Ethical Hackers need tools to find web vulnerabilities quickly, before attackers can exploit them, is critical for organisations that want to stay on top of web application security.
When an ethical hacker discovers a vulnerability, he or she can write a module as a JSON file and test it in Ugly Duckling to ensure that it works. The JSON file is then implemented on Detectify's platform, where it is distributed to thousands of application owners and security teams. Within ten minutes of submission, vulnerability findings can be run live as security tests.
Detectify stated in their blog that they can quickly implement vulnerability knowledge from hacker-to-scanner.
"Today Detectify implements vulnerability knowledge from hacker-to-scanner in as fast as 15-minutes (new record since this article), and activating ethical hackers to submit accurate Proof-of-Concepts will enable a higher velocity of security information flow to security defenders."
Most distinguishing feature of Ugly Duckling is its simple and MIT-licensed code, which allows you to use it as a starting point for developing your own custom scanner.
The Ugly Duckling web scanner is not restricted to ethical hackers participating in Detectify's Crowdsource network. But is available to anyone for bug bounty hunting, security research, or penetration testing. It is now available on GitHub.
Hi, I’m vijay dhanda, a tech enthusiast and blogger with a passion for computer and electronics. With years of experience in the field, I love sharing my knowledge and expertise with others through my technical blogs. Along with my love for technology, I’m also interested in games and health. Whether I’m writing about the latest gaming trends, new electronics gadgets, or sharing my health tips and tricks, my goal is to provide readers with valuable insights and information they can rely on. Hope you like the content I am writing and share your feedback.