🔴 Redtext Generator

Social Engineering Scenario Builder for Authorized Red Team Operations

  ██████╗ ███████╗██████╗ ████████╗███████╗██╗  ██╗████████╗
  ██╔══██╗██╔════╝██╔══██╗╚══██╔══╝██╔════╝╚██╗██╔╝╚══██╔══╝
  ██████╔╝█████╗  ██║  ██║   ██║   █████╗   ╚███╔╝    ██║
  ██╔══██╗██╔══╝  ██║  ██║   ██║   ██╔══╝   ██╔██╗    ██║
  ██║  ██║███████╗██████╔╝   ██║   ███████╗██╔╝ ██╗   ██║
  ╚═╝  ╚═╝╚══════╝╚═════╝    ╚═╝   ╚══════╝╚═╝  ╚═╝   ╚═╝
       ██████╗ ███████╗███╗   ██╗
       ██╔════╝ ██╔════╝████╗  ██║
       ██║  ███╗█████╗  ██╔██╗ ██║
       ██║   ██║██╔══╝  ██║╚██╗██║
       ╚██████╔╝███████╗██║ ╚████║
        ╚═════╝ ╚══════╝╚═╝  ╚═══╝
  ╔══════════════════════════════════════════════════════════╗
  ◢◤ SOCIAL ENGINEERING SCENARIO BUILDER ◢◤                ║
  ║                                                          ║
  ║    ▸ Physical Pretexts   ▸ Full Attack Scenarios         ║
  ║    ▸ Phishing Emails    ▸ Vishing Scripts                ║
  ║                                                          ║
  ║  {Colors.YELLOW}  "Some data is too dangerous to record."║
  ║                            — SCP-2521                    ║
  ╚══════════════════════════════════════════════════════════╝
  v2.1.0 | @keuchnotkush | For authorized use only
        ╚═════╝ ╚══════╝╚═╝  ╚═══╝

⚠️ This tool is designed for AUTHORIZED red team operations, security awareness training, and penetration testing ONLY. Unauthorized use of social engineering techniques is illegal and unethical. Always obtain written authorization before conducting any social engineering engagement.

What is Redtext?

Redtext generates realistic social engineering scenarios for red team engagements. Feed it a target industry, attacker persona, and urgency level — it outputs ready-to-use phishing emails, vishing call scripts, and physical access pretexts with dynamically generated names, companies, and details.

No external dependencies. Pure Python. MITRE ATT&CK framework integration with technique tagging and detection gap analysis. Optional GoPhish integration for live campaign deployment.

Installation

git clone https://github.com/keuchnotkush/redtext-generator.git
cd redtext-generator

That's it. No pip install required — runs on Python 3.8+ with stdlib only.

Usage

# Generate a phishing email targeting finance with high urgency
python -m redtext_generator phishing --industry finance --urgency high

# Generate a smishing (SMS phishing) message targeting finance
python -m redtext_generator smishing --industry finance --urgency critical

# Generate a QR code phishing (quishing) scenario with ASCII QR
python -m redtext_generator quishing --industry tech --urgency high

# Generate a quishing scenario with a custom phishing URL
python -m redtext_generator quishing --industry tech --url "https://phish.example.com/portal"

# Generate a vishing script as a vendor impersonator
python -m redtext_generator vishing --persona vendor --company "Acme Corp"

# Generate a physical access pretext for healthcare
python -m redtext_generator physical --industry healthcare

# Generate a complete multi-phase attack scenario
python -m redtext_generator full --industry tech --urgency critical --company "Target Inc"

# Launch interactive wizard (step-by-step prompts)
python -m redtext_generator interactive

# List all available industries, personas, and options
python -m redtext_generator list

Generation Modes

Mode	Command	Output
📧 Phishing	phishing	Email with subject, body, IoCs
📱 Smishing	smishing	SMS message with malicious link, short code
📲 Quishing	quishing	QR code scenario with ASCII QR, pretext, placement
📞 Vishing	vishing	Call script with opening, escalation, objectives
🏢 Physical	physical	Cover identity, props, script, target areas
⚔️ Full	full	Multi-phase attack: recon → phishing → vishing → physical
🧙 Interactive	interactive	Step-by-step wizard with menus
🎯 ATT&CK Phase	phase <PHASE>	Scenario mapped to a MITRE ATT&CK kill chain phase
📋 List	list	All available options

Options

Flag	Short	Description	Default
--industry	-i	Target industry	tech
--urgency	-u	Urgency level	medium
--persona	-p	Attacker persona	it_support
--company	-c	Target company name	Target Corp
--template	-t	Specific template ID	random
--seed	-s	Random seed (reproducible output)	none
--language	-l	Output language (en, fr, es, de)	en
--export-json		Export as JSON file	none
--export-md		Export as Markdown file	none
--export-html		Export as HTML report	none
--url		Custom phishing URL for QR code (quishing only)	auto-generated
--no-banner		Suppress ASCII banner	false
--no-disclaimer		Suppress disclaimer	false

Subcommand: phase

Generate scenarios mapped to a specific MITRE ATT&CK phase:

python -m redtext_generator phase <PHASE> [options]

The phase subcommand accepts all the same flags as regular generation modes (--industry, --urgency, --persona, etc.).

