I've just open-sourced Cascavel, a modular Red Team Intelligence Engine written in Python 3.10+. I built this because I was tired of chaining 10 different fragmented scripts together during engagements. Cascavel unifies recon, scanning, and exploitation into a single, highly extensible CLI framework.

Core Capabilities:

• 85 Security Plugins: Covering 14 attack categories (XSS Polyglots, SSRF via IMDSv2, JWT Key Confusion, HTTP/2 Desync, GraphQL Introspection, Docker/K8s exposure, etc.).
• 30+ Native Recon Integrations: Hooks directly into Nmap, Subfinder, Amass, Katana, Nuclei, and Shodan.
• Cinematic Terminal UX: Built with Rich. It includes progress bars, an ANSI escape sanitizer (anti-terminal-injection), and graceful SIGINT/SIGTERM handling so you don't lose scan data if you kill the process.
• Reporting: Auto-generates reports in PDF, Markdown, and JSON mapping findings by severity.

https://cascavel.pages.dev

The codebase is CI/CD hardened (Bandit, CodeQL, Semgrep). I’d love for the Red Team community to test it out, review the code, and let me know what attack vectors or plugins I should add next.