Show HN: Caido, a lightweight web security auditing toolkit

17 points

3 years ago

Hi HN!

I’m Emile, co-founder of Caido [0]. Today, we are launching the public beta of Caido, a lightweight web security auditing toolkit. While our tool is mostly geared toward pentesters and bug bounty hunters, we thought some of you might find it useful.

The web security auditing toolkit space hasn't seen much innovation in recent years, with current tools feeling outdated and lacking in performance and user experience. As the number of security professionals continues to increase, there is a growing need for a user-friendly alternative. This is what motivated us to create Caido.

At its core, Caido is a proxy that sits in between you and your target. It allows you to record & filter traffic, tamper with requests, replay them to test exploits, brute force parameters, etc.

As we started building, we wanted to focus on the following two points:

- Performance: In our space, the most-used proxies rely on Java and consume large amounts of memory. It is not uncommon to hear hackers saying they built a PC with 32GB+ of RAM especially to run a proxy. To address this issue, we developed Caido using Rust and optimized it to take advantage of SSDs as opposed to keeping everything in-memory. It's been working great so far, giving us a good balance of low-level control, reasonable memory usage and speed.

- Flexibility: Instead of a monolithic desktop application, we decided to split the user interface from the proxy component. This allows Caido to be deployed anywhere from a laptop to a cheap VPS. Businesses will be able self-host their Caido instances and grant access to external pentesters/bug bounty hunters as needed. This approach also allows users to have more oversight over their data.

Caido is currently not open source, but we're considering an open-core model. We still want to be transparent in our development, so we have an open roadmap [1]. We will also be focusing on a plugin system this year.

We are a small bootstrap team of 3 people at the moment. While Caido is available for free, you can subscribe to a Pro plan to support the project. We plan on introducing exclusive features for Pro users throughout the year such as instance sharing, synced workspaces, etc.

We have been in private beta for around a year now and we feel we have built something worth sharing with the community. You can join our Discord [2], follow us on Twitter [3] or watch our Github [4] to get updates.

Let us know what you think and I’m happy to answer questions!

[0] https://caido.io [1] https://links.caido.io/roadmap [2] https://links.caido.io/www-discord [3] https://twitter.com/@CaidoIO [4] https://github.com/caido/caido

4 comments