto codec base64 encode \"hello world\"\nrb crypto codec hex decode \"48656c6c6f\"\n\n# CyberChef-style recipes\nrb crypto recipe \"base64_encode | rot13 | hex_encode\" \"secret\"\n\n# Crypto analysis\nrb crypto analysis entropy suspicious_file.bin\n\n# Classical ciphers\nrb crypto cipher caesar \"hello\" --shift 13\nrb crypto cipher vigenere \"hello\" --key \"secret\"\n```\n\n---\n\n## RedDB: Unified Storage Engine\n\nMulti-modal storage engine unifying relational tables, property graphs, and vector embeddings.\n\n### Architecture\n\n```\n┌─────────────────────────────────────────────────────────────┐\n│                      Query Layer                            │\n│  SQL | Gremlin | Cypher | SPARQL | Natural Language        │\n├─────────────────────────────────────────────────────────────┤\n│  Security Queries  |  Multi-Mode Executor  |  RAG Engine   │\n├─────────────────────────────────────────────────────────────┤\n│  Result Cache  |  Materialized Views  |  Query Plan Cache  │\n├─────────────────────────────────────────────────────────────┤\n│              SIEVE Page Cache + Aggregation Cache           │\n├─────────────────────────────────────────────────────────────┤\n│  Tables (B-Tree)  |  Graphs (Adjacency)  |  Vectors (HNSW) │\n├─────────────────────────────────────────────────────────────┤\n│              Page-Based Storage (4KB) + WAL + Encryption    │\n└─────────────────────────────────────────────────────────────┘\n```\n\n### Features\n\n| Feature | Description |\n|---------|-------------|\n| **Storage modes** | B-Tree tables, adjacency graph, HNSW vectors |\n| **Query languages** | SQL, Gremlin, Cypher, SPARQL, natural language |\n| **Transactions** | ACID with MVCC snapshot isolation |\n| **Durability** | Write-ahead logging |\n| **Encryption** | At-rest encryption with keyring |\n| **Caching** | SIEVE page cache, result cache, plan cache, aggregation cache |\n| **Vector search** | HNSW + tiered quantization (binary + int8) |\n| **Graph algorithms** | PageRank, betweenness centrality, Dijkstra, Louvain, cycle detection |\n| **Import** | JSONL streaming, Parquet columnar |\n| **SIMD** | Runtime-detected SSE/AVX/FMA for vector distance (26M+ ops/sec) |\n\n### Cross-Modal Queries\n\n```sql\n-- Find hosts with critical CVEs reachable in 3 hops\nSELECT h.hostname, c.cve_id, v.similarity_score\nFROM hosts h\nJOIN vulnerabilities v ON h.id = v.host_id\nWHERE h.criticality \u003e 8\n  AND VECTOR_SIMILARITY(e.embedding, $query) \u003e 0.85\n  AND EXISTS (\n    SELECT 1 FROM attack_paths p WHERE p.target = h.id AND p.hops \u003c= 3\n  )\n```\n\n---\n\n## CLI Architecture\n\n```\nrb [domain] [resource] [verb] [target] [flags]\nrb help\nrb [domain] help\nrb help [domain] [resource] [verb]\nrb [target]              # Magic scan -- auto-detect\nrb shell [target]        # Interactive TUI\n```\n\n### Domains\n\n| Domain | Description | Example |\n|--------|-------------|---------|\n| `network` | Port scanning, host discovery, traceroute | `rb network ports scan 10.0.0.1` |\n| `dns` | DNS queries, server, hijacking | `rb dns record lookup example.com` |\n| `recon` | Subdomain enum, WHOIS, OSINT | `rb recon domain subdomains example.com` |\n| `web` | Fuzzing, crawling, scraping, security | `rb web fuzz http://target/FUZZ` |\n| `tls` | TLS audit, cipher analysis | `rb tls security audit example.com` |\n| `auth` | Credential testing | `rb auth test http://target --type basic` |\n| `exploit` | Privesc, payload planning, playbooks | `rb exploit payload privesc` |\n| `attack` | Attack planning and guided playbook execution | `rb attack target plan example.com` |\n| `binary` | ELF/PE analysis, ROP, shellcode | `rb binary elf checksec ./target` |\n| `password` | Hash cracking | `rb password crack hashes.txt -w dict.txt` |\n| `evasion` | Anti-analysis, obfuscation | `rb evasion sandbox detect` |\n| `intel` | Vuln search, MITRE, IOC, TAXII | `rb intel vuln search nginx` |\n| `proxy` | MITM, SOCKS5, transparent | `rb proxy mitm --port 8080` |\n| `mitm` | DNS hijack + TLS interception workflows | `rb mitm intercept proxy --proxy-port 8080` |\n| `agent` | C2 server/client | `rb agent server --port 4444` |\n| `crypto` | Vault, codecs, ciphers, recipes | `rb crypto vault encrypt file.txt` |\n| `code` | Secrets scanning, analysis | `rb code secrets scan .` |\n| `cloud` | Takeover detection, S3 scanning | `rb cloud takeover example.com` |\n| `memory` | Process memory scanning | `rb memory scan --pid 1234` |\n| `system` | Local host inventory, runtime detection, and explicit collector capability map | `rb system host inspect --json` |\n| `database` | RedDB operations | `rb database query \"SELECT * FROM hosts\"` |\n| `mcp` | MCP server for Claude AI | `rb mcp serve` |\n| `report` | Pentest report generation | `rb report pentest generate acme-external --format md` |\n| `loot` | Findings and credential management | `rb loot list` |\n| `hex` | Hex editor | `rb hex view binary_file` |\n| `nc` | Netcat | `rb nc 10.0.0.1 80` |\n| `ping` | ICMP ping | `rb ping 8.8.8.8` |\n\n### Global Flags\n\n```bash\n-h, --help        # Context-aware help\n--version         # Show version\n-o, --output      # Format: text|json\n--no-color        # Disable colors\n```\n\n---\n\n## Installation\n\n### Quick Install\n\n```bash\n# Latest stable release\ncurl -fsSL https://raw.githubusercontent.com/forattini-dev/redblue/main/install.sh | bash\n\n# Pre-release (next channel)\ncurl -fsSL https://raw.githubusercontent.com/forattini-dev/redblue/main/install.sh | bash -s -- --channel next\n\n# Specific version\ncurl -fsSL https://raw.githubusercontent.com/forattini-dev/redblue/main/install.sh | bash -s -- --version v0.2.2\n\n# Custom directory\ncurl -fsSL https://raw.githubusercontent.com/forattini-dev/redblue/main/install.sh | bash -s -- --install-dir /usr/local/bin\n\n# Static build (Alpine/Docker)\ncurl -fsSL https://raw.githubusercontent.com/forattini-dev/redblue/main/install.sh | bash -s -- --static\n```\n\n**Supported Platforms:**\n- Linux x86_64, aarch64 (ARM64), armv7\n- macOS x86_64 (Intel), aarch64 (Apple Silicon)\n- Windows x86_64\n\n### JavaScript / npm\n\nThe npm package is a wrapper and SDK. The release binary is fetched during `postinstall` and stored in the package-local path `node_modules/redblue-cli/.redblue/bin` (unless `REDBLUE_SKIP_POSTINSTALL=1` is set).\n\n```bash\n# Add the wrapper to your project\nnpm install redblue-cli\n\n# Run the CLI through the package name\nnpx redblue-cli dns record lookup example.com --type MX\n\n# Run the rb bin exposed by the package without installing it globally\nnpm exec --package redblue-cli rb -- network ports scan 192.168.1.1 --preset common\n\n# After local install, the package also exposes rb\nnpx rb dns record lookup example.com --type A\n```\n\n```js\nconst { createClient } = require('redblue-cli');\n\n(async () =\u003e {\n  const rb = await createClient({\n    binaryPath: '/custom/path/rb'\n  });\n\n  const audit = await rb.tls.security.audit({\n    target: 'github.com',\n    ports: '443'\n  });\n\n  console.log(audit);\n})();\n```\n\n#### TypeScript\n\n```ts\nimport { createClient } from 'redblue-cli';\n\n(async () =\u003e {\n  const rb = await createClient();\n  const ports = await rb.network.ports.scan({\n    target: '192.168.1.1',\n    preset: 'common'\n  });\n  console.log(ports);\n})();\n```\n\n`npm install redblue-cli` already runs `postinstall` in the normal flow, so the binary should already be provisioned inside the package.