I recently developed FlashFuzz, a lightweight browser extension aimed at security engineers and pentesters who want to perform quick reconnaissance without leaving their browser.
Features include:
- Fuzz URLs across all open tabs to discover hidden endpoints
- Scan loaded JavaScript files for potential secrets (API keys, tokens, AWS keys, etc.)
- Support for custom wordlists or built-in examples
- Configurable batch size and concurrent requests
- Export results for further analysis
- Lightweight UI with request/response snapshots
It’s fully open source and free. All processing happens locally—nothing is sent externally.
I’d love to hear your thoughts:
- Are there any missing features that would make this more useful for pentesters or security researchers?
- Any UI/UX improvements you’d suggest?
Hi HN,
I recently developed FlashFuzz, a lightweight browser extension aimed at security engineers and pentesters who want to perform quick reconnaissance without leaving their browser.
Features include: - Fuzz URLs across all open tabs to discover hidden endpoints - Scan loaded JavaScript files for potential secrets (API keys, tokens, AWS keys, etc.) - Support for custom wordlists or built-in examples - Configurable batch size and concurrent requests - Export results for further analysis - Lightweight UI with request/response snapshots
It’s fully open source and free. All processing happens locally—nothing is sent externally.
I’d love to hear your thoughts: - Are there any missing features that would make this more useful for pentesters or security researchers? - Any UI/UX improvements you’d suggest?
Chrome: https://chromewebstore.google.com/detail/flashfuzz/hfpcijmfj... Firefox: https://addons.mozilla.org/en-US/firefox/addon/flashfuzz/ Repository: https://github.com/Ademking/FlashFuzz Demo: https://www.youtube.com/watch?v=hrwVM4qyQMA
Thanks in advance for your feedback!