Looking for pentesters to test a next-gen open-source web security proxy
Ogma is a newly announced open-source web security proxy designed for penetration testers and bug bounty hunters. It aims to provide a lightweight alternative to commercial tools by enabling interception, inspection, modification, and replay of HTTP and WebSocket traffic. The project is in active development and currently in public beta, with potential bugs and unfinished features. No specific vulnerabilities or exploits have been reported yet. The developer is seeking community testing and feedback to improve the tool.
AI Analysis
Technical Summary
Ogma is an open-source web security proxy with a Rust backend and Vue.js frontend, supporting HTTP, HTTPS, WebSocket, and HTTP/2 traffic interception and manipulation. It includes automation modules, a built-in browser, an MCP server with over 125 tools, and AI-assisted pentesting features. The project is under active development and publicly available for testing on GitHub. There are no confirmed vulnerabilities or exploits associated with Ogma at this time; the announcement is a call for pentesters to help identify potential issues.
Potential Impact
No confirmed security vulnerabilities or exploits have been reported for Ogma. As a security testing tool in beta, it may contain bugs or unfinished features that could affect reliability or security posture during use, but no direct impact from a vulnerability is documented.
Mitigation Recommendations
Since no vulnerabilities or exploits are currently known, no specific mitigation actions are required. Users interested in testing Ogma should do so in controlled environments and report any bugs or security issues to the developers. Monitor the official repository and communications for updates and patches as the project matures.
Looking for pentesters to test a next-gen open-source web security proxy
Description
Ogma is a newly announced open-source web security proxy designed for penetration testers and bug bounty hunters. It aims to provide a lightweight alternative to commercial tools by enabling interception, inspection, modification, and replay of HTTP and WebSocket traffic. The project is in active development and currently in public beta, with potential bugs and unfinished features. No specific vulnerabilities or exploits have been reported yet. The developer is seeking community testing and feedback to improve the tool.
Reddit Discussion
Hello everyone,
For the past few weeks, I have been working on Ogma, a fully open-source web security proxy for pentesters and bug bounty hunters.
The goal is to build a lightweight and accessible alternative to Burp Suite and Caido for people who want to inspect and test web traffic without subscriptions or locked features.
Ogma uses a Rust backend and a Vue.js frontend. It currently supports intercepting, inspecting, editing, organizing, and replaying HTTP and WebSocket traffic. It also includes an Intruder-style automation module and a built-in browser.
Ogma includes a built-in MCP server with more than 125+ tools, as well as an integrated AI assistant designed to act as a pentesting copilot during security assessments. It also has a plugin ecosystem that allows developers to create extensions and add new capabilities.
The project is still under active development, so there may be bugs, unfinished areas and missing features. I am looking for people from the security community who would be willing to test it and share their experience.
Any feedback would be appreciated, especially reports about bugs, usability problems, unexpected behavior, or features that would make the tool more useful in real-world security testing workflows.
Repository: https://github.com/KaijinLab/ogma
Thank you to anyone who takes the time to try it.
Links cited in this discussion
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Ogma is an open-source web security proxy with a Rust backend and Vue.js frontend, supporting HTTP, HTTPS, WebSocket, and HTTP/2 traffic interception and manipulation. It includes automation modules, a built-in browser, an MCP server with over 125 tools, and AI-assisted pentesting features. The project is under active development and publicly available for testing on GitHub. There are no confirmed vulnerabilities or exploits associated with Ogma at this time; the announcement is a call for pentesters to help identify potential issues.
Potential Impact
No confirmed security vulnerabilities or exploits have been reported for Ogma. As a security testing tool in beta, it may contain bugs or unfinished features that could affect reliability or security posture during use, but no direct impact from a vulnerability is documented.
Mitigation Recommendations
Since no vulnerabilities or exploits are currently known, no specific mitigation actions are required. Users interested in testing Ogma should do so in controlled environments and report any bugs or security issues to the developers. Monitor the official repository and communications for updates and patches as the project matures.
Technical Details
- Source Type
- Subreddit
- cybersecurity
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":30,"reasons":["external_link","newsworthy_keywords:rce","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":["rce"],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a57d23a68715ace4338f63e
Added to database: 07/15/2026, 18:32:26 UTC
Last enriched: 07/15/2026, 18:32:34 UTC
Last updated: 07/15/2026, 19:47:22 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.