\nIf npm lifecycle scripts are skipped (`REDBLUE_SKIP_POSTINSTALL=1`), install the native binary separately or use the programmatic SDK helpers to provision it.\n\n\u003e **Note:** the exact command `npx rb` works after `redblue-cli` is installed in the project or globally. For zero-install usage, prefer `npx redblue-cli ...` or `npm exec --package redblue-cli rb -- ...`. Use bare `rb --version` to query the real binary version.\n\n### Build from Source\n\n```bash\ngit clone https://github.com/forattini-dev/redblue\ncd redblue \u0026\u0026 cargo build --release\n```\n\n---\n\n## Project Structure\n\n```\nsrc/\n  cli/commands/     # 90+ CLI command implementations\n  protocols/        # 40+ protocols from scratch (DNS, HTTP, TLS, Kerberos, SSH, ...)\n  crypto/           # Pure Rust crypto (AES, ChaCha20, RSA, X25519, P-256, SHA, ...)\n  storage/          # RedDB: B-tree + graph + vector engine with SQL/Gremlin/Cypher\n  modules/\n    network/        # Port scanning, host discovery, traceroute, netcat\n    dns/            # DNS operations + DNS server with hijacking\n    recon/          # 24+ reconnaissance modules (subdomains, OSINT, breach, ...)\n    web/            # Fuzzing, CMS fingerprinting, crawling, DOM parsing\n    tls/            # TLS audit, Heartbleed, OCSP, cipher analysis\n    exploit/        # Privesc, lateral movement, persistence, payloads, browser exploit\n    binary/         # ELF/PE parsing, checksec, ROP gadgets, shellcode\n    password/       # Hash cracking (dictionary, mask, hybrid, bcrypt)\n    evasion/        # 16 anti-analysis techniques\n    proxy/          # MITM, SOCKS5, transparent proxy, interactive shell\n    collection/     # Browser credentials, screenshots\n    code/secrets/   # 180+ secret detection patterns\n    graph/          # Attack path analysis (ShadowGraph)\n    memory/         # Process memory scanner + hex editor\n    cloud/          # Subdomain takeover, S3 scanning\n    auth/           # Multi-protocol credential testing\n    monitor/        # Port/service health monitoring\n    scripting/      # Built-in scripting engine\n    report/         # Pentest report generation\n    ctf/            # CTF challenge generation\n  agent/            # C2 framework with encrypted transports\n  mcp/              # MCP server (18 tool modules, 10 prompt generators)\n  playbooks/        # Automated pentest workflows\n  intelligence/     # Assessment engine\n  ui/               # Terminal graphics (braille canvas, charts)\n```\n\n---\n\n## Security \u0026 Ethics\n\n\u003e **AUTHORIZED USE ONLY**\n\nredblue is designed for:\n- Authorized penetration testing\n- CTF competitions\n- Bug bounty programs (with scope approval)\n- Your own security audits\n- Education and research\n\n**Always obtain written authorization before testing systems you don't own.**\n\n---\n\n## Documentation\n\nFull documentation available at:\n\n**[forattini-dev.github.io/redblue](https://forattini-dev.github.io/redblue/)**\n\n- JS SDK guide: [docs/guides/javascript-sdk.md](docs/guides/javascript-sdk.md)\n\n```bash\ncd docs \u0026\u0026 npx docsify-cli serve\n```\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n**[Documentation](https://forattini-dev.github.io/redblue/)** |\n**[GitHub](https://github.com/forattini-dev/redblue)** |\n**[Releases](https://github.com/forattini-dev/redblue/releases)**\n\n*Made with Rust by security engineers, for security engineers*\n\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fforattini-dev%2Fredblue","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fforattini-dev%2Fredblue","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fforattini-dev%2Fredblue/lists"}