Skip to content

Defense Intelligence Agency's Special Access Program For Cyber Intelligence, A National Security Asset | Project Red Sword Deploys an AI-Operated, Offensive & Defensive State Sponsored Attack Framework With Auditing & Reporting Capabilties

License

Notifications You must be signed in to change notification settings

ProjectZeroDays/Project-Red-Sword

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

license sdk emoji colorFrom colorTo pinned thumbnail short_description
mit
docker
🚀
red
green
true
Advanced Automated Cybersecurity Framewor

Project Red Sword: Cybersecurity Framework

Project Red Sword is an advanced cybersecurity framework designed to address and mitigate modern cyber threats. It integrates a wide variety of security tools, including advanced attack strategies, threat intelligence sources, and AI-driven techniques for proactive defense and post-exploitation. This repository aims to provide cutting-edge techniques, automation, and integrations for both offensive and defensive cybersecurity tasks.

Project Overview

The Red Sword framework combines powerful cybersecurity tools and techniques into a single integrated platform. Some of the features include:

  • AI-driven attack simulations and threat detection.
  • A wide range of post-exploitation modules.
  • Real-time attack and exploit automation.
  • AI-powered fuzzing, exploit generation, and vulnerability scanning.
  • Integration with major intelligence and FOIA sources.
  • Full integration with tools like Sn1per, Empire, and custom modules for advanced penetration testing.
  • Real-time threat intelligence and monitoring.
  • Advanced data exfiltration techniques.
  • Polymorphic and encrypted exploit payloads.

Setup

This framework requires Python 3.8+ and the following dependencies. It can be deployed easily in Hugging Face Spaces or similar environments.

Install Requirements

You can install the necessary requirements using the provided requirements.txt file.

pip install -r requirements.txt

Environment Variables

Some modules may require environment-specific credentials. You can set them up by creating a .env file or exporting them directly to your environment.

Example:

OPENAI_API_KEY=your-openai-api-key
HUGGINGFACE_API_KEY=your-huggingface-api-key

Deploying on Hugging Face Spaces

This project is designed to be deployed within Hugging Face Spaces, providing a seamless platform for model integration and AI-powered attack simulations.

  1. Clone the repository:

    git clone https://huggingface.co/spaces/your-username/project-red-sword
    cd project-red-sword
  2. Run the Space:

    After cloning, you can launch the project directly using the Hugging Face Space interface.

Features and Modules

The framework includes a wide array of functionalities:

  1. AI-Driven Attack and Defense: Integrates with OpenAI and custom models for AI-powered cybersecurity operations.
  2. Real-Time Threat Detection and Evasion: Implements automated detection and evasion strategies.
  3. Post-Exploitation Modules: Includes advanced tools like keylogging, data exfiltration, and system persistence.
  4. Web Scraping and Reconnaissance: Collects intelligence from public repositories and sources like FOIA.
  5. Penetration Testing Modules: Integrates with Sn1per, Metasploit, and other tools for comprehensive testing.

Key Modules:

  • AI Model Integrations: For attack prediction and threat intelligence.
  • Post-Exploitation: Keylogging, privilege escalation, system persistence.
  • Exploit Discovery: Zero-day and zero-click exploit generation.
  • Custom Tools: Including a custom script generator for Hak5 devices and other third-party platforms.
  • Real-Time Threat Intelligence: Provides up-to-date threat data and analysis.
  • Real-Time Monitoring: Monitors data exfiltration and detects anomalies.
  • Data Exfiltration: Secure data extraction techniques.
  • Exploit Payloads: Polymorphic and encrypted payload generation.

Example Usage

# Example of using a custom exploit generation module
from red_sword.modules.exploits import exploit_generator

# Generate a custom exploit for a vulnerability
exploit_code = exploit_generator(target='target_system')
print(exploit_code)

Testing

The framework includes various tests, both unit and integration, to ensure everything works smoothly.

To run tests, you can use:

pytest

This will run all available tests in the tests directory and check for any issues.

Contributing

We welcome contributions to Project Red Sword. If you'd like to contribute, please follow these steps:

  1. Fork the repository.
  2. Clone your fork locally.
  3. Create a new branch.
  4. Make your changes and commit them.
  5. Push your changes to your fork.
  6. Open a pull request with a description of the changes you've made.

License

This project is licensed under the MIT License - see the LICENSE file for details.


Deployment

You can deploy this framework to Hugging Face Spaces by following the Hugging Face documentation and deploying the Space via the Hugging Face platform.

  1. Go to Hugging Face Spaces.
  2. Click on Create New Space.
  3. Choose your preferred environment and language.
  4. Upload the repository files.
  5. Run and test the framework.

