Unveiling Trickest: My Secret Weapon for Automating the Bug Bounty Hunt

Overview

Bug bounty hunting is a challenging endeavor that involves hunting for vulnerabilities and bugs in systems, requires a diverse skill set and a toolkit full of specialized software. Trickest is one such tool that significantly streamlines this process for me. We are going to explore the practical application of it in bug bounty hunting, focusing on its core features and how everyone can use it for bug bounty hunting.

What exactly is Trickest?

Trickest is an online tool engineered to automate reconnaissance and a host of other security testing procedures. This impressive platform integrates various security testing tools, automating their operation to increase the efficiency and accuracy of bug hunting. It also allows users to create custom workflows, enabling them to tailor the tool to their specific needs. It’s a must-have for bug bounty hunters and security engineers; providing automated workflows that can quickly access and test public-facing assets within bug bounty scopes.

5 major steps taken for each hunt

1. Start a New Project
Initiate the bug hunting process by creating a new project. On the Dashboard click on the Spaces on the left sidebar, and then “Create Space” button. It prompts the user to enter a name for the project and optional description which can be used as testing notes. Organizing my engagements within projects allows for better organization and separation of concerns, especially if I find myself juggling multiple bug bounty programs at once.

2. Defining Targets
Defining targets accurately is crucial to a successful bug hunt. Targets are typically domain names or files packed with subdomains of web applications I am testing. In every run, I can add a domain by clicking on, usually, far left node in the builder tab that is named “TARGET_URL”, or I can import them from a file for a larger list of targets.

When you add a top-level domain for certain workflows, Trickest is able to identify and include all associated subdomains discovered into the run. This is a crucial step for me, as subdomains often host different applications and may have different vulnerabilities compared to the main domain.

3. Setup Workflows
Setting up workflows is where the effectiveness of the Execution Engine really shines. Workflows are sequences of actions performed against targets. I choose from a range of pre-built runs in the library like ‘Subdomain Enumeration’, ‘Port Scanning’, and ‘Vulnerability Scanning’. I am still learning the platform and starting with the pre-built templates and optimizing them has been effective so far.

For example, I might create a workflow that starts with ‘Subdomain Enumeration’, then proceeds to ‘Vulnerability Scanning’ each subdomain to be tested. This workflow ensures that you first discover all subdomains of a given domain and scan for known vulnerabilities with Nuclei and Cent.

Note: It can be a bit tedious on the workflow setup portion with manually selecting different machine sizes to run on each node but this is always more of a convenience than bash shell scripting any day!

It is also important because it saves resources on the cloud machines if your pricing model is based on CPU usage and when running paralleled executions.

4. Executing Workflows
After I have set up my workflows, it’s time to run them against targets. Simply select the workflow to run, and then click on ‘Run Workflow’ to choose the cloud machines you want to allocate for executing this workflow. These machines are either small, medium and large. Each machine size have different use cases that can be tailored to the specific test cases. It then executes each step in the workflow one after the other, transitioning from one tool to another seamlessly, and collating the results in a unified interface.

5. Analyze the Results
After Trickest completes a workflow, I know it’s time to analyze the results. The outputs from my workflows in an easy-to-read format, enabling me to quickly examine the vulnerabilities detected, the scans performed, and any other relevant data. I usually can view these results at a glance in the “std_out” file of each node’s successful execution.

The results are sorted by node output individually and if a workflow executes fully, the final results will be on the last node on the end of the workflow. For example, I would see a separate output file for subdomains discovered, open ports found, and vulnerabilities detected. This makes it easy to prioritize efforts when it comes time to dig deeper into the results.

Note: Once I have identified potential vulnerabilities, I make notes and organize actions/notes for proper reporting. In this case, it is pretty easy to manage the often complex process of tracking and keeping up with discovered vulnerabilities discovered during security research.

After my experience with Trickest, I have realized it is not just a tool for beginners; it offers several advanced features that can significantly enhance my bug bounty hunting workflows such as:

Automated vulnerability scanning — I use the tool to automate the scanning of target applications for known vulnerabilities using a variety of open-source and commercial tools. This can help me identify vulnerabilities that would otherwise be difficult or time-consuming to find manually.

