Projects / RedWolf Security Threat Generator

RedWolf Security Threat Generator

RedWolf is a security threat simulator that tests security system effectiveness. Its threat generation capabilities include email, IM, malware, P2P, social networking, VoIP, DDoS, and many more. The guiding philosophy is that by generating realistic scenarios in a wide variety of categories, an auditor or organization can assess the effectiveness of network defenses. The scenario suite allows one to verify compliance with PCI-DSS, Sarbanes-Oxley, or HIPAA controls. RedWolf helps identify data loss risks and provides expert recommendations concerning risk mitigation. It reports present findings, recommendations, best practices, and blocking guidance in a straightforward, easily readable format. RedWolf also acts as a 'Red Team' agent, running drills to measure the readiness of your operations staff.

Operating Systems

Recent releases

  •  03 Mar 2011 15:57

    Release Notes: A new DDOS scenario has been added: LDAP Brute Force (Active Directory). It allows you to emulate a brute force attack on a Domain Controller. A new DDOS scenario has been added: DNS Flood. New proxy support: NTLM proxy (only for Webmail scenarios for now). Several scenarios were modified (some improvements and bugfixes) including: DDoS Botnet system; Amazon S3; Webmail; IMAP, SMTP, FTP, Gmail drive, Google Talk, IM, P2P, Skype, Social Networking, tunnels, and others. Product support updates; small patches/updates can be applied with no need to create a new build.

    •  27 May 2010 14:23

      Release Notes: The DDoS Botnet system was completely rebuilt with more user control, more scenarios, and more details on attacks. New scenarios include "HTTP[S] Get (hit and run)" in which an agent sends a request and immediately drops the connections. The Secure Socket Layer (SSL) tunnel scenario was fixed. The DNS tunnel scenario was improved. A custom request path was added for HTTP DDoS attacks. Some of the remote agents were moved to the Amazon EC2 cloud. The "Scenario Groups" tab was added. This allows one to choose a set of scenarios grouped by purpose. The "Site Details" tab now allows one to set a different Organization/Project which is recorded in reports.

      •  03 Dec 2009 14:25

        Release Notes: Two new scenarios were added: Slowloris and SQL injection. The webmail and social networking scenarios now support network proxies. The "Content Types" page is now Flash-based and should render correctly in all browsers. For those malware emulation scenarios that perform network scans, users may now specify which network segment to scan in CIDR notation. In addition, numerous bugs were fixed and recent API changes were incorporated into handlers involving GMail, AOL, and Amazon S3 accounts.

        •  20 Jul 2009 16:55

          Release Notes: Six scenarios now support HTTP and SOCKS network proxies. The 'Samba Share' scenario provides more details concerning client connections. The 'Discover Gateways' scenario reveals more information about the local routers that it finds, including their MAC addresses. The 'IRC' instant messaging scenario now has several Undernet servers to use, in case the primary server is unavailable. Finally, improvements to the 'Site Details', 'Configure Users', and 'Content Types' pages make the threat generator easier to use.


          Project Spotlight


          A Fluent OpenStack client API for Java.


          Project Spotlight

          TurnKey TWiki Appliance

          A TWiki appliance that is easy to use and lightweight.