Specialization, Javascript, and Automation

Hey! This week was also full of stuff for me. I worked a lot on ReWorker, but I'm not going to talk about that here. But later this week, I came back into security.

I thought a lot about what to do next. I had my automation to create, to help me every day. And then, I wanted to find a skill to be very good at. Like a specialization, instead of just being average in everything.

Specialization

To find where to be good at, I first thought about what I'm currently good at. Looking at bug bounty, I'm mainly focused on searching for IDORs, and XSS. Okay, but that's not very specific, and most of the time, it's usually common ones. I don't especially want to be specialized in IDOR, because it's not really fun for me, and there are not a huge amount of ways to achieve an Improper Access Control.

In another part, I'm pretty good at dev. It's been more than 10 years that I've been making websites, apps, etc. So my skills in dev and especially in Javascript are quite nice. So, go use these skills in security now instead of looking for something totally new.

I know how to code in JavaScript, but not really how to break it. I finally decided to focus more on client-side vulns.

Javascript

To achieve that, and as I wanted to build some automation to help myself, I took back to take a look at the DomLogger++ extension from @Mizu.

It's a really great way to monitor anything in the DOM of your page. It will be useful for me to detect DOM XSS, and also Post Message stuff to look at.

I just missed some features on it like being able to monitor any page using pwnfox and not only by putting each URL. So I finally collaborated with Mizu to add it to the extension and it will be live in the next release.

In the next week, I will probably also help him develop the backend part of the extension.

I'm also looking a lot more at write-ups about client-side stuff to dig deep into everything. So, If you have any good recommendation for me, let send it ;)

Building my automation

I finally came back to making my own way to automate everything. I removed Rengine as it wasn't following my workflow. I wanted something smooth and usable using my tools.

So, I now use secator. It's a simple tool to manage a lot of tools and build scans and workflows using Yaml files. It's light and it works perfectly. But it's only for CLI. It's cool but I prefer something visual.

In my VPS, I have secator installed, to launch a scan, and monitor everything, I set an N8N instance. It's simply a no-code tool to build APIs, and automation. With that, I can simply create an API to launch a scan from everywhere like that :

Then, how to store the data? Secator already has an output version to store everything in a MongoDB database. So, let's use it. I can now create another n8n automation, to get data, based on filters.

Okay, finally, how to display the data ? I wanted to build a nice dashboard and stuff, I looked at Elastic Seach, Kibana, and Grafana. But it was a real pain to set up everything. Having the right version, finding an aggregator for MongoDB, etc.. and it's not very light as a solution.

So, I finally used Metabase. It's perfect for me as this is light, and beautiful, you can make great dashboards with it, display the data, make filters, etc...

Now, I can view my data. How to create new scans now? I have the API from N8N to do it, but I don't want to make a curl each time I want to add a scan.

I'm on the Apple ecosystem, and I use a lot Raycast, sorry for those not on Mac, but for the next part of my automation, it's on it, but you can write your own version ;)

I created a Raycast plugin to get all of my data, and also to launch a scan, here is an example :

I can access that everywhere on my computer, and display my data. I also made some views to display my recon data, which then fetch my n8n API.

It's now perfect for my automation. I also made in this plugin some other stuff like helping me write reports, to be fast.

With that, I'm also working on a Caido plugin, to help me detect XSS and other stuff.

It's not a big automation, but it will help me every day to find the best place to hack.

If you have any questions about that, feel free to ask me ! And if you come to LeHack at the end of the week, come say hi!