A production-grade arsenal of 30 Claude Code Skills, 60+ integrated tools, custom payloads, validation gates, and platform-specific reporting templates — purpose-built for bug bounty hunters on HackerOne, Bugcrowd, Intigriti, and Immunefi.
- Executive Summary
- The Problem We Solve
- The Solution
- Comparison vs Alternatives
- Architecture & Design
- The 30 Skills — Detailed
- The 5 Playbooks
- The Arsenal
- Tools Integrated (60+)
- Installation & Setup
- Quick Start Examples
- Continuous Monitoring System
- Validation & Reporting Layer
- Use Cases & Scenarios
- ROI Analysis
- Tech Stack
- Customization & Extensibility
- Security, Ethics & Legal
- Roadmap
- FAQ
- Credits & Inspiration
- License
Claude CyberSecurity Skills is a comprehensive Claude Code Skills repository designed to transform Claude Code into an end-to-end bug bounty hunting partner. It bridges the gap between knowing security techniques and executing them efficiently at scale on real bug bounty programs.
- 30 production-grade Skills organized across 5 hunting phases
- 5 end-to-end Playbooks that chain multiple skills together
- 60+ real security tools integrated with copy-paste-ready commands
- 17 custom arsenal resources (payloads, wordlists, tampers, templates)
- 5 report templates for HackerOne, Bugcrowd, Intigriti, Immunefi
- 5 automation scripts for continuous monitoring (cron + GitHub Actions)
- Validation gates (7-Question Gate + 4 pre-submit gates) to dramatically reduce N/A reports
- Cross-references linking skills to playbooks to chains
- HackerOne / Bugcrowd / Intigriti hunters at any level
- Penetration testers doing web application engagements
- Security researchers who want a structured, reproducible hunting workflow
- Students learning bug bounty through guided methodology
Unlike documentation-only security repos, every skill is wired to specific tools, payloads, and outputs — so Claude Code becomes a hands-on hunting partner, not just a knowledge base.
Most security knowledge exists in disconnected silos:
- PayloadsAllTheThings: payloads without methodology
- HackTricks: methodology without payloads
- SecLists: wordlists without context
- Disclosed reports: examples without reproducible workflow
- Tool documentation: tool-by-tool without integration
A new hunter has to manually assemble this into a workflow. An experienced hunter has the workflow in their head but can't easily share or scale it.
| Pain | Current state | Cost |
|---|---|---|
| Choosing programs | Gut feeling | Wasted weeks on low-paying programs |
| Recon at scale | Manual one-shot | Miss new attack surface as it appears |
| Tool integration | Pieced together per task | Hours of setup per hunt |
| Vuln class methodology | Memorized or googled | Inconsistent coverage |
| Report writing | Each one from scratch | Hours per report; high rejection rate |
| Continuous monitoring | None or homegrown | Lose "first finder" advantage |
| Validation before submit | Skipped | High N/A ratio, account at risk |
For a hunter spending 10 hours/week:
- Without structure: ~1-2 medium findings/month
- With structure: ~4-8 findings/month at higher severity
The 4-8x productivity gap is methodology + tooling integration, not raw skill.
Claude Code Skills are markdown files Claude auto-loads based on natural-language triggers. When you describe a task, Claude reads the relevant skill and uses its methodology, payloads, and tool commands to assist you.
Without skills: "Test this for XSS" → Claude gives generic advice With skills: "Test this for XSS" → Claude loads the XSS skill which includes:
- Context-detection methodology
- 100+ payloads organized by context
- CSP bypass cheat sheet
- WAF bypass payloads
- Cookie theft PoC templates
- Impact escalation patterns
- Report template specific to XSS
- Cross-references to chain attacks
┌─────────────────────────┐
│ 1. PRE-HUNT (3 skills) │ Pick program → Parse scope → Mind map app
└──────────┬──────────────┘
▼
┌─────────────────────────┐
│ 2. RECON (6 skills) │ Subdomains → Live hosts → Tech → JS → Fuzz → Monitor
└──────────┬──────────────┘
▼
┌─────────────────────────┐
│ 3. HUNT (15 skills) │ IDOR, XSS, SQLi, SSRF, JWT, OAuth, etc.
