Launch HN: Ghostship (YC S25) – Ghostship(YC S25):帮你找出 Web 应用漏洞的 AI 智能体
11 分•作者: jessechoe10•9 个月前
大家好,我们是 Jesse 和 Gautham。我们正在开发 Ghostship (<a href="https://tryghostship.dev/">https://tryghostship.dev/</a>)。
Ghostship 让你通过输入你的网址并描述用户旅程来发现 Web 应用程序中的错误。
这里有一个 Ghostship 运行的视频:<a href="https://www.loom.com/share/dec264ae32f94d50adb141c9246837c3?sid=b3a6121e-1a6f-4428-8e5d-7a9bc502fcd2" rel="nofollow">https://www.loom.com/share/dec264ae32f94d50adb141c9246837c3?...</a>。
我们从事开发工作已经超过了我们人生的一半时间,并且做过大量面向用户的项目,比如我开发的名为 CerealCodes 的编程竞赛,或者在 Upwork 上的自由职业项目。我们面临的最大问题是,我们在没有测试的边缘情况下发布了错误,而且每次发布新功能时,测试过程都很麻烦。我们尝试过自动化测试工具,但这些工具不稳定,无法适应功能的变化。而且,设置起来也很麻烦。
我们的解决方案是使用浏览器代理,通过像用户一样点击你的产品来帮助你发现 Web 应用程序中的错误。你只需输入你的网址,描述用户会做什么,Ghostship 就会遍历用户旅程并尝试通过视觉观察在用户旅程的每一步中应该点击哪里来推断边缘情况,从而找到错误。然后,我们会展示我们的代理遍历你的 Web 应用程序的会话回放,并列出它所采取的所有步骤。
我们几乎不需要任何提示就能找到边缘情况。你只需要输入一个网址和一个用户旅程(如果你的 Web 应用程序有登录凭据,请输入一些测试凭据)。
我们使用 Ghostship 发现的一个错误是在 YC 申请页面上。显然,你可以按逆时间顺序添加你的教育日期(2022 年 4 月到 2021 年 1 月,这毫无意义)。
我们发现的另一个错误是我们进行原型编码的一个加密智能合约 CRM 仪表板,其中我们发现了一个与数据损坏相关的错误,当你尝试多次编辑草稿合同时。
你可以在这里注册:<a href="https://playground.tryghostship.dev/">https://playground.tryghostship.dev/</a>,获得有限数量的积分。我们很乐意听取 HN 社区的意见,无论你是为了好玩而构建 Web 应用程序,还是作为开发人员向客户发布很酷的面向用户的产品。我们很乐意看看我们能用 Ghostship 在你的 Web 应用程序中找到什么错误!
附注:如果你希望 Ghostship 直接集成到你的 CI/CD 管道中,并在每次 PR 后运行,请与我们预约演示。
查看原文
Hi HN, we're Jesse and Gautham. We're building Ghostship (<a href="https://tryghostship.dev/">https://tryghostship.dev/</a>).<p>Ghostship lets you find bugs in your web app by entering in your URL and describing a user journey.<p>Here's a video of Ghostship in action: <a href="https://www.loom.com/share/dec264ae32f94d50adb141c9246837c3?sid=b3a6121e-1a6f-4428-8e5d-7a9bc502fcd2" rel="nofollow">https://www.loom.com/share/dec264ae32f94d50adb141c9246837c3?...</a>.<p>For over half our lives, we've been developers and we've done tons of user-facing projects like a coding competition I built called CerealCodes or freelancing projects on Upwork. The biggest problem we faced was that we shipped bugs in edge cases we didn't test, and the process of testing was annoying to do everytime we shipped a new feature. We tried automated testing tools, but those were flaky and couldn't adapt to feature changes. They also were really annoying to set up.<p>Our solution is to use browser agents to help you find bugs in your web app by clicking through your product like users would. You'd enter in your URL, describe what a user would do, and Ghostship would go through and try finding bugs by going through the user journey and extrapolating edge cases by visually seeing where else to click as it goes through each step in the user journey. We then show session replays of our agents going through your web app and list out all the steps it took.<p>We're able to find edge cases with almost no prompting. All you need to do is enter in one URL and one user journey (if you have login credentials on your web app, enter in some test credentials).<p>One bug we were able to find with Ghostship was on the YC application page. Apparently you could add your education dates in reverse chronological order (April 2022 to January 2021, which makes no sense).<p>Another bug we were able to find was a crypto smart contract CRM dashboard we vibe coded where we found a bug involving data corruption when you tried editing a draft contract multiple times.<p>You can sign up here: <a href="https://playground.tryghostship.dev/">https://playground.tryghostship.dev/</a> for a limited number of credits. We'd love to hear from the HN community, whether you're building a web app for fun or a developer shipping a cool user-facing product to customers. We'd love to see what bugs we can find in your web app with Ghostship!<p>p.s. If you want Ghostship directly in your CI/CD pipeline and run after every PR, book a demo with us.