Riciplay Security Platform — Autonomous AI-driven bug-bounty CLI
Project description
riciplay-cli
Riciplay Security Platform — Command-line Interface
An autonomous AI-driven bug bounty hunting agent for web applications and codebases. Runs local investigations with an LLM-in-a-loop leader that orchestrates specialists, probes endpoints, verifies findings, and chains vulnerabilities.
Features
-
Autonomous DAST (Dynamic Application Security Testing) — Web app vulnerability scanning with automatic attack-surface enumeration, multi-class injection probing (XSS / SQLi / IDOR / open-redirect / SSRF), and interception-driven recon through miniproxy + headless browser.
-
Autonomous SAST (Static Application Security Testing) — Code audit with semgrep, code search, and AI-guided data-flow tracing. Finds injection sinks, hardcoded secrets, weak crypto, and path traversal.
-
Manual-analysis mode — Human-pentester-style workflow: observe through browser, take notebook notes, register accounts, test cross-account, reason and iterate.
-
Specialist orchestration — Parallel execution of domain specialists (Recon, Web, API, Auth, Cloud, Business Logic) with shared findings, cross-specialist corroboration, and compound attack chaining.
-
Coverage gates — Deterministic finish-time enforcement ensures every discovered endpoint×parameter×attack-class combination is attempted before the investigation concludes.
-
Two-identity IDOR testing — Automatic account registration/login and cross-account replay for authorization bypass detection.
-
Phase-separated investigation — DISCOVER (breadth-first surface mapping and probing) followed by REPORT (impact verification, chaining, and quality gating).
Installation
pip install riciplay-cli
Requires Python 3.10+, mitmdump (for proxy capture), and optionally Chromium
(via Playwright) for browser-based discoveries.
Quick Start
# Authenticate against the Riciplay backend
riciplay auth set-key <your-api-key>
# Run a DAST investigation against a target
riciplay scan investigate https://example.com --budget 12
# Run a SAST code audit
riciplay scan investigate ./my-project --mode sast --budget 8
# Manual-analysis mode
riciplay scan investigate https://example.com --mode manual --budget 15
Configuration
riciplay auth status— Check authentication and tierriciplay auth whoami— Show current account inforiciplay review <path>— Code review with markdown outputriciplay --help— Full command reference
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file riciplay_cli-1.7.46-py3-none-any.whl.
File metadata
- Download URL: riciplay_cli-1.7.46-py3-none-any.whl
- Upload date:
- Size: 453.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
da8e7f0c526444161f89e059196036a8512359503674987926ac217f44ae8b7d
|
|
| MD5 |
a26433029a6402651533dd1008d3304d
|
|
| BLAKE2b-256 |
efabe60db7d3d266ffdcc637be804854893531b5c598d2cb98e4b2a06b6571b3
|