Node-RED Integration
RTFMv2 provides deep integration with Node-RED, allowing you to create visual workflow automations for penetration testing. This integration enables you to build complex testing scenarios using a drag-and-drop interface.
Overview
The Node-RED integration consists of:
- WebSocket Communication: RTFMv2 Console ↔ Node-RED bidirectional messaging
- Custom Node-RED Nodes: Pre-built nodes for RTFMv2 commands
- Visual Workflow Editor: Drag-and-drop interface at http://localhost:1880
- Command Library: 1,100+ pre-configured penetration testing tools
Architecture
┌─────────────────────────────────────────────────────────────┐
│ Node-RED Flow │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ Inject │───>│ RTFMv2 │───>│ Debug │ │
│ │ Node │ │ Command │ │ Output │ │
│ └──────────┘ └──────────┘ └──────────┘ │
│ │ │
└────────────────────────┼────────────────────────────────────┘
│ WebSocket (ws://localhost:5000)
▼
┌─────────────────────────────────────────────────────────────┐
│ RTFMv2 Console (Node-RED Mode) │
│ - WebSocket Server (port 5000) │
│ - Node-RED Process Manager (port 1880) │
│ - Command Execution Engine │
└─────────────────────────────────────────────────────────────┘
Getting Started
Prerequisites
- Node.js installed (v14 or higher)
- Node-RED installed globally:
npm install -g node-red
- RTFMv2 Console (Commercial edition with WebSocket support)
Installation
Step 1: Install RTFMv2 Node-RED Package
Navigate to your Node-RED user directory and install the custom nodes:
Windows:
cd %USERPROFILE%\.node-red
npm install E:\RedTeam\RTFM_private\Frameworkv2.1\RTFMv2.Console\NodeRed
Linux:
cd ~/.node-red
npm install /path/to/RTFMv2.Console/NodeRed
Step 2: Start RTFMv2 in Node-RED Mode
RTFMv2.Console.exe nodered
This command will:
- ✓ Check if Node-RED is already running on port 1880
- ✓ Start Node-RED automatically if not running
- ✓ Start WebSocket server on port 5000
- ✓ Display Node-RED UI URL: http://localhost:1880
- ✓ Wait for incoming commands from Node-RED flows
Step 3: Access Node-RED Editor
Open your browser to:
http://localhost:1880
You should see the Node-RED visual editor with RTFMv2 nodes in the left palette.
Available Node-RED Nodes
1. RTFMv2 Linux Command
Execute Linux penetration testing tools from a dropdown list.
Node Color: Green (#228B22)
Configuration:
- Command: Select from 1,125+ Linux security tools
- Arguments: Provide arguments using template syntax
- Tag: Optional tracking identifier
- WebSocket URL: Default
ws://localhost:5000
Example Commands:
nmap- Network scannernikto- Web server scannerdirb- Directory brute-forcersqlmap- SQL injection toolmetasploit- Exploitation framework
Template Syntax:
target=192.168.1.1 port=80 user=admin
Variables like ${target} in the command template are replaced with provided values.
Example Flow:
[Inject] → [RTFMv2 Linux Command: nmap] → [Debug]
2. RTFMv2 Windows Command
Execute Windows penetration testing tools from a dropdown list.
Node Color: Orange-red (#FF4500)
Configuration:
- Command: Select from 108+ Windows security tools
- Arguments: Provide arguments using template syntax
- Tag: Optional tracking identifier
- WebSocket URL: Default
ws://localhost:5000
Example Commands:
- PowerShell scripts
- Windows-specific exploit tools
- Active Directory enumeration tools
3. RTFMv2 Custom Command
Execute arbitrary RTFMv2 CLI commands.
Configuration:
- Command: Full RTFMv2 command string
- Tag: Optional tracking identifier
- WebSocket URL: Default
ws://localhost:5000
Examples:
run --custom 'nmap -sV 192.168.1.1'
template nikto --ip 192.168.1.100
list --session
Example Flow:
[Inject] → [Custom Command] → [Function] → [Debug]
4. RTFMv2 Create Session
Create a new RTFMv2 penetration testing session.
Outputs:
- Output 1 (top): Success path
- Output 2 (bottom): Failure path
Configuration:
- Session Name: Name for the session
- Host/Target: IP, IP range (CIDR), or domain
- Password: Encryption password for session database
- WebSocket URL: Default
ws://localhost:5000
Example:
Session Name: WebApp2024
Host: 192.168.1.0/24
Password: SecurePass123
Example Flow:
┌─> [Debug: Success]
[Inject] → [Create Session]
└─> [Debug: Failure]
5. RTFMv2 Load Session
Load an existing RTFMv2 session from disk.
