Posts

Showing posts from January, 2018

BugBounty.site Public Launch

Image
Background About 2 months ago, I started to code multiple different tools and brainstorm different ideas on how to make my bug bounty life easier. One of the code I wrote was a small search engine that allowed for looking up AWS bucket based on a company name. After I coded that project, I launched it publicly and announced it on Twitter: 
Soon after that, I was approached by AWS team because they liked the idea but had some questions regarding it. Overall, it was a fun experience talking with them and exchanging different ideas on how this product could be made better. During my talk with the AWS team, they raised an extremely valuable concern. This scanner is suppose to run scan every 48 hours and update the search engine accordingly but what if this was misused? When it was initially launched, it was open to everyone. This meant anyone could use it without the service monitoring who was using it. This raised a concern that what if someone uses this tool and then threatens a compan…