Mlab.sh Mlab.sh
v1.9.2
Platform
Free Tools Blog Glossary Ecosystem Pricing Developer API MCP Integration Academy
Cheat Sheets
Regex HTTP Status Codes Network Ports ASCII Table CIDR / Subnets MIME Types HTML Entities
Learn
MD5 vs SHA-256 YARA vs Sigma SIEM vs SOAR Base64 vs Hex
Support
Help Center Partners
Terms · Privacy · Sales
tprm.mlab.sh
Third-party risk management
Pricing · Docs · Changelog
policy.mlab.sh SOON
Security policy management
pra.mlab.sh SOON
Business continuity & recovery
aware.mlab.sh SOON
Phishing simulation & awareness
ir.mlab.sh
Self-hosted incident response
Pricing · Docs · Changelog
siem.mlab.sh SOON
Log correlation & alerting
intel.mlab.sh SOON
Threat intel feeds & IOC enrichment
hunt.mlab.sh SOON
Threat hunting with Sigma & YARA
vuln.mlab.sh
Attack surface & CVE tracking
sandbox.mlab.sh SOON
Malware analysis & sandboxing
watch.mlab.sh SOON
Dark web monitoring
Deception & Endpoint
honey.mlab.sh SOON
Honeypots & canary tokens
edr.mlab.sh SOON
Endpoint detection & response
Sign up
Navigation
Terms Privacy Contact
RedKit · Infrastructure Scanner

Advanced Security Scanning

RedKit is mlab's infrastructure scanning engine. It lets you run targeted security assessments on domains you own, combining reconnaissance, vulnerability detection and compliance checks in a single configurable scan.

RedKit requires domain ownership verification before scanning. You must add a DNS TXT record to prove you control the target domain.

1

What is RedKit

RedKit is an automated security scanner that runs a suite of modular checks against your web infrastructure. Unlike standard domain scans, RedKit performs deep, active testing with configurable modules across three categories:

  • Recon — passive and active discovery (subdomains, ports, technologies, DNS, WAF detection)
  • Vulnerability — active testing for common web vulnerabilities (SQLi, XSS, SSRF, open redirects, etc.)
  • Compliance — verification of security best practices (CSP, DNSSEC, TLS ciphers, cookie flags, etc.)

Each scan produces a detailed report with findings categorized by severity, exportable as a PDF document.

2

Domain verification

Before scanning, you must prove ownership of the target domain by adding a DNS TXT record. This prevents unauthorized scanning of third-party infrastructure.

  • Go to Account → Infrastructure
  • Enter the domain you want to scan
  • Add the provided TXT record to your domain's DNS configuration
  • Click verify — once confirmed, the domain appears in your RedKit dashboard

Verified domains persist across scans. You only need to verify a domain once.

3

Scan modules

RedKit ships with 24 modules across three categories. You can enable or disable individual modules before each scan.

Recon (8 modules)
HTTP Headers
Subdomains
Port Scan
Tech Detect
WHOIS
DNS Records
WAF Detection
Crawl
Vulnerability (16 modules)
SSL/TLS
CORS
SQL Injection
XSS
Directory Scan
CVE Detection
Open Redirect
SSRF
LFI
Clickjacking
HTTP Methods
Host Header
CRLF Injection
WebSocket
JWT Analysis
GraphQL
Compliance (8 modules)
Cookies
CSP Policy
DNSSEC
Email (SPF/DKIM/DMARC)
TLS Ciphers
CAA Records
SRI
Mixed Content
4

Running a scan

Once your domain is verified, you can launch a scan from the RedKit dashboard:

  • Select the verified domain you want to scan
  • Optionally specify a subdomain target (e.g. www, api)
  • Enable or disable individual modules in each category
  • Click Launch scan

Scans run asynchronously. You can close the page and come back later — the results page auto-refreshes every 30 seconds until the scan completes.

Scan quotas depend on your plan: Free (1 lifetime), Pro (5/month), Team (20/month), Enterprise (unlimited).

5

Results & reports

When a scan completes, findings are presented as individual cards grouped by module. Each finding includes a severity level:

Critical High Medium Low Info

Each finding card shows the module name, a description of the issue, and evidence data when available.

  • A severity summary bar at the top provides a quick overview
  • The full scan history is available at RedKit → History
  • Click Export PDF to generate a printable report with cover page, severity breakdown and detailed findings

Quotas & plans

RedKit scans consume quota based on your subscription plan. The remaining quota is displayed on the scan configuration page before launch.

  • Free — 1 scan (lifetime)
  • Pro — 5 scans per month
  • Team — 20 scans per month
  • Enterprise — Unlimited

Visit Pricing for full plan details.