Skip to main content

An advanced unprevileged, passive-aggressive and advanced stealth network scalpel.

Project description

RedPearl

version: 1.0.0

The Passive-Aggressive Dual-Stack Network Scalpel

RedPearl is an advanced, asynchronous network discovery and telemetry tool. Designed to operate primarily as a passive listener, it maps complex dual-stack (IPv4/IPv6) networks by analyzing multicast and broadcast traffic (mDNS, NetBIOS, LLMNR, SSDP, WS-Discovery). When operational parameters permit, RedPearl transitions into an "active-aggressive" state, deploying mathematically paced micro-engagements, unprivileged sweeps, and egress audits to validate network boundaries and extract high-value asset telemetry without triggering standard Intrusion Detection Systems (IDS). I built it as a tool to excel at the specific areas where sledgehammers like Nmap falls short, not to replace them but as a tool specifically for filling the weaknesses.

Disclaimer: Of course this tool is for educational purposes and authorized security testing only. Don't use this in infrastructure you don't own or don't have explicit permission to test. And I(the author) is not to be held accountable for any damage caused by this tool.


Usage

Launch it by:

  • If you're cloning
python RedPearl.py
  • If via pip:
redpearl

Console Commands

Within the redpearl> prompt, you can execute the scan command with various arguments to modify the engine's behavior:

  • Standard Passive Run:
scan --interface eth0
  • Active Kickstart & Egress Mapping:
scan --send-flare --resolve-mac --egraud
  • Enterprise AD Profiling (Reverse Swarm):
scan --reverse-swarm --resolver 192.168.1.1

Argument Flags

Argument Description
--interface <IP/Name> Binds multicasts to a specific local interface (e.g., 0.0.0.0 or eth0).
--xufetch Break pure passivity to fetch active UPnP HTTP descriptions.
--resolve-mac Force neighbor table generation via asynchronous discovery bursts.
--aess AESS External engine profile definitions path.
--send-flare Transmit a non-aggressive, multi-stack mDNS service enumeration query to
--send-wsd-flare Transmit an active WS-Discovery Probe query to flush out stealthy Windows targets.
--debug Output stream allocation errors to standard error stream.
--reverse-swarm Launch unprivileged inverse DNS PTR query swarms against discovered assets.
--resolver RESOLVER Target IP of local gateway or primary DNS server to query for dynamic DHCP records.
--egraud Launch the async outbound firewall egress path security auditor.
--egraud-target EGRAUD_TARGET External public destination IP used for egress mapping.
--egraud-ports EGRAUD_PORTS Comma-separated custom TCP ports to validate (e.g., 22,53,443,9001).

Author: nulsie License: GNU GPL v3

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

redpearl_scanner-1.0.1.tar.gz (46.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

redpearl_scanner-1.0.1-py3-none-any.whl (50.6 kB view details)

Uploaded Python 3

File details

Details for the file redpearl_scanner-1.0.1.tar.gz.

File metadata

  • Download URL: redpearl_scanner-1.0.1.tar.gz
  • Upload date:
  • Size: 46.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: python-requests/2.34.1

File hashes

Hashes for redpearl_scanner-1.0.1.tar.gz
Algorithm Hash digest
SHA256 d0ec36ffbc9aeea6b2eacc0e0d9782cdf8502d4598edf809e1cf9e1792dd5135
MD5 885d8eed0b36e2d04a6854782e2aece6
BLAKE2b-256 bac2993d79aa72e65ac9eed23aee2fb327943bf43d3f5ed9b630f4d31a85d279

See more details on using hashes here.

File details

Details for the file redpearl_scanner-1.0.1-py3-none-any.whl.

File metadata

File hashes

Hashes for redpearl_scanner-1.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 3957c44b554c056bcc9b57307171e27fe67fb3949c8a46ade71a001d0bc5ee3d
MD5 54217212faa94d330851159d2250781b
BLAKE2b-256 546b323681391a0a0d6b611f8dcad89a390c570239951e32946d8895d340e848

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page