Reaper: Open-source reconnaissance and attack proxy workflow automation

Reaper is an open-source reconnaissance and attack proxy, built to be a modern, lightweight, and efficient equivalent to Burp Suite/ZAP. It focuses on automation, collaboration, and building universally distributable workflows.

reaper open-source

Reaper is a work in progress, but it’s already capable of much. Here’s a quick overview of some things you can do:

  • Intercept and modify HTTP requests and responses
  • Save and categorize HTTP requests/responses for later examination/reuse
  • Manage multiple projects and project-specific settings using workspaces
  • Incrementally craft workflows to attack web applications using our unique GUI
  • Automate simple tasks like fuzzing, brute-forcing etc.
  • Perform automated attacks against web applications
  • Create, share, and collaborate on custom workflows to automate your testing

“I love tools like Burp and ZAP but often struggle with creating workflows. Sharing sequences of events with colleagues or when reporting bugs has always been a struggle, and demonstrating a complicated process with a huge Python script always lacks a visual element – especially when a shared script fails, and somebody is left struggling to reproduce a bug I’ve found. Reaper is an attempt at making it easy to share exploits and bug reproductions and make exploits easier to understand generally using a visual reference,” Liam Galvin, Senior Software Engineer at Ghost Security and lead developer for Reaper, told Help Net Security.

“Some of the things we’re aiming at next are an improved UI, adding a plugin architecture so anybody can add their functionality, and adding a built-in searchable database of exploits that can be contributed to by the community – these can then be run simply by searching, setting a few key parameters like IP address, and clicking a button,” Galvin concluded.

Reaper is available for download on GitHub.

Must read:

Don't miss