└──────────┬──────────────┘
▼
┌─────────────────────────┐
│ 4. FRONTIER (3 skills) │ LLM/AI, Mobile, Cloud
└──────────┬──────────────┘
▼
┌─────────────────────────┐
│ 5. OUTPUT (3 skills) │ Validate → H1 report → BC report
└─────────────────────────┘
This workflow is enforced by the skills themselves — triage-validation must pass before hackerone-reporting activates correctly.
| Dimension | Masriyan (15 skills) | Claude CyberSecurity Skills (30 skills) |
|---|---|---|
| Focus | 15 broad cyber domains (RE, malware, IR, etc.) | Bug bounty hunting (H1/BC/Intigriti/Immunefi) |
| Skill count | 15 | 30 |
| Tool integration | Methodology + Python script references | Methodology + copy-paste commands for 60+ tools |
| Payloads | Not included | 7 dedicated payload files (XSS polyglots, CSP bypass, WAF bypass, SSRF cheatsheet, SSTI multi-engine, prompt injection direct/indirect) |
| Custom nuclei templates | None | 3 (Actuator env, GraphQL introspection, Firebase RTDB) |
| Custom sqlmap tampers | None | 3 (random case, Unicode, double URL-encode) |
| Custom semgrep rules | None | 1 file with 20+ secret detection rules |
| Report templates | None | 5 platform-specific (H1, BC, Intigriti, Immunefi, CVSS calc) |
| Validation gates | None | 7-Question Gate + 4 pre-submit + always-rejected list |
| Continuous monitoring | None | Full system (VPS + GitHub Actions, 5 scripts) |
| AI/LLM security | Brief | Dedicated skill with ASI01-ASI10 framework + indirect injection PoC |
| Playbooks | None | 5 multi-skill chains |
| Web3 / Smart contracts | None | Immunefi template with Foundry PoC |
| Mobile (Android) | None | Dedicated skill with apktool/jadx/MobSF |
| Conditional chain table | None | 40+ chain combinations weak→critical |
| PayloadsAllTheThings | Claude CyberSecurity Skills | |
|---|---|---|
| Payloads | Massive collection | Curated, BB-context-specific |
| Methodology | Minimal | Full per-class methodology |
| Tool integration | None | 60+ tools wired in |
| AI usability | Just markdown | Designed for Claude Code Skills |
| Workflow | Reference only | End-to-end hunting workflow |
| HackTricks | Claude CyberSecurity Skills | |
|---|---|---|
| Scope | All offensive security | Bug bounty specifically |
| Payloads | Some, scattered | Organized arsenal |
| Reporting | Not covered | 5 platform templates + CVSS calc |
| Validation gates | Not covered | Built-in |
| Continuous monitoring | Not covered | Full system |
| SecLists | Claude CyberSecurity Skills | |
|---|---|---|
| Purpose | Universal wordlists | BB workflow + curated wordlists |
| BB context | None | Every wordlist scoped to BB tasks |
| Methodology | None | Full per-class |
Claude CyberSecurity Skills isn't trying to replace these — it stands on their shoulders. It assembles their best parts into a coherent, BB-focused, tool-integrated workflow that Claude Code can drive.
claude-cybersecurity-skills/
│
├── README.md # Quick intro + skill index
├── PROJECT_REPORT.md # This document
├── INSTALL.sh # Linux/WSL installer (60+ tools)
├── INSTALL.ps1 # Windows installer
├── LICENSE # MIT + ethical use notice
├── .gitignore # Loot, secrets, build artifacts
├── CONTRIBUTING.md # Contribution guidelines
│
├── docker/
│ └── claude-cybersecurity-skills.Dockerfile # All-in-one image
│
├── skills/ # 30 SKILL.md files
│ ├── 01-program-selection/
│ ├── 02-scope-analysis/
│ ├── 03-threat-modeling-mindmap/
│ ├── 04-subdomain-enum/
│ ├── 05-asset-discovery/
│ ├── 06-fingerprinting/
│ ├── 07-js-analysis/
│ ├── 08-content-discovery/
│ ├── 09-continuous-monitoring/
│ ├── 10-idor-hunting/
│ ├── 11-auth-bypass/
│ ├── 12-ato-chains/
│ ├── 13-xss/
│ ├── 14-sqli/
│ ├── 15-ssrf/
│ ├── 16-ssti/
│ ├── 17-file-upload/
│ ├── 18-graphql/
│ ├── 19-jwt-attacks/
│ ├── 20-oauth-oidc/
│ ├── 21-business-logic/
│ ├── 22-subdomain-takeover/
│ ├── 23-cache-poisoning/
│ ├── 24-http-smuggling/
│ ├── 25-llm-ai-security/
│ ├── 26-mobile-recon-android/
│ ├── 27-cloud-misconfig/
│ ├── 28-triage-validation/
│ ├── 29-hackerone-reporting/
│ └── 30-bugcrowd-reporting/
│
├── playbooks/ # 5 multi-skill chains
│ ├── new-target-day1.md # 8-hour first-day workflow
│ ├── continuous-recon-pipeline.md # Monitoring infrastructure
│ ├── ato-chain-hunt.md # 9 paths to Account Takeover
│ ├── ssrf-to-rce-aws.md # SSRF → IAM → cloud takeover
│ └── llm-app-fullhunt.md # 11-step AI hunt
│
├── arsenal/ # Custom payloads, wordlists, rules
│ ├── wordlists/
│ │ ├── api-paths.txt # 200+ curated API paths
│ │ └── file-upload-extensions.txt # 150+ extensions for fuzzing
│ ├── xss-payloads/
│ │ ├── polyglots.txt # Universal XSS polyglots
│ │ ├── csp-bypass.txt # 17 CSP bypass techniques
│ │ └── waf-bypass.txt # WAF-specific bypasses
│ ├── ssrf-payloads/
│ │ └── ip-bypass-cheatsheet.md # 11+ IP encoding bypasses + cloud metadata
│ ├── ssti-payloads/
│ │ └── multi-engine.txt # Jinja2/Twig/Freemarker/Velocity/Spring/Smarty/ERB/Pug
│ ├── sqlmap-tampers/
│ │ ├── ccs_random_case_between.py
│ │ ├── ccs_unicode_encode.py
│ │ └── ccs_double_url_encode.py
│ ├── file-upload-polyglots/
│ │ └── README.md # GIF+PHP, PNG+PHP, SVG+XSS, .htaccess
│ ├── prompt-injection-payloads/
│ │ ├── direct.txt # System prompt extraction, jailbreaks
│ │ └── indirect.txt # HTML comment injection, RAG poisoning
│ ├── semgrep-rules/
│ │ └── javascript-secrets.yml # 20+ secret detection rules
│ └── nuclei-templates/
│ ├── ccs-actuator-env.yaml # Spring Boot env + secret extraction
│ ├── ccs-graphql-introspection.yaml
│ └── ccs-firebase-rtdb.yaml
│
├── templates/ # Report templates
│ ├── hackerone-template.md
│ ├── bugcrowd-template.md # VRT mapping
│ ├── intigriti-template.md
│ ├── immunefi-template.md # Foundry PoC for Web3
│ └── cvss-calculator.md # Quick CVSS 3.1 reference
│
├── scripts/ # Automation
│ ├── full-sub-recon.sh # Complete recon pipeline
│ ├── monitor-subs.sh # Nightly subdomain diff
│ ├── monitor-js.sh # JS file hash + endpoint diff
│ ├── nuclei-sweep.sh # Daily nuclei sweep
│ └── certstream-monitor.py # Real-time CT log monitoring
│
└── docs/
├── 7-question-gate.md # MANDATORY pre-report checklist
├── always-rejected-list.md # What NOT to submit
├── conditional-chain-table.md # 40+ chain combinations
├── faq.md
└── tool-cheatsheets/
├── nuclei.md
├── sqlmap.md
├── ffuf.md
└── subfinder.md
Total: 77 files organized into 11 top-level directories.
