frontpage.

Hi HN,

I wanted to share a project I built in a strange but productive pair-programming "trip" with a large language model. The goal was to create my own automated "First Officer"—a tool that handles the tactical grunt work of finding common vulnerabilities while I focus on the strategic, human-led parts of a security assessment.

The result is Nightcrawler, an open-source CLI proxy and scanner built on Python & mitmproxy.

How it works: You run it and browse a target app through it. While you navigate, Nightcrawler passively finds insecure headers, outdated JS, and JWTs, while its active scanners autonomously test every discovered link and form for XSS, SQLi, Directory Traversal, and more.

The development process felt exactly like Captain Picard directing Commander Riker. I'd give the strategic orders ("We need to detect Stored XSS"), and the LLM would execute the tactical implementation. It was incredibly fast, but also highlighted the current limits of AI—it required constant human oversight to fix the subtle bugs and "hallucinations" it introduced.

The tool is still in beta (pip install nightcrawler-mitm). I'd love to get your feedback, bug reports, or ideas on what to build next.

Thanks for checking it out!

Show HN: Phind.design – Image editor & design tool powered by 4o / custom models

Show HN: Compass CNC – Open-source handheld CNC router

Show HN: Any-LLM – Lightweight router to access any LLM Provider

Show HN: The Magic of Code – book about the wonders and weirdness of computation

Show HN: A word of the day that doesn't suck

Show HN: Lotas – Cursor for RStudio

Show HN: Go Command-streaming lib for distributed systems (3x faster than gRPC)

Show HN: My GPU Fan Saga – A DIY ATX Fan Controller

Show HN: A rudimentary game engine to build four dimensional VR evironments

Show HN: Pogocache – Fast caching software

Show HN: My Side Project: A Free Mindful Breathing App

Show HN: Built an email marketing platform after paying $230/month

Show HN: Bazaar – a new LLM benchmark for economic reasoning under uncertainty

Show HN: Create your color palettes in context, not isolation

Show HN: Checkmate, an infrastructure, uptime and web page monitoring tool

Show HN: Conductor, a Mac app that lets you run a bunch of Claude Codes at once

Show HN: X11 desktop widget that shows location of your network peers on a map

Show HN: Giti – Natural Language to Git Commands with Local LLM

Show HN: SandCrab – An AWS S3 GUI for macOS

Show HN: SynSniff- Detect Minecraft Client OS via TCP/IP Fingerprinting

Show HN: Featurevisor v2.0 – declarative feature flags management with Git

Show HN: ggc – A terminal-based Git CLI written in Go

Show HN: Inkverse - An Indie comics platform

Show HN: Dyad – build AI apps locally, no cloud

Show HN: InkyCut – The open-source Canva alternative with a vibe editor

Show HN: MCP Jetpack – The easiest way to get started with MCP in Cursor

Show HN: Intercepting proxy for semantic search over visited pages

Show HN: BrightShot – AI photo enhancement and virtual staging for real estate

Show HN: Am-I-vibing, detect agentic coding environments

Show HN: McpX – A C# Library to Communicate with Mitsubishi PLCs via MC Protocol

Show HN: Nightcrawler – A scanner that finds low-hanging fruit while you work

Comments