# Claude Bug Bounty — Plugin Guide This repo is a Claude Code plugin for professional bug bounty hunting across HackerOne, Bugcrowd, Intigriti, and Immunefi. ## What's Here ### Skills (10 domains — load with `/bug-bounty`, `/web2-recon`, `/token-scan`, etc.) | Skill | Domain | |---|---| | `skills/bug-bounty/` | Master workflow — recon to report, all vuln classes, LLM testing, chains | | `skills/bb-methodology/` | **Hunting mindset + 5-phase non-linear workflow + tool routing + session discipline** | | `skills/web2-recon/` | Subdomain enum, live host discovery, URL crawling, nuclei | | `skills/web2-vuln-classes/` | 21 bug classes with bypass tables (SSRF, open redirect, file upload, Agentic AI) | | `skills/security-arsenal/` | Payloads, bypass tables, gf patterns, always-rejected list | | `skills/web3-audit/` | 10 smart contract bug classes, Foundry PoC template, pre-dive kill signals | | `skills/meme-coin-audit/` | Meme coin rug pull detection, token authority checks, bonding curve exploits, LP attacks | | `skills/report-writing/` | H1/Bugcrowd/Intigriti/Immunefi report templates, CVSS 3.1, human tone | | `skills/triage-validation/` | 7-Question Gate, 4 gates, never-submit list, conditionally valid table | | `skills/credential-attack/` | Password spray methodology — when/why, 4-stage pipeline, mode selection, lockout tactics, legal guardrails, pitfalls learned from live tests | | `skills/mobile-pentest/` | Android/iOS app pentest — runtime-first proxy workflow, APK/IPA decompile for hidden endpoints + secrets, deeplink/exported-activity injection, WebView bridge, SSL pinning bypass | | `skills/cicd-security/` | CI/CD pipeline hunting — GitHub Actions injection, secret exfil, self-hosted runner poisoning, OIDC abuse, supply chain attacks | | `skills/graphql-audit/` | GraphQL hunting — introspection, field suggestions (clairvoyance), batching DoS, IDOR via aliasing, injection, auth bypass, depth bombs | ### Commands (21 slash commands) > **Note:** All commands are prefixed to avoid conflicts with Claude Code's built-in commands. > `/resume` is a reserved Claude Code command — use `/pickup` to continue a previous hunt. | Command | Usage | |---|---| | `/recon` | `/recon target.com` — full recon pipeline | | `/hunt` | `/hunt target.com` — start hunting | | `/validate` | `/validate` — run 7-Question Gate on current finding | | `/report` | `/report` — write submission-ready report | | `/chain` | `/chain` — build A→B→C exploit chain | | `/scope` | `/scope ` — verify asset is in scope | | `/scope-aggregate` | `/scope-aggregate ` — pull every in-scope asset across H1/Bugcrowd/Intigriti/YWH/Immunefi | | `/triage` | `/triage` — quick 7-Question Gate | | `/web3-audit` | `/web3-audit ` — smart contract audit | | `/autopilot` | `/autopilot target.com --normal` — autonomous hunt loop | | `/surface` | `/surface target.com` — ranked attack surface | | `/pickup` | `/pickup target.com` — pick up previous hunt (was `/resume`) | | `/remember` | `/remember` — log finding to hunt memory | | `/intel` | `/intel target.com` — fetch CVE + disclosure intel | | `/token-scan` | `/token-scan ` — meme coin/token rug pull scanner | | `/memory-gc` | `/memory-gc [--rotate|--purge-backups]` — inspect/rotate hunt-memory JSONL files (10MB cap, 3 backups) | | `/secrets-hunt` | `/secrets-hunt --js-bundle ` — leaked-credential scan (trufflehog/noseyparker/gitleaks) | | `/takeover` | `/takeover --recon ` — subdomain takeover candidates (dnsReaper/subjack) | | `/cloud-recon` | `/cloud-recon --keyword ` — public S3/Azure/GCP + CloudFlare-bypass origin IPs | | `/param-discover` | `/param-discover ` — find hidden HTTP parameters (Arjun/x8) | | `/bypass-403` | `/bypass-403 ` — try header/method/encoding tricks against a 403/401 | | `/arsenal` | `/arsenal [tool]` — list installed external tools or get an install hint | | `/scan-cves` | `/scan-cves ` — focused nuclei CVE sweep (high/critical) + optional log4j-scan | | `/wordlist-gen` | `/wordlist-gen ` — company-specific password wordlist (cewler + hashcat); requires `--with-credential-attack` | | `/osint-employees` | `/osint-employees ` — employee names + emails (theHarvester + username-anarchy, opt-in LinkedIn); requires `--with-credential-attack` | | `/breach-check` | `/breach-check ` — HIBP k-anonymity rank wordlist by real-world breach count | | `/spray` | `/spray --mode http-form\|oauth\|o365\|okta --users --passes ` — password spray with hard guards (typed-host confirm, lockout warn, audit log) | | `/graphql-audit` | `/graphql-audit ` — full GraphQL audit: introspection, batching DoS, IDOR, injection, alias bomb, graphw00f fingerprint | ### Agents (9 specialized agents) - `recon-agent` — subdomain enum + live host discovery - `report-writer` — generates H1/Bugcrowd/Immunefi reports - `validator` — 4-gate checklist on a finding - `web3-auditor` — smart contract bug class analysis - `chain-builder` — builds A→B→C exploit