Security Considerations

This framework contains advanced attack and penetration testing features, including exploit generation and post-exploitation modules. It should only be used in controlled environments for ethical and legal testing purposes. Always ensure compliance with local laws and regulations regarding cybersecurity.


References:


If you encounter any issues or need further support, please open an issue on the GitHub repository or reach out to us via the Hugging Face Space contact form.


Detailed Setup and Usage Instructions

Prerequisites

  • Python 3.8+
  • Docker (for containerized deployment)
  • AWS CLI, Azure CLI, Google Cloud SDK, or DigitalOcean CLI (for cloud deployment)

Installation

  1. Clone the repository:

    git clone https://github.com/your-repo/project-red-sword.git
    cd project-red-sword
  2. Install Python dependencies:

    pip install -r requirements.txt
  3. Set up environment variables:

    Create a .env file in the root directory and add your API keys:

    OPENAI_API_KEY=your-openai-api-key
    HUGGINGFACE_API_KEY=your-huggingface-api-key

Running the Application

To run the application locally, use the following command:

python app.py

Docker Deployment

  1. Build the Docker image:

    docker build -t project-red-sword .
  2. Run the Docker container:

    docker run -p 7860:7860 project-red-sword

Cloud Deployment

AWS Deployment
  1. Build the Docker image:

    docker build -t project-red-sword .
  2. Push the Docker image to AWS ECR:

    aws ecr get-login-password --region YOUR_AWS_REGION | docker login --username AWS --password-stdin YOUR_AWS_ACCOUNT_ID.dkr.ecr.YOUR_AWS_REGION.amazonaws.com
    aws ecr create-repository --repository-name project-red-sword || echo "Repository already exists."
    docker tag project-red-sword:latest YOUR_AWS_ACCOUNT_ID.dkr.ecr.YOUR_AWS_REGION.amazonaws.com/project-red-sword
    docker push YOUR_AWS_ACCOUNT_ID.dkr.ecr.YOUR_AWS_REGION.amazonaws.com/project-red-sword
  3. Deploy to AWS Elastic Beanstalk:

    eb init -p docker project-red-sword --region YOUR_AWS_REGION
    eb create project-red-sword-env
Azure Deployment
  1. Build the Docker image:

    docker build -t project-red-sword .
  2. Push the Docker image to Azure ACR:

    az acr login --name YOUR_AZURE_ACR_NAME
    az acr create --resource-group YOUR_RESOURCE_GROUP --name YOUR_AZURE_ACR_NAME --sku Basic || echo "Registry already exists."
    docker tag project-red-sword:latest YOUR_AZURE_ACR_NAME.azurecr.io/project-red-sword
    docker push YOUR_AZURE_ACR_NAME.azurecr.io/project-red-sword
  3. Deploy to Azure App Service:

    az webapp create --resource-group YOUR_RESOURCE_GROUP --plan YOUR_APP_SERVICE_PLAN --name YOUR_APP_NAME --deployment-container-image-name YOUR_AZURE_ACR_NAME.azurecr.io/project-red-sword:latest
Google Cloud Deployment
  1. Build the Docker image:

    docker build -t project-red-sword .
  2. Push the Docker image to Google Container Registry:

    gcloud auth configure-docker
    docker tag project-red-sword gcr.io/YOUR_PROJECT_ID/project-red-sword
    docker push gcr.io/YOUR_PROJECT_ID/project-red-sword
  3. Deploy to Google Kubernetes Engine:

    kubectl apply -f google-k8s.yaml
DigitalOcean Deployment
  1. Build the Docker image:

    docker build -t project-red-sword .
  2. Deploy to DigitalOcean:

    doctl auth init
    doctl apps create --spec digitalocean-app.yaml

Additional Modules

The framework includes several additional modules for enhanced functionality:

  1. C2 Dashboard: Command and control management interface.
  2. Vulnerability Scanner: Scans and reports vulnerabilities in systems.
  3. Data Exfiltration: Modules for secure data extraction.
  4. Dark Web Scraper: Scrapes and indexes the dark web.
  5. Fuzzing Engine: Performs fuzz testing on targets.
  6. Exploit Payloads: Generates exploit payloads for vulnerabilities.

Example Usage of Additional Modules

# Example of using the C2 Dashboard module
from modules.c2_dashboard import C2Dashboard

dashboard = C2Dashboard()
dashboard.render()

# Example of using the Vulnerability Scanner module
from modules.vulnerability_scanner import VulnerabilityScanner

scanner = VulnerabilityScanner()
scanner.scan(target='target_system')

Testing

The framework includes various tests, both unit and integration, to ensure everything works smoothly.

To run tests, you can use:

pytest

This will run all available tests in the tests directory and check for any issues.

Contributing

We welcome contributions to Project Red Sword. If you'd like to contribute, please follow these steps:

  1. Fork the repository.
  2. Clone your fork locally.
  3. Create a new branch.
  4. Make your changes and commit them.
  5. Push your changes to your fork.
  6. Open a pull request with a description of the changes you have made.

