A comprehensive local cloud attack simulator for red-team training and blue-team education. RedColors simulates realistic cloud attack chains with Metasploit-style CLI output, MITRE ATT&CK mappings, and comprehensive reporting.
RedColors is designed to help security professionals understand cloud attack techniques through safe, local simulation. It provides:
- Red Team Tools: Attack simulation with realistic progression
- Blue Team Tools: Security analysis and reporting
- Educational Value: MITRE ATT&CK mappings and detailed explanations
- Safety First: All operations are local-only with fake credentials
| Module | Purpose | Type |
|---|---|---|
| IAM Parser | Parse and validate IAM configurations | Foundation |
| Vulnerable Lab | Simulate vulnerable cloud services | Red Team |
| IAM Analyzer | Analyze trust relationships and escalation paths | Blue Team |
| Attack Engine | Simulate attack chains with CLI output | Red Team |
| Report Generator | Create comprehensive security reports | Blue Team |
| CLI Interface | Orchestrate all modules | Interface |
- Python 3.8+
- pip
# Clone the repository
git clone https://github.com/yourusername/RedColors.git
cd RedColors
# Install dependencies
pip install -r requirements.txt# Run attack simulation with Metasploit-style CLI
python examples/usage_attack_engine.py- Colored output with professional styling
- 1-second delays for dramatic effect
- MITRE ATT&CK mappings for each technique
- Real-time attack progression display
- Privilege Escalation via role assumption
- Data Exfiltration through S3 access
- Persistence via IAM role creation
- CloudTrail Events generation
- SIEM Alerts creation
- Trust Graph visualization
- Risk Assessment with scoring
- Compliance Status checking
- Recommendations generation
[*] alice attempting to assume role using sts:AssumeRole
MITRE ATT&CK: T1078.004
[+] alice successfully assumed role
[!] alice successfully created a Lambda function with Admin role
[!] Alert: alice suspected as compromised user
[!] Data exfiltration successful: 1024 bytes
- Local-only operations - No external API calls
- Fake credentials - All tokens prefixed with "TEMP_"
- Simulation markers - Clear identification of test data
- Comprehensive validation - Safety checks at every step
RedColors/
├── src/ # Core modules
│ ├── iam_parser.py # IAM data parsing
│ ├── vulnerable_lab.py # Vulnerable API simulation
│ ├── analyzer.py # IAM analysis (Blue Team)
│ ├── attack_engine.py # Attack simulation (Red Team)
│ └── report_generator.py # Security reporting
├── examples/ # Usage examples
├── tests/ # Unit tests
├── specs/ # Specifications
└── templates/ # Report templates
# Run all tests
python -m pytest tests/ -v
# Run specific module tests
python -m pytest tests/test_attack_engine.py -v- Project Brief - Overall project goals
- Safety Policy - Security guidelines
- Generation Checklist - Development checklist
- Specifications - Detailed module specs
RedColors is perfect for:
- Red Team Training - Understanding attack techniques
- Blue Team Education - Learning defense strategies
- Security Awareness - Demonstrating cloud risks
- Threat Intelligence - MITRE ATT&CK technique mapping
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests for new functionality
- Submit a pull request
This project is licensed under the MIT License - see the LICENSE file for details.
RedColors is designed for educational and training purposes only. Always ensure you have proper authorization before testing security measures. The authors are not responsible for any misuse of this tool.
- MITRE ATT&CK framework for technique classification
- AWS for cloud security concepts
- The security community for best practices
Made with ❤️ for the security community