Every SKILL.md follows the same structure:
---
name: <skill-name>
description: <one-liner that triggers Claude>
metadata:
type: skill
phase: <pre-hunt | recon | hunt | output>
vuln_class: <e.g., xss, idor, sqli>
tools: [list of tools]
---
# <Skill Title>
> <Punchy one-line value statement>
## When to invoke
- Trigger phrases (natural language)
- When NOT to invoke
## Methodology
- Step-by-step workflow
- Tool commands (copy-paste ready)
- Decision points
## Payloads / Examples
- Context-specific payloads
- Real examples
## Output template
- How to format findings
## Cross-references
- [[other-skill]] links
## Common pitfalls
- What goes wrong
- How to avoid
## Severity guide
- When to assign whatThis structure makes skills:
- Discoverable (YAML frontmatter + trigger phrases)
- Actionable (concrete commands)
- Composable (cross-references)
- Reusable (output templates)
Skills are grouped into 5 phases mirroring the bug bounty workflow:
Decide what to hunt and where to focus. These skills run before any active scanning.
Discover the attack surface. These chain together: subdomain → asset → fingerprint → JS → fuzz → monitor.
The core vulnerability classes. Each is a deep methodology + payloads + impact framing.
2026's emerging attack surfaces — LLM/AI applications, mobile apps, cloud misconfigurations.
Validate findings (the quality gate) and write platform-specific reports.
Evaluates HackerOne, Bugcrowd, Intigriti, and Immunefi programs before committing time. Uses a 7-criteria scoring system (payout history, response time, scope size, scope quality, competition level, tech stack match, program hygiene). Programs scoring ≥25/35 are worth hunting; <20 should be skipped.
Key features:
- Decision matrix (hunt now / time-box / skip)
- Read-10-disclosed-reports protocol
- Tech stack matching to your strengths
- Output: structured score card
Parses program scope into a structured asset list. Handles wildcards (*.target.com), out-of-scope exclusions, vulnerability class restrictions, and special rules.
Key features:
- YAML scope representation
- OOS filter generation
- Excluded vuln class mapping
- Special rules (rate limits, test accounts, hour restrictions)
Builds a mental and visual map of the target application BEFORE scanning. Identifies trust boundaries, high-value features, and prioritized hunt targets.
Key features:
- 6-layer mind map template (Auth, AuthZ, User Data, Core, Payments, Technical Surface)
- Prioritization matrix (impact × ease)
- Trust boundary identification
- Output: ranked hunt plan
Comprehensive subdomain enumeration combining 6+ passive sources (subfinder, amass, chaos, assetfinder, crtsh, findomain) plus active DNS brute force (puredns, shuffledns) and permutations (gotator, dnsgen).
Tools: subfinder, amass, chaos, assetfinder, crtsh API, findomain, puredns, shuffledns, gotator, dnsgen
Probes subdomain lists to identify live hosts, open ports, status codes, titles, and basic fingerprints. Generates focus lists (interesting tech, API candidates, admin candidates, protected endpoints).
Tools: dnsx, naabu, httpx, masscan, nmap, gowitness
Identifies exact technology stack, frameworks, versions, CMSes on live hosts. Maps each tech to relevant vulnerability classes to hunt next.
Tools: httpx, whatweb, wappalyzergo, retire.js, nuclei tech templates, wafw00f
Extracts endpoints, secrets, and hidden routes from JavaScript files. Mines for hardcoded credentials, embedded GraphQL queries, internal hostnames, and exposed source maps.
Tools: LinkFinder, SecretFinder, JSluice, mantra, getJS, sourcemapper, trufflehog, noseyparker
Custom patterns for: AWS keys, GCP keys, Stripe live keys, Slack tokens, GitHub PATs, Firebase URLs, Cognito Identity Pool IDs
Fuzzes directories, files, and URL parameters. Two-stage approach: path discovery first, then parameter mining on found endpoints.
Tools: ffuf, feroxbuster, dirsearch, arjun, paramspider, x8, kiterunner
Includes: 30+ high-value paths to always test (.env, .git, swagger, actuator, etc.)
Sets up nightly diff-based monitoring of subdomains, JS files, new endpoints, and CVE matches. Includes both VPS (cron-based) and GitHub Actions setup paths.
Notifications: Discord, Slack, Telegram via ProjectDiscovery notify
Real-time: CertStream for instant cert transparency alerts
The 5 IDOR patterns: sequential IDs, UUIDs, indirect references, multi-parameter, HTTP method confusion. Includes Burp Autorize setup and Python automation for cross-account testing.