It can also be used methodically to help identify and prioritize potential attack vectors. This has helped me to focus bug bounty efforts on the most critical areas.

Parameter Fuzzing — Fuzzing target applications with a variety of input data in order to find vulnerabilities that may not be exposed by traditional testing methods has proven to be sole source of testing for me. This can help to find vulnerabilities that may not be exposed by traditional testing methods, such as input validation errors.

Collaboration — Trickest provides a number of features that can be used to facilitate collaboration amongst my team. This can helps improve the speed and efficiency of vulnerability remediation. For example, I can quickly send a created workflow to other team members with access to my dashboard for them to execute or optimize to the target.

Integrating Trickest-CLI with Other Tools — Due to the CLI features, Trickest can be easily integrated with other tools or scripts that I use in bug bounty hunting process. For example, I was able to write a small script that used Trickest CLI commands to automate even more aspects of my workflow; very similar to the example below:

The CLI, with its powerful features and flexibility, is a valuable addition to any bug bounty hunter’s toolkit. Whether managing projects and domains, running and controlling workflows, or analyzing the results, the CLI allows me to do it all directly from the terminal, providing a highly efficient and customizable bug hunting process from my own Virtual Private Server (VPS).

1. Executing small tasks for testing

When first starting out with Trickest, I found it to be good idea to start with a small targets. This has helped avoid getting overwhelmed and to make sure that the runs are fully operational before running them on more dense targets. A small workflow could be something like scanning using the vulnerability scanning templates. Once I have successfully automated this workflow, I can then start to automate more complex tasks, knowing that the first run was operational.

This helps me to identify any execution errors or problems before leaving the run unattended to fully execute on a large target. I test workflows by running them on a test environment and by checking the results or by running them on small targets that are open to bug bounty hunting.

2. Be creative and intuitive

This is a powerful tool, but it is important to be intuitive when using it. I often have to modify the workflow templates or tools to meet the specific needs of my methodology per target. For example, if I have a specific run that is not functioning properly, I am able to optimize the workflow by editing the pre-built runs.

3. Documenting/saving the most used workflows

As I automate more tasks, it is important to me personally to document the most used and effective workflows. This helps keep track of what was done and to quickly make changes as needed. This also helps me to share workflows with others when I want to reference what steps I took for an engagement or reaching out to someone on the support team for workflow troubleshooting.

4. Contact the team for any issues that arise

If I ever need help, there are a number of resources available. The documentation is a good place to start, but I can also get help from the Trickest team or the via platform’s online chatbot. I really like that I can ask questions about the tool and get immediate responses since joining the Discord community. They respond very quickly and most likely will help fix the problem.

5. Maximizing Workflow Automation

I can automate a wide range of security testing tasks, so ensure to use it to your advantage too! This frees up time and resources so that busy people like us can focus on other things.

I can track the progress of workflows from the ‘Latest Runs’ on the dashboard or ‘All Runs’ on the right sidebar of the platform. Here is where you’ll see each workflow as it progresses, command used in the run, along with a log of whether or not the execution was successful. When I am looking to keep things going on a scheduled basis, I can also set up Scheduled Runs for maximizing the automation capability!

Note: Truly harnessing the potential requires a mix of predefined workflows and custom ones tailored to my own specific bug hunting methodology. Tools like this are meant to assist and streamline efforts, but they don’t replace the need for manual investigation and understanding of the underlying systems.

By following these methods, I have been able to get the most out of the platform and improve my security research initiatives.

The landscape of bug bounty hunting has been revolutionized by tools like this that automates time-consuming tasks and allow for a more streamlined hunting process. In my opinion, whether someone is a beginner or an experienced bug bounty hunter, understanding how to use Trickest effectively can significantly enhance productivity, making hunts more rewarding with regard to time and efficiency. With the automated workflows, beginner-friendly interface (GUI), scheduling capabilities, and CLI, it offers a comprehensive toolkit to aid in any bug bounty hunting game. I am truly looking forward to seeing this platform grow in the industry with more workflows and test cases.

Happy Hunting!