Skip to main content
Authorized use only. EtherReaper is designed for professional security assessments and CTF competitions where you have explicit written permission to test the target environment.

What is EtherReaper?

EtherReaper wraps the most common internal network and Active Directory attack toolchain into a single persistent web interface. All scan output is logged, stored in SQLite, and viewable after the fact. Credentials captured across sessions are deduplicated and automatically available as a dropdown when running authenticated scans. Stack: FastAPI + Vanilla JS + SQLite. No framework overhead, no containers required.

Installation

Set up EtherReaper on Kali Linux with a single setup script

Quickstart

Configure your environment and run your first scan in minutes

Architecture

Understand how EtherReaper’s components work together

API Reference

Explore the full FastAPI backend REST interface

Core capabilities

Network Reconnaissance

Masscan, Nmap, Nuclei, web screenshots with tech detection, and SMB signing checks

Layer 2 Attacks

Responder, mitm6, and ASRepCatcher with live output streaming

Vulnerability Checks

PrintNightmare, SMBGhost, EternalBlue, noPAC, Zerologon, Coerce, and MasterBaiter

Active Directory

BloodHound, Kerberoast, ADCS ESC1–ESC8+, GMSA, Pre2K, Delegation, and more

Credential Management

Persistent credential store with hash calculator and NTLM/Kerberos key derivation

Kerberos Support

Full ccache-based authentication with automatic clock synchronization

Key workflows

1

Install and configure

Run sudo ./setup.sh once, then ./run.sh as your regular user. Open http://localhost:8000.
2

Set up network info

Fill in the Network Info bar with your IP, domain, DC hostname, and DC IP.
3

Define your scope

Add target IPs, CIDRs, or ranges via DATA → Scope.
4

Enumerate and attack

Run Nmap to populate the hosts database, then work through recon, Layer 2, vulnerabilities, and AD attacks.
5

Collect and review data

All credentials, scan results, and discovered hosts are persisted in SQLite and viewable from the browser at any time.

Why EtherReaper?

Traditional penetration testing requires juggling dozens of terminal windows, manually managing output files, and context-switching between tools. EtherReaper solves this by:
  • Centralizing output — every tool execution is logged with timestamps, output files, and status
  • Persisting credentials — captured hashes and passwords are deduplicated and immediately available for follow-on attacks
  • Automating tedious steps — ADCS ESC1 chains, ccache acquisition, and hash parsing happen automatically
  • Working inside VPNs — web screenshots route through aiohttp so Chromium reaches HTB/OSCP lab targets without /etc/hosts entries

Build docs developers (and LLMs) love

Get started for freeTalk to us