Defending a network at 2 am looks a lot like this: an analyst copy-pasting a hash from a PDF into a SIEM query. A red team script is being rewritten by hand so the blue team can use it. A patch waiting on a change-approval window that’s longer than the exploitation window itself.
Nobody in that chain is incompetent. Every human is doing their job correctly. The problem is the system, its

The Hacker News – ​Read More

I’m happy to announce that we are releasing the beta version of RAPTR, a fully open source, API driven collaboration platform built specifically for red and purple team engagements.

Check out the code on GitHub, read the docs, or try out the latest build at our sandbox.

Why I built it

Up until recently, our team relied on PurpleOps for our Purple Team engagements. It’s a solid tool and served as a good starting point for us. Eventually, we needed more out of it, so we maintained our own custom fork to patch in the improvements our workflows required.

However, as our requirements increased, we started to encounter structural limitations. The technical debt began to catch up with us, and the underlying architecture had technical limitations that meant I couldn’t implement the advanced features and integrations we wanted without rebuilding everything from scratch.

So, I decided to build a replacement from scratch.

What RAPTR does

At its core, RAPTR aims to be an easy-to-use web application where red and blue teams can collaborate. The workflow is designed to help you plan engagements, document attacks and detections, evaluate the results, and generate Jinja-templatable reports.

Here is how the platform breaks down:

• Collaboration: RAPTR provides a shared workspace for active engagements. Red teamers can document their expectations, precise timelines, and actions, while blue teamers simultaneously attach the corresponding alerts, logs, and detections.
• Evaluate and Reporting: You can define specific evaluation criteria to methodically assess the results of an operation. When the engagement wraps up, you can export the data to JSON or generate Word and HTML reports using custom Jinja templates.
• Full API Support: The backend is built on FastAPI and includes auto-generated OpenAPI documentation. Every feature available in the platform is accessible through the REST API, making it easy to wire into your existing automation and tooling.
• Open Source: RAPTR is fully open source. You can self-host it, adapt it to your organization’s specific needs, and extend or contribute to the codebase as you see fit.
• A lot more: There are many more features, including templateable activities, an integrated knowledge base, Markdown support, conflict resolution, statistics and time zone handling.

Links and Resources

The project is currently in beta. It’s stable enough for testing, but we are looking for feedback from the community to iron out the bugs and validate the feature set before a 1.0 release.

• GitHub Repo: https://github.com/CompassSecurity/raptr
• Documentation: https://raptr.app
• Sandbox: https://sandbox.raptr.app

Feel free to deploy it, test it out on your next lab engagement, and open an issue on GitHub if you run into bugs or have feature requests. PRs are always welcome.

If you have any questions or would like a tour of the application, or if you would just like to chat about Purple Teaming, please don’t hesitate to get in touch.

Compass Security Blog – ​Read More