I am not seeing the long term, what is the value of this over a Shodan API key? They both crawl public IPs and explore subdomains for exposed resources.
Short term, if you have limited the view to companies only with bug bounty programs, it seems useful if you want to complete a bug bounty but don't know where to start. But the mapping of public resources has already been done.
I think showing URLs with sensitive params exposed, services using default creds, or some extra value add over a commodity scanner would be valuable. But then you would just be running a bug bounty/ pentesting AI service for bigger enterprises.
5 comments:
I am not seeing the long term, what is the value of this over a Shodan API key? They both crawl public IPs and explore subdomains for exposed resources.
Short term, if you have limited the view to companies only with bug bounty programs, it seems useful if you want to complete a bug bounty but don't know where to start. But the mapping of public resources has already been done.
I think showing URLs with sensitive params exposed, services using default creds, or some extra value add over a commodity scanner would be valuable. But then you would just be running a bug bounty/ pentesting AI service for bigger enterprises.
This is either an insanely useful recon tool or a future headache for a lot of security teams probably both tbh.
By time I got signed in, I missed the early adopter spots. Any chance you could open up a couple more?
hey freeplay! I added 5 more spots. Thank you so much for using Neobotnet.
Thanks! Just grabbed one.