WHAT IT DOES
One operator, offense and defense.
Riposte does not pick a side. The red side finds and proves a real opening; the blue side writes the rule that catches it next time. Here is what each hand does.
Offense
Find the opening a person would, and prove it is real.
Recon
Enumerate an authorized target and map its attack surface: hosts, ports, services, and the openings worth pressing.
Web
Test web inputs for injection, auth bypass, and misconfiguration, then land the opening against a reference so the finding stands on evidence.
Cloud
Walk a cloud footprint for exposed storage, over-broad policy, and roles that reach further than they should.
Credentials
Check the surfaces you allow for weak, reused, and default credentials, on a short leash and never past scope.
Deny-by-default scope check before every action. Offense on a leash.
Defense
Write the rule that catches the same opening next time.
SOC triage
Read alerts and logs, cluster the noise, and surface what an analyst should look at first, with the reasoning attached.
SIEM rules
Draft rules from real evidence, not from a loose prompt, and compile them to your own SIEM's query language.
Blue-team replay
Replay the attack against an instrumented double to prove a rule fires, survives a variant, and stays quiet before it ships.
A drafted rule ships only if it clears every gate. Otherwise it is held.
pre-alpha . apache-2.0 . no telemetry . runs offline