chains - `autopilot` — autonomous hunt loop (scope→recon→rank→hunt→validate→report) - `recon-ranker` — attack surface ranking from recon output + memory - `token-auditor` — fast meme coin/token rug pull and security analysis - `credential-hunter` — orchestrates wordlist-gen + osint-employees + breach-check; HARD STOPS at spray for human go/no-go ### Rules (always active) - `rules/hunting.md` — 17 critical hunting rules - `rules/reporting.md` — report quality rules ### Tools (Python/shell — in `tools/`) - `tools/hunt.py` — master orchestrator - `tools/recon_engine.sh` — subdomain + URL discovery (now with optional `nuclei` phase) - `tools/vuln_scanner.sh` — XSS/SQLi/SSTI/MFA/SAML probe pipeline - `tools/validate.py` — 4-gate finding validator - `tools/learn.py` — CVE + disclosure intel - `tools/intel_engine.py` — on-demand intel with memory context - `tools/scope_checker.py` — deterministic scope safety checker - `tools/scope_aggregator.sh` — multi-platform scope pull (bbscope + bounty-targets-data) - `tools/secrets_hunter.sh` — trufflehog/noseyparker/gitleaks wrapper for FS/git/JS/GH-org - `tools/takeover_scanner.sh` — dnsReaper/subjack subdomain-takeover scanner - `tools/cloud_recon.sh` — S3Scanner + cloud_enum + CloudFail wrapper - `tools/param_discovery.sh` — Arjun/x8 hidden-parameter discovery - `tools/bypass_403.sh` — byp4xx + built-in 403/401 bypass matrix - `tools/cve_scan.sh` — focused nuclei CVE-tag sweep + optional log4j-scan - `tools/external_arsenal.sh` — installed-tool registry (~50 tools); other scripts source this for `_have ` - `tools/cicd_scanner.sh` — GitHub Actions workflow scanner (sisakulint wrapper, remote scan) - `tools/token_scanner.py` — automated token red flag scanner (EVM + Solana) - `tools/wordlist_engine.sh` — company-specific password wordlist generator (cewler + hashcat rules); requires `--with-credential-attack` - `tools/osint_employees.sh` — employee names + email patterns for spray prep (theHarvester + username-anarchy, opt-in CrossLinked); requires `--with-credential-attack` - `tools/breach_checker.py` — HIBP k-anonymity wordlist enrichment; ranks passwords by breach count (no API key, free) - `tools/spray_orchestrator.sh` — password spray with typed-hostname guard + lockout warning + audit log; modes: http-form / oauth / o365 / okta (TREVOR); requires `--with-credential-attack` for TREVOR modes - `tools/graphql_audit.sh` — 7-phase GraphQL audit: introspection + schema dump, graphw00f fingerprint, clairvoyance field discovery, batching DoS, alias bomb, gqlmap injection, graphql-cop checklist - `tools/lead_board.py` — persistent per-target lead ledger that routes every recon observation to the right `hunt-*` skill and tracks its status so no lead is forgotten (`memory/leads/.jsonl`). `ingest` parses recon output and routes 30+ signal types (IDOR/SSRF/GraphQL/OAuth/SAML/LLM/source-leak/tech-stack/nuclei) to skills; `show` lists untouched-first and flags stale high-priority leads; `next` returns the single top lead; `touch` marks a lead investigating/killed/reported (re-ingest preserves status). See **Critical Rule 6**. ### External tool references - `wordlists/REFERENCES.md` — pointers to SecLists / OneListForAll / fuzz4bounty / PayloadsAllTheThings - `skills/security-arsenal/REFERENCES.md` — methodology, writeup archives, dorks, key-verification, AI-security skill repos - `skills/security-arsenal/METHODOLOGY_CHEATSHEET.md` — per-vuln quick-check tables distilled from HowToHunt + HolyTips + AllAboutBugBounty + KingOfBugBountyTips ### MCP Integrations (in `mcp/`) - `mcp/burp-mcp-client/` — Burp Suite proxy integration - `mcp/hackerone-mcp/` — HackerOne public API (Hacktivity, program stats, policy) ### Hunt Memory (in `memory/`) - `memory/pattern_db.py` — cross-target pattern learning - `memory/audit_log.py` — request audit log, rate limiter, circuit breaker - `memory/rotation.py` — size-based JSONL rotation (10MB cap, keep 3 backups), auto-fired on append - `memory/schemas.py` — schema validation for all data ## Start Here ```bash claude # /recon target.com # /hunt target.com # /validate (after finding something) # /report (after validation passes) ``` ## Install Skills ```bash chmod +x install.sh && ./install.sh ``` ## Critical Rules (Always Active) 1. READ FULL SCOPE before touching any asset 2. NEVER hunt theoretical bugs — "Can attacker do this RIGHT NOW?" 3. Run 7-Question Gate BEFORE writing any report 4. KILL weak findings fast — N/A hurts your validity ratio 5. 5-minute rule — nothing after 5 min = move on 6. **LEAD BOARD — never lose a lead.** After recon, run `lead_board.py ingest ` + `show`, and route each finding to its `hunt-*` skill in plain language ("GraphQL endpoint → hunt-graphql"). When starting/killing/reporting a lead, `touch` its status. The hunter focuses on one lead at a time; the board remembers the rest so none is forgotten. Surface stale high-priority leads unprompted.