The goal of this workshop is to put ourselves in the shoes of a bug bounty researcher wishing to automate an attack scenario to the maximum of its possibilities. The scenario studied will be that of a password reset token based on a time-based secret that is not cryptographically secure. We will look at how to construct the attack scenario and script a detection and exploitation procedure. We will then look at how to use the open source tool “Reset tolkien” to detect and exploit this type of web vulnerability.