RedTeam-ENV is a comprehensive, modular Infrastructure-as-Code (IaC) framework engineered for offensive security, automated environment provisioning, and compliance validation. It serves as a centralized deployment engine that orchestrates specialized tools across a wide array of attack surfaces, ranging from standard cloud infrastructure to highly specialized hardware, Web3, and telecommunication networks.
Environment Inconsistency: Security testing requires complex, reproducible environments to be accurate. This framework automates the provisioning process, ensuring audits, stress tests, and evasions are conducted under strict, uniform conditions every time.
Security teams typically rely on a scattered array of disparate scripts. RedTeam-ENV unifies OSINT, cloud resource auditing, WAF evasion, and persistence simulators into a single, cohesive architecture.
Integrating deep security checks into automated CI/CD workflows for multi-language software projects (such as Rust, C++, Python, and Dart) is notoriously difficult. Modules within this framework, like soc2-drift-hunter and poison-pill, allow for continuous auditing of infrastructure configurations and immediate detection of hardcoded secrets directly within the build pipeline.
Advanced Infrastructure Support: Beyond standard web and cloud audits, it includes modules like hardware-rf, telecom-5g/slice-isolation, and container-mesh/pod-escape. This makes it uniquely capable of validating the security of non-standard, low-latency, and highly distributed systems, such as advanced data plane routing infrastructure and high-performance edge compute nodes.
It allows for the programmatic deployment of complex adversarial simulations. An entire staging network can be instantiated, subjected to automated attack chains (from reconnaissance to Command and Control beaconing), and safely dismantled without manual intervention.
The framework uses strict functional separation. You can deploy only the specific testing modules required for a given target, reducing overhead and avoiding unnecessary operational noise during engagements.
git clone https://github.com/credkellar-boop/REDTEAM-ENV.git cd REDTEAM-ENV
chmod +x setup.sh ./setup.sh
pip3 install -r requirements.txt
Edit config.yaml to set your specific compliance thresholds, reporting engines, and target variables
nano config.yaml
This framework is organized into functional modules to separate infrastructure deployment, security instrumentation, and reporting.
RedTeam-ENV/
├── .github/workflows/main.yml # CI/CD Validation
├── README.md # Documentation
├── setup.sh # Environment Provisioning Engine
├── config.yaml # Global Variables
└── modules/
├── active-directory/
├── blue-sync/
├── c2/
├── cloud/
│ ├── perforator/ # S3 Bucket Enumerator
│ └── rediska/ # Redis Cache Auditor
├── comms-interception/
├── compliance-as-code/
├── container-mesh/
├── defi-web3/
├── deployment/
├── evasion/
├── exfiltration/
├── hardware-rf/
├── iot-firmware/
├── metrics-reporting/
├── mobile-sec/
├── pipeline-ci-cd/
├── post-exploitation/
├── recon/
│ ├── indulgentia/
│ ├── piedpiper/ # OSINT Credential & Leak Finder
│ └── thc-scalpel/
├── simulators/
│ └── bl00dym4ry/ # Phishing & Beacon Emulation
├── source-control-git/
├── telecom-5g/
└── threat-intel-sync/