[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-74161":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":25,"hasPages":23,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":37,"readmeContent":38,"aiSummary":39,"trendingCount":16,"starSnapshotCount":16,"syncStatus":40,"lastSyncTime":41,"discoverSource":42},74161,"claude-bug-bounty","shuvonsec\u002Fclaude-bug-bounty","shuvonsec","AI-powered bug bounty hunting from your terminal - recon, 20 vuln classes,   autonomous hunting, and report generation. All inside Claude Code.","",null,"Python",2474,427,19,3,0,61,126,423,183,29.89,"MIT License",false,"main",true,[27,28,29,30,31,32,33,34,35,36],"ai-security","bug-bounty","bugcrowd","claude-ai","claude-code","ethical-hacking","hackerone","penetration-testing","recon","vulnerability-scanner","2026-06-12 02:03:23","\u003Cp align=\"center\">\n  \u003Cimg src=\"logo.png\" alt=\"Claude Bug Bounty Logo\" width=\"320\"\u002F>\n\u003C\u002Fp>\n\n\u003Cdiv align=\"center\">\n\n\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fv4.3.0-Auth_Sessions_%2B_Arsenal-blueviolet?style=for-the-badge\" alt=\"v4.3.0\">\n\n# Claude Bug Bounty\n\n### Find security vulnerabilities, get paid — with AI doing the heavy lifting\n\n*Your AI hunting partner that remembers past targets, spots vulnerabilities, and writes reports for you.*\n\n\u003Csub>by \u003Ca href=\"https:\u002F\u002Fshuvonsec.me\">shuvonsec\u003C\u002Fa>\u003C\u002Fsub>\n\n\u003Cbr>\n\n[![License: MIT](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-MIT-yellow.svg?style=flat-square)](LICENSE)\n[![Python 3.8+](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FPython-3.8+-3776AB.svg?style=flat-square&logo=python&logoColor=white)](https:\u002F\u002Fpython.org)\n[![Tests](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FTests-180_passing-brightgreen.svg?style=flat-square)](tests\u002F)\n[![Claude Code](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FClaude_Code-Plugin-D97706.svg?style=flat-square&logo=anthropic&logoColor=white)](https:\u002F\u002Fclaude.ai\u002Fclaude-code)\n[![PRs Welcome](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FPRs-welcome-brightgreen.svg?style=flat-square)](#contributing)\n\n\u003Cbr>\n\n\u003Ca href=\"#-what-is-this\">What Is This?\u003C\u002Fa>  ·  \u003Ca href=\"#-quick-start\">Quick Start\u003C\u002Fa>  ·  \u003Ca href=\"#-commands\">Commands\u003C\u002Fa>  ·  \u003Ca href=\"#-whats-new\">What's New\u003C\u002Fa>  ·  \u003Ca href=\"#-installation\">Install\u003C\u002Fa>  ·  \u003Ca href=\"FAQ.md\">FAQ\u003C\u002Fa>  ·  \u003Ca href=\"TERMS.md\">Terms\u003C\u002Fa>\n\n\u003Cbr>\n\n![Commands](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fcommands-23-D97706?style=flat-square)\n![Agents](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FAI_agents-8-blueviolet?style=flat-square)\n![Skills](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fskill_domains-9-3776AB?style=flat-square)\n![Web2](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fweb2_classes-20-brightgreen?style=flat-square)\n![Web3](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fweb3_classes-10-yellow?style=flat-square)\n\n\u003Csub>Burp MCP  ·  Caido MCP  ·  HackerOne MCP  ·  Auth-aware hunting  ·  Autonomous mode\u003C\u002Fsub>\n\n\u003C\u002Fdiv>\n\n\u003Cbr>\n\n## What Is This?\n\n**Bug bounty hunting** is when companies pay you real money to find security vulnerabilities in their websites and apps before bad actors do. Platforms like HackerOne and Bugcrowd connect hunters with companies. Payouts range from $100 to $1,000,000+ depending on severity.\n\n**This tool** is a plugin for [Claude Code](https:\u002F\u002Fclaude.ai\u002Fclaude-code) (Anthropic's AI coding assistant) that turns it into a professional bug bounty hunting partner. Instead of juggling 15 different tools and writing reports from scratch, you just type a command and the AI handles the rest.