Outputs:
- Output 1 (top): Success path
- Output 2 (bottom): Failure path
Configuration:
- Session Directory: Path to session directory
- Password: Decryption password for session database
- WebSocket URL: Default
ws://localhost:5000
Example:
Session Directory: ./PenTest2024
Password: SecurePass123
Example Flow:
┌─> [Scan Commands]
[Inject] → [Load Session]
└─> [Error Handler]
6. Instruction Payload
Generic instruction builder for advanced use cases.
Configuration:
- Instruction Type: CLI, Client, Server, Mobile (currently CLI only)
- Command: Command name
- Arguments: Array of command arguments
- Tag: Tracking identifier
Use Case: Building custom message payloads for future instruction types.
Creating Flows
Example 1: Simple Port Scan
┌─────────┐ ┌──────────────────┐ ┌────────┐
│ Inject │───>│ Linux Command: │───>│ Debug │
│ (Click) │ │ nmap │ │ │
└─────────┘ └──────────────────┘ └────────┘
Steps:
- Drag an Inject node to the canvas
- Drag an RTFMv2 Linux Command node
- Configure the command node:
- Command:
nmap - Arguments:
target=192.168.1.1 flags=-sV - Drag a Debug node
- Connect: Inject → Linux Command → Debug
- Deploy the flow
- Click the inject button
- View results in the Debug panel
Example 2: Session Creation and Scanning
┌─────────┐ ┌─────────────────┐
│ Inject │───>│ Create Session │
└─────────┘ └────────┬────────┘
│ success
▼
┌─────────────────┐ ┌────────┐
│ Linux Command: │───>│ Debug │
│ nmap │ │ │
└─────────────────┘ └────────┘
Steps:
- Create Session node with session details
- Connect success output to scanning node
- Run scan only if session creation succeeds
Example 3: Multi-Stage Reconnaissance
┌─────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌────────┐
│ Inject │───>│ Create │───>│ Nmap │───>│ Nikto │───>│ Debug │
│ │ │ Session │ │ Scan │ │ Scan │ │ │
└─────────┘ └──────────┘ └──────────┘ └──────────┘ └────────┘
│
▼
┌──────────┐
│ Function │─> Parse IPs
└──────────┘
Flow Description:
- Create a new session
- Run Nmap port scan
- Parse Nmap results with a Function node
- Run Nikto web scan on discovered web servers
- Log all results
Example 4: Conditional Workflow
┌─────────┐ ┌──────────┐ ┌──────────┐
│ Inject │───>│ Port │───>│ Switch │
└─────────┘ │ Scan │ │ (80 open)│
└──────────┘ └─────┬────┘
│ if port 80
▼
┌──────────┐ ┌────────┐
│ Web │───>│ Debug │
│ Scan │ │ │
└──────────┘ └────────┘
Flow Description:
- Scan for open ports
- Use a Switch node to check if port 80 is open
- If open, run web vulnerability scan
- Otherwise, skip web scanning
WebSocket Communication
Message Format
Request (Node-RED → RTFMv2):
{
"instructionType": "CLI",
"Payload": {
"Command": "run",
"Args": ["--custom", "nmap -sV 192.168.1.1"],
"Tag": "scan-001"
},
"MessageId": "unique-message-id-12345"
}
Response (RTFMv2 → Node-RED):
{
"command": "run --custom 'nmap -sV 192.168.1.1'",
"tag": "scan-001",
"success": true,
"output": "Starting Nmap 7.94...\n...",
"messageId": "unique-message-id-12345"
}
Response Routing
Responses are routed back to the originating node using:
- MessageId (preferred): Unique ID for callback-based routing
- NodeId (fallback): If MessageId matching fails
Advanced Use Cases
Scheduled Scanning
Use Node-RED's Inject node with cron syntax:
┌─────────────────┐ ┌──────────┐
│ Inject │───>│ Nmap │
│ (Every day at │ │ Scan │
│ 2:00 AM) │ │ │
└─────────────────┘ └──────────┘
Configuration:
- Set inject node to repeat:
at a specific time - Time:
02:00
Data Transformation
Use Function nodes to parse and transform command output:
// Function node: Parse Nmap output for open ports
var output = msg.payload.output;
var openPorts = [];
var lines = output.split('\n');
for (var i = 0; i < lines.length; i++) {
if (lines[i].includes('/tcp') && lines[i].includes('open')) {
var port = lines[i].split('/')[0].trim();
openPorts.push(port);
}
}
msg.payload = {
target: msg.target,
openPorts: openPorts
};
return msg;
External Integrations
Send results to external systems:
┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐
│ RTFMv2 │───>│ Function │───>│ HTTP │───>│ Slack │
│ Command │ │ (parse) │ │ Request │ │ Notify │
└──────────┘ └──────────┘ └──────────┘ └──────────┘
Integrations:
- Slack notifications
- Email alerts
- Database storage (PostgreSQL, MongoDB)
- Webhook triggers
- MQTT messaging
Command Library
Linux Tools (1,125+ commands)
The tools.json file contains pre-configured commands for:
- Network Scanning: nmap, masscan, zmap
- Web Testing: nikto, dirb, gobuster, sqlmap
- Exploitation: metasploit, exploit-db tools
- Password Attacks: hydra, john, hashcat
- Wireless: aircrack-ng, reaver, wifite
- Forensics: volatility, autopsy, sleuthkit
- And many more...
