Closed dwisiswant0 closed 2 years ago
@dwisiswant0 - thanks for the suggestion and apologies for the slow response 👏
I am tagging @psmoros here to get this thoughts 🧠
I completely agree!
+1ing for d4pkn1ght
@jaapmarcus @Mik317 @khanhchauminh @tomaarsen @dwisiswant0 let me know if we delivered well on this feat! Feel free to have a play with the hacktivity :))
Hi @psmoros :smile:
The search seems really cool (amazing platform style btw, didn't had the chance to give it a look recently), and in particular I absolutely love the possibility to filter for repo
since it's a cool way to identify interesting repos where to look and just a way to ensure the project you're using is safe (on a developer perspective).
On the other side, I'd suggest to:
language filter
like the one on Github: it would be more intuitive and "open source like"titles
don't seem to be formatted in the way they could really help filtering specific bypasses/techniques, I'd opt for using that field as a content filter
, H1 style (eg. "Cross-site Scripting (XSS) - Stored" is a common title in the submissions, but 99% times I'm searching that specific stored XSS
which was possible thanks to a bypass or directed to the specific endpoint I'm looking at in that moment)content filter
I'd try to find a way to filter even for CVE
assigned (since it would look in the content
and not titles, it would be easier to implement it in the same field, in order not to overload the page)That said, I do really appreciate the interest in bringing this functionality in the platform, let me know what are your thoughts regarding what written above and have a nice Thursday :wink:
Cheers, Mik
Hey @psmoros and team,
I must say, this is definitely what I was missing earlier today when I was browsing. If a user is specialised either in a language, or a type of vulnerability, they can now easily find examples. I'm very pleased about that. Beyond that, if I'm interested in a repository of which I know they have responded to all of their reports, then now I have an option to find the reports in question.
Perhaps the only somewhat unusual aspect is that e.g. if a user searches for PRNG
, then it shoiws no results. This might make a user believe that there are no reports that contain PRNG at some point. However, I know there is at least one report containing PRNG
in the title, e.g.: https://huntr.dev/bounties/0680067d-56a7-4412-b06e-a267e850ae9f/
Another issue I just encountered is that I cannot find this aforementioned bounty no matter what I enter in the search bar. I've tried Pseudo-Random Number
, PRNG
, Cryptographically
and Crypto
, I even tried Use
. (And yes, I do believe I clicked "Show more" enough times, as I was shown older bounties).
Glad to see a team that interacts with their userbase and considers their suggestions!
...only for valid and/or public disclosures, of course.