Your next read Working hard, Problems with programs and Automation

Public programs, Recon and ReWorker

Aituglo public
4 min read
Public programs, Recon and ReWorker
ReWorker

Table of contents

Hi everyone! Today, I have plenty of stuff to cover. I finally decided to launch my side project and finish an MVP of it. I also came back to doing some recon and I'm now focused on public programs more than private ones.

Having the time to focus on projects is very nice. At first, I thought that having multiple projects at the same time was not a good idea, especially if it's not in the same field as IT security. Finally, it's not that bad cause when you're upset finding bugs or developing stuff you can simply switch from one project to another and continue working on something else.

Public programs

When you start doing bug bounty, you are afraid of public programs, and it's been 2 years now that I've been doing bug bounty and I was afraid to start looking at big public programs. You know, there are too many people, it's hard, blablabla.

And a lot of people told me that it's not really the case, and often there are fewer people looking at them, simply cause everyone is afraid and thinks that there are a lot of people on them. At the end, it's just a simple program, they pay well, better than private ones, and the scope is usually huge so the attack surface is very cool.

The last event I did with Hackerone was on a big public program and we finally found a lot of nice stuff.

I'm now looking at other public programs and last week I found a pretty nice SSRF on a main app, you know the type of SSRF you usually find on CTF. I was able to retrieve the full AWS credentials. I pushed the report, and it wasn't duplicated so I'm now waiting for the bounty!

Recon

Working on public programs is often working on huge scopes. The problem I face is that I didn't have any recon except simply doing a basic subfinder and httpx.

Each time I wanted to build a recon workflow, I wanted to build a big app, doing parallel scans, using multiple tools, etc.. I know how to code, I know that I'm able to do a nice recon workflow. The problem is that I will then need to dev more than hacking at the end. Simply cause you always need to improve the workflow, increase the speed, and add new tools. And also debug everything, every time, and to be honest I'm too lazy for that.

But I still need to have a minimum recon, at least for subdomain enumeration, getting some screenshots, and getting some URLs. And I also love having a nice UI with a dashboard and all the fancy stuff. So finally, I decided not to build it myself.

I looked at all the existing recon flow on the net, and I came back to the most used one Rengine. I tried it in the past, but it wasn't working very well. And now it's quite good, but it missed a lot of nice features. But I just needed a base to work with.

I did a fork of it, and I will try to improve what I miss and push it. It's quite buggy, it's in Python, and the scans are all made on the same machine, so yes there is a lot to improve. But the base is pretty clean, the dashboard is nice, and the scan works.

I will not be a recon guy, but just having basic info of my target, will be useful for me.

ReWorker

A few weeks ago, I told you about a side project, making an app to find good places to work. I finally decided to create it.

As I didn't want to create something big at first and no one would be interested in the project, I made a simple MVP. You can view coffee shops near you, add one, and connect with the community.

I have plenty of other features I want to add to it, but I wanted to launch it publicly before, just to see if the idea is good. So after making the MVP, I just launched this day on ProductHunt.

Here is what the app looks like:

If you find the idea cool and it can interest you, you will find more information on the product hunt page. Also, if you like it, upvote it on the page, it can really help the project for the next steps: https://www.producthunt.com/posts/reworker

I want then to build a nice community behind that, and be able to meet other coworkers everywhere. And it also fit if you are a bug hunter or security researcher. Hacking together is always better ;)

Also, If you wanna try it feel free to test, the first seats are free for the premium tier before building something big.

Next week will probably be more focused on bug hunting. And I hope that all of my reports will be paid soon.

Ideas / Notes / Resources

  • I love having great people like @ajxchapman sharing insights of his bug bounty journey like that
  • My first launch in Product Hunt, I don't know if it will be nice or not
ReWorker. - Find the best places to work remotely and meet new coworkers | Product Hunt
ReWorker is an app to find the best places to work remotely. It also allows you to meet new coworkers to work with and find a community of people working online. Get a free access to the premium tier for the first 150 users with the PRODUCTHUNT code!
Product Hunt
Linkedin A solid styled icon from Orion Icon Library.
Aituglo

Aituglo

Paris
The author of this blog, a bug bounty hunter and security researcher that shares his thoughts about the art of hacking.

Recommendations