Windows Tools (108+ commands)
The tools_win.json file contains pre-configured commands for:
- PowerShell exploitation scripts
- Active Directory enumeration
- Windows privilege escalation
- Credential dumping
- And more...
Command Template Variables
Commands support variable substitution:
{
"name": "nmap",
"cmd": "nmap ${flags} ${target}",
"desc": "Network scanner",
"example": "nmap -sV 192.168.1.1"
}
In the node, provide arguments:
flags=-sV target=192.168.1.1
Result:
nmap -sV 192.168.1.1
Troubleshooting
WebSocket Connection Failed
Problem: Node cannot connect to ws://localhost:5000
Solutions:
- Ensure RTFMv2 Console is running in Node-RED mode:
bash RTFMv2.Console.exe nodered - Check if port 5000 is already in use
- Verify firewall settings allow WebSocket connections
Node-RED Not Starting
Problem: Node-RED doesn't start automatically
Solutions:
- Install Node-RED manually:
bash npm install -g node-red - Start Node-RED separately:
bash node-red - Then start RTFMv2 Console in Node-RED mode
Command Returns Empty Output
Problem: Commands execute but return no output
Solutions: 1. Check that the command exists on your system 2. Verify command syntax in RTFMv2 CLI first 3. Check the Debug panel for error messages 4. Ensure session is loaded (if required by command)
Custom Nodes Not Appearing
Problem: RTFMv2 nodes don't appear in the Node-RED palette
Solutions:
1. Restart Node-RED after installing the package
2. Check installation path:
bash
cd ~/.node-red
npm list node-red-contrib-rtfmv2
3. Reinstall the package:
bash
cd ~/.node-red
npm install /path/to/RTFMv2.Console/NodeRed
Updating RTFMv2 Node-RED Package
When RTFMv2 nodes are updated, run the update script:
Windows:
E:\RedTeam\RTFM_private\Frameworkv2.1\Scripts\update-nodered.ps1
This script:
- Uninstalls old version from
~/.node-red - Reinstalls from local package directory
- Restarts Node-RED (if running)
Security Considerations
Password Handling
- Passwords in session nodes use
type="password"for masking - Console output automatically filters
--passvalues - Avoid hardcoding passwords in flows
Network Exposure
- WebSocket server binds to
0.0.0.0:5000(all interfaces) - Consider firewall rules for production use
- Use HTTPS/WSS for remote deployments
Command Injection
- Node-RED nodes perform basic sanitization
- Avoid user-controlled input in command templates
- Validate and sanitize data in Function nodes
Best Practices
1. Use Session Management
Always create or load a session before running commands
2. Handle Errors Gracefully
Connect failure outputs to error handling nodes
3. Tag Your Commands
Use the Tag field to track related commands
4. Parse Output in Function Nodes
// Extract useful data from raw output
var output = msg.payload.output;
var results = parseOutput(output);
msg.payload = results;
return msg;
5. Log Important Events
Use Debug nodes to track workflow execution
6. Modularize Flows
Create subflows for reusable operations
Example: Complete Penetration Testing Workflow
┌─────────────┐
│ START │
│ (Inject) │
└──────┬──────┘
│
▼
┌─────────────┐
│ Create │
│ Session │
└──────┬──────┘
│ success
▼
┌─────────────┐ ┌──────────────┐
│ Network │───>│ Function │
│ Scan │ │ (Parse IPs) │
└─────────────┘ └──────┬───────┘
│
▼
┌──────────────┐
│ For Each IP │
└──────┬───────┘
│
▼
┌──────────────┐
│ Port Scan │
└──────┬───────┘
│
▼
┌──────────────┐
│ Switch │
│ (Port 80?) │
└──────┬───────┘
│ yes
▼
┌──────────────┐
│ Web Vuln │
│ Scan │
└──────┬───────┘
│
▼
┌──────────────┐
│ Results │
│ Aggregator │
└──────┬───────┘
│
▼
┌──────────────┐
│ Send Email │
│ Report │
└──────────────┘
Next Steps
- Review Console Commands for available CLI commands
- Learn Lua Scripting to extend functionality
- Return to Console Overview
Additional Resources
- Node-RED Documentation: https://nodered.org/docs/
- RTFMv2 Package:
node-red-contrib-rtfmv2(v1.3.0) - Example Flows: Coming soon to the RTFMv2 repository
Commercial Edition Only: Node-RED integration with WebSocket server is only available in the commercial edition of RTFMv2.