\n\n**In plain terms:**\n- You give it a target website\n- It automatically scans the site, finds vulnerabilities, validates they're real, and writes a professional report\n- It remembers what you found on past targets and applies that knowledge to new ones\n- You can even put it on autopilot and let it hunt on its own while you sleep\n\n**Who is it for?**\n- Security researchers who want to move faster\n- Bug bounty hunters who are tired of the manual grind\n- People learning security who want AI guidance at every step\n\n\u003Cbr>\n\n## Before vs. After\n\nMost hunters waste hours on things that shouldn't take that long. Here's the shift:\n\n| Before | After |\n|:---|:---|\n| Run 10+ tools manually, hope for the best | AI orchestrates everything in the right order |\n| Write reports from scratch (45 min each) | `report-writer` agent generates submission-ready reports in 60s |\n| Forget what worked last month | **Memory system** — patterns from target A inform target B |\n| Submit bugs without proper validation | **7-Question Gate** kills weak findings before you waste time reporting |\n| Can't see live browser traffic | **Burp MCP** or **Caido MCP** — AI reads your proxy history in real time |\n| Hunt one endpoint at a time | **`\u002Fautopilot`** runs the full hunt loop while you watch |\n| Anonymous recon misses auth-only bugs | **Auth-aware pipeline** — set a session once, httpx\u002Fkatana\u002Fffuf\u002Fnuclei all carry it |\n\n\u003Cbr>\n\n## Quick Start\n\n> **Prerequisite:** You need [Claude Code](https:\u002F\u002Fclaude.ai\u002Fclaude-code) installed and a Claude **Pro** or **Max** plan (or an Anthropic API key with credit). Claude Code itself is free to install, but the underlying model usage requires a paid plan or API billing — the free Claude.ai web account does not include Claude Code access.\n\n**Step 1 — Install tools + skills**\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Fshuvonsec\u002Fclaude-bug-bounty.git\ncd claude-bug-bounty\nchmod +x install_tools.sh && .\u002Finstall_tools.sh   # installs scanning tools (subfinder, httpx, nuclei...)\nchmod +x install.sh && .\u002Finstall.sh               # installs AI skills + commands into Claude Code\n```\n\n**Step 2 — Start hunting**\n\n```bash\nclaude                          # open Claude Code in your terminal\n\n\u002Frecon target.com               # step 1: map the target (subdomains, live pages, URLs)\n\u002Fhunt target.com                # step 2: test for vulnerabilities\n\u002Fvalidate                       # step 3: make sure the finding is real before writing it up\n\u002Freport                         # step 4: generate a professional submission report\n```\n\n**That's the core loop.** Four commands, full workflow.\n\n**Step 3 — Go autonomous**\n\n```bash\n\u002Fautopilot target.com --normal  # AI does the whole thing, pauses for your review at the end\n\u002Fpickup target.com              # continue where you left off on a previous target\n\u002Fintel target.com               # get CVEs + disclosed reports relevant to this target\n```\n\n\u003Cbr>\n\n> **Don't use Claude Code?** Run the Python tools directly:\n> ```bash\n> python3 tools\u002Fhunt.py --target target.com\n> .\u002Ftools\u002Frecon_engine.sh target.com\n> ```\n\n\u003Cbr>\n\n## How It Works\n\nA team of specialists, each doing one job. Claude orchestrates; memory persists across sessions.\n\n```mermaid\nflowchart TD\n    You([You]) --> Claude[Claude Code]\n    Burp[Burp MCP\u003Cbr\u002F>browser traffic] -.-> Claude\n    H1[HackerOne MCP\u003Cbr\u002F>program intel] -.