RedHunt Labs Research
Curated mirror of research.redhuntlabs.com — ASM and Exposure research, open-source security tools, Project Resonance waves, and downloadable datasets. Pairs with the catalog entry at /threatintel/external-resources.
Advanced Docker security tool that detects and mitigates vulnerabilities in containers and images. Named after the water weapon in Indian mythology, it is created by Varuna, the god of the hydrosphere. Provides comprehensive container security coverage across build and runtime.
Showcased at: Black Hat MEA 2024 · Black Hat Asia 2025
Security tool for bug bounty hunters and security professionals that identifies Firebase misconfigurations with high precision. Inspired by the divine fire weapon, it includes extensive checks for all Firebase services, a correlation engine, secret extraction, and automated report generation.
Showcased at: Black Hat EU 2024 · Black Hat Asia 2025
Automated S3-compatible bucket inspector that extracts assets, flags secret exposures, and searches for custom keywords and regex patterns in publicly-exposed storage buckets. Supports AWS S3, Google Cloud Storage, DigitalOcean Spaces, and custom domains/URLs connected to these platforms.
Showcased at: Black Hat EU 2023 · Black Hat Asia 2024 · Black Hat USA 2023 · Black Hat MEA 2023
Personally Identifiable Information (PII) scanner that uses Optical Character Recognition (OCR), regular expression lists, and Natural Language Processing (NLP) to search public-facing locations for government IDs, addresses, emails, and other sensitive data in images, PDFs, and documents. Encountered many cases where employee and customer data was leaked by these systems.
AI-powered typosquatting and phishing domain detector. Uses NLP and large language models (e.g. ChatGPT) to analyze domain names for subtle misspellings, brand impersonations, and other patterns that help prevent malicious parties from exploiting user trust and conducting fraud.
Showcased at: Black Hat USA 2023
Curated list of resources that help during the asset discovery phase of a security assessment engagement. Covers both offensive and defensive use cases. Community-maintained; contributions of resources and categories are welcome.
Custom search tool that looks for specific keywords or strings across a variety of online IDEs, paste sites, and code-sharing platforms. Helps security professionals, developers, and researchers quickly identify potentially sensitive or exposed information — code snippets, credentials, and other critical data that may have been inadvertently shared publicly.
Comprehensive virtual machine for adversary emulation and threat hunting. Integrates a range of attacker tools and defender resources to proactively identify and mitigate threats. Built on Lubuntu-18.04 x64 and ships with Metasploit, Nmap, Maltego, the ELK Stack, and more.
Open-source security tool for security professionals, penetration testers, and system administrators to assess the attack surface of Kubernetes clusters. Operates from a black-box perspective, requiring no internal credentials or infrastructure access. Scans the public internet to identify unsecured or misconfigured Kubernetes clusters and their potential entry points.
Burp Suite extension that acts as a passive scanner, parsing the responses from pages in scope and continuously monitoring for assets. Identifies and classifies assets using RegEx patterns tailored to different asset types. Available on the BApp store for direct install into Burp Suite.
OSINT framework built for comprehensive reconnaissance on companies, individuals, phone numbers, Bitcoin addresses, and more. Gathers raw data from various public and private sources, correlates findings, and presents them in a unified, easily digestible format. Identifies sensitive data like credentials, API keys, subdomains, domain history, and legacy portals; exports reports in HTML, JSON, and text.