License

This project is licensed under the MIT License - see the LICENSE file for details.


Security Considerations

This framework contains advanced attack and penetration testing features, including exploit generation and post-exploitation modules. It should only be used in controlled environments for ethical and legal testing purposes. Always ensure compliance with local laws and regulations regarding cybersecurity.


References:


If you encounter any issues or need further support, please open an issue on the GitHub repository or reach out to us via the Hugging Face Space contact form.


Using the Wiki

The Project Red Sword repository includes a comprehensive Wiki that provides detailed information about the framework, its features, and how to use it effectively. The Wiki is divided into several sections, each covering a specific aspect of the project.

To access the Wiki, navigate to the "Wiki" tab on the GitHub repository page. Here are some of the key sections you will find:

  1. Home Page: An overview of the project, including its purpose, features, and key modules.
  2. Feature Pages: Detailed descriptions and usage instructions for each major feature of the project.
  3. Setup and Installation: Step-by-step instructions for setting up and installing the framework.
  4. Contributing Guidelines: Information on how to contribute to the project, including coding standards, pull request guidelines, and more.

Contributing to the Wiki

We encourage contributions to the Project Red Sword Wiki. If you have additional information, corrections, or improvements, please feel free to contribute. Here are the steps to contribute to the Wiki:

  1. Fork the Repository: Fork the Project Red Sword repository to your GitHub account.
  2. Clone the Repository: Clone your forked repository to your local machine.
  3. Edit the Wiki: Make your changes to the Wiki pages. You can add new sections, update existing content, or correct any errors.
  4. Commit and Push: Commit your changes and push them to your forked repository.
  5. Open a Pull Request: Open a pull request to merge your changes into the main repository. Provide a clear description of the changes you have made.

By contributing to the Wiki, you help improve the documentation and make it easier for others to use and understand the Project Red Sword framework.

Enhanced Capabilities

To further enhance the framework, the following sophisticated capabilities have been added:

  1. Advanced Threat Intelligence: Integrate with threat intelligence feeds to provide real-time insights into emerging threats, tactics, techniques, and procedures (TTPs).
  2. Predictive Analytics: Utilize machine learning algorithms to predict potential threats and vulnerabilities, enabling proactive measures to prevent attacks.
  3. Automated Incident Response: Develop an automated incident response module that can quickly respond to and contain security incidents, minimizing damage and downtime.
  4. Artificial Intelligence-powered Red Teaming: Integrate AI-powered red teaming capabilities to simulate advanced attacks, identify vulnerabilities, and test the framework's defenses.
  5. Cloud Security: Develop a module for securing cloud infrastructure, including cloud security posture management, cloud workload protection, and cloud security monitoring.
  6. Internet of Things (IoT) Security: Integrate IoT security capabilities to protect against IoT-based threats, including device security, network security, and data security.
  7. Advanced Network Traffic Analysis: Utilize machine learning and deep learning techniques to analyze network traffic, identify anomalies, and detect potential threats.
  8. Deception Technology: Develop a deception technology module that can create decoy environments, lure attackers into traps, and gather intelligence on their TTPs.
  9. Security Orchestration, Automation, and Response (SOAR): Integrate SOAR capabilities to automate security workflows, streamline incident response, and improve security operations.
  10. Continuous Authentication and Authorization: Develop a module for continuous authentication and authorization, utilizing behavioral biometrics, machine learning, and other advanced techniques to ensure secure access to sensitive resources.
  11. Quantum Computing-resistant Cryptography: Integrate quantum computing-resistant cryptography to protect against potential quantum computing-based attacks.
  12. Advanced Data Loss Prevention (DLP): Develop a DLP module that can detect, prevent, and respond to data breaches, utilizing machine learning and other advanced techniques.
  13. Security Information and Event Management (SIEM): Integrate SIEM capabilities to provide real-time security monitoring, incident response, and compliance reporting.
  14. Container Security: Develop a module for securing containerized environments, including container security scanning, runtime protection, and container network security.
  15. Serverless Security: Integrate serverless security capabilities to protect against serverless-based threats, including function security, event security, and API security.

Integration with Emerging Technologies

To stay ahead of emerging threats, the framework now integrates with the following emerging technologies:

  1. Blockchain: Utilize blockchain technology to enhance security, transparency, and accountability.
  2. Artificial Intelligence (AI): Leverage AI to improve threat detection, incident response, and security operations.
  3. Machine Learning (ML): Utilize ML to improve predictive analytics, anomaly detection, and security decision-making.
  4. Internet of Bodies (IoB): Develop capabilities to secure IoB devices and protect against IoB-based threats.
  5. 5G Security: Integrate 5G security capabilities to protect against 5G-based threats, including network slicing, edge computing, and IoT security.

