Browser-based terminal workspace with real-time sync. Shared command history, credential vault, and playbooks. Side-by-side xterm.js terminal and markdown playbooks.
$ npm start Riptide listening on https://localhost:3000 TLS certificate auto-generated # Create a room, set a password, start hacking [ws] 3 users connected to room ALPHA [sync] credentials, variables, notes broadcasting
Terminal, playbooks, credentials, and knowledge base in one browser tab. Real-time multi-user sync with password-protected rooms.
Full xterm.js terminal on one side, stackable markdown notes on the other. Fenced code blocks get Run buttons that execute directly in the terminal. Run All executes every block sequentially.
Password-protected rooms with dual WebSocket sync. Multiple users see presence, live updates on notes, credentials, and variables. Edit locks prevent conflicts.
Use <TargetIP>, <Domain>, or custom variables in code blocks. Riptide renders input fields and substitutes values at runtime.
Store service/username/password/hash per target or globally. Click-to-reveal, one-click copy, bulk export. Flag findings to alert the team.
Terminal output parser automatically extracts IPs, URLs, emails, hashes, credentials, and nmap ports — highlighted inline with one-click promote actions to push findings into the credential vault or scope panel.
Reusable playbooks organized by category and tags. Search, import into rooms, customize. Frontmatter metadata for title, description, and category.
Full-featured on Linux, macOS, and Windows. Vanilla JavaScript with no build step. Four Catppuccin themes.
Express server with dual WebSocket channels. Vanilla JavaScript frontend with no build step. File-based storage with atomic JSON updates.
Node.js with Express 4, ws for WebSocket, node-pty for terminal. 15 Router modules for rooms, tabs, notes, credentials, variables, and more.
Terminal I/O on /ws/terminal and state broadcast on /ws/sync. Independent channels for low-latency terminal and reliable state sync.
File-based with atomic JSON updates. Room data, playbooks, recordings, and knowledge base. No external database required.
helmet CSP/HSTS, express-rate-limit, DOMPurify on all rendered markdown. scrypt password hashing with 24-hour session expiry. Auto-TLS.
Node.js application with auto-TLS. npm install, npm start, open your browser.
$ git clone https://github.com/Real-Fruit-Snacks/Riptide $ cd Riptide && npm install # Start with auto-generated TLS $ npm start Riptide listening on https://localhost:3000 # Run all 675 tests $ npm test
# Open in browser $ open https://localhost:3000 # Custom TLS certificate $ SSL_KEY=./key.pem SSL_CERT=./cert.pem npm start # Development mode $ npm run dev # Disable HTTPS $ NO_SSL=1 npm start