Ethical Hackers need tools to find web vulnerabilities quickly, before attackers can exploit them, is critical for organisations that want to stay on top of web application security.
When an ethical hacker discovers a vulnerability, he or she can write a module as a JSON file and test it in Ugly Duckling to ensure that it works. The JSON file is then implemented on Detectify’s platform, where it is distributed to thousands of application owners and security teams. Within ten minutes of submission, vulnerability findings can be run live as security tests.
Detectify stated in their blog that they can quickly implement vulnerability knowledge from hacker-to-scanner.
“Today Detectify implements vulnerability knowledge from hacker-to-scanner in as fast as 15-minutes (new record since this article), and activating ethical hackers to submit accurate Proof-of-Concepts will enable a higher velocity of security information flow to security defenders.”
Most distinguishing feature of Ugly Duckling is its simple and MIT-licensed code, which allows you to use it as a starting point for developing your own custom scanner.
The Ugly Duckling web scanner is not restricted to ethical hackers participating in Detectify’s Crowdsource network. But is available to anyone for bug bounty hunting, security research, or penetration testing. It is now available on GitHub.