Skip to content

WHAT IT DOES

One operator, offense and defense.

Riposte does not pick a side. The red side finds and proves a real opening; the blue side writes the rule that catches it next time. Here is what each hand does.

RED TEAM

Offense

Find the opening a person would, and prove it is real.

  • Recon

    Enumerate an authorized target and map its attack surface: hosts, ports, services, and the openings worth pressing.

  • Web

    Test web inputs for injection, auth bypass, and misconfiguration, then land the opening against a reference so the finding stands on evidence.

  • Cloud

    Walk a cloud footprint for exposed storage, over-broad policy, and roles that reach further than they should.

  • Credentials

    Check the surfaces you allow for weak, reused, and default credentials, on a short leash and never past scope.

Deny-by-default scope check before every action. Offense on a leash.

BLUE TEAM

Defense

Write the rule that catches the same opening next time.

  • SOC triage

    Read alerts and logs, cluster the noise, and surface what an analyst should look at first, with the reasoning attached.

  • SIEM rules

    Draft rules from real evidence, not from a loose prompt, and compile them to your own SIEM's query language.

  • Blue-team replay

    Replay the attack against an instrumented double to prove a rule fires, survives a variant, and stays quiet before it ships.

A drafted rule ships only if it clears every gate. Otherwise it is held.

pre-alpha . apache-2.0 . no telemetry . runs offline

Capabilities · Riposte