RedC — Red Team Infrastructure Multi-Cloud Automated Deployment

RedC is an open-source red team infrastructure multi-cloud automated deployment tool. It uses Terraform under the hood to manage cloud resources across 6+ cloud providers.

GitHub: https://github.com/wgpsec/redc
Template Registry: https://redc.wgpsec.org

Security & Credentials

Credential Model

RedC reads cloud provider credentials from environment variables or a local config.yaml file managed by the redc CLI. Credentials are only passed to Terraform, which communicates directly with cloud provider APIs over HTTPS. No credentials are sent to the redc project, the template registry, or any third-party service.

The metadata declares ALICLOUD_ACCESS_KEY and ALICLOUD_SECRET_KEY as the example required env vars because Alibaba Cloud is the most commonly used provider. However, you should substitute these with the credentials for whichever single provider you actually use. The full list of provider-specific env vars that RedC/Terraform may read:

Provider	Environment Variables	Notes
Alibaba Cloud	INLINECODE3, ALICLOUD_SECRET_KEY, INLINECODE5	Declared in metadata
AWS

AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_DEFAULT_REGION | Set only if using AWS |
| Tencent Cloud | TENCENTCLOUD_SECRET_ID, TENCENTCLOUD_SECRET_KEY | Set only if using Tencent |
| Volcengine | VOLCENGINE_ACCESS_KEY, VOLCENGINE_SECRET_KEY | Set only if using Volcengine |
| Huawei Cloud | HW_ACCESS_KEY, HW_SECRET_KEY | Set only if using Huawei |
| Azure | ARM_CLIENT_ID, ARM_CLIENT_SECRET, ARM_TENANT_ID, ARM_SUBSCRIPTION_ID | Set only if using Azure |

You do NOT need to set all of these. Only configure the env vars for the single provider you intend to deploy to. RedC will not attempt to read or use credentials for providers you are not deploying to.

Credential Best Practices

• - Use scoped, short-lived credentials with minimal permissions (e.g., only ECS/EC2 create/delete, no IAM/billing access).
• Test in isolated/throwaway cloud accounts to avoid impacting production resources.
• Do NOT paste long-lived root/owner keys into chat — configure them via redc CLI or environment variables before using this skill.
• Prefer scoped IAM roles or temporary security tokens (e.g., AWS STS AssumeRole) over static AK/SK pairs.

Binary Verification

• - Download redc only from official GitHub releases: https://github.com/wgpsec/redc/releases — verify SHA256 checksums listed in each release.
• Download terraform only from HashiCorp: https://developer.hashicorp.com/terraform/downloads — verify PGP signatures.

Template Safety — IMPORTANT

Templates define the actual cloud infrastructure that will be created. They may contain:

• - remote-exec provisioners that run arbitrary scripts on created instances
• INLINECODE23 / cloud-init scripts that execute on instance boot
• Security group rules that open network ports (e.g., 0.0.0.0/0 ingress)
• INLINECODE25 provisioners that run commands on your local machine

Before applying any template, you MUST:

1. 1. Inspect the template source — Run get_template_info to view the template's main.tf, variables.tf, and other files. Read them to understand what resources will be created.
2. Use plan_case first — This runs terraform plan to show a preview of all resources that will be created, modified, or destroyed. Review the plan output before proceeding to start_case.
3. Audit registry templates — The official template repository is fully open-source at https://github.com/wgpsec/redc-template. Compare pulled templates against the source to ensure they have not been tampered with.
4. Do NOT blindly apply — Never run start_case without first reviewing the plan. This skill will always use plan_case before start_case to give you a chance to review.

MCP Server Exposure

• - The built-in MCP server defaults to stdio transport (local only, no network exposure).
• The sse mode binds to a configurable address — always restrict it to 127.0.0.1 and do not expose it to untrusted networks.

When to Use This Skill

Use this skill when the user wants to:

• - Deploy cloud infrastructure (ECS, EC2, CVM, proxy pools, C2 servers, etc.)
• Manage running cloud instances (start, stop, destroy)
• Execute commands on remote servers via SSH
• Check cloud account balances and billing
• Estimate deployment costs
• Schedule automated start/stop for cloud resources
• Manage multi-cloud provider profiles and credentials
• Use redc-compose for multi-service orchestrated deployments

Supported Cloud Providers

Provider	Template Prefix	Description
Alibaba Cloud (阿里云)	INLINECODE38	ECS, proxy, VPC, etc.
AWS

aws/ | EC2, proxy, etc. | | Tencent Cloud (腾讯云) | tencent/ | CVM, lighthouse, etc. | | Volcengine (火山引擎) | volcengine/ | ECS, etc. | | Huawei Cloud (华为云) | huaweicloud/ | ECS, etc. | | Azure | azure/ | VM, etc. |

Architecture

RedC has two modes:

1. 1. CLI mode (redc binary) — command-line operations
2. GUI mode (redc-gui) — desktop application with built-in MCP server

The MCP server exposes all tools below. It can run in stdio or sse mode.

