App

Karmagate

KarmaGate is a high-performance network tracing and security testing platform designed for modern workflows. Built with Go and Svelte 5, it combines a robust HTTP/WebSocket proxy with an advanced chain executor, enabling researchers to intercept, analyze, and automate complex traffic scenarios with ease and precision.

#dast #golang #http-proxy #penetration-testing #security #security-tools #vulnerability-detection #vulnerability-scanners #websocket

Demo Download

KarmaGate

Built to make you extraordinarily effective, KarmaGate is the best way to test web security.

Download • Features • Modules • Getting Started • Support

Trusted every day by security researchers worldwide.

Download

This is the official release repository. All binaries are built from our private source repository and published here.

Latest Release

Platform	Architecture	Download
macOS	Apple Silicon (M1/M2/M3/M4)	Download .dmg
macOS	Intel	Download .dmg
Windows	x64	Download Installer
Windows	ARM64	Download Installer
Linux	x64 (Debian/Ubuntu)	Download .deb
Linux	x64 (Fedora/RHEL)	Download .rpm
Linux	x64 (Universal)	Download AppImage
Linux	ARM64 (Debian/Ubuntu)	Download .deb
Linux	ARM64 (Fedora/RHEL)	Download .rpm
Linux	ARM64 (Universal)	Download AppImage

Not sure which version to download?

macOS: Choose "Apple Silicon" if you have an M1/M2/M3/M4 Mac, otherwise choose "Intel"

Windows: Choose "x64" for most Windows PCs

Linux: Choose ".deb" for Debian/Ubuntu, ".rpm" for Fedora/RHEL, or "AppImage" for any distribution

Features

Powerful security testing tools, built for professionals.

Strike finds vulnerabilities fast

High-performance fuzzing at 1000+ requests per second. 4 attack modes, auto-calibration, and smart payload generation.

4 attack modes: Sniper, Battering Ram, Pitchfork, Cluster Bomb
Auto-calibration to detect anomalies
Smart payload generation and built-in wordlists
Rate limit detection and throttling

Intelligent vulnerability detection

Vulnerability scanner with Nuclei template support. Automatic injection point detection and built-in OAST.

Nuclei template support (12,000+ templates)
Automatic injection point detection
Built-in OAST for blind vulnerabilities
Scan profiles: quick, standard, thorough

Complete traffic control

Capture and inspect all HTTP and WebSocket traffic. Full HTTP/2 support with advanced filtering and annotations.

Full HTTP/2 support for modern applications
WebSocket inspection and history
Annotate requests with notes and colors
Advanced filtering to find what you need

Workflow automation

Automate multi-step attack sequences with data extraction and conditional logic.

Automate multi-step attack sequences
Extract data between requests automatically
HTTP and WebSocket support
Conditional logic for complex flows

Modules

Everything you need for professional web security testing in one application.

Module	Description
Gate	Capture and inspect all HTTP and WebSocket traffic with full HTTP/2 support
Loop	Modify and resend requests with a powerful editor supporting HTTP/1.1, HTTP/2, and HTTP/3
Snag	Intercept and modify requests and responses in real-time with visual rule builder
Strike	Blazing fast fuzzing at 1000+ requests per second with intelligent anomaly detection
Probe	Intelligent vulnerability scanner with Nuclei template support and automatic detection
Chain	Automate multi-step attack sequences with data extraction and conditional logic
Echo	Built-in OAST server with WebSocket support for detecting blind vulnerabilities
Reap	Centralized vulnerability management with import from popular tools
Terminal	Built-in terminal with kt.* commands and access to KarmaGate environment

Getting Started

Installation

Download the appropriate installer for your platform from the releases page
Install following your platform's standard procedure:
- macOS: Open the .dmg and drag KarmaGate to Applications
- Windows: Run the installer and follow the prompts
- Linux: Install the .deb/.rpm or run the AppImage directly
Launch KarmaGate and configure your browser proxy settings

Quick Start

Start KarmaGate and note the proxy port (default: 8080)
Configure your browser or system to use 127.0.0.1:8080 as HTTP/HTTPS proxy
Install the generated CA certificate for HTTPS interception
Start browsing — all traffic will appear in KarmaGate's History tab

Documentation

Full documentation is available at docs.karmagate.com

System Requirements

Component	Minimum	Recommended
OS	Windows 10, macOS 11, Ubuntu 20.04	Latest version
RAM	4 GB	8 GB+
Disk	200 MB	500 MB
Display	1280x720	1920x1080+

Support

Email: support@karmagate.com
Website: karmagate.com
Documentation: docs.karmagate.com
Bug Reports: GitHub Issues

Legal Disclaimer

KarmaGate is designed for authorized security testing and research purposes only. Users are responsible for ensuring they have proper authorization before testing any systems. Unauthorized access to computer systems is illegal. The developers assume no liability for misuse of this software.

License

This software is proprietary. See LICENSE for details.

_{Built with love by the KarmaGate Team}

Website • Telegram • Discord

Top categories

tailwind daisyui admin template popup mdsvex portfolio blog form ecommerce ui carousel auth dark seo image routing