RedEye
Overview
섹션 제목: “Overview”RedEye is a visualization and reporting framework designed for red team operations, command-and-control (C2) infrastructure, and authorized adversarial simulations. It aggregates data from various C2 platforms (Cobalt Strike, Empire, Metasploit, Sliver) to provide unified command execution tracking, timeline visualization, and comprehensive operation reporting. Essential for coordinating complex red team engagements and documenting authorized penetration tests.
Installation
섹션 제목: “Installation”Prerequisites
섹션 제목: “Prerequisites”# Python 3.8+
python3 --version
# Node.js and npm
node --version
npm --version
# Docker (optional but recommended)
docker --version
docker-compose --versionFrom GitHub
섹션 제목: “From GitHub”git clone https://github.com/offensive-security/redeye.git
cd redeyeDocker Installation
섹션 제목: “Docker Installation”docker-compose up -d
# Web interface: http://localhost:8080Manual Installation
섹션 제목: “Manual Installation”cd backend
pip3 install -r requirements.txt
cd ../frontend
npm install
npm run buildVerify Installation
섹션 제목: “Verify Installation”redeye --version
redeye --help
python3 -m redeye --versionBasic Startup
섹션 제목: “Basic Startup”# Docker (recommended)
docker-compose up
# Manual startup
python3 -m redeye.server &
npm start # in frontend directoryEssential Commands
섹션 제목: “Essential Commands”| Command | Purpose |
|---|---|
redeye import cobalt-strike.cobaltstrike | Import Cobalt Strike log |
redeye import empire.json | Import Empire JSON data |
redeye list-campaigns | List all campaigns |
redeye timeline --campaign <id> | Generate timeline visualization |
redeye report --campaign <id> | Generate HTML report |
redeye export --campaign <id> --format json | Export campaign data |
redeye search <query> --campaign <id> | Search campaign data |
redeye stats --campaign <id> | Display campaign statistics |
redeye deduplicate --campaign <id> | Remove duplicate commands |
redeye sync --server http://server:port | Sync with remote server |
Web Interface Navigation
섹션 제목: “Web Interface Navigation”Dashboard
섹션 제목: “Dashboard”1. Login to http://localhost:8080
2. Navigate to Campaigns
3. Select campaign to view timeline
4. Access command execution details
5. Export reports and visualizationsCampaign Management
섹션 제목: “Campaign Management”1. Create New Campaign
- Campaign Name
- Start Date
- Team Members
- Objectives
2. Import Logs
- Select C2 platform
- Upload operator data
- Map users and hosts
3. Manage Timeline
- Filter by date
- Group by operator
- Filter by hostC2 Data Import
섹션 제목: “C2 Data Import”Cobalt Strike Import
섹션 제목: “Cobalt Strike Import”# Export from Cobalt Strike
redeye import cobalt-strike.bin \
--campaign "Operation Alpha" \
--description "Red team engagement 2026"Multiple C2 Platforms
섹션 제목: “Multiple C2 Platforms”# Combine data from multiple C2 systems
redeye import \
--cobalt-strike cobaltstrike.bin \
--empire empire-output.json \
--metasploit msf-data.json \
--campaign "Multi-C2 Engagement"Empire JSON Import
섹션 제목: “Empire JSON Import”redeye import empire.json \
--campaign "Empire Ops" \
--sync-users true \
--auto-timelineSliver C2 Import
섹션 제목: “Sliver C2 Import”# Sliver operator logs
redeye import sliver-session.log \
--campaign "Sliver Operations" \
--parse-implantsTimeline Visualization
섹션 제목: “Timeline Visualization”Generate Timeline
섹션 제목: “Generate Timeline”redeye timeline \
--campaign "Operation Alpha" \
--output timeline.html \
--format interactiveFilter by Date Range
섹션 제목: “Filter by Date Range”redeye timeline \
--campaign "Operation Alpha" \
--start "2026-01-01" \
--end "2026-01-31" \
