How we made $120k bug bounty in a year with good automation
·
7 min read
Want to find bugs in:
- Microsoft?
- Google?
- Facebook?
- Yahoo?
- your own infrastructure?
Research Platform
By researchers, for researchers
Asset inventory and monitoring with active recon feature
Be the first one to know when new server appears on the domain with a custom daily recon service, search and export DNS records, open ports, and active web servers.
Scan million of hosts without setting up complicated infrastructure
We provide the engine so you can focus on hacking. You can define vulnerabilities in nuclei-like templates, or choose ready to use modules from our library, and test them in large-scale using our engine to send requests.
Fast and easy way to query data
Manage thousands of records in an easy to use dashboard. Find keywords in subdomains, group records by open ports or response status code and many more.
Collaboration
Store all your findings, payloads, test history, and notes in one place. Invite friends to share your work and collaborate on bug bounty programs.
Interested in trying out?
Frequently asked questions
It is a collaboration platform, reconnaissance and scanning tool that will allow you to search for security vulnerabilities in web applications in an easy and effective way. It is dedicated to security researchers, red teamers, security engineers and consultants
It’s easy, you add a domain you want to research, start “Active Recon” and get a list of all working server IPs, subdomains, open ports and additional information. You can also scan targets for vulnerabilities defined in nuclei-like YAML templates in “Module Library”. You can create your own modules in “My modules” using visual or code editor.
You don’t have to set up your own infrastructure, you just type name of domain and get results in a few minutes. We use advanced recon techniques, requests are made from multiple servers with changing IP, we gather data from multiple sources to minimise a risk of missing possible targets. “Active recon” means we run recon 24/7, whenever a new target appears you will know, it will be added to the results. You can easily manage your data and query it using the “advanced search option”.
The price depends on how many scans you want to do and how many subdomains you want to scan. Full pricing list is available on the platform.
Yes! You can create your own modules in “My modules” tab, edit them in visual or code editor. We use nuclei-like YAML templates for your convenience so you can easily define vulnerabilities and test your payloads.
Yes, of course, if you are interested in custom business offer contact us.
Don’t hesitate to send us an email on contact@vidocsecurity.com - feel free to reach out on Twitter - either Dawid or Klaudia will be happy to help you.
Interested in trying out?
We are a team of experienced security engineers
Our goal is to provide security experts with a platform to produce valuable research and help companies secure their web services. Among our team members we have experienced web developers, security engineers and researchers.
Dawid Moczadło
Security Researcher & Co-Founder
Klaudia Kloc
Security Researcher & Co-Founder
What do we do?
Vidoc Security Research Platform
The tool allows users to search for newest targets using active recon feature, define vulnerability types using nuclei-like YAML templates or choose from a library of predefined vulnerabilities. The application then runs checks (scan) against chosen targets. This eliminates the need for manual checks and significantly speeds up the research process. We provide you with advanced search option so you can easily query gathered data. Our goal is to make your job easier and more efficient by providing an all-in-one tool for security researchers, bug bounty hunters and consultants.
Vidoc Security Research for Business
Monitor your assets with our active recon feature. Test and observe your external attack surface, scan for vulnerabilities with our modules, customise them in nuclei-like templates. Interested? Dont’e hesitate to contact us: contact@vidocsecurity.com
Security Research
We study web application libraries, tools and services to explore new vulnerabilities and attack types. We scan thousands of hosts daily to detect similar patterns based on findings, report them to companies, and then produce well-researched, in-depth content to share knowledge with researchers and raise awareness.
Projects
Our team submitted almost 100 security reports to several tech companies, including Facebook/Meta, Microsoft, Yahoo, Shopify and many more.
Our findings include original vulnerabilities, never published before. Based on our security research we create modules for the web application security
scanner we are developing, to scan infrastructure of 1300 companies for similar bugs. More information on the tool and its availability for our business partners is coming soon.
Subscribe to our newsletter to be the first to hear about our security research and the tool.
