Huntarr - Your passwords and your entire arr stack's API keys are exposed to anyone on your network, or worse, the internet
12 points by tiff
12 points by tiff
What does huntarr do? Seems like all traces of it have been wiped from github.
Based on a mirror of the source from before the scrub:
This application continually searches your media libraries for missing content and items that need quality upgrades. It automatically triggers searches for both missing items and those below your quality cutoff. It's designed to run continuously while being gentle on your indexers, helping you gradually complete your media collection with the best available quality.
Based on the name and the connection to Plex, I would guess it's an add-on to Plex for automated downloading of torrents.
whew I'm on the fence about /t/vibecoding applied to this, since that's arguably what it's about, but the post itself only does the tiniest amount of vibecoding for the repro script
Anyway, in case someone wants a non-reddit flavor https://github.com/rfsbraz/huntarr-security-review/blob/main/Huntarr.io_SECURITY_REVIEW.md is the meat-and-potatoes without all the subreddit drama
This is obviously a worst case scenario but there's a reason I don't trust slopware.
where did the huntarr go from github? I get 404