Additional Features

To further enhance the framework, the following additional features have been added:

  1. Customizable Dashboards: Develop customizable dashboards to provide tailored security insights and metrics.
  2. Role-Based Access Control (RBAC): Implement RBAC to ensure secure access to sensitive resources and features.
  3. Compliance Management: Develop a compliance management module to ensure adherence to regulatory requirements and industry standards.
  4. Security Awareness Training: Integrate security awareness training to educate users on security best practices and emerging threats.
  5. Vulnerability Management: Develop a vulnerability management module to identify, prioritize, and remediate vulnerabilities.
  6. Exploit Catalogue: Add a wide array of the latest zero-click and zero-day exploits and the full implementations of them into a controlled access directory within the project to be customized as needed and deployed by AI
  7. Payload Catalogue: Add the latest and most sophisticated exploit delivery techniques and methods into a directory to be used and deployed by AI with controlled access.
  8. Advanced Post Exploitation Modules: Add advanced post exploitation modules to a directory using controlled access for the AI to deploy and modify as it sees fit.
  9. Advanced Memory Attacks: Add fully implemented advanced memory attacks to be deployed by AI automatically.
  10. Advanced Dashboards: Add as many dashboards for user features, settings panel, p2p messaging module and settings panel, AI driven customer chat module and admin settings panel for it, C2 operations panel and visualization of assets, message boards, announcements, latest news on the latest exploits, interface for the AI, system connections, logs, system status, system settings, attack simulations, fuzzing, asset control features for selected assets in the c2 panel, settings panel to customize reverse shell and other advanced connection methods, settings panel for advanced payload creation, modification and delivery, settings panel for user profiles, user profiles in the user space, user login screen, user lockout assistance screen, side panel for adding dashboard links, admin settings panel, controlled access settings, and any other panels, settings, modules, visualizations for panels and dashboards such as connection maps showing ip and countries on the map with connecting lines between them.
  11. Add Advanced Reverse Shells: Add advanced reverse shells and custom shells similar to that of sophisticated competing frameworks.
  12. Add Advanced Paywall Bypass Features: Add advanced methods of bypassing paywalls to analyze information across private forums, dark web, deep web, private servers, etc for code snippets and traces of meta data for searching for illicit code, exploits, or attack frameworks
  13. Add Pipeline for Disclosure With Prior DIA Approval For New Vulnerabilities / Exploits: Create a pipeline for providing stakeholders White Papers, PoC, and Mitigation Techniques for the new vulnerability.
  14. Add Visualizations: Create and add advanced visualizations such as charts, graphs, and status of systems, network connectivity, threat detection, def-con level.
  15. Add Defcon Level Status: Create a bright colored light; green, red for showing status of def-con level pertaining to all systems are ok, threat detected, intrusion alert, system compromised and create appropriate actions the AI should take to mitigate, evade, avoid, fix, and or shut the system down to prevent further access. Create banner alerts for each and details from the logs in the alerts as well as a siren sound, flash the program interface red and white with the centered alert box and details from the log for all def-con levels outside of green unless otherwise returning back to green.

Blockchain-Based Features

To enhance security, transparency, and accountability, the framework now includes the following blockchain-based features:

  1. Immutable Logs: Use blockchain to store logs of security events and incidents, ensuring that they cannot be tampered with.
  2. Audit Trails: Implement blockchain-based audit trails for all actions taken by the system, providing a transparent and tamper-proof record of activities.
  3. Data Integrity: Use blockchain to ensure the integrity of data collected and processed by the system, such as threat intelligence data and device fingerprints.

Integration with Modules

The blockchain-based features have been integrated into the following modules:

  1. Real-Time Monitoring: The modules/real_time_monitoring.py file now includes blockchain-based immutable logs for security events and incidents.
  2. Real-Time Threat Intelligence: The modules/real_time_threat_intelligence.py file now includes blockchain-based audit trails for actions taken by the system.
  3. Data Integrity: Blockchain-based data integrity features for threat intelligence data and device fingerprints are now included in the modules/real_time_threat_intelligence.py file.

Example Usage of Blockchain-Based Features

# Example of using the BlockchainLogger module
from modules.blockchain_logger import BlockchainLogger

logger = BlockchainLogger()
logger.log_event("Security event detected")
logger.log_event("Action taken by the system")

# Verify the integrity of the blockchain
is_valid = logger.verify_chain()
print(f"Blockchain integrity: {is_valid}")

About

Defense Intelligence Agency's Special Access Program For Cyber Intelligence, A National Security Asset | Project Red Sword Deploys an AI-Operated, Offensive & Defensive State Sponsored Attack Framework With Auditing & Reporting Capabilties

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published