riptide -- engagement workspace

Riptide

Collaborative terminal + playbook workspace
for penetration testing teams

Get Started View on GitHub
// capabilities

Everything you need in the field

A purpose-built engagement workspace that replaces scattered terminals, note files, and credential dumps with a single synchronized interface.

Terminal + Playbooks

Side-by-side xterm.js terminal and markdown playbooks with one-click Run buttons. Execute, capture, annotate.

Real-Time Collaboration

Multi-user rooms with dual WebSocket sync, live presence indicators, and edit locks. Your team sees changes instantly.

Variable Substitution

<TargetIP> syntax with tab and global scope. Auto-scans code blocks, live-highlights set vs unset.

Credential Vault

Service, user, pass, hash storage. Click-to-reveal secrets, bulk export, dual tab and global scope with toggle badges.

Output Intelligence

Auto-extract IPs, URLs, hashes, credentials, and ports from terminal output. Promote findings to panels with one click.

Playbook Library

Build your own searchable template library organized by category and tags. Import into rooms, customize, and share across engagements.

Session Recording

Record terminal sessions for documentation and review. Replay with full timing fidelity. Never lose a command again.

Finding Alerts

Flag findings from playbooks, credentials, or scratch notes. Team-wide toast and browser notifications with persistent alert history.

Real-Time Chat

Built-in messaging with global and tab-scoped channels. Messages group by user with unread indicators and toast notifications.

Knowledge Base

Persistent cross-room KB for techniques, tools, findings, and references. Promote from any panel, search by type or tag.

// in action

One workspace. Every target.

Targets as tabs. Playbooks on the left. Terminal on the right. Credentials, scope, and findings always within reach.

https://localhost:3000 -- riptide
Riptide engagement workspace showing target tabs, playbook notes with run buttons, credential vault, and integrated terminal

Active engagement workspace -- targets, playbooks, credentials, and terminal in one view.

// architecture

Built lean. Runs fast.

No build step, no bundler, no framework overhead. Just a Node server, raw WebSockets, and vanilla JS modules that load in milliseconds.

system architecture
01

Dual WebSocket Architecture

/ws/terminal handles PTY I/O with 256KB ring buffers for late-join replay. /ws/sync broadcasts every state mutation in real-time.

02

Modular Backend

Express server with 15 route modules, shared routeCtx for in-memory state, and lib/storage.js for atomic file operations with locking.

03

No Build Step

Vanilla JS on a global Riptide namespace. Static files served directly. Zero bundler, zero transpilation, zero waiting.

04

Security First

Helmet CSP headers, scrypt password hashing (N=32768), rate limiting on auth, DOMPurify XSS prevention, WebSocket origin checks, TLS by default.

Node.js Express xterm.js node-pty marked.js CodeMirror 6 DOMPurify
// quickstart

Running in 60 seconds

Clone, install, launch. No Docker, no build step, no configuration files to write.

bash
# Clone the repository
$ git clone https://github.com/Real-Fruit-Snacks/Riptide.git
$ cd riptide
$ npm install
# Launch with auto-generated TLS
$ ./start.sh
# Or customize:
$ ./start.sh --port 8443   # custom port
$ ./start.sh --no-ssl     # HTTP mode

Open https://localhost:3000 in your browser, create a room with a password, pick a nickname, and invite your team. Each room gets its own terminals, playbooks, credentials, and workspace.

Set a working directory when creating a room to persist all data -- playbook notes, credentials, exports, scratch notes -- to a folder on disk. Perfect for engagement archives.