Introduction
Red Team automation enables reproducible and scalable offensive campaigns. In 2026, with the complexity of cloud and zero-trust environments, teams must reduce reconnaissance and exploitation time. This tutorial guides you through creating Python and Bash scripts to automate key phases of a Red Team operation. You will learn to orchestrate tools while maintaining human oversight on critical decisions. Each section includes ready-to-use functional code.
Prerequisites
- Python 3.11+
- Kali Linux or equivalent distribution
- Basic networking and exploitation knowledge
- Tools: nmap, netcat installed
- Access to a lab environment (isolated VM)
Installing Dependencies
#!/bin/bash
pip install requests python-nmap colorama
apt update && apt install -y nmap netcat-traditionalThis script installs the required Python libraries and system tools. Run it with sudo for system packages. It prevents dependency errors in later steps.
Automating Reconnaissance
The reconnaissance phase is the most time-consuming. We will create a script that automatically scans an IP range and extracts open ports.
Automated Reconnaissance Script
import nmap
import json
def automated_recon(target):
nm = nmap.PortScanner()
nm.scan(target, '1-1024', arguments='-sV -T4')
results = {}
for host in nm.all_hosts():
results[host] = nm[host]['tcp']
with open('recon_results.json', 'w') as f:
json.dump(results, f, indent=2)
return results
if __name__ == "__main__":
automated_recon('192.168.1.0/24')This script uses python-nmap to scan and save results as JSON. It is functional and can be extended with filters for critical services.
Basic Exploitation Automation
import subprocess
import sys
def run_exploit(target, port):
cmd = ['nc', '-nv', target, str(port)]
try:
result = subprocess.run(cmd, capture_output=True, timeout=5, text=True)
print(result.stdout)
except subprocess.TimeoutExpired:
print("Connexion timed out")
if __name__ == "__main__":
if len(sys.argv) != 3:
print("Usage: python exploit.py <ip> <port>")
sys.exit(1)
run_exploit(sys.argv[1], int(sys.argv[2]))Simple script using netcat to test connections. It handles timeouts and can serve as a base for more advanced payloads.
Orchestration and Reporting
Combine the previous scripts into a pipeline. Automated reporting generates a clear summary for client deliverables.
Automated Reporting Script
import json
from datetime import datetime
def generate_report():
with open('recon_results.json') as f:
data = json.load(f)
report = f"Red Team Report - {datetime.now()}\n"
for host, ports in data.items():
report += f"Host: {host}\nOpen ports: {list(ports.keys())}\n"
with open('report.txt', 'w') as f:
f.write(report)
print("Report generated: report.txt")
if __name__ == "__main__":
generate_report()This script reads JSON results and produces a simple dated text report. It is easily adaptable to HTML or Markdown.
Complete Pipeline Configuration
#!/bin/bash
python3 recon.py
python3 exploit.py 192.168.1.10 22
python3 report.pyBash pipeline that chains the three Python scripts. Make it executable with chmod +x and adjust target IPs according to your lab.
Best Practices
- Always isolate scripts in a lab environment
- Use timeouts and robust error handling
- Log every action for traceability
- Never run on production systems without authorization
- Version your scripts with Git
Common Errors to Avoid
- Forgetting network exception handling (script that hangs)
- Scanning without rate limiting (IPS detection)
- Storing credentials in plaintext in code
- Ignoring partial scan results
Going Further
Integrate your scripts with frameworks like Empire or Cobalt Strike via API. Discover our advanced Red Team training.