It finds the opening.
The operator enumerates an authorized target, tests each input like a person would, and presses the surfaces that give, capturing exactly what happened.
ABOUT
Riposte is a single operator that works red-team and blue-team from your terminal. The name says the idea: a riposte is the counterstrike a fencer lands in the same motion as the parry. Defense and offense are not two moves. They are one.
THE NAME
A quick return thrust delivered immediately after parrying an attack. The block and the counterattack are not two actions. They are one continuous motion.
That duality is the entire idea. Most security tooling makes you pick a side: a scanner that only attacks, or a platform that only defends. Riposte refuses the split. The same operator that finds and stands up a real opening is the one that turns and writes the rule to catch it, without ever leaving the command line.
WHY IT EXISTS
In most shops offense and defense are two teams, two toolchains, and a handoff between them where the context that mattered goes missing. The red team proves a hole exists; the blue team hears about it second-hand and guesses at a rule. Riposte closes that gap by putting both jobs in one operator, working from the same evidence.
The operator enumerates an authorized target, tests each input like a person would, and presses the surfaces that give, capturing exactly what happened.
From that same evidence it drafts the rule that catches the technique next time, then checks the rule before it is ever trusted. One operator, no handoff lost in translation.
You stay in command the whole way. Every consequential move stops and waits for your call, so the operator does the tedious work and you keep the judgement.
Riposte grew out of a bachelor thesis question: do AI coding tools actually produce secure code. It is built in the open by two people working at the intersection of offensive security and software.
WHERE IT IS
Riposte is early and honest about it. Some capabilities are wired and working; others are still gated in the code until they are ready. Nothing on this site is faked, and the roadmap is public. If a thing is not finished, the repository says so plainly.
A tool that runs offense on your systems is one you have to trust completely, and the only honest way to earn that is to let you read it. Riposte is Apache-2.0, sends no telemetry, and the core loop runs offline with no account, so you can vet every line before it touches anything you own.
pre-alpha . apache-2.0 . no telemetry . runs offline