Supported Industries

Key	Industry	Example Software
tech	Technology	Jira, GitHub, Slack, AWS, Okta
finance	Financial Services	Bloomberg, SAP, Oracle Financials
healthcare	Healthcare	Epic, Cerner, Meditech, McKesson
government	Government	Splunk, Tenable, Archer, Salesforce Gov
education	Education	Canvas, Blackboard, Banner, Zoom
manufacturing	Manufacturing	Siemens S7, Rockwell, SAP, Wonderware
retail	Retail	Shopify, Square, Magento, Oracle Retail

Attacker Personas

Key	Persona	Use Case
it_support	IT Support Technician	Credential harvesting, remote access
vendor	Third-Party Vendor	Software exploitation, supply chain
executive	C-Suite Impersonation	BEC, wire fraud, authority abuse
auditor	External Auditor	Document theft, compliance pressure
new_employee	New Employee	Physical access, credential requests
physical	Physical Intruder	Building access, device planting

Psychological Principles

Every generated scenario leverages Cialdini's Principles of Influence:

Principle	How Redtext Uses It
Authority	Executive impersonation, auditor pressure
Urgency	Artificial deadlines, active breach claims
Social Proof	"Everyone in your department already completed this"
Reciprocity	Help first, then request access
Liking	Rapport building before the ask
Commitment	Small asks escalating to sensitive requests

GoPhish Integration

Redtext integrates with GoPhish to push generated scenarios directly into live phishing campaigns.

Setup

# Configure GoPhish API connection (saved to ~/.config/redtext/config.ini)
python -m redtext_generator gophish setup

You can also configure via environment variables (REDTEXT_GOPHISH_URL, REDTEXT_GOPHISH_KEY) or CLI flags (--gophish-url, --gophish-key).

Commands

# List existing GoPhish templates
python -m redtext_generator gophish templates

# Generate a phishing scenario and push it as a GoPhish template
python -m redtext_generator gophish push --industry finance --urgency high

# Push with a custom template name
python -m redtext_generator gophish push --industry tech --name "Q1 Security Audit"

# Create a full campaign (requires existing template, SMTP profile, landing page, and group)
python -m redtext_generator gophish campaign \
  --template-name "Q1 Security Audit" \
  --group-name "Engineering Team" \
  --smtp-name "Relay1" \
  --page-name "O365 Login" \
  --url "https://phish.example.com"

# Create a campaign with auto-created target group from CSV
python -m redtext_generator gophish campaign \
  --template-name "Q1 Security Audit" \
  --group-name "New Targets" \
  --targets-csv targets.csv \
  --smtp-name "Relay1" \
  --page-name "O365 Login" \
  --url "https://phish.example.com" \
  --launch-date "2025-03-01T09:00:00+00:00"

# Check campaign results
python -m redtext_generator gophish status 42

Target CSV Format

email,first_name,last_name,position
alice@corp.com,Alice,Smith,Engineer
bob@corp.com,Bob,Jones,Manager

SSL Verification

GoPhish often runs on self-signed certificates. Use --no-verify-ssl to skip verification:

python -m redtext_generator gophish templates --no-verify-ssl

Or set verify_ssl = false in your config file during gophish setup.

Localization

Generate scenarios in French, Spanish, or German:

# French phishing email
python -m redtext_generator phishing -l fr --industry finance --urgency high

# Spanish vishing script
python -m redtext_generator vishing -l es --persona vendor --company "Acme Corp"

# German full attack scenario
python -m redtext_generator full -l de --industry tech --urgency critical

Code	Language	Flag
en	English	-l en (default)
fr	French	-l fr
es	Spanish	-l es
de	German	-l de

In interactive mode, language selection is the first prompt. All template text, names, months, and UI strings are translated. Software names, domain names, and template IDs remain in English.

MITRE ATT&CK Integration

Every generated scenario now includes MITRE ATT&CK technique IDs, tactic classification, and detection gap analysis. This maps each social engineering pretext to real-world attack techniques so blue teams can evaluate their detection coverage.

