RedLab provides verified security professionals with API-driven red team tooling. Deploy on your own VPS. Run authorized campaigns. Report real risk.
Three steps from access approval to running your first authorized campaign.
Submit your ID, company credentials, and engagement documentation. Our team reviews each application manually within 24–48 hours.
Install the RedLab agent on your VPS with a single command. Configure your API key, Telegram, and domain in config.py.
Create campaigns via the dashboard or API. Our engines run on RedLab infrastructure — your VPS handles delivery and customization.
Purpose-built for authorized red team engagements. Each tool is scoped, logged, and tied to your verified identity.
OAuth-aware phishing simulations targeting M365 environments. Device code flow and consent phishing awareness training.
Coming soonBulk phishing simulation mailer with tracking pixels, link click analytics, and full delivery reporting per engagement.
Coming soonMulti-platform credential awareness testing. Simulates common credential stuffing attack vectors against authorized targets.
Coming soonEvery tool is accessible via a clean REST API. Your VPS agent handles delivery — RedLab handles the engine. Zero complex setup.
# RedLab Agent — config.py REDLAB_API_URL = "https://api.redlab.io/v1" REDLAB_API_KEY = "rl_your_key_here" TELEGRAM_BOT_TOKEN = "your_bot_token" TELEGRAM_CHAT_ID = "your_chat_id" DOMAIN = "yoursite.com" CF_API_TOKEN = "your_cf_token" CF_ZONE_ID = "your_zone_id"
RedLab is not a public service. Every operator is verified before receiving access. We require government-issued ID, company documentation, and signed engagement authorization before any tool is enabled.