TL;DR Vidoc platform will allow you to find new targets, test your payloads and collaborate with other professionals. The application security recon tool and scanner we are working on is dedicated to modern web applications. Our goal is to make big scale research affordable and easy for everybody.
When people first start their bug bounty journey they usually feel a little bit overwhelmed. So many open source tools are available, so many learning materials, methods, and tips. Once you learn how to approach security research and find things that work for you you really start to enjoy the journey. And this is the moment you realize how important a good recon is.
You found a misconfig issue on a really popular server OS. You got your bounty. You start to wonder - how many other similar servers are available on your target’s network? How many similar misconfigured, buggy servers are running on all your bug bounty program targets? Have been there, done that. And that’s why we decided to share Vidoc - our reconnaissance and scanning tool with you.
What are we working on?
Once we started bounty hunting for real, we knew we would need a reliable request engine and recon tool that would be able to reach all targets. All available options were either not optimized for mass research - hence slow and hard to customize to fit our needs - or not reliable - they didn’t show all targets or return a lot of old data.
This is why we decided to write our own tool. Vidoc is an online recon ad scanning platform that gathers information about your targets from multiple sources including paid databases and returns a list of subdomains, IP addresses and open ports of working web servers. Once you have a list of targets with fingerprints you can send custom requests to them and test all your payloads.
Why use Vidoc?
We exfiltrate data obtained from multiple sources to make sure you get access to a list of working web servers, not non-existing ghost old endpoints. We also provide an option of continuous scanning and monitoring of chosen domains - whenever a new target appears you will be notified. You don’t have to set up anything, you don’t have to write a line of code to use our tool - we do this for you so you can focus on hacking. You save time and money for setting up and maintaining your own infrastructure.
Vidoc is more than just a tool - it’s a wide use platform that will allow you to store your notes, share your work and collaborate with others. We work on features that will let you keep all your research data in one place.
The Vidoc platform is made by professionals for professionals - it is optimized to maximize your chances of finding suitable targets. You can easily upload your bug bounty programs from HackerOne and get a list of subdomains and working servers.
We plan to give early access to the Recon module for chosen researchers on 30 of September.
Features available (not all of these feature will work right away):
Full access to Vidoc platform, including requests engine module that allows you to test your playloads on all your targets
Want to have early access to the Vidoc platform?
Sign up for our waitlist and newsletter
Join the waitlist