Hacking Swagger-UI - from XSS to account takeovers
·
10 min read
Want to find bugs in
- Microsoft?
- Google?
- Facebook?
- Yahoo?
- your own infrastructure?
Research Platform
By researchers, for researchers
Automatic recon
We do recon so you can focus on hacking. We gather subdomains from several databases, port scans results, and provide you with fingerprint of working web servers.
Scan millions of hosts without writing single line of code
You don’t have to code anything, with our tool you can run nuclei-style yaml template against all of your bug bounty programs in few minutes
Asset inventory
Be the first one to know when new server appears on the domain with a custom monitoring service, search and export DNS records, open ports, and active web servers
Collaboration
Store all your findings, payloads, test history, and notes in one place. Invite friends to share your work and collaborate on bug bounty programs.
Frequently asked questions
It is a collaboration platform, recon and scanning tool that will allow you to do large-scale research on thousands of subdomains and share your work with others. It is dedicated to security researchers, red teamers and security engineers.
It’s easy, you upload a list of domains from bug bounty programs (currently we support HackerOne, BugCrowd and Intigity import), start a new scan and get a list of all working server IPs, subdomains, open ports and additional information. We make sure you won’t miss any target with our sophisticated reconnaissance module.
You don’t have to set up your own infrastructure, you just upload the list of domains and get results in a few minutes. We use advanced recon techniques, requests are made from multiple servers with changing IP, we gather data from multiple sources including paid databases to minimise a risk of missing possible targets. We also offer monitoring service for a given domain - whenever a new target appears you will be notified.
The price depends on how many scans you want to do and how many subdomains you want to scan. Full pricing list is available on the platform.
We currently do not support that, this feature is under development and will be available soon. Be the first one to test the new features on our platform and sign up for our waiting list.
Yes, of course, if you are interested in custom business offer contact us.
Don’t hesitate to send us an email on contact@vidocsecurity.com - feel free to reach out on Twitter - either Dawid or Klaudia will be happy to help you.
We are a team of experienced security engineers
Our goal is to produce valuable security reserach and help companies secure their web services. Among our team members we have experienced web developers, security engineers and researchers.
Dawid Moczadło
Security Researcher & Co-Founder
Klaudia Kloc
Security Researcher & Co-Founder
Oriana Olivetti
Security Researcher
What do we do?
Security Research
We study web application libraries, tools and services to explore new security vulnerabilities and attack types. We scan thousands of hosts daily to detect similar patterns based on findings, report them to companies, and then produce well-researched, in-depth content to share knowledge with researchers and rise the awarness.
Tools
We’re working on a new web application security scanner dedicated to modern web applications. Our goal is to create a tool with lower false positive rate, and more customization options, tailored specifically for every cutomser need. More information coming soon.
Projects
Our team submitted almost 100 security reports to several tech companies, including Facebook/Meta, Microsoft, Yahoo, Shopify and many more.
Our findings include original vulnerabilities, never published before. Based on our security research we create modules for the web application security
scanner we are developing, to scan infrastructure of 1300 companies for similar bugs. More information on the tool and its availability for our business partners is coming soon.
Subscribe to our newsletter to be the first to hear about our security research and the tool.
