‍

Introduction

In this blog post, I(Armanul Miraz) want to share how StealthNet.ai helped me uncover information disclosure vulnerabilities in web applications. This Penetration Testing Copilot helped me move faster and smarter through each step, from scanning endpoints to automating writing a detailed report. By responsibly reporting the issue, I earned a reward, and it greatly sped up my entire hunting process.

‍

‍

For those unfamiliar with StealthNet.ai and its functionalities, you can explore the demo video(https://www.youtube.com/watch?v=eMFZeEHp-wA). Specifically, it assists your testing process by automating tasks, generating AI-based reports, providing suggestions, and offering many other benefits. To learn more, visit the website .

‍

Bug Bounty Hunting

After receiving beta access from , I started testing it on a self-hosted program to understand how it works. In the chat section, start provided prompts and it takes care of the rest. Using prompts to run different tools (subfinder, nmap, nuclei..etc) for recon, scanning, and observing their responses.

‍

‍

‍

Also, it has other cool features that can help you throughout your hunting process, such as Suggestions, Autopilot, Assets, URLs, Exploits, and Report generation.

‍

‍

‍

‍

While exploring the Report section, I was surprised to see it had already identified CVE-2000-0114, complete with a fully written report. I simply copy-pasted, sent it out, and received my first reward.

‍

‍

‍

After I found my first vulnerability, I started using StealthNet.ai as my hunting partner, integrating it into my overall methodology. Its extra features, such as, and helped me organize data and automate tasks, making my workflow smoother and faster.

‍

‍

More Bugs

I discovered another two findings during my testing

Using StealthNet.ai’s Integrations feature along with my personal tool to perform basic reconnaissance, such as identifying subdomains, and ports, combining results, and running httprobe and other basic tasks. After gathering this information, I began fuzzing with my custom wordlist and eventually discovered the “debug/vars” endpoint.

‍

Although this endpoint did not reveal directly any sensitive data, it exposed several internal endpoints that seemed to me sensitive. I tried to access them but was unsuccessful. I reported the issue, and their response was:

‍

‍

Using the same methodology on another HackerOne private program, I found a “/metrics” endpoint. This leaks sensitive operational details, making it quite vulnerable. I reported this finding, although the issue is not yet resolved.

‍

Conclusion

StealthNet.ai has made my hunting process much easier. Unlike a typical chatbot, it actively performs tasks with its valuable features. It speeds up my work by automating tasks, organizing data, and guiding me through the process. The tool is not publicly available yet and is continuously updated with new features and improvements every day. A huge thanks tfor giving me beta access to this amazing tool.

‍