New open source scanning tool is built for ethical hackers

Being able to find web vulnerabilities as soon as they emerge, before attackers can exploit them, is critical for organizations wanting to stay on top of web application security.

Saas security specialist Detectify is launching a new stand-alone application security tool that's specifically tailored for ethical hackers, making it easier for them to share their latest findings.

Called 'Ugly Duckling' it speeds up the incorporation of vulnerabilities found by ethical hackers into automated security tests on Detectify's platform by giving hackers the tools to create more test modules independently.

On finding a vulnerability, the ethical hacker can write a module as a JSON file and test it out in Ugly Duckling, to validate that it works. Detectify then implements the JSON file on its platform, sending the quality-checked findings to thousands of application owners and security teams. Vulnerability findings can run live as security tests within ten minutes of them being submitted.

"Vulnerability research is often a time game. With Ugly Duckling, we can get quality-checked research from our hackers sooner, allowing for more vulnerabilities to be released as tests before the vendor has patched them. This means better protection for customers and higher payments for the hackers," says Tom Hudson, security research tech lead at Detectify. "To build safer web apps, security needs to be a collaborative effort, and knowledge about it needs to be accessible. The stand-out feature with Ugly Duckling is that the code is simple and MIT licensed, so you can use it as a jumping-off point to build your own custom scanner."

The Ugly Duckling web scanner is not exclusive to ethical hackers in Detectify's Crowdsource network, but open for anyone to use for bug bounty hunting, security research, or penetration testing. It's available now via GitHub.

Image Credit: alphaspirit/Shutterstock