Quickstart

First engagement in 5 minutes.

1. Initialize

Generate an engagement config:

br init --template network

This creates blackrainbow.yaml in your current directory.

2. Configure

Open blackrainbow.yaml and set your target:

target:
  type: network-service
  host: 192.168.1.100
  label: target-env
  scope:
    networks:
      - 192.168.1.0/24
    exclude:
      - 192.168.1.1

engagement:
  purpose: |
    Security assessment of target host.
    Identify exposed services and vulnerabilities.
  rules:
    - No denial of service
    - No data destruction
    - Stay within defined scope
  operator: your-name

plugins:
  - recon

output:
  report: ./reports/
  capture: ./captures/
  format: markdown

Replace 192.168.1.100 with your actual target. Replace your-name with your operator handle.

3. Preview

See what BlackRainbow will do before running it:

br run --dry-run

BlackRainbow
  Target:  192.168.1.100 (network-service)
  Plugins: recon
  Mode:    DRY RUN

  Plugin: recon
    Generated 3 sequences
    DRY RUN: Full TCP port scan of 192.168.1.100
      nmap -sC -sV -p- 192.168.1.100
    DRY RUN: Top ports scan of 192.168.1.100
      nmap -sC -sV 192.168.1.100
    DRY RUN: Vulnerability scan of 192.168.1.100
      nmap --script vuln 192.168.1.100

Engagement complete.
  Sequences: 3
  Passed:    0
  Failed:    0

Dry run generates and transforms sequences but does not execute them. Use it to review the attack plan before committing.

4. Run

Execute the engagement:

br run

BlackRainbow
  Target:  192.168.1.100 (network-service)
  Plugins: recon

  Connecting to 192.168.1.100...

  Plugin: recon
    Generated 3 sequences
    Executing: Full TCP port scan of 192.168.1.100
      [1/1] nmap ...
      OK (42.1s)
      PASS score=0.50: Recon successful: 4 services, 0 vulns
    Executing: Top ports scan of 192.168.1.100
      [1/1] nmap ...
      OK (11.3s)
      PASS score=0.50: Recon successful: 4 services, 0 vulns
    Executing: Vulnerability scan of 192.168.1.100
      [1/1] nmap ...
      OK (67.8s)
      PASS score=1.00: Recon successful: 4 services, 1 vulns

Engagement complete.
  Sequences: 3
  Passed:    3
  Failed:    0

5. Report

Generate the engagement report:

br report

Reports land in ./reports/ by default. Each report includes:

Executive summary
Findings with severity ratings
Raw evidence and artifacts
Remediation guidance
MITRE ATT&CK technique mapping

What Happened

BlackRainbow ran the recon plugin, which generated three scanning phases (full port scan, quick scan, vulnerability scan). Each phase executed against your target, and the plugin graded the results: services found, vulnerabilities identified, evidence collected.

The grading results feed into the engagement context. If you add more plugins (credential attacks, web exploitation), they will see what recon discovered and generate targeted sequences.

Add More Plugins

Expand the config to chain recon into credential testing:

plugins:
  - recon
  - credential-access

Run again. The credential plugin reads the discovered services from recon and generates password attacks against those specific services.

Next Steps

Configuration Reference -- every config field explained
Kill Chains -- multi-stage engagement sequences
CLI Reference -- all commands and flags

1. Initialize​

2. Configure​

3. Preview​

4. Run​

5. Report​

What Happened​

Add More Plugins​

Next Steps​