---

Tools

1. list_templates

List all available redc templates/images installed locally.

Command:
CODEBLOCK0

MCP Tool: INLINECODE48

Returns template names, descriptions, versions, and supported providers.

---

2. search_templates

Search for templates in the official registry by keywords.

Command:
CODEBLOCK1

MCP Tool: search_templates

• - query (string, required): Search query (e.g., "aliyun", "proxy", "ecs")
• INLINECODE51 (string, optional): Registry base URL (default: https://redc.wgpsec.org)

---

3. pull_template

Download a template from the registry.

Command:
CODEBLOCK2

MCP Tool: pull_template

• - template_name (string, required): Template name (e.g., "aliyun/ecs" or "aliyun/ecs:1.0.1")
• INLINECODE54 (string, optional): Registry base URL
• INLINECODE55 (boolean, optional): Force re-download even if template exists

---

4. list_cases

List all cases (scenes/deployments) in the current project with their status.

Command:
CODEBLOCK3

MCP Tool: INLINECODE56

Returns case ID, name, status (created/running/stopped/error/terminated), template type, and creation time.

Status values:

• - created — case planned but not yet applied
• INLINECODE58 — infrastructure is live
• INLINECODE59 — infrastructure destroyed, state preserved
• INLINECODE60 — deployment failed
• INLINECODE61 — spot instance was reclaimed

---

5. plan_case

Plan a new case from a template (preview resources without creating them).

Command:
CODEBLOCK4

MCP Tool: plan_case

• - template_name (string, required): Template name (e.g., "aliyun/ecs")
• INLINECODE64 (string, optional): Case name (auto-generated if not provided)
• INLINECODE65 (string, optional): Environment variables for the template

---

6. start_case

Start (apply) a case — creates the cloud infrastructure.

Command:
CODEBLOCK5

MCP Tool: start_case

• - case_id (string, required): Case ID to start

---

7. stop_case

Stop (destroy) a case — tears down the cloud infrastructure.

Command:
CODEBLOCK6

MCP Tool: stop_case

• - case_id (string, required): Case ID to stop

---

8. kill_case

Remove a case completely (destroy infrastructure + delete all local state).

Command:
CODEBLOCK7

MCP Tool: kill_case

• - case_id (string, required): Case ID to remove

---

9. getcasestatus

Get detailed status of a specific case.

MCP Tool: get_case_status

• - case_id (string, required): Case ID to check

---

10. getcaseoutputs

Get terraform outputs for a case (IP addresses, passwords, instance IDs, etc.).

MCP Tool: get_case_outputs

• - case_id (string, required): Case ID to get outputs

---

11. exec_command

Execute a command on a remote server via SSH.

MCP Tool: exec_command

• - case_id (string, required): Case ID
• INLINECODE78 (string, required): Shell command to execute

---

12. getsshinfo

Get SSH connection information for a case (host, port, user, password/key).

MCP Tool: get_ssh_info

• - case_id (string, required): Case ID

---

13. upload_file

Upload a local file to a remote case server via SCP/SFTP.

MCP Tool: upload_file

• - case_id (string, required): Case ID
• INLINECODE83 (string, required): Local file path
• INLINECODE84 (string, required): Remote destination path

---

14. download_file

Download a file from a remote case server to local machine.

MCP Tool: download_file

• - case_id (string, required): Case ID
• INLINECODE87 (string, required): Remote file path
• INLINECODE88 (string, required): Local destination path

---

15. gettemplateinfo

Get detailed information about a locally installed template (metadata, variables, files).

MCP Tool: get_template_info

• - template_name (string, required): Template name (e.g., "aliyun/ecs")

---

16. delete_template

Delete a locally installed template.

MCP Tool: delete_template

• - template_name (string, required): Template name to delete

---

17. get_config

Get current redc configuration (project path, proxy settings, etc.).

MCP Tool: get_config

---

18. validate_config

Validate cloud provider configuration (check if credentials, region, instance type are valid).

