JamieSlome
commented
2 years ago @dwisiswant0 - thanks for the suggestion and apologies for the slow response 👏
I am tagging @psmoros here to get this thoughts 🧠
Closed dwisiswant0 closed 2 years ago
JamieSlome
commented
2 years ago @dwisiswant0 - thanks for the suggestion and apologies for the slow response 👏
I am tagging @psmoros here to get this thoughts 🧠
psmoros
commented
2 years ago I completely agree!
psmoros
commented
2 years ago +1ing for d4pkn1ght
psmoros
commented
2 years ago @jaapmarcus @Mik317 @khanhchauminh @tomaarsen @dwisiswant0 let me know if we delivered well on this feat! Feel free to have a play with the hacktivity :))
Mik317
commented
2 years ago Hi @psmoros :smile:
The search seems really cool (amazing platform style btw, didn't had the chance to give it a look recently), and in particular I absolutely love the possibility to filter for repo since it's a cool way to identify interesting repos where to look and just a way to ensure the project you're using is safe (on a developer perspective).
On the other side, I'd suggest to:
language filter like the one on Github: it would be more intuitive and "open source like"titles don't seem to be formatted in the way they could really help filtering specific bypasses/techniques, I'd opt for using that field as a content filter, H1 style (eg. "Cross-site Scripting (XSS) - Stored" is a common title in the submissions, but 99% times I'm searching that specific stored XSS which was possible thanks to a bypass or directed to the specific endpoint I'm looking at in that moment)content filter I'd try to find a way to filter even for CVE assigned (since it would look in the content and not titles, it would be easier to implement it in the same field, in order not to overload the page)That said, I do really appreciate the interest in bringing this functionality in the platform, let me know what are your thoughts regarding what written above and have a nice Thursday :wink:
Cheers, Mik
tomaarsen
commented
2 years ago Hey @psmoros and team,
I must say, this is definitely what I was missing earlier today when I was browsing. If a user is specialised either in a language, or a type of vulnerability, they can now easily find examples. I'm very pleased about that. Beyond that, if I'm interested in a repository of which I know they have responded to all of their reports, then now I have an option to find the reports in question.
Perhaps the only somewhat unusual aspect is that e.g. if a user searches for PRNG, then it shoiws no results. This might make a user believe that there are no reports that contain PRNG at some point. However, I know there is at least one report containing PRNG in the title, e.g.: https://huntr.dev/bounties/0680067d-56a7-4412-b06e-a267e850ae9f/
Another issue I just encountered is that I cannot find this aforementioned bounty no matter what I enter in the search bar. I've tried Pseudo-Random Number, PRNG, Cryptographically and Crypto, I even tried Use. (And yes, I do believe I clicked "Show more" enough times, as I was shown older bounties).
Glad to see a team that interacts with their userbase and considers their suggestions!
...only for valid and/or public disclosures, of course.