-> Claude\n    Claude --> Recon[Recon\u003Cbr\u002F>subdomains · URLs · APIs]\n    Claude --> Hunt[Hunt\u003Cbr\u002F>test & validate]\n    Claude --> Report[Report\u003Cbr\u002F>H1 · Bugcrowd · Immunefi]\n    Recon --> Memory[(Hunt Memory\u003Cbr\u002F>persistent across sessions)]\n    Hunt --> Memory\n    Report --> Memory\n    Memory -.feeds back.-> Claude\n```\n\nRun the whole loop, or any step on its own.\n\n\u003Cbr>\n\n## Commands\n\n### The Core 4 (start here)\n\n| Command | Argument | What It Does | When |\n|:---|:---|:---|:---|\n| `\u002Frecon` | `target.com` | Maps subdomains, live pages, APIs, and runs basic scans | Always first |\n| `\u002Fhunt` | `target.com` | Tests for vulns using the right technique per tech stack | After recon |\n| `\u002Fvalidate` | — | 7-question check before you write the report | Pre-report |\n| `\u002Freport` | — | Generates H1 · Bugcrowd · Intigriti · Immunefi report | Post-validation |\n\n### Power Commands\n\n| Command | What It Does |\n|:---|:---|\n| `\u002Fautopilot target.com` | AI runs the full loop autonomously — recon → hunt → validate → report |\n| `\u002Fsurface target.com` | Ranked list of the best places to test (informed by past findings) |\n| `\u002Fpickup target.com` | Untested endpoints from last session — pick up where you left off |\n| `\u002Fremember` | Saves the current finding or technique to memory for future use |\n| `\u002Fintel target.com` | Pulls CVEs and disclosed reports relevant to this target |\n| `\u002Fchain` | When you find bug A, finds the bugs B and C that usually come with it |\n| `\u002Fscope \u003Casset>` | Checks if a domain or URL is in scope before you test it |\n| `\u002Ftriage` | Quick 2-minute go\u002Fno-go check — keep investigating or move on? |\n| `\u002Fweb3-audit \u003Ccontract>` | Full smart contract security audit, 10 bug class checklist |\n| `\u002Ftoken-scan \u003Ccontract>` | Scans a meme coin \u002F token for rug pull signals (EVM + Solana) |\n| `\u002Fmemory-gc` | Inspect or rotate hunt-memory JSONL files (10 MB cap, keeps 3 backups) |\n\n### Recon Toolkit (v4.3)\n\nThin wrappers over external tools. Each one is gated on tool presence — missing tools are skipped, not errors.\n\n| Command | What It Does |\n|:---|:---|\n| `\u002Fscope-aggregate \u003Cprogram>` | Pulls every in-scope asset across H1 · Bugcrowd · Intigriti · YWH · Immunefi (bbscope + bounty-targets-data) |\n| `\u002Fsecrets-hunt --js-bundle \u003Cdir>` | Leaked credentials in source, JS bundles, or a GitHub org (trufflehog · noseyparker · gitleaks) |\n| `\u002Ftakeover --recon \u003Cdir>` | Subdomain takeover candidates from a recon run (dnsReaper · subjack) |\n| `\u002Fcloud-recon --keyword \u003Cname>` | Public S3 · Azure · GCP buckets + CloudFlare-bypass origin IPs |\n| `\u002Fparam-discover \u003Curl>` | Hidden HTTP parameters (Arjun · x8) |\n| `\u002Fbypass-403 \u003Curl>` | Header · method · encoding tricks against a 403\u002F401 |\n| `\u002Fscan-cves \u003Chost>` | Focused nuclei high\u002Fcritical sweep + optional log4j-scan |\n| `\u002Farsenal [tool]` | Lists installed external tools or prints an install hint |\n\n\u003Cbr>\n\n## AI Agents\n\n8 specialized agents, each built for one job:\n\n| Agent | What It Does |\n|:---|:---|\n| **recon-agent** | Finds all subdomains, live hosts, and URLs for a target |\n| **report-writer** | Writes professional, impact-first reports that get paid |\n| **validator** | Runs the 7-Question Gate — kills weak findings before you waste time |\n| **web3-auditor** | Audits smart contracts for 10 common vulnerability classes |\n| **chain-builder** | When you find one bug, finds the chain of related bugs |\n| **autopilot** | Runs the whole hunt loop autonomously with safety checkpoints |\n| **recon-ranker** | Ranks the attack surface so you test the highest-value targets first |\n| **token-auditor** | Fast meme coin \u002F token rug pull and security analysis |\n\n\u003Cbr>\n\n## What's New\n\n### v4.3.0 — Auth Sessions + Recon Arsenal (May 2026)\n\n- **Auth-aware hunting.