Intercept and inspect HTTP and HTTPS traffic between a browser and a target web app.
Get AI generated notes on captured requests while testing for vulnerabilities.
Pause, edit, and forward or drop live requests before they reach the server.
Track findings by severity and host across a security assessment project.
| synlace/ferret | davidhdev/rbp-portfolio | drakkar-softwares/polymarket-kalshi-arbitrage-bot | |
|---|---|---|---|
| Stars | 29 | 29 | 29 |
| Language | TypeScript | TypeScript | TypeScript |
| Setup difficulty | moderate | easy | moderate |
| Complexity | 3/5 | 2/5 | 3/5 |
| Audience | developer | designer | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires Docker, Docker Compose, and the just command runner.
Ferret is a tool for security testers who need to intercept and study HTTP traffic while they look for vulnerabilities in web applications. It works like a proxy that sits between your browser or testing tool and the target website, capturing every request and response so you can inspect, replay, or modify them, and it adds an AI assistant on top to help analyze what it sees. The project runs as a set of Docker containers: a proxy and API service built on FastAPI and mitmproxy that captures traffic and stores it in SQLite, a Next.js web interface for browsing that traffic, and a separate lab container that holds security testing tools like pytest, ffuf, and sqlmap. Getting started requires Docker, Docker Compose, and a command runner called just, after which one command builds and starts everything. Once running, a setup wizard walks new users through connecting an AI provider such as OpenRouter, OpenAI, Anthropic, Gemini, DeepSeek, Mistral, Ollama, or LM Studio, and no manual configuration file is required to begin. The tool itself listens as a proxy that any browser or testing tool can be pointed at, with an option to install a certificate so it can also inspect encrypted HTTPS traffic. Key features include a request history log with AI generated notes on each entry, a findings tracker for logging vulnerabilities by severity and host, a feature called Snare that lets you pause and edit requests before they reach the server, a persistent request editor called Gnaw for repeatedly resending modified requests, and Workspaces, which give each testing project its own folder of scripts, notes, and automated tests that run inside the lab container. Multiple projects can be kept separate, each with its own history, findings, and API keys. The project is written in TypeScript, released under the MIT license, and is aimed specifically at people doing authorized security assessments rather than casual browsing.
An AI assisted intercepting proxy for security testers to capture, replay, and analyze HTTP traffic while hunting for vulnerabilities.
Mainly TypeScript. The stack also includes TypeScript, FastAPI, mitmproxy.
Use freely for any purpose, including commercial use, as long as you keep the copyright notice.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.