--output january-ops.htmlGroup by Operator
섹션 제목: “Group by Operator”redeye timeline \
--campaign "Operation Alpha" \
--group-by operator \
--highlight-operators "alice,bob,charlie"Host-Centric Timeline
섹션 제목: “Host-Centric Timeline”redeye timeline \
--campaign "Operation Alpha" \
--pivot-host \
--include-hosts "server01,workstation02"Command Tracking
섹션 제목: “Command Tracking”List All Commands
섹션 제목: “List All Commands”redeye search "command:*" \
--campaign "Operation Alpha" \
--format tableFind Specific Commands
섹션 제목: “Find Specific Commands”# Search by command type
redeye search "command_type:process-execution" \
--campaign "Operation Alpha"
# Search by operator
redeye search "operator:alice" \
--campaign "Operation Alpha"
# Search by host
redeye search "host:server01" \
--campaign "Operation Alpha"Command Execution Stats
섹션 제목: “Command Execution Stats”redeye stats \
--campaign "Operation Alpha" \
--stat-type command-summaryFailed vs Successful
섹션 제목: “Failed vs Successful”redeye search "status:success" \
--campaign "Operation Alpha" \
--count
redeye search "status:failed" \
--campaign "Operation Alpha" \
--countOperator Tracking
섹션 제목: “Operator Tracking”List All Operators
섹션 제목: “List All Operators”redeye search "operator:*" \
--campaign "Operation Alpha" \
--uniqueOperator Activity Summary
섹션 제목: “Operator Activity Summary”redeye stats \
--campaign "Operation Alpha" \
--operator-activityMap Operator to Commands
섹션 제목: “Map Operator to Commands”redeye search "operator:alice" \
--campaign "Operation Alpha" \
--include-commands \
--sort-by timestampOperator Timeline
섹션 제목: “Operator Timeline”redeye timeline \
--campaign "Operation Alpha" \
--operator-focus alice \
--output alice-timeline.htmlHost and Network Tracking
섹션 제목: “Host and Network Tracking”List All Hosts
섹션 제목: “List All Hosts”redeye search "host:*" \
--campaign "Operation Alpha" \
--uniqueHost Details
섹션 제목: “Host Details”redeye search "host:server01" \
--campaign "Operation Alpha" \
--include-os \
--include-users \
--include-processesNetwork Topology
섹션 제목: “Network Topology”redeye export \
--campaign "Operation Alpha" \
--format network-graph \
--output network.jsonHost Compromise Timeline
섹션 제목: “Host Compromise Timeline”redeye timeline \
--campaign "Operation Alpha" \
--host-focus server01 \
--show-access-eventsReport Generation
섹션 제목: “Report Generation”Full Campaign Report
섹션 제목: “Full Campaign Report”redeye report \
--campaign "Operation Alpha" \
--format html \
--output report.html \
--include-timeline \
--include-stats \
--include-objectivesExecutive Summary
섹션 제목: “Executive Summary”redeye report \
--campaign "Operation Alpha" \
--format executive-summary \
--output executive.htmlTechnical Report
섹션 제목: “Technical Report”redeye report \
--campaign "Operation Alpha" \
--format technical \
--output technical-report.html \
--include-iocs \
--include-commands \
--include-toolingTimeline Report
섹션 제목: “Timeline Report”redeye report \
--campaign "Operation Alpha" \
--format timeline-only \
--output timeline-report.html \
--group-by dateData Export
섹션 제목: “Data Export”Export to JSON
섹션 제목: “Export to JSON”redeye export \
--campaign "Operation Alpha" \
--format json \
--output campaign-data.jsonExport to CSV
섹션 제목: “Export to CSV”redeye export \
--campaign "Operation Alpha" \
--format csv \
--output commands.csv \
--include fields timestamp,operator,host,command,resultExport IOCs
섹션 제목: “Export IOCs”redeye export \
--campaign "Operation Alpha" \
--format iocs \
--output indicators.txt \
--ioc-types ip,domain,hash,processExport for MITRE ATT&CK
섹션 제목: “Export for MITRE ATT&CK”redeye export \
--campaign "Operation Alpha" \