** Set a session once (`--cookie`, `--bearer`, env vars, or `.private\u002Ftarget.json`) and every downstream tool that takes auth — httpx, katana, ffuf, nuclei, dalfox, the SQLi\u002FSSTI\u002Fupload PoC probes — carries it. Most paying bugs (IDOR, BOLA, mass assignment, SSRF behind a login) only exist after login; the default pipeline used to miss them. See [`docs\u002Fauth-sessions.md`](docs\u002Fauth-sessions.md).\n- **8 new commands.** `\u002Fscope-aggregate`, `\u002Fsecrets-hunt`, `\u002Ftakeover`, `\u002Fcloud-recon`, `\u002Fparam-discover`, `\u002Fbypass-403`, `\u002Fscan-cves`, `\u002Farsenal` — all under the **Recon Toolkit** table below.\n- **External tool registry.** `tools\u002Fexternal_arsenal.sh` is the single source of truth for ~50 external tools (install hints, upstream URLs, `_have \u003Ctool>` helper). Replaces scattered `command -v` checks across the shell scripts.\n- **Recon pipeline.** Optional nuclei phase in `recon_engine.sh` (off by default; gated on tool presence).\n- **Methodology cheatsheet.** `skills\u002Fsecurity-arsenal\u002FMETHODOLOGY_CHEATSHEET.md` distills per-vuln quick-check tables from HowToHunt + HolyTips + AllAboutBugBounty + KingOfBugBountyTips into one reference.\n\n### v4.2.0 — Memory Rotation (Apr 2026)\n\n- **Auto-rotation for hunt memory** — `audit.jsonl`, `patterns.jsonl`, and `journal.jsonl` no longer grow forever. Files rotate at 10 MB and keep 3 backups, fully transparent to writers (safe under `fcntl.LOCK_EX` for concurrent processes).\n- **`\u002Fmemory-gc`** — new slash command to inspect, force-rotate, or purge backup files in the hunt-memory tree.\n- **22 new tests** covering rotation primitives, multi-process concurrent writes, and disk-full `OSError` propagation.\n\n### v4.1.0 — Auto-Memory + README (Apr 2026)\n\n- **Auto-memory at session end** — the AI now automatically logs what it tested and found after every hunt session. Memory used to stay empty until you manually ran `\u002Fremember`. Now the flywheel starts on day 1.\n- README badge and stats updated, `install_tools.sh` added to Quick Start (was missing)\n- `hunt-memory\u002F` added to `.gitignore` (contains full URL history, shouldn't be committed)\n\n### v4.0.0 — Meme Coin Security Module (Apr 2026)\n\n- **`\u002Ftoken-scan \u003Ccontract>`** — automated rug pull scanner for EVM and Solana tokens\n- **`skills\u002Fmeme-coin-audit\u002F`** — 8 token bug classes: mint authority, freeze authority, LP locks, honeypot detection, bonding curve exploits, Solana SPL checks\n- **New agent:** `token-auditor`\n\n### v3.1.1 — CI\u002FCD Scanner (Mar 2026)\n\n- **GitHub Actions security scanning** built into the recon pipeline\n- Auto-detects GitHub orgs from recon data and scans their workflow files\n- 52 rules, 81.6% GHSA coverage — catches expression injection, secret leaks, supply chain attacks\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Older releases (v3.1.0, v3.0.0, v2.x)\u003C\u002Fb>\u003C\u002Fsummary>\n\u003Cbr>\n\n**v3.1.0 — Hunting Methodology Skill**\n- `skills\u002Fbb-methodology\u002F` — mindset + 5-phase non-linear workflow, decision trees per vuln class, 20-min rotation clock\n\n**v3.0.0 — The Bionic Hunter**\n- `\u002Fautopilot` — full autonomous hunt loop with `--paranoid`, `--normal`, `--yolo` modes\n- Hunt memory — journal, pattern DB, target profiles, cross-target learning\n- Burp MCP — AI reads your proxy history in real time\n- HackerOne MCP — search disclosed reports, get program stats and policy\n- `\u002Fintel`, `\u002Fpickup`, `\u002Fremember`, `\u002Fsurface` commands\n\n**v2.1.0 — 20 Vuln Classes**\n- MFA\u002F2FA bypass and SAML\u002FSSO attacks added (classes 19 and 20)\n- NoSQL injection, command injection, SSTI, HTTP smuggling, WebSocket