TL;DR;Sign up for Vidoc Research
- We improved Active Recon and data search option
- Changed payments system to subscription model
- Introduced Module-based security scanning with nuclei-like templates
- Introduced Module Editor
We are happy to introduce the newest addition to the security researcher's toolkit - Vidoc Research - a web-based application that streamlines and simplifies the process of monitoring assets and identifying vulnerabilities.
This innovative tool, developed by a team of security experts, is designed to save time and effort for security engineers, AppSec teams, consultants, as well as anyone involved in bounty hunting or vulnerability research.
The tool allows users to define vulnerability types using nuclei-like YAML templates or choose from a library of predefined vulnerabilities. The application then runs checks against all targets - defined by our recon module, or a single host. This eliminates the need for manual set up and significantly speeds up the research process.
One of the key features of this tool is its user-friendly interface. There is no need to set up or configure anything - simply log in, provide the domain name, and choose a module with a predefined vulnerability. The tool takes care of the rest, making it easy to use even for those who are not experts in security.
1. Reconnaissance and assets monitoring
- Technologies detection - server fingerprinting - with easy to use search
- Better and more affordable pricing
- You can pause a recon whenever you want
If you are not familiar with the reconnaissance feature of our tool read ahead, if you already know it, feel free to skip this part of the article.
With our tool recon is easy. You provide the name of the domain and the tool gives you all the information including:
- DNS records
- Open ports
- Web servers and technologies used (fingerprinting)
We provide advanced search options, you can query results by status codes, IP addresses, technologies, or other keywords - no more writing hacky regex and storing million lines of garbage data!
Assets and domain monitoring
One of the key advantages of using Vidoc Research reconnaissance is its ability to monitor assets and domains in real-time. This eliminates the need for manual checks and ensures that you're always up-to-date with the latest information.
A platform provides 24/7 reconnaissance to keep you informed of any new targets that appear on the internet. Whether you're a member of a security team in a company or a bug bounty hunter, this tool will help you stay ahead of the game - monitor and protect your assets (or get easy bounty ;).
2. New feature - Modules
You have all your targets, you know what technologies are used, now you can choose a module from our module library and run a check against your targets. What is a module? It is a predefined vulnerability in a nuclei-like YAML template that you can use to discover security bugs in your targets.
You suspect that the target infrastructure is on AWS and they use Symfony (which you actually get to KNOW when you use our recon feature thanks to fingerprinting)? Choose AWS bucket takeover and Symfony Profiler modules from our library and run them, to check if target instances are vulnerable. Easy.
The best part is you only run modules you choose, that best suit your target infrastructure. It reduces the number of false positives to the absolute minimum, you save lot of time.
We do not use a nuclei engine, our custom solution is optimized for large-scale scanning. It’s faster and more reliable. Vidoc Research sends requests from multiple different IPs - each scan is done from a unique address to avoid any rate limiting and make sure you get the best results. Always.
When the vulnerability is discovered you will see it in the “Issues” tab. The tool provides detailed information about severity of the bug, target, raw request and response with POC URL. You can also generate a security report enhanced with AI model.
Our modules are available in active and passive mode. Active means the scanning requests are done once on the target you define. Passive mode checks for vulnerability in each recon or scanning request done from the point you enable it. It is useful for example in case of searching for specific flags or keywords in the request header and body.
3. New feature - Visual and Code Module creator
With the ability to customize and define your own modules, you can tailor the tool to your specific needs and requirements.
You didn’t find the right module or you want to modify the one available in our library? You can import the module to your “My modules” tab to modify it, or create a new one.
How to modify a module?
You need to import the module and click the edit button. We give you an easy to use interface that allows you to modify the module in a Postman-like visual editor. You can also modify it directly in the code editor, you have access to raw YAML template.
How to create a new module?
You go to the “My modules” tab and click the create new module red button. You can now create a custom module with visual or code editor, or…. Use nuclei template from Github. Yes, it is that easy.
With our tool you can create workflows for regular security tests, automate recon and passive checks.
This feature is particularly useful for security professionals who need to carry out a specific set of actions repeatedly, such as running specific security checks, monitoring certain assets, or analyzing data. With the ability to create custom workflows, these tasks can be automated, saving time and increasing productivity.
Additionally, next feature we are planning to release is "Share project with a team". It will allow users to easily share workflows and results of your research with team members, making it easy to collaborate and work together.
Unlike many other security tools that are outdated, difficult to configure, or hard to use, this web application is available to everyone. This means that security researchers and engineers of all skill levels can benefit from its capabilities.
In conclusion, this tool is a game-changer for anyone involved in vulnerability research, bounty hunting or web security engineering. Its user-friendly interface, predefined vulnerabilities, and web-based accessibility make it a valuable addition to any security team's toolkit. If you want to save time, effort, and money this tool is definitely worth checking out.