I'm excited to share a project of mine called Bug Bounty Intelligence Stream. While automating my own bug bounty hunting, I realized the system detected more vulnerabilities than I could handle alone. Hence, I built this product.
The concept is simple: users can subscribe to an event stream that delivers pre-verified targets for potential bug bounty and security research. I take no credit for any findings and do not report them myself, so any potential bounty earnings are entirely yours. This tool might also interest academics studying the state of web security. I talked to a lawyer in my home country and from a legal standpoint I should be in no trouble. You can imagine the product like a sushi belt. You just sit there and watch as the tasty stuff comes your way and you grab whatever you want.
This is my first ever-product and I am hungry for feedback from you. Please use the coupon code HN100 to test for free for one month in the “per month” subscription.
Some example detections include:
Exposed .git, ssh-keys, docker-compose, .env, config Files
Extremely outdated PHP, WordPress, Apache, FTP
Public phpinfo()
Leaked database backups
Access to historical data
Automatic extraction of contacts from security.txt files
More complex detection capabilities