payloads added to arsenal\n\n\u003C\u002Fdetails>\n\n\u003Cbr>\n\n## What It Can Find\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>20 Web2 Vulnerability Classes\u003C\u002Fb> — click to expand\u003C\u002Fsummary>\n\u003Cbr>\n\nThese are the types of security bugs it looks for in regular websites and APIs:\n\n| Vulnerability | What It Means | Typical Payout |\n|:---|:---|:---|\n| **IDOR** | Accessing another user's data by changing a number in the URL | $500 - $5K |\n| **Auth Bypass** | Getting into accounts or admin panels without permission | $1K - $10K |\n| **XSS** | Injecting malicious scripts into web pages | $500 - $5K |\n| **SSRF** | Making the server fetch internal resources it shouldn't | $1K - $15K |\n| **Business Logic** | Exploiting flaws in how the app is supposed to work | $500 - $10K |\n| **Race Conditions** | Sending requests at the same time to get double rewards\u002Fcredits | $500 - $5K |\n| **SQL Injection** | Manipulating the database through user inputs | $1K - $15K |\n| **OAuth\u002FOIDC** | Breaking the \"Login with Google\u002FGitHub\" flows | $500 - $5K |\n| **File Upload** | Uploading malicious files that get executed | $500 - $5K |\n| **GraphQL** | Auth bypass and data leaks through GraphQL APIs | $1K - $10K |\n| **LLM\u002FAI** | Prompt injection and IDOR in AI-powered features | $500 - $10K |\n| **API Misconfig** | Mass assignment, JWT attacks, broken CORS | $500 - $5K |\n| **Account Takeover** | Taking over someone else's account | $1K - $20K |\n| **SSTI** | Template injection that leads to code execution | $2K - $10K |\n| **Subdomain Takeover** | Claiming expired subdomains (GitHub Pages, S3, Heroku) | $200 - $5K |\n| **Cloud\u002FInfra** | Exposed S3 buckets, EC2 metadata, Firebase, Kubernetes | $500 - $20K |\n| **HTTP Smuggling** | Confusing front-end and back-end servers to bypass security | $5K - $30K |\n| **Cache Poisoning** | Poisoning CDN caches to serve malicious content to others | $1K - $10K |\n| **MFA Bypass** | Getting past two-factor authentication | $1K - $10K |\n| **SAML\u002FSSO** | Breaking enterprise single sign-on implementations | $2K - $20K |\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>10 Web3 \u002F Smart Contract Bug Classes\u003C\u002Fb> — click to expand\u003C\u002Fsummary>\n\u003Cbr>\n\nThese are bugs in blockchain smart contracts, common on Immunefi:\n\n| Vulnerability | What It Means | Typical Payout |\n|:---|:---|:---|\n| **Accounting Desync** | Contract's math gets out of sync with reality | $50K - $2M |\n| **Access Control** | Functions that should be admin-only aren't | $50K - $2M |\n| **Incomplete Code Path** | Edge cases that drain funds | $50K - $2M |\n| **Off-By-One** | Math errors that let attackers take more than they should | $10K - $100K |\n| **Oracle Manipulation** | Manipulating price feeds to exploit DeFi protocols | $100K - $2M |\n| **ERC4626 Attacks** | Vault share inflation attacks | $50K - $500K |\n| **Reentrancy** | Calling back into a contract before it finishes | $10K - $500K |\n| **Flash Loan** | Using uncollateralized loans to manipulate prices | $100K - $2M |\n| **Signature Replay** | Reusing signed transactions | $10K - $200K |\n| **Proxy\u002FUpgrade** | Exploiting upgradeable contract patterns | $50K - $2M |\n\n\u003C\u002Fdetails>\n\n\u003Cbr>\n\n## Installation\n\n### What You Need First\n\n```bash\n# macOS\nbrew install go python3 node jq\n\n# Linux (Ubuntu\u002FDebian)\nsudo apt install golang python3 nodejs jq\n```\n\nYou also need [Claude Code](https:\u002F\u002Fclaude.ai\u002Fclaude-code) installed and a **Claude Pro or Max plan** (or an Anthropic API key with credit). The free Claude.ai web account does not include Claude Code access — that's the model billing, not the CLI.