--format mitre-attack \
--output attack-mapping.jsonDeduplication and Cleanup
섹션 제목: “Deduplication and Cleanup”Find Duplicate Entries
섹션 제목: “Find Duplicate Entries”redeye deduplicate \
--campaign "Operation Alpha" \
--analyze-onlyRemove Duplicates
섹션 제목: “Remove Duplicates”redeye deduplicate \
--campaign "Operation Alpha" \
--executeMerge Campaigns
섹션 제목: “Merge Campaigns”redeye merge \
--source "Operation Alpha" \
--target "Operation Beta" \
--strategy keep-bothSanitize Sensitive Data
섹션 제목: “Sanitize Sensitive Data”redeye sanitize \
--campaign "Operation Alpha" \
--remove-passwords \
--redact-usernames \
--output cleaned-campaign.jsonTimeline Filtering
섹션 제목: “Timeline Filtering”Filter by Activity Type
섹션 제목: “Filter by Activity Type”redeye timeline \
--campaign "Operation Alpha" \
--activity-filter "command,file-access,process-creation" \
--output filtered-timeline.htmlFilter by Time Range
섹션 제목: “Filter by Time Range”redeye timeline \
--campaign "Operation Alpha" \
--start "2026-01-15 08:00:00" \
--end "2026-01-15 17:00:00" \
--output daily-timeline.htmlFilter by Success/Failure
섹션 제목: “Filter by Success/Failure”redeye timeline \
--campaign "Operation Alpha" \
--status-filter success \
--output successful-only.htmlVisualization Options
섹션 제목: “Visualization Options”Interactive Timeline
섹션 제목: “Interactive Timeline”redeye timeline \
--campaign "Operation Alpha" \
--format interactive \
--output timeline-interactive.htmlLinear Timeline
섹션 제목: “Linear Timeline”redeye timeline \
--campaign "Operation Alpha" \
--format linear \
--output timeline-linear.htmlNetwork Graph
섹션 제목: “Network Graph”redeye export \
--campaign "Operation Alpha" \
--format network-graph \
--output network-graph.htmlSunburst Diagram
섹션 제목: “Sunburst Diagram”redeye export \
--campaign "Operation Alpha" \
--format sunburst \
--output sunburst.htmlMulti-Campaign Management
섹션 제목: “Multi-Campaign Management”Create Campaign
섹션 제목: “Create Campaign”redeye campaign create \
--name "Operation Alpha" \
--start-date "2026-01-01" \
--team-members alice,bob,charlieList Campaigns
섹션 제목: “List Campaigns”redeye list-campaigns \
--include-statsCompare Campaigns
섹션 제목: “Compare Campaigns”redeye compare \
--campaign1 "Operation Alpha" \
--campaign2 "Operation Beta" \
--output comparison.htmlArchive Campaign
섹션 제목: “Archive Campaign”redeye archive \
--campaign "Operation Alpha" \
--output archive.tar.gzSearch Syntax
섹션 제목: “Search Syntax”Basic Search
섹션 제목: “Basic Search”# Search all fields
redeye search "malware" --campaign "Op Alpha"
# Specific field
redeye search "command:whoami" --campaign "Op Alpha"
# Multiple conditions
redeye search "operator:alice AND host:server01" --campaign "Op Alpha"Advanced Operators
섹션 제목: “Advanced Operators”# Wildcards
redeye search "command:*creds*" --campaign "Op Alpha"
# Range
redeye search "timestamp:[2026-01-01 TO 2026-01-31]" --campaign "Op Alpha"
# Exclusion
redeye search "NOT status:failed" --campaign "Op Alpha"
# OR logic
redeye search "host:server01 OR host:server02" --campaign "Op Alpha"MITRE ATT&CK Mapping
섹션 제목: “MITRE ATT&CK Mapping”Map Commands to Techniques
섹션 제목: “Map Commands to Techniques”redeye map-attack \
--campaign "Operation Alpha" \
--output attack-mapping.jsonGenerate ATT&CK Navigator
섹션 제목: “Generate ATT&CK Navigator”redeye export \
--campaign "Operation Alpha" \
--format attack-navigator \
--output navigator.jsonTechnique Coverage Report
섹션 제목: “Technique Coverage Report”redeye report \
--campaign "Operation Alpha" \
--format attack-coverage \
--output technique-coverage.htmlServer Management
섹션 제목: “Server Management”Start Local Server
