I've just open-sourced Cascavel, a modular Red Team Intelligence Engine written in Python 3.10+. I built this because I was tired of chaining 10 different fragmented scripts together during engagements. Cascavel unifies recon, scanning, and exploitation into a single, highly extensible CLI framework.
Core Capabilities:
- 85 Security Plugins: Covering 14 attack categories (XSS Polyglots, SSRF via IMDSv2, JWT Key Confusion, HTTP/2 Desync, GraphQL Introspection, Docker/K8s exposure, etc.).
- 30+ Native Recon Integrations: Hooks directly into Nmap, Subfinder, Amass, Katana, Nuclei, and Shodan.
- Cinematic Terminal UX: Built with
Rich. It includes progress bars, an ANSI escape sanitizer (anti-terminal-injection), and graceful SIGINT/SIGTERM handling so you don't lose scan data if you kill the process. - Reporting: Auto-generates reports in PDF, Markdown, and JSON mapping findings by severity.
The codebase is CI/CD hardened (Bandit, CodeQL, Semgrep). I’d love for the Red Team community to test it out, review the code, and let me know what attack vectors or plugins I should add next.
u/Ok-Presentation1619 — 12 days ago