Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

Looking for pentesters to test a next-gen open-source web security proxy

0
Medium
Published: 07/15/2026 (07/15/2026, 18:11:15 UTC)
Source: Reddit Cybersecurity

Description

Ogma is a newly announced open-source web security proxy designed for penetration testers and bug bounty hunters. It aims to provide a lightweight alternative to commercial tools by enabling interception, inspection, modification, and replay of HTTP and WebSocket traffic. The project is in active development and currently in public beta, with potential bugs and unfinished features. No specific vulnerabilities or exploits have been reported yet. The developer is seeking community testing and feedback to improve the tool.

Reddit Discussion

r/cybersecurity·posted by u/deadbeef0-0
00

Hello everyone,

For the past few weeks, I have been working on Ogma, a fully open-source web security proxy for pentesters and bug bounty hunters.

The goal is to build a lightweight and accessible alternative to Burp Suite and Caido for people who want to inspect and test web traffic without subscriptions or locked features.

Ogma uses a Rust backend and a Vue.js frontend. It currently supports intercepting, inspecting, editing, organizing, and replaying HTTP and WebSocket traffic. It also includes an Intruder-style automation module and a built-in browser.

Ogma includes a built-in MCP server with more than 125+ tools, as well as an integrated AI assistant designed to act as a pentesting copilot during security assessments. It also has a plugin ecosystem that allows developers to create extensions and add new capabilities.

The project is still under active development, so there may be bugs, unfinished areas and missing features. I am looking for people from the security community who would be willing to test it and share their experience.

Any feedback would be appreciated, especially reports about bugs, usability problems, unexpected behavior, or features that would make the tool more useful in real-world security testing workflows.

Repository: https://github.com/KaijinLab/ogma

Thank you to anyone who takes the time to try it.

Links cited in this discussion

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/15/2026, 18:32:34 UTC

Technical Analysis

Ogma is an open-source web security proxy with a Rust backend and Vue.js frontend, supporting HTTP, HTTPS, WebSocket, and HTTP/2 traffic interception and manipulation. It includes automation modules, a built-in browser, an MCP server with over 125 tools, and AI-assisted pentesting features. The project is under active development and publicly available for testing on GitHub. There are no confirmed vulnerabilities or exploits associated with Ogma at this time; the announcement is a call for pentesters to help identify potential issues.

Potential Impact

No confirmed security vulnerabilities or exploits have been reported for Ogma. As a security testing tool in beta, it may contain bugs or unfinished features that could affect reliability or security posture during use, but no direct impact from a vulnerability is documented.

Mitigation Recommendations

Since no vulnerabilities or exploits are currently known, no specific mitigation actions are required. Users interested in testing Ogma should do so in controlled environments and report any bugs or security issues to the developers. Monitor the official repository and communications for updates and patches as the project matures.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Source Type
reddit
Subreddit
cybersecurity
Reddit Score
0
Discussion Level
minimal
Content Source
reddit_link_post
Post Type
link
Domain
null
Newsworthiness Assessment
{"score":30,"reasons":["external_link","newsworthy_keywords:rce","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":["rce"],"foundNonNewsworthy":[]}
Has External Source
true
Trusted Domain
false

Threat ID: 6a57d23a68715ace4338f63e

Added to database: 07/15/2026, 18:32:26 UTC

Last enriched: 07/15/2026, 18:32:34 UTC

Last updated: 07/15/2026, 19:47:22 UTC

Views: 3

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses