Flashbang

Flashbang is an open-source Flash-security helper tool designed to extract and display flashVars from a SWF that is “naked” (i.e. not wrapped in a bigger application) so that security testers can begin analysis (e.g. for XSS or other vectors) without decompiling the whole SWF. It is built atop Mozilla’s Shumway project. It works in modern browsers via HTML/JS, can also be run locally, and does not upload SWFs to servers (processing stays local). It is still considered alpha quality. Clone the repo using the --recursive flag, so that all necessary submodules are cloned as well. Ideally, clone it into an Apache web-root (or any other web server). Prepare the environment for Shumway to work properly.

Features

Extracts flashVars from SWF files without requiring full decompilation
Runs in browser via Shumway (web-based environment)
Local installation support so one can run offline or self-hosted
Open tool (open source) under MPL-2.0 license
Does not upload user files—privacy preserved in that regard
Comes with a test set of SWFs (flash-files) including vulnerable examples, for experimentation and evaluation

Project Samples

Project Activity

See All Activity >

License

Mozilla Public License 1.0 (MPL)

Follow Flashbang

Flashbang Web Site

Other Useful Business Software

Application Monitoring That Won't Slow Your App Down

AppSignal's Rust-based agent is lightweight and stable. Already running in thousands of production apps.

Full APM with errors, performance, logs, and uptime monitoring. 99.999% uptime SLA on the platform itself.

Start Free

Rate This Project

User Reviews

Be the first to post a review of Flashbang!

Additional Project Details

Programming Language

ActionScript

Related Categories

ActionScript Security Software

Registered

2025-09-23

Similar Business Software

New Relic

There are an estimated 25 million engineers in the world across dozens of distinct functions. As every company becomes a software company, engineers are using New Relic to gather real-time insights and trending data about the performance of their software so they can be more resilient and...

See Software
Proton Pass

Proton Pass is an open-source password manager based in Switzerland that encrypts your usernames, passwords, bank cards, and encrypted notes and lets users quickly autofill details across all devices and browsers. Proton Pass goes beyond keeping your password safe, it secures your online...

See Software
Auth0

Auth0 takes a modern approach to Identity, providing secure access to any application, for any user. Safeguarding billions of login transactions each month, Auth0 delivers convenience, privacy, and security so customers can focus on innovation. Auth0 is part of Okta, The World’s Identity...

See Software
ManageEngine Endpoint Central

ManageEngine Endpoint Central is built to secure the digital workplace while also giving IT teams complete control over their enterprise endpoints. It delivers a security-first approach by combining advanced endpoint protection with comprehensive management, allowing IT teams to manage the...

See Software
Grafana Cloud

Grafana Labs delivers the leading AI-powered observability platform, built around Grafana—the world’s most widely adopted open source technology for dashboards and visualization. Recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for Observability Platforms, Grafana Labs supports more...

See Software
FusionAuth

FusionAuth is a modern, developer-focused identity and access management platform built to give you full control over your authentication stack. Whether you’re building a startup app or managing enterprise-scale infrastructure, FusionAuth delivers all the must-have features — from login and SSO...

See Software