\n\n### Install\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Fshuvonsec\u002Fclaude-bug-bounty.git\ncd claude-bug-bounty\nchmod +x install_tools.sh && .\u002Finstall_tools.sh   # scanning tools (subfinder, httpx, nuclei, etc.)\nchmod +x install.sh && .\u002Finstall.sh               # AI skills + commands into Claude Code\n```\n\n### API Keys\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Chaos API\u003C\u002Fb> (recommended for better subdomain discovery)\u003C\u002Fsummary>\n\u003Cbr>\n\n1. Sign up free at [chaos.projectdiscovery.io](https:\u002F\u002Fchaos.projectdiscovery.io)\n2. Add your key:\n\n```bash\nexport CHAOS_API_KEY=\"your-key-here\"\necho 'export CHAOS_API_KEY=\"your-key-here\"' >> ~\u002F.zshrc\n```\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Optional keys\u003C\u002Fb> (even better subdomain coverage)\u003C\u002Fsummary>\n\u003Cbr>\n\nAdd to `~\u002F.config\u002Fsubfinder\u002Fconfig.yaml`:\n- [VirusTotal](https:\u002F\u002Fwww.virustotal.com) — free\n- [SecurityTrails](https:\u002F\u002Fsecuritytrails.com) — free tier\n- [Censys](https:\u002F\u002Fcensys.io) — free tier\n- [Shodan](https:\u002F\u002Fshodan.io) — paid\n\n\u003C\u002Fdetails>\n\n\u003Cbr>\n\n## The Rules (Always Active)\n\nThese apply every session, no exceptions:\n\n```\n 1. READ FULL SCOPE FIRST   — only test what the program says you can\n 2. ONLY REAL BUGS          — \"Can an attacker do this RIGHT NOW?\" if no, stop\n 3. KILL WEAK FINDINGS FAST — 30-second check saves hours of wasted reporting\n 4. NEVER GO OUT OF SCOPE   — one wrong request can get you banned\n 5. 5-MINUTE RULE           — no progress after 5 min? move to the next target\n 6. VALIDATE BEFORE REPORT  — run \u002Fvalidate before you spend 30 min writing\n 7. IMPACT FIRST            — start with the bugs that have the worst consequences\n```\n\n\u003Cbr>\n\n## Related Projects\n\n| Repo | What It's For |\n|:---|:---|\n| **[claude-bug-bounty](https:\u002F\u002Fgithub.com\u002Fshuvonsec\u002Fclaude-bug-bounty)** | This — full hunting pipeline from recon to report |\n| **[web3-bug-bounty-hunting-ai-skills](https:\u002F\u002Fgithub.com\u002Fshuvonsec\u002Fweb3-bug-bounty-hunting-ai-skills)** | Smart contract security — 10 bug classes, Foundry PoC templates |\n| **[public-skills-builder](https:\u002F\u002Fgithub.com\u002Fshuvonsec\u002Fpublic-skills-builder)** | Turns 500+ public bug writeups into Claude skill files |\n\n\u003Cbr>\n\n## Contributing\n\nPRs welcome. Best contributions:\n- New vulnerability scanners or detection modules\n- Payload additions to `skills\u002Fsecurity-arsenal\u002FSKILL.md`\n- Real-world methodology improvements (with evidence from paid reports)\n- Support for more platforms (YesWeHack, Synack, HackenProof)\n\n```bash\ngit checkout -b feature\u002Fyour-contribution\ngit commit -m \"Add: short description\"\ngit push origin feature\u002Fyour-contribution\n```\n\n---\n\n\u003Cdiv align=\"center\">\n\n### Connect\n\n[GitHub](https:\u002F\u002Fgithub.com\u002Fshuvonsec)  ·  [Twitter](https:\u002F\u002Fx.com\u002Fshuvonsec)  ·  [LinkedIn](https:\u002F\u002Flinkedin.com\u002Fin\u002Fshuvonsec)  ·  [shuvonsec@gmail.com](mailto:shuvonsec@gmail.com)\n\n\u003Cbr>\n\n**Built by bug hunters, for bug hunters.**  ·  If this helped you find a bug, [leave a star ⭐](https:\u002F\u002Fgithub.com\u002Fshuvonsec\u002Fclaude-bug-bounty)\n\n\u003Cbr>\n\n\u003Csub>MIT License · For authorized security testing only. Test only within an approved bug bounty program scope. Never test systems without explicit written permission. Follow responsible disclosure.\u003C\u002Fsub>\n\n\u003C\u002Fdiv>\n","Claude Bug Bounty 是一个基于AI的漏洞悬赏狩猎工具，旨在通过终端帮助用户发现网站和应用的安全漏洞。它支持20多种漏洞类别，具备自动侦察、自主狩猎以及报告生成等功能，并且能够记住以往的目标信息以提高效率。该工具使用Python编写，利用Claude Code（Anthropic的人工智能编码助手）作为核心引擎。适用于安全研究人员、道德黑客以及参与漏洞悬赏计划的专业人士，在进行渗透测试或安全评估时可显著提升工作效率与准确性。",2,"2026-06-11 03:49:06","high_star"]