Vidoc Security Lab

Large-scale hacking

import your bug bounty programs and automate recon

Vidoc

Want to find bugs in

  • Microsoft?
  • Google?
  • Facebook?
  • Yahoo?
  • your own infrastructure?

Research Platform

By researchers, for researchers

Vidoc logo

Automatic recon

We do recon so you can focus on hacking. We gather subdomains from several databases, port scans results, and provide you with fingerprint of working web servers.

Vidoc logo

Scan millions of hosts without writing single line of code

You don’t have to code anything, with our tool you can run nuclei-style yaml template against all of your bug bounty programs in few minutes

Vidoc logo

Asset inventory

Be the first one to know when new server appears on the domain with a custom monitoring service, search and export DNS records, open ports, and active web servers

Vidoc logo

Collaboration

Store all your findings, payloads, test history, and notes in one place. Invite friends to share your work and collaborate on bug bounty programs.

Vidoc

Frequently asked questions

It is a collaboration platform, recon and scanning tool that will allow you to do large-scale research on thousands of subdomains and share your work with others. It is dedicated to security researchers, red teamers and security engineers.

It’s easy, you upload a list of domains from bug bounty programs (currently we support HackerOne, BugCrowd and Intigity import), start a new scan and get a list of all working server IPs, subdomains, open ports and additional information. We make sure you won’t miss any target with our sophisticated reconnaissance module.

You don’t have to set up your own infrastructure, you just upload the list of domains and get results in a few minutes. We use advanced recon techniques, requests are made from multiple servers with changing IP, we gather data from multiple sources including paid databases to minimise a risk of missing possible targets. We also offer monitoring service for a given domain - whenever a new target appears you will be notified.

The price depends on how many scans you want to do and how many subdomains you want to scan. Full pricing list is available on the platform.

We currently do not support that, this feature is under development and will be available soon. Be the first one to test the new features on our platform and sign up for our waiting list.

Yes, of course, if you are interested in custom business offer contact us.

Don’t hesitate to send us an email on contact@vidocsecurity.com - feel free to reach out on Twitter - either Dawid or Klaudia will be happy to help you.

We are a team of experienced security engineers

Our goal is to produce valuable security reserach and help companies secure their web services. Among our team members we have experienced web developers, security engineers and researchers.

Dawid Moczadło

Dawid Moczadło

Security Researcher & Co-Founder

Klaudia Kloc

Klaudia Kloc

Security Researcher & Co-Founder

Oriana Olivetti

Oriana Olivetti

Security Researcher

What do we do?

Vidoc logo

Security Research

We study web application libraries, tools and services to explore new security vulnerabilities and attack types. We scan thousands of hosts daily to detect similar patterns based on findings, report them to companies, and then produce well-researched, in-depth content to share knowledge with researchers and rise the awarness.

Landing illustration
Vidoc logo

Tools

We’re working on a new web application security scanner dedicated to modern web applications. Our goal is to create a tool with lower false positive rate, and more customization options, tailored specifically for every cutomser need. More information coming soon.

Computers illustration

Projects

Our team submitted almost 100 security reports to several tech companies, including Facebook/Meta, Microsoft, Yahoo, Shopify and many more. Our findings include original vulnerabilities, never published before. Based on our security research we create modules for the web application security scanner we are developing, to scan infrastructure of 1300 companies for similar bugs. More information on the tool and its availability for our business partners is coming soon.

Subscribe to our newsletter to be the first to hear about our security research and the tool.

Subscribe to newsletter