Introduction & How to use vulnshot.com 🪲

If you need to manage the Nuclei CLI output which was previously only limited to chat lines on Telegram, Discord, and others, with VulnShot you can manage vulnerabilities more comfortably.

Nuclei to Vulnshot

Why?

Yes, because there are features that are usually not available in other vulnerability management tools. What makes me say that the most is the Hacktiv feature in the vulnerability management tool.

Enough of the pleasantries, we will discuss all the features in it and how to use it.

Hacktivity

You can see other people’s activities when they get a bounty and reserve it to the public, so you know: from what site they found bugs, what bugs they found. Or even you yourself who want to share their activities.

Figure 1. Hacktivity

Apikey

Yep, to be able to use the Vuln menu, you need to create an apikey in your account as Authentication for Webhooks, besides that you can add a GPT (unofficial) Apikey so that the generate report feature can work.

Figure 2. Apikey

Vulns

This menu will display a shortcut to access the vulnerability in more detail by rootdomain, severity, or status (set the status in its own menu). After opening the vulnerability details, you can see the endpoint with image preview, change status, even generate reports automatically in Indonesian / English.

Figure 3. Vuln

Report Generator

You can create a report automatically in Indonesian / English and directly copy and paste it into the report form (Bugcrowd, Hackerone) or email, the format will automatically follow.

Figure 4. Report Generator

Status

So many scan results, you are confused to know which one is valid and which one is False Positive, you can take advantage of this “Status” feature according to your needs. But for default you have to create a “Bounty” Status so you can use the bounty feature.

Figure 5. Status

Bounty

Who doesn’t want to share a moment where your bug report is valid and you get a Bounty? yes you can set the vulnerability status there to “Bounty”, also set the reward you get. Then you can share it to Hacktiv (private/public). If private site will be censored. You can also see the total bounty earned.

Figure 6. Bounty

FAQ

Lastly, if you are still confused please read the FAQ.

Thanks

Thank you very much for those of you who want to clap, share, discuss this post.
You can also help subscribe to my YouTube channel & my community
https://www.youtube.com/@kresec
https://www.youtube.com/@tegalsec1121
https://tegalsec.org/