README
¶
Reaper
Reaper by Ghost Security is a modern, lightweight, and deadly effective open-source application security testing framework—engineered by humans and primed for AI. Reaper slashes through the complexities of app security testing, bringing together reconnaissance, request proxying, request tampering/replay, active testing, vulnerability validation, live collaboration, and reporting into a killer workflow. When paired with an AI Agent, Reaper reaps even greater rewards, transforming into a powerful engine that slays application vulnerabilities with precision and efficiency.
âš This project is undergoing rapid development and may change significantly in the near future.
👻 About
Reaper was created to give appsec analysts, pentesters, and bug bounty hunters a single, razor-sharp tool that brings together every phase of application security testing into one efficient workflow. It slashes through the manual, time-intensive steps required to uncover application vulnerabilities, exorcising the lingering demons of application security with precision.
While existing tools like Burp Suite, Zap, Subfinder, and Katana tackle individual stages of the testing lifecycle well, Reaper wields a scythe where others use scissors, stitching the entire process back together with cutting-edge technology.
Built for orchestration by both humans and AI, Reaper transforms appsec testing into a streamlined, high-speed process. LLM-powered AI Agents step in as tireless team members, mowing through tedious tasks that would take hours for a human analyst, in mere seconds. Picture having a teammate who never sleeps, understands the depths of application security, and works at lightning speed, assisting with test parameter tuning, data analysis, findings summaries, and reporting 🤤.
Project Goals
- A modern, lightweight, and extensible framework for application security testing
- Usable by humans and AI Agents alike
- A platform for running autonomous workflows
- Easy to maintain and extend
- Help avoid application security engineer burn-out with helpful automation
💿 Getting Started
Follow the installation and getting started guide for getting Reaper up and running on your machine.
Contributing
First, thank you for taking the time to check out Reaper! Our primary goal is to get as many folks using it and to drive a roadmap based on your feedback. If you have a great idea for an enhancement or you have encountered a bug, we'd greatly appreciate a well-formed Issue in this repo so we can triage and prioritize accordingly.
Reaper is distributed under the Apache 2.0 License. All Reaper contributors and community members must adhere to the Code of Conduct
Acknowledgments
Here are a list of projects we want to acknowledge:
- ProjectDiscovery - produces a suite of open source tools tailored for offensive security: security engineers, bug bounty hunters, and red teamers. The creators of subfinder, katana, nuclei, and many other great tools.
Directories