synlace

synlace / ferret

Public

A modern HTTP proxy.

synlace.ai http http2 man-in-the-middle mitm-proxy proxy
22
2
85% credibility
Found May 17, 2026 at 23 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
TypeScript
AI Summary

Ferret is a web security testing tool that works like a smart browser history combined with an AI security analyst. You browse the web through its proxy, and it records all traffic. Then you can chat with an AI assistant to analyze the traffic, automatically run security tests, discover hidden endpoints, and document vulnerabilities you find. Everything runs locally in Docker containers, and you can organize your work into multiple projects.

How It Works

1
🔍 You discover a security testing tool

You hear about Ferret - a tool that captures your web traffic and helps you find security issues with the help of an AI assistant.

2
⚙️ You connect your AI assistant

On first launch, you enter your AI provider details - just like signing into a service. Everything is stored securely on your own computer.

3
🌐 You browse the web through the proxy

You configure your browser to route traffic through Ferret. Every request and response gets recorded automatically - like a detailed browser history that never forgets.

4
💬 You chat with AI about your traffic

You open a chat and ask questions like 'what endpoints did I visit?' or 'check if there are any SQL injection vulnerabilities'. The AI reads your captured traffic and responds.

5
The AI can help in different ways
🧪
Write and run tests

The AI writes Python test code and runs it automatically to check for vulnerabilities

🔎
Scan for endpoints

The AI runs web crawlers to discover hidden pages and API endpoints you haven't visited yet

📝
Just explain things

The AI answers questions about your traffic, explains what requests do, and suggests what to look at next

6
📋 You document your findings

When you find a vulnerability, you create a finding with a title, severity level, and evidence. Your findings are saved and organized by project.

Your security review is complete

You have a clear picture of what was tested, what vulnerabilities were found, and what still needs attention. Everything is saved in your project for later.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 23 to 22 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is ferret?

Ferret is a web-based HTTP proxy that intercepts traffic, stores it in a local SQLite database, and pairs it with an AI assistant. You route your browser or app through Ferret's proxy port, and every request/response gets captured with full headers, body, and timing data. The TypeScript UI lets you browse history, search requests, and annotate findings. The Python backend integrates with multiple AI providers so you can ask questions about your traffic in natural language, and the system will generate pytest scripts that replay specific requests against your API.

Why is it gaining traction?

The key differentiator is zero-infrastructure storage. Most HTTP proxy web UIs expect you to run Elasticsearch or a similar heavyweight backend. Ferret uses SQLite instead, which means you spin it up with docker-compose and it just works. No JVM, no Kafka, no Ops headache.

The AI integration is the second hook. When you spot something interesting in captured traffic, you can open a chat session scoped to a specific request, host, or your entire history. The AI can search your request archive, write tests, and run them inside an isolated sandbox container. This turns passive traffic inspection into active API testing.

The Snare feature adds programmable request interception. You configure rules by method, host, path, headers, or body patterns, and matching requests are held for review before being forwarded or dropped. This is useful for security testing workflows where you want human approval on sensitive operations.

Who should use this?

Backend developers debugging APIs will find the traffic replay and annotation features practical for tracking down issues. Security testers working with AI-assisted tooling will appreciate the rule-based interception and automated test generation. QA engineers writing integration tests against staging environments can use Ferret to capture real request shapes and convert them into repeatable pytest suites.

Verdict

Ferret is a well-structured concept at a very early maturity stage (22 stars). The test coverage is thorough, the architecture is clean, and the SQLite-first approach removes real friction that alternatives impose. That said, production users should monitor the project for documentation and community growth before committing to it as a primary tool. The 0.850 credibility score reflects solid engineering practices but limited adoption -- worth evaluating for medium-complexity API testing workflows, but treat it as a promising early-stage project rather than a mature solution.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.