섹션 제목: “Start Local Server”redeye server start --host 0.0.0.0 --port 8080Remote Server Access
섹션 제목: “Remote Server Access”redeye sync \
--server http://remote-server:8080 \
--campaign "Operation Alpha"User Management
섹션 제목: “User Management”redeye user add --username analyst --password secure
redeye user list
redeye user delete --username analystBackup Campaign
섹션 제목: “Backup Campaign”redeye backup \
--campaign "Operation Alpha" \
--output backup.tar.gzConfiguration
섹션 제목: “Configuration”Config File
섹션 제목: “Config File”# ~/.redeye/config.yaml
server:
host: 0.0.0.0
port: 8080
debug: false
database:
type: sqlite
path: ./redeye.db
import:
auto-deduplicate: true
merge-similar: false
export:
include-sensitive: true
sanitize: false
timeline:
group-by-default: date
highlight-failed: trueEnvironment Variables
섹션 제목: “Environment Variables”export REDEYE_HOST=0.0.0.0
export REDEYE_PORT=8080
export REDEYE_DB_PATH=/data/redeye.db
export REDEYE_DEBUG=trueBest Practices
섹션 제목: “Best Practices”- Segregate Operations - Keep campaigns separate for security and organization
- Regular Backups - Export campaigns regularly for record preservation
- Sanitize Reports - Remove sensitive data before sharing reports
- Document Objectives - Clearly define and track engagement objectives
- Timestamp Everything - Ensure accurate timeline data for forensics
- Access Control - Limit who can view sensitive operation data
- Archive Completed - Archive finished campaigns for long-term storage
- Validate Imports - Verify C2 data integrity before importing
Real-World Workflows
섹션 제목: “Real-World Workflows”Multi-Operator Engagement
섹션 제목: “Multi-Operator Engagement”# Day 1: Import Cobalt Strike data
redeye import cobalt-strike.bin --campaign "Engagement 2026"
# Day 2: Add Empire data
redeye import empire.json --campaign "Engagement 2026"
# Day 3: Generate daily report
redeye report --campaign "Engagement 2026" \
--format html --output day3-report.html
# End of week: Executive summary
redeye report --campaign "Engagement 2026" \
--format executive-summary --output executive.htmlIncident Response Attribution
섹션 제목: “Incident Response Attribution”# Import suspicious activity logs
redeye import activity.json --campaign "IR-2026-001"
# Timeline visualization
redeye timeline --campaign "IR-2026-001" \
--output incident-timeline.html
# Export IOCs for blocking
redeye export --campaign "IR-2026-001" \
--format iocs --output blocking-list.txtCompliance Documentation
섹션 제목: “Compliance Documentation”# Generate comprehensive report
redeye report --campaign "Engagement 2026" \
--format technical \
--include-timeline \
--include-stats \
--include-objectives \
--output compliance-report.html
# Export for audit trail
redeye export --campaign "Engagement 2026" \
--format json --output audit-trail.jsonTroubleshooting
섹션 제목: “Troubleshooting”Import Failures
섹션 제목: “Import Failures”# Verify file format
file cobalt-strike.bin
# Check compatibility
redeye import --validate cobalt-strike.bin
# Verbose import
redeye import --verbose cobalt-strike.binDatabase Issues
섹션 제목: “Database Issues”# Check database integrity
redeye database check
# Repair database
redeye database repair
# Reset database
redeye database resetWeb Interface Not Responding
섹션 제목: “Web Interface Not Responding”# Check server status
curl http://localhost:8080/api/health
# Restart services
docker-compose restart
# Check logs
docker-compose logs -fAdditional Resources
섹션 제목: “Additional Resources”- RedEye GitHub: https://github.com/offensive-security/redeye
- Cobalt Strike Documentation: https://www.cobaltstrike.com/
- MITRE ATT&CK: https://attack.mitre.org/
- Red Team Handbook: https://redteamhandbook.com/