REACH docs¶

   ____    _____      _      ____   _   _ 
  |  _ \  | ____|    / \    / ___| | | | |
  | |_) | |  _|     / _ \  | |     | |_| |
  |  _ < _| |___ _ / ___ \ | |___ _|  _  |
  |_| \_(_)_____(_)_/   \_(_)____(_)_| |_|

  Request Engine for Attacks, Callbacks & Handling
  --@TrojanLij

REACH is a modular web exploitation framework for authorized security testing. It provides a dynamic routing core for hosting external payloads and capturing callbacks, with structured request logging and extensible protocol support.

Key ideas:

Dynamic HTTP routes managed at runtime
Centralized request logging for OOB workflows
Separate public/admin surfaces
Core protocol handlers (HTTP, FTP, WSS)
Optional DNS add-on tool for OOB DNS callbacks

User View¶

REACH helps red teams run callback infrastructure in a structured way:

expose payload and callback endpoints quickly
capture inbound traffic centrally across protocols
manage routes/rules/zones from an admin API

Use only with explicit authorization and approved scope.

Install and docs setup¶

Clone the project:

git clone https://github.com/TrojanLij/REACH
cd REACH

Install REACH:

python -m pip install -e .

Install docs dependencies and preview locally:

python -m pip install -e ".[docs]"
mkdocs serve

Then open http://127.0.0.1:8000.

Component model¶

Core, Forge, and CLI are modular and can run independently.

Core: runtime/control plane and minimum required backend.
Forge: generator/exploit workflows (can run standalone, best when connected to Core).
CLI: operator interface (many commands require reachable Core APIs).
DNS tool: optional standalone OOB DNS service integrated with Core DB/logging.

Best results come from using them together.
Minimum requirement for full workflow: Core must run or be reachable.

Component interaction¶

Forge/CLI/operator actions
          |
          v
        Core (admin API + public listeners)
          |
          v
      routes/rules/logs/zones in shared DB

CORE¶

Getting Started - install, run, and verify your first callback flow
Architecture Overview - understand how public, admin, DNS, and DB fit together
Core Runtime - public vs admin responsibilities and shared state flow
Dynamic Routing - route matching behavior and runtime route usage
Admin API Surface - control routes, rules, logs, and zones
Protocols Architecture - protocol support and TLS edge patterns
Logging Pipeline - what gets logged and how to query it
Persistence Layer - what REACH stores and why
Security Boundaries - deployment hardening and exposure controls

FORGE¶

Forge Overview - generator/exploit workflows and Core integration
Generators - create payload content and optionally register routes
Exploits - run workflows or harness external tooling
Plugins and Subpages - extend Forge with custom modules
Trigger Rules (IFTTT) - if-this-then-that automation logic

CLI¶

CLI Overview - command map and usage model
Server CLI - start/manage server roles and protocols
Routes CLI - inspect static and dynamic routes
Logs CLI - stream and filter request logs
Forge CLI - generator output and route registration
DNS CLI - run and configure DNS service
Dev CLI - developer maintenance utilities

OPERATIONS¶

Servers and Protocols - run public/admin roles and protocol listeners
DNS Service - DB-backed zone management and OOB callbacks
Logs - log API and tailing workflows
Configuration - env/preset precedence and multi-host config
Deployment - local, multi-host, and Docker patterns
Troubleshooting - common issues and fixes

Dev¶

Documentation entrypoints and related modules:

Core runtime/docs map to reach.core.* modules.
Forge docs map to reach.forge.* and reach.cli.forge.*.
CLI docs map to reach.cli.*.
Main CLI entrypoint is reach.cli.main.