Welcome to our first community spotlight blog! We started the community spotlight recently for two major reasons: to recognize the work of some of our most active community members and to share that work with others. ProjectDiscovery is community driven, and all of our tools wouldn’t be possible without input from the community in the form of contributions, templates, and feedback. This month’s Community Spotlight is user Geeknik. You can find them on GitHub here.
Geeknik has been participating in the ProjectDiscovery community for a long time now (by our count, around 5 years!) and has done so much to help our tools become the amazing products they are today. He’s made over 250 pull requests to our repos and has nearly 400 commits merged! Geeknik is the Principal Vulnerability Researcher at Spidersilk, a cybersecurity company that recently closed a $9 million funding round (CONGRATS, Y’ALL!). Without any further ado, here's our interview!
Geeknik: Bug Hunter Extraordinaire
ProjectDiscovery: What got you started in bug bounty/pentesting?
Geeknik: Back in the late '80s and early '90s, I hung out with some hacker types, the underground kind. We kept to ourselves, but man, did we dig deep into computers. That's where I got the bug for computer security. Fast forward, and I'm messing around with Python, Perl, C++, you name it. Figured I could use these skills for something good, like making the internet safer. So, here I am, researching new and emerging threats and hunting bugs.
PD: How did you find ProjectDiscovery? What problem were you trying to solve?
Geeknik: I was using this tool called "inception" by proabiral for a while, but noticed the guy stopped updating it. That's when I started scouting for something new to keep my threat hunting game strong. Needed a tool that could automate finding vulnerabilities across different systems. That's when I bumped into ProjectDiscovery and their Nuclei tool. Man, it was exactly what I was looking for—like finding a cold beer in a desert.
PD: What tools other than ProjectDiscovery tools do you use?
Geeknik: Burp Suite, Ghidra, Binary Ninja, Wireshark, tcpdump, OpenSSL, and some home-cooked scripts in Python for that extra special sauce.
PD: What's your machine setup?
Geeknik: My home lab's a beast. Running Debian and Fedora on some souped-up old workstations with dual Xeons. We're talking 28 physical cores and 56 logical ones, per machine. Enough muscle for anything I throw at it. And no, we don't do Windows here.
PD: What's the first computer/tech device you remember owning?
Geeknik: First rig that got me hooked was a Commodore 64. That little machine was my ticket into the world of code and all things tech.
PD: What role do you think automation and other tooling will play in the next 5 years of security?
Geeknik: Automation's the future, no doubt. With everything getting connected, from your fridge to the cloud, we're gonna need smart tools that find and fix vulnerabilities on the fly. Leaves us more time for the stuff that needs a human touch.
PD: What value do you get out of being in the PD community?
Geeknik: Being in the ProjectDiscovery community's been a game-changer. Learning from others, sharing my own tricks, and just being around folks who get it. It's leveled up my skills and how I look at security. Plus I wouldn’t have landed this sweet gig if it wasn’t for all of the nuclei templates I’ve shared with the community.
PD: What are you working on right now, if you can tell us?
Geeknik: Right now, I'm cooking up some new Nuclei templates focused on container stuff. With everyone jumping on the container bandwagon, it's high time we gave that area a good security sweep.
Thank you again to Geeknik for taking the time to chat with us and give us some insight into your work and expertise. If you’d like to join Geeknik and ProjectDiscovery to Democratize Security, together, then you can join the discord here. To learn more about our flagship vulnerability scanner, Nuclei, head to the repo. We also have a monthly newsletter with all the updates, blogs, and ProjectDiscovery news from around the internet to keep you up to date with the latest happenings in the vulnerability space. Sign up for the newsletter here.