Key sections:
- Pre-requisites (two account setup)
- BOLA testing (OWASP API #1)
- Bypass tricks when straight swap fails
- Vertical IDOR (privilege escalation)
- 12 path manipulation bypasses
- Chained IDOR for higher severity
12 categories of authentication and authorization bypasses: path canonicalization, HTTP method swap, header injection, authorization confusion, JWT downgrade, force-browse, parameter injection, mass assignment, logic flaws, session fixation, CORS misconfig, OAuth flaws.
Includes: 60+ bypass payloads + custom Python testing script
9 paths to Account Takeover with detailed exploitation steps for each. Focuses on chaining lower-severity findings into critical ATO.
The 9 paths:
- Password reset token leakage
- Email change without confirmation
- OAuth redirect_uri/state abuse
- Response manipulation
- Cookie hijacking
- JWT-based ATO
- Race condition (signup, email confirm)
- CRLF/header injection in Set-Cookie
- WebSocket/SSE auth ignored
Reflected, stored, DOM-based, mXSS, markdown XSS. Includes context-detection table (12 contexts), polyglot payloads, CSP bypass cheatsheet, file-upload XSS (SVG), and impact escalation patterns (cookie theft, account takeover via XSS, persistent XSS via account modification).
Custom payload arsenal:
- Polyglots (15+ universal payloads)
- 17 CSP bypass techniques
- WAF-specific bypasses (Cloudflare, Akamai, Imperva, AWS WAF)
Error-based, UNION-based, Boolean-blind, time-blind, out-of-band, second-order injection. sqlmap configuration for each, manual payloads for when sqlmap fails, custom WAF-bypass tampers, NoSQLi (MongoDB operator injection).
Custom sqlmap tampers shipped:
ccs_random_case_between— Cloudflare bypassccs_unicode_encode— pattern-match bypassccs_double_url_encode— single-decode WAF bypass
Cloud metadata extraction (AWS IMDSv1/v2, GCP, Azure, DO, Alibaba, Oracle), 11+ IP filter bypass techniques, gopher protocol Redis/SMTP attacks, blind SSRF detection, full AWS IAM credential extraction chain.
Arsenal ships: 11-way IP encoding cheatsheet, all cloud metadata URLs, internal service port reference
Multi-engine detection (Jinja2, Twig, Mako, Velocity, Freemarker, Smarty, Spring SpEL, Handlebars, ERB, Pug, Razor, Liquid). Engine-specific RCE payloads. WAF bypass tricks for each engine.
Custom payload file: arsenal/ssti-payloads/multi-engine.txt — 200+ payloads organized by engine
10 bypass techniques: extension blacklist, null byte, double extension, content-type spoof, magic byte prefix, SVG XSS, HTML upload, .htaccess upload, ZIP slip/path traversal, XXE via SVG.
Includes: Polyglot file generation (GIF+PHP, PNG+PHP, JPEG+PHP, SVG+XSS), Burp Intruder extension fuzzing wordlist, race condition upload testing, CSV formula injection.
Engine fingerprinting (graphw00f), introspection with full schema query, clairvoyance for disabled introspection, field-level IDOR (BOLA), batched queries for rate limit bypass, alias-based brute force, deep query DoS, mutation-based attacks, CSRF via GET/POST.
Includes: Engine-specific bug references (Apollo, Hasura, Graphene, Yoga, AppSync, Sangria)
10 JWT attack patterns: alg=none, RS256→HS256 key confusion, weak HMAC secret cracking, kid path traversal, kid SQL injection, jku/x5u header injection, embedded jwk, expired token reuse, claim mutability, JWT in URL.
Tool integration: jwt_tool, jwtcat, hashcat for HMAC cracking, manual openssl commands
12 OAuth attack patterns: redirect_uri host/path/prefix/parameter pollution bypass, response_type confusion, state CSRF, PKCE bypass, scope manipulation, ID token claim trust, provider confusion, postMessage origin issues, authorization code reuse.
Includes: Open redirect → OAuth callback chain (the classic critical), .well-known/openid-configuration enumeration
11 patterns: race conditions (TOCTOU), negative integers, float precision, integer overflow, workflow skip, coupon/discount abuse, refund logic, tier/subscription manipulation, rate limiting bypass, ownership reassignment, mass assignment.