MCP Tool: validate_config

• - provider (string, required): Cloud provider name (e.g., "aliyun", "aws", "tencentcloud")
• INLINECODE96 (string, optional): Region ID (e.g., "cn-hangzhou")
• INLINECODE97 (string, optional): Instance type (e.g., "ecs.t6-c1m1.large")

---

19. getcostestimate

Estimate deployment cost for a template (hourly and monthly cost breakdown by resource).

MCP Tool: get_cost_estimate

• - template_name (string, required): Template name

---

20. get_balances

Query cloud account balances for configured providers.

MCP Tool: get_balances

• - providers (string, optional): Comma-separated provider names (e.g., "aliyun,aws"). Empty = all providers.

---

21. getresourcesummary

Get a summary of cloud resources across all configured providers (instance counts, running status, etc.).

MCP Tool: get_resource_summary

---

22. getpredictedmonthly_cost

Get predicted total monthly cost based on currently running resources.

MCP Tool: get_predicted_monthly_cost

---

23. get_bills

Get cloud billing information for configured providers.

MCP Tool: get_bills

• - providers (string, optional): Comma-separated provider names. Empty = all.

---

24. gettotalruntime

Get total runtime of all running cases.

MCP Tool: get_total_runtime

---

25. compose_preview

Preview a redc-compose deployment: list services, dependencies, providers, and replicas without deploying.

MCP Tool: compose_preview

• - file (string, optional): Compose file path (default: redc-compose.yaml)
• INLINECODE109 (string, optional): Comma-separated profiles (e.g., "prod,attack")

---

26. compose_up

Start a redc-compose deployment (deploys all services in dependency order).

MCP Tool: compose_up

• - file (string, optional): Compose file path
• INLINECODE112 (string, optional): Comma-separated profiles

---

27. compose_down

Destroy a redc-compose deployment (destroys all services in reverse dependency order).

MCP Tool: compose_down

• - file (string, optional): Compose file path
• INLINECODE115 (string, optional): Comma-separated profiles

---

28. list_deployments

List all custom deployments in the current project.

MCP Tool: list_deployments

---

29. start_deployment

Start a custom deployment by ID.

MCP Tool: start_deployment

• - deployment_id (string, required): Custom deployment ID

---

30. stop_deployment

Stop a custom deployment by ID.

MCP Tool: stop_deployment

• - deployment_id (string, required): Custom deployment ID

---

31. list_projects

List all redc projects.

MCP Tool: list_projects

---

32. switch_project

Switch to a different redc project.

MCP Tool: switch_project

• - project_name (string, required): Project name to switch to

---

33. list_profiles

List all cloud provider profiles (credential sets).

MCP Tool: list_profiles

---

34. getactiveprofile

Get the currently active cloud provider profile.

MCP Tool: get_active_profile

---

35. setactiveprofile

Switch the active cloud provider profile.

MCP Tool: set_active_profile

• - profile_id (string, required): Profile ID to activate

---

36. schedule_task

Schedule a future task for a case (start or stop at a specific time).

MCP Tool: schedule_task

• - case_id (string, required): Case ID
• INLINECODE130 (string, required): Case name
• INLINECODE131 (string, required): Action to perform ("start" or "stop")
• INLINECODE132 (string, required): Time in RFC3339 format (e.g., "2025-01-15T10:30:00Z")

---

37. listscheduledtasks

List all pending scheduled tasks.

MCP Tool: list_scheduled_tasks

---

38. cancelscheduledtask

Cancel a pending scheduled task.

MCP Tool: cancel_scheduled_task

• - task_id (string, required): Task ID to cancel

---

Common Workflows

Deploy a proxy pool

CODEBLOCK8

Check running infrastructure

CODEBLOCK9

Orchestrated multi-service deployment

CODEBLOCK10

CODEBLOCK11

Summary

Action	CLI Command	MCP Tool
List templates	INLINECODE136	INLINECODE137
Search registry

redc search <q> | search_templates | | Pull template | redc pull <name> | pull_template | | List cases | redc ps | list_cases | | Plan case | redc plan <tmpl> | plan_case | | Start case | redc up <id> | start_case | | Stop case | redc down <id> | stop_case | | Remove case | redc rm <id> | kill_case | | Get outputs | redc output <id> | get_case_outputs | | SSH exec | — | exec_command | | Cost estimate | — | get_cost_estimate | | Account balance | — | get_balances | | Compose up | redc compose up | compose_up | | Compose down | redc compose down | compose_down | | Schedule task | — | schedule_task |