Fast, lightweight, and designed for security engineers who want immediate reconnaissance without leaving the browser. Quickly identify hidden endpoints and potential secrets across all open tabs.

• Quickly fuzz URLs in all open tabs to discover hidden endpoints.

• Use custom wordlists or built-in example lists.

• Concurrent requests with configurable batch size.

• Scan JavaScript files loaded in each tab for likely secrets (API keys, tokens, AWS keys, etc.).

• Export findings for further analysis or reporting.

• Lightweight UI for quick runs and detailed results with request/response snapshots.

• Open source and free to use.

FlashFuzz Demo

Github: https://github.com/Ademking/Flashfuzz