Skip to main content

An advanced unprevileged, passive-aggressive and advanced stealth network scalpel.

Project description

RedPearl

version: 1.0.0

The Passive-Aggressive Dual-Stack Network Scalpel

RedPearl is an advanced, asynchronous network discovery and telemetry tool. Designed to operate primarily as a passive listener, it maps complex dual-stack (IPv4/IPv6) networks by analyzing multicast and broadcast traffic (mDNS, NetBIOS, LLMNR, SSDP, WS-Discovery). When operational parameters permit, RedPearl transitions into an "active-aggressive" state, deploying mathematically paced micro-engagements, unprivileged sweeps, and egress audits to validate network boundaries and extract high-value asset telemetry without triggering standard Intrusion Detection Systems (IDS). I built it as a tool to excel at the specific areas where sledgehammers like Nmap falls short, not to replace them but as a tool specifically for filling the weaknesses.

Disclaimer: Of course this tool is for educational purposes and authorized security testing only. Don't use this in infrastructure you don't own or don't have explicit permission to test. And I(the author) is not to be held accountable for any damage caused by this tool.


Usage

Launch it by:

  • If you're cloning
python RedPearl.py
  • If via pip:
redpearl

Console Commands

Within the redpearl> prompt, you can execute the scan command with various arguments to modify the engine's behavior:

  • Standard Passive Run:
scan --interface eth0
  • Active Kickstart & Egress Mapping:
scan --send-flare --resolve-mac --egraud
  • Enterprise AD Profiling (Reverse Swarm):
scan --reverse-swarm --resolver 192.168.1.1

Argument Flags

Argument Description
--interface <IP/Name> Binds multicasts to a specific local interface (e.g., 0.0.0.0 or eth0).
--xufetch Break pure passivity to fetch active UPnP HTTP descriptions.
--resolve-mac Force neighbor table generation via asynchronous discovery bursts.
--aess AESS External engine profile definitions path.
--send-flare Transmit a non-aggressive, multi-stack mDNS service enumeration query to
--send-wsd-flare Transmit an active WS-Discovery Probe query to flush out stealthy Windows targets.
--debug Output stream allocation errors to standard error stream.
--reverse-swarm Launch unprivileged inverse DNS PTR query swarms against discovered assets.
--resolver RESOLVER Target IP of local gateway or primary DNS server to query for dynamic DHCP records.
--egraud Launch the async outbound firewall egress path security auditor.
--egraud-target EGRAUD_TARGET External public destination IP used for egress mapping.
--egraud-ports EGRAUD_PORTS Comma-separated custom TCP ports to validate (e.g., 22,53,443,9001).

Author: nulsie License: GNU GPL v3

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

redpearl_scanner-1.0.2.tar.gz (2.1 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

redpearl_scanner-1.0.2-py3-none-any.whl (2.2 MB view details)

Uploaded Python 3

File details

Details for the file redpearl_scanner-1.0.2.tar.gz.

File metadata

  • Download URL: redpearl_scanner-1.0.2.tar.gz
  • Upload date:
  • Size: 2.1 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: python-requests/2.34.1

File hashes

Hashes for redpearl_scanner-1.0.2.tar.gz
Algorithm Hash digest
SHA256 24a8be988da0b0a932565c3a8aa965976fab733d8fbec130704421d9d544b8b2
MD5 bf5112b4b2cff967b5dc71640315a2d7
BLAKE2b-256 bec96549bd8cc331aede8e37758394541bb5ad464fdb7b3bf1c7723f0edc98b4

See more details on using hashes here.

File details

Details for the file redpearl_scanner-1.0.2-py3-none-any.whl.

File metadata

File hashes

Hashes for redpearl_scanner-1.0.2-py3-none-any.whl
Algorithm Hash digest
SHA256 3bf1762a6b7c1e6e59f6e20b73404e3e904cd02af18a51cb2d9da0b36f587513
MD5 3584df1478e10ed447844d73f0d5e368
BLAKE2b-256 5f87d6ed6d21d79256be436194bd6a06164e3b57b205dfe56a94df5a61aa0a0c

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page