RequestHunt is a community-driven platform that collects and curates feature requests from X (Twitter), Reddit, and GitHub. We help product teams discover what features real users are asking for, making it easier to validate product ideas and prioritize feature development based on actual user demand.

How does RequestHunt collect feature requests?

RequestHunt uses AI-powered extraction to automatically collect feature requests from social media platforms including X, Reddit, and GitHub. The platform monitors discussions, issues, and posts to identify genuine user feature requests, extracting key information like the requested feature, product mentioned, and user sentiment.

Who uses RequestHunt?

RequestHunt is used by product managers, founders, developers, and product teams who want to discover what features real users are requesting. It's particularly valuable for startups looking to validate ideas, established companies prioritizing their roadmap, and developers building products that solve real user problems.

Is RequestHunt free to use?

Yes, browsing and searching feature requests on RequestHunt is completely free. We also offer API access for developers who want to integrate feature request data into their own applications. Check our pricing page for API plan details.

How often is RequestHunt data updated?

RequestHunt continuously collects feature requests from Reddit, X (Twitter), GitHub, YouTube, LinkedIn, and Amazon. You can also trigger on-demand scraping via the API or web interface to get the freshest data for any topic.

Add automated checks for security vulnerabilities

User mentions building a workflow to automate checks for security vulnerabilities in cloud environments, suggesting a need for automated tools to identify issues like 'Shadow' Admin roles and hardcoded API keys.

Original Source

@u/Efficient_Sample4327 | 1 pts | 3/1/2026

Most people think hackers use complex zero-days. In reality, it's almost always "low-hanging fruit" that devs miss during fast sprints. 1. **The "Shadow" Admin:** A dev creates a temporary IAM role for a quick fix, gives it full Admin access, and forgets to delete it. 6 months later, those keys are still active. 2. **Secrets in Plain Sight:** Hardcoded API keys in a `.env` file or a config file that accidentally got pushed to a non-production branch. 3. **The Public Bucket "Oops":** An S3 bucket that was meant for assets but contains one sensitive JSON file with public read access. We’ve been building a workflow to automate these checks (both in the code and the cloud config) because manual reviews are just too slow. **I’ve put together a 10-point 'Pre-Production' checklist for this. If anyone wants it for their team, let me know and I'll send it over.**

Discussion

Loading comments...