Hackyx, Vibe Coding and opportunities
• public
Table of contents
This was more related to dev instead of hunting a lot. And that was great. It's been a while since I developed something, and going back on that was refreshing.
As I told a friend, being able to switch from different jobs when you want is a banger; this way, I can purely focus on what I love. These past days, I was working on my project Hackyx.
Vibe Coding
It's crazy how it is right now. I was, to be honest, a bit against that, seeing a lot of security issues and bad code everywhere due to that, but I wanted to give it a try.
I've already used Cursor a lot in the past, but it was more for the autocomplete part, and the AI was pretty bad at coding, and no agent was there.
I came back on it, and wow, that's totally crazy. The agents work for you, the chat thinks for you, you just have to ask some questions, be clear on the explanations, and tell him when he's wrong.
And it works. For sure, there are a lot of mistakes and stuff I would develop totally differently myself, but it was sooo fast.
I understand why a lot of people are using it, but I don't know how it's possible to directly push it into production without being a developer. I found so many issues related to the code, the security, and the api that I needed to ask him to fix them. But having the eye of the developer was perfect for that. I'm not the developer anymore, I'm just here to correct the AI and improve it, my codebase, and be critical.
I heard a lot doomer and rez0 talking about Hackbot and agents for hacking. And I'm now joining them. It can be awesome. Not for finding bugs, but to be fast and help you find some juicy stuff easily,
For instance, taking some agents to just create you 2 or 3 different accounts on a platform, understand the context, and make you a full doc of all the information that can be useful to hunt on them. That can be huge, and I will take a look at that for sure.
For the stack to code, I'm actually using Cursor with Claude 3.7, which is great. I know I can still improve it by using the new versions and MCP, but this version is enough for me and also quite cheap ( $20/month ), so let's use it for Hackyx.
Hackyx
That was one of my most promising projects that was quite abandoned these past months. I know that this is a great project that can be useful for a lot of people, especially me, and I have a lot of ideas to improve it, but you know I'm lazy.
So I tried doing more with the AI. And trying to make the features I wanted to finish by using agents. And it worked. I just needed to rework on some stuff and correct him, and fix some bugs. But the base code was really great. So what's new on it?
I wanted to push to prod the latest version before releasing this article, but I'm still working on it and parsing a lot of articles and bug reports, so I prefer to wait the next week to have something clean.
Embeddings
Before that, I was only using a pure text-based search, which means that if you made a typo or if you didn't really know what to search, it was impossible for you to get a result.
Now, before indexing the content, I'm making embeddings ( which is a matrix of numbers ) to easily find similar content, and to help AI in later releases to make a chatbot with all the content, for instance, or to find content easily.
With that, it will be much easier to connect content between them and make better searches.
Parsing
I also rewrote all the parsers to get better results. Before that, I was just using a headless browser to fetch the content, and take the text of that, trying to find tags in it, and that's it.
Now, for each type of content, I have a special parser. After having fetched the content, I'm using the OpenAI API to find the best tags, looking a the text about CVE, finding the program, etc. So it's much more accurate, even if it costs me money, but more on that later.
I now have a proper dashboard to manage all the content, approve it manually, or not.
I'm currently parsing everything again, every report and CTF writeup, so it's pretty long.
Queue and RSS feeds
I also set up a queue and jobs to help me increase the number of articles and stuff that will be populated on Hackyx. This way, I can run jobs, using repeated tasks, and everything will always be up to date.
A new RSS parser was also made to always fetch the last articles from some RSS feeds, like well-known blogs, so that will be great to always have the latest article directly on the release date.
User management
I also wanted to build a user system, having a login, password reset, and stuff to let users create and manage an account, so it's now done.
I need to be sure everything is good before releasing it, I know you are all bug hunters, so the security should be perfect.
You can also notice that there is now a Premium tier. That's for soon.
As I told you, I want to have different revenue sources, and that would be nice to have Hackyx as one of them. But don't worry, for the simple search, as you were getting used to them, it will still be free.
But I will release new advanced features that I will probably tell you next week, that will cost me a lot and that will also be very powerful for you, so stay tuned.
Opportunities
I got the energy to come back on Hackyx thanks to my uncle, who invited me to his home for a few days and talked to me about a new idea he has. We talked about that around a fire, and that was great, and it gave me new ideas for Hackyx.
Being open to ( almost ) everything gave me a lot of new opportunities recently. My first article for Bugcrowd will be released this week. I'm also working with a lot of great hunters who asked for some help on some programs.
I have a lot of nice programs that I want to take a look at, so I have to hunt on them.
I just need to don't buy this fucking Nintendo Switch 2, otherwise I know that I will take a break of a month to play Mario Kart.
Also, tomorrow is LeHack in Paris, I will be there and do the bug bounty event by YesWeHack, so if you're there, come say hi!
