Skip to main content

N0CK — Autonomous bug bounty assistant

Discovers, triages, and reports reproducible vulnerabilities — strictly within your rules.

View demo report
Open Labs

Built on precision & safety

Scope-first
Non-destructive
High signal
ROE-compliant

How it works

Precision targeting from scope to report.

Scope & guardrails

Every request passes a scope gate. ROE respected by default.

Mapping

Polite crawl with rate limiting, path budgets, robots awareness.

Non-destructive tests

High-signal checks first; no dangerous methods.

Triage & reporting

De-dupe, CVSS hints, redacted evidence, JSON + Markdown.

Features

Built for precision, safety, and signal.

Scope-first engine

Enforces host, path, method boundaries with budget controls before any test executes.

Rate limiting & backoff

Adaptive QPS with jitter; immediate pause on 429 or 5xx responses.

Security header analysis

Checks CSP, CORS, X-Frame-Options; detects open redirects and directory listings.

GraphQL introspection

Discovers schema when allowed; identifies exposed mutations and sensitive fields.

Dual-format output

Machine-readable JSON for automation, human-readable Markdown for review.

Confidence scoring

Each finding includes confidence level with minimal, redacted evidence.

Use Cases

Real-world scenarios where N0CK adds value

API Security Testing

Validate REST and GraphQL APIs against common vulnerabilities

  • Injection flaws in query parameters and JSON bodies
  • Authentication bypass and broken access control
  • Rate limiting and resource exhaustion checks

Pre-Production Scanning

Catch issues before deployment with CI/CD integration

  • Automated security gates in staging environments
  • Configuration drift detection between environments
  • Regression testing for previously patched vulnerabilities

Bug Bounty Reconnaissance

Efficient recon and initial triage for bounty programs

  • Scope-aware crawling with path budget controls
  • High-confidence findings with validator proof
  • Deduplicated reports ready for submission

Safety & Rules of Engagement

Authorized scope only. Non-destructive by default. Immediate pause on cross-tenant risk.

Default: GET/POST only, per-host QPS, adaptive backoff, redacted evidence.

Rules of EngagementResponsible Disclosure

Demo Report

Example finding output from N0CK

Integrations

Connect N0CK to your workflow

Webhooks

Real-time findings via HTTP POST to your endpoint

Ticketing

Auto-create issues in Jira, Linear, or GitHub

CI/CD

Run N0CK in pipelines with fail-on-high-severity

Frequently Asked Questions