Cascavel
π Cascavel β Elite Offensive Security Framework | 85+ plugins | OWASP 2025 | Automated pentesting, reconnaissance & vulnerability assessment | By RET Tecnologia
Install / Use
/learn @glferreira-devsecops/CascavelREADME
π¬ Demo
<p align="center"> <img src="docs/cascavel_scan.png" width="700" /> </p> <p align="center"> <sub><strong>Cinematic boot sequence</strong> Β· Auto-detects 30+ tools Β· Preloader with security intel tips</sub> </p> <p align="center"> <img src="docs/cascavel_results.png" width="700" /> </p> <p align="center"> <sub><strong>Split-screen live dashboard</strong> Β· Real-time severity tracking Β· Rotating security intelligence</sub> </p>π‘ What Makes Cascavel Different
Most pentest workflows involve 20+ separate tools, each with its own syntax, output format, and report style. You manually merge results, format reports, and lose hours to context-switching.
Cascavel replaces the entire workflow:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β $ python3 cascavel.py -t target.com --pdf β
β β
β ββββββββββββ ββββββββββ ββββββββββββ ββββββββββββ β
β β DISCOVER ββ β PROBE ββ β ATTACK ββ β ANALYZE β β
β ββββββββββββ ββββββββββ ββββββββββββ ββββββββββββ β
β Subdomains Ports XSS,SQLi JWT,CORS β
β DNS,WHOIS Banners SSRF,RCE CSP,CSRF β
β Cloud enum Headers SSTI,XXE OAuth,IDOR β
β β
β ββββββββββββ ββββββββββββββββββββββββββββββββββββββββ β
β β DETECT ββ β REPORT (PDF/MD/JSON) β β
β ββββββββββββ ββββββββββββββββββββββββββββββββββββββββ β
β Docker,K8s CVSS v4.0 Β· OWASP Β· PTES Β· LGPD β
β Redis,S3 Legal disclaimers Β· SHA-256 integrity β
β CI/CD Compliance mapping Β· Risk matrix β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
| Capability | Cascavel | Other Tools |
|:---|:---|:---|
| Unified pipeline | 84 plugins + 30 tools in one command | Fragmented scripts |
| Live dashboard | Split-screen with real-time stats + intel | No live feedback |
| PDF reports | 12 legal disclaimers, CVSS v4.0, PTES | Manual formatting |
| Terminal UX | Cinematic preloader, fade animations | Plain stdout |
| Security hardening | ANSI sanitizer, plugin sandboxing | Trust all output |
| Zero-config | install.sh handles everything | Manual dependency hell |
β‘ Install
Prerequisites
| Requirement | Minimum | Why |
|:---|:---|:---|
| Python | 3.12+ | LTS until 2028 Β· importlib.metadata, typed generics |
| requests | 2.32.4 | GHSA-9hjg β .netrc credential leak + TLS verify bypass |
| pyOpenSSL | 25.0.0 | GHSA-5pwr β buffer overflow + unhandled callback bypass |
| dnspython | 2.7.0 | GHSA-3rq5 β TuDoor DNS resolution disruption |
| PyJWT | 2.12.0 | CVE-2022-29217 β algorithm confusion attack |
| ReportLab | 3.6.13 | CVE-2023-33733 β RCE via rl_safe_eval |
[!NOTE] The installer automatically enforces these minimum versions and runs
pip-auditpost-install. Manual installs should verify withpip list | grep -iE 'requests|pyopenssl|dnspython|pyjwt|reportlab'.
π Quick Install
curl -fsSL https://raw.githubusercontent.com/glferreira-devsecops/Cascavel/main/install.sh | bash
One command. That's it. Works on macOS, Linux (Debian/Ubuntu/Kali/Parrot/Fedora/Arch/Alpine/SUSE), WSL2, and Docker. The installer auto-detects your OS, installs git + python3 if missing, clones the repo, creates a venv, installs all 84 plugins + 30 tools, and registers the cascavel global command. Zero manual steps.
<details> <summary><strong>π Alternative methods (git clone, Docker, manual)</strong></summary>[!TIP] No
curl? Usewget -qO- https://raw.githubusercontent.com/glferreira-devsecops/Cascavel/main/install.sh | bash
# Git clone
git clone https://github.com/glferreira-devsecops/Cascavel.git && cd Cascavel && bash install.sh
# Download tarball (no git needed)
curl -fsSL https://github.com/glferreira-devsecops/Cascavel/archive/main.tar.gz | tar xz && cd Cascavel-main && bash install.sh
# Docker (isolated)
docker run -it --rm python:3.12-slim bash -c "apt update && apt install -y git && git clone https://github.com/glferreira-devsecops/Cascavel.git /app && cd /app && bash install.sh"
# Manual
git clone https://github.com/glferreira-devsecops/Cascavel.git && cd Cascavel
python3 -m venv venv && source venv/bin/activate
pip install -r requirements.txt && python3 cascavel.py -t target.com
The installer v2.3.0 includes 15 security hardenings: trap cleanup, mktemp -d TOCTOU isolation, anti-symlink lock, SHA-256 requirements.txt integrity, CVE version enforcement (6 packages), umask 077, PATH prefix sanitization (rejects . and relative paths), container detection (Docker/Podman/LXC), WSL2 kernel detection, Python ssl module verification, stale venv recovery, chmod 700/600 on sensitive paths, GOPATH/GOBIN export validation, locale UTF-8 enforcement, and absolute paths for critical binaries.
ποΈ Architecture
cascavel.py (2800+ lines) report_generator.py (1400+ lines)
βββ ANSI Escape Sanitizer βββ _NumberedCanvas (two-pass "Page X of Y")
β βββ Blocks CSI/OSC/DCS injection βββ Diagonal "CONFIDENCIAL" watermark
βββ Preloader Engine βββ QR Code β rettecnologia.org
β βββ 5-stage cinematic boot βββ Widows/orphans paragraph control
βββ Plugin Orchestrator βββ Table splitOn + repeatRows=1
β βββ Dynamic load, SIGALRM timeout βββ Risk Matrix (5Γ5 heat map)
βββ Split-Screen Dashboard βββ 9 compliance frameworks
β βββ Rich Live (scan + intel panel) βββ 20-term security glossary
βββ External Tools Pipeline βββ Prioritized remediation summary
β βββ 30+ tools, shlex.quote() βββ SHA-256 document integrity
βββ Report Engine (PDF/MD/JSON)
βββ Signal Handler (async-signal-s
Related Skills
healthcheck
337.7kHost security hardening and risk-tolerance configuration for OpenClaw deployments
node-connect
337.7kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
prose
337.7kOpenProse VM skill pack. Activate on any `prose` command, .prose files, or OpenProse mentions; orchestrates multi-agent workflows.
claude-opus-4-5-migration
83.3kMigrate prompts and code from Claude Sonnet 4.0, Sonnet 4.5, or Opus 4.1 to Opus 4.5
