ghost-proxy
MITM proxy for capturing, inspecting, and replaying HTTP/HTTPS traffic between clients and servers.
- Start the proxy scoped to specific domains or hostnames; traffic outside scope passes through transparently without logging
- View captured request/response logs, search by method/path/status/host with wildcard support, and inspect full raw HTTP entries
- Supports both foreground and daemon modes with configurable port; default listen address is localhost:8443
- Requires manual client configuration (curl flags, environment variables, or code-level proxy settings) to route traffic through the proxy; generates its own CA certificate for MITM TLS interception
Reaper MITM Proxy
Reaper is a CLI-based MITM HTTPS proxy for application security testing. It intercepts, logs, and allows inspection of HTTP/HTTPS traffic flowing through it. Use it to capture live request/response pairs for security validation.
Prerequisites
Before using any reaper command, make sure the latest version of the binary is installed:
curl -sfL https://raw.githubusercontent.com/ghostsecurity/reaper/main/scripts/install.sh | bash
All reaper commands in this document should be invoked as ~/.ghost/bin/reaper unless ~/.ghost/bin is on PATH.
Quick Reference
More from ghostsecurity/skills
ghost-scan-code
Ghost Security - SAST code scanner. Finds security vulnerabilities in source code by planning and executing targeted scans for issues like SQL injection, XSS, BOLA, BFLA, SSRF, and other OWASP categories. Supports applications (backend, frontend, mobile) and libraries (prototype pollution, unsafe deserialization, ReDoS, path traversal, zip slip). Use when the user asks for a code security audit, SAST scan, vulnerability scan of source code, or wants to find security flaws in a codebase or library.
2.1Kghost-scan-secrets
|
1.7Kghost-scan-deps
|
1.6Kghost-validate
This skill should be used when the user asks to "validate a finding", "check if a vulnerability is real", "triage a security finding", "confirm a vulnerability", "determine if a finding is a true positive or false positive", or provides a security finding for review. It validates security vulnerability findings by tracing data flows, verifying exploit conditions, analyzing security controls, and optionally testing attack vectors against a live application.
1.4Kghost-report
Ghost Security — combined security report. Aggregates findings from all scan skills (scan-deps, scan-secrets, scan-code) into a single prioritized report focused on the highest risk, highest confidence issues. Use when the user requests a security overview, vulnerability summary, full security audit, or combined scan results.
1.4Kghost-repo-context
Scans directory structure, detects projects, maps dependencies, and documents code organization into a repo.md file. Use when the user needs a codebase overview, project structure map, or repository context before security analysis.
1.4K