Skip to main content

An advanced unprevileged, passive-aggressive and advanced stealth network scalpel.

Project description

RedPearl

version: 1.0.0

The Passive-Aggressive Dual-Stack Network Scalpel

RedPearl is an advanced, asynchronous network discovery and telemetry tool. Designed to operate primarily as a passive listener, it maps complex dual-stack (IPv4/IPv6) networks by analyzing multicast and broadcast traffic (mDNS, NetBIOS, LLMNR, SSDP, WS-Discovery). When operational parameters permit, RedPearl transitions into an "active-aggressive" state, deploying mathematically paced micro-engagements, unprivileged sweeps, and egress audits to validate network boundaries and extract high-value asset telemetry without triggering standard Intrusion Detection Systems (IDS). I built it as a tool to excel at the specific areas where sledgehammers like Nmap falls short, not to replace them but as a tool specifically for filling the weaknesses.

Disclaimer: Of course this tool is for educational purposes and authorized security testing only. Don't use this in infrastructure you don't own or don't have explicit permission to test. And I(the author) is not to be held accountable for any damage caused by this tool.


Usage

Launch it by:

  • If you're cloning
python RedPearl.py
  • If via pip:
redpearl

Console Commands

Within the redpearl> prompt, you can execute the scan command with various arguments to modify the engine's behavior:

  • Standard Passive Run:
scan --interface eth0
  • Active Kickstart & Egress Mapping:
scan --send-flare --resolve-mac --egraud
  • Enterprise AD Profiling (Reverse Swarm):
scan --reverse-swarm --resolver 192.168.1.1

Argument Flags

Argument Description
--interface <IP/Name> Binds multicasts to a specific local interface (e.g., 0.0.0.0 or eth0).
--xufetch Break pure passivity to fetch active UPnP HTTP descriptions.
--resolve-mac Force neighbor table generation via asynchronous discovery bursts.
--aess AESS External engine profile definitions path.
--send-flare Transmit a non-aggressive, multi-stack mDNS service enumeration query to
--send-wsd-flare Transmit an active WS-Discovery Probe query to flush out stealthy Windows targets.
--debug Output stream allocation errors to standard error stream.
--reverse-swarm Launch unprivileged inverse DNS PTR query swarms against discovered assets.
--resolver RESOLVER Target IP of local gateway or primary DNS server to query for dynamic DHCP records.
--egraud Launch the async outbound firewall egress path security auditor.
--egraud-target EGRAUD_TARGET External public destination IP used for egress mapping.
--egraud-ports EGRAUD_PORTS Comma-separated custom TCP ports to validate (e.g., 22,53,443,9001).

Author: nulsie License: GNU GPL v3

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

redpearl_scanner-1.0.0.tar.gz (46.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

redpearl_scanner-1.0.0-py3-none-any.whl (50.6 kB view details)

Uploaded Python 3

File details

Details for the file redpearl_scanner-1.0.0.tar.gz.

File metadata

  • Download URL: redpearl_scanner-1.0.0.tar.gz
  • Upload date:
  • Size: 46.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: python-requests/2.34.1

File hashes

Hashes for redpearl_scanner-1.0.0.tar.gz
Algorithm Hash digest
SHA256 852af58ab7427bb41d685cd2b32439f17db613adbc5979c2aa24ca3a79bed27c
MD5 c39676529654646e1b3464c31a1334f5
BLAKE2b-256 3a7dcbfb6ce9975bd66725620d6a7b603e8615296f4970409c51065bb1f42414

See more details on using hashes here.

File details

Details for the file redpearl_scanner-1.0.0-py3-none-any.whl.

File metadata

File hashes

Hashes for redpearl_scanner-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 0eafc66b397bc11ecc3b1f3018e9908ec3557936bb2a1b34903fa242acdc5cc3
MD5 e93fcb2f9ee7b09729ef4c73fd3deef3
BLAKE2b-256 fe8b08e4625df67303f3ba6af6a1015585c9594f131a8b5026dbabe80d3a92f8

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page