Phase-Based Generation

Use the phase subcommand to generate scenarios aligned to a specific ATT&CK kill chain phase:

# Generate a scenario for the initial access phase
python -m redtext_generator phase initial-access --industry finance --urgency high

# Generate a credential access scenario
python -m redtext_generator phase credential-access --persona vendor --company "Acme Corp"

# Generate a reconnaissance scenario with JSON export
python -m redtext_generator phase recon --industry tech --export-json recon.json

# Generate a lateral movement pretext in French
python -m redtext_generator phase lateral-movement -l fr --industry healthcare

Available Phases

Phase	Scenario Type	Description
recon	full	Reconnaissance — map attack surface
initial-access	phishing	Initial Access — get first foothold
execution	phishing	Execution — run code on target
credential-access	vishing	Credential Access — harvest credentials
privilege-escalation	vishing	Privilege Escalation — get admin/root
defense-evasion	smishing	Defense Evasion — avoid detection
discovery	physical	Discovery — map internal network
lateral-movement	physical	Lateral Movement — spread to other systems
collection	physical	Collection — gather target data
c2	full	Command and Control
exfiltration	full	Exfiltration — extract data

Detection Gap Analysis

Each scenario output includes:

• ATT&CK Technique IDs — e.g. T1566.002 Phishing: Spearphishing Link
• What should detect this — controls that should catch the attack
• What often fails — why those controls miss in practice

This gives red teams concrete talking points for post-engagement debriefs and helps blue teams prioritize detection improvements.

New Templates

Six new scenario templates added for deeper coverage:

Phishing

Template ID	Description
supply_chain	Supply chain compromise — impersonates trusted vendor software update
credential_breach	Credential breach notification — exploits real breach anxiety for credential harvesting

Vishing

Template ID	Description
password_reset_escalation	IAM review pretext — targets users with admin/root access for privilege escalation
service_account_audit	Compliance audit pretext — harvests service account credentials via audit pressure

Physical

Template ID	Description
copier_technician	Printer/copier maintenance pretext — gains multi-floor access to plant network implants
it_asset_inventory	IT asset inventory pretext — desk-by-desk access for reconnaissance and device planting

Export

# Export as JSON
python -m redtext_generator phishing -i finance -u high --export-json scenario.json

# Export as Markdown
python -m redtext_generator full -i tech -u critical --export-md report.md

# Export as HTML report (self-contained, opens in any browser)
python -m redtext_generator phishing -i finance -u high --export-html report.html

# All formats at once
python -m redtext_generator full --export-json out.json --export-md out.md --export-html out.html

Project Structure

redtext-generator/
├── redtext_generator/
│   ├── __init__.py          # Package metadata
│   ├── __main__.py          # CLI entry point (argparse)
│   ├── templates.py         # Industries, personas, email/vishing/physical templates
│   ├── generator.py         # Core engine — assembles scenarios from templates
│   ├── formatters.py        # Terminal display (ANSI colors) + JSON/Markdown/HTML export
│   ├── qrencode.py          # Minimal QR code encoder (pure Python)
│   ├── gophish.py           # GoPhish API client (urllib)
│   ├── gophish_bridge.py    # REDTEXT → GoPhish data conversion
│   ├── config.py            # Config management (INI + env vars + CLI)
│   ├── mitre.py             # MITRE ATT&CK technique mapping and detection analysis
│   └── locales/             # Localization strings
│       ├── __init__.py      # Locale registry and loader
│       ├── en.py            # English (default / reference)
│       ├── fr.py            # French
│       ├── es.py            # Spanish
│       └── de.py            # German
├── tests/
│   ├── test_generator.py
│   ├── test_formatters.py
│   ├── test_cli.py
│   ├── test_templates.py
│   ├── test_qrencode.py     # QR encoder tests
│   ├── test_gophish.py      # GoPhish integration tests
│   ├── test_locales.py      # Localization tests
│   └── test_mitre.py        # MITRE ATT&CK integration tests
├── CONTRIBUTING.md
├── LICENSE
├── pyproject.toml
└── README.md

Roadmap

• SMS/Smishing templates
• QR code phishing scenarios
• Interactive TUI mode
• HTML email export
• GoPhish integration
• Localization (FR, ES, DE)
• MITRE ATT&CK integration (technique tagging, phase-based generation, detection gap analysis)
• AI-powered scenario customization

Legal

This tool is provided for educational and authorized security testing purposes only. The authors are not responsible for any misuse or damage caused by this tool. Always obtain proper written authorization before conducting social engineering engagements.

License

GPL v3 License — see LICENSE for details.

---

Built by @keuchnotkush