Includes: Burp turbo intruder examples, parallel race condition testing, coupon discovery techniques
Detection via subjack/nuclei takeover templates, manual verification before submission, takeover instructions per service (S3, GitHub Pages, Heroku, Azure, Shopify, etc.), impact framing (cookie scope, OAuth, phishing).
Vulnerable service table: 20+ services with CNAME patterns and fingerprint strings
Unkeyed input testing (Param Miner approach), cache deception via extension manipulation, CDN-specific quirks (Cloudflare, Akamai, Fastly, CloudFront), HTTP/2 cache abuse, fat-GET poisoning.
Includes: Manual probe canary script, key normalization tricks
CL.TE, TE.CL, TE.TE, H2.CL, H2.TE, CL.0 desync detection. smuggler.py automation, Burp Pro HTTP Request Smuggler extension setup, manual timing-based detection, exploitation chains (front-end auth bypass, next-user session hijack, cache poisoning combo).
The 2026 frontier. Covers:
- Direct prompt injection (jailbreaks, system prompt extraction)
- Indirect prompt injection (the high-impact attack via HTML comments, RAG poisoning, email content)
- ASCII smuggling (Unicode tag exfil)
- Agentic AI exploits (ASI01-ASI10 framework from OWASP)
- Tool injection → RCE via code-exec tools
- Memory poisoning persistence
- IDOR in chat history
- RAG cross-tenant data leakage
Arsenal ships: Direct + indirect prompt injection payload files with 100+ tested payloads
APK download (Play Store, APKMirror, adb), decompilation (apktool, jadx), AndroidManifest.xml analysis (exported components, deeplinks, permissions), secret hunting (custom regex set for AWS/Google/Stripe/Slack/GitHub), endpoint mining, Firebase URL extraction, MobSF automation, network traffic interception with Frida SSL pinning bypass.
Key patterns: Custom regex for AWS, GCP, Stripe Live, Slack, GitHub PATs, Firebase RTDB URLs, Cognito Identity Pool IDs
Public S3/GCS/Azure Blob bucket testing (s3scanner, cloud_enum), Cognito Identity Pool misconfig, AWS access key exploitation (enumerate-iam, pacu), Firebase Realtime Database/Firestore testing, exposed Kubernetes API, public Elastic/Kibana/Mongo/Redis, GitHub Actions secret leakage.
Includes: prowler/ScoutSuite usage when you have credentials, full SSRF → IMDS → IAM → cloud takeover chain reference
The quality gate. Includes:
- 7-Question Gate (scope, accepted class, working PoC, real impact, duplicate check, severity, "would I pay for this")
- 4 pre-submit gates (reproducibility, report quality, scope clarity, ethical disclosure)
- Always-rejected list with exceptions
- Conditional chain table (when weak findings become Critical)
- CVSS 3.1 quick reference
- Severity decision guide
- Title formula
- Impact statement formula
This is the single most important skill for reducing N/A ratio.
Production-grade H1 report formatting. Title formula, impact-led writing, CVSS 3.1 scoring, complete PoC formatting, attached files convention, submission etiquette, post-submission negotiation tactics.
Includes: Full sample report (Critical IDOR with all sections), severity → bounty mapping table, negotiation scripts for severity disputes
Bugcrowd-specific (VRT, P1-P5). Maps each bug class to specific VRT path. Includes priority justification template for proposing VRT upgrades. Lists 20 most-common VRT categories.
Key: VRT path × default priority × suggested upgrade template
Playbooks chain multiple skills into end-to-end workflows.
8-hour workflow for the first day on a new program.
Hour 1: program-selection + scope-analysis
Hour 2: subdomain-enum + asset-discovery (parallel)
Hour 3: threat-modeling-mindmap + fingerprinting
Hour 4: js-analysis (secrets + endpoint mining)
Hour 5: content-discovery (directory fuzz + parameter mining)
Hour 6: continuous-monitoring setup (for ongoing tracking)
Hour 7: Prioritize vuln classes for hunt
Hour 8: Quick wins pass (nuclei + obvious bugs)
Output: Structured loot/<target>/ directory with target intel, hunt plan, and any quick wins.
The "passive income" infrastructure.
Two deployment paths:
- VPS-based ($5/month) — cron + bash scripts + systemd certstream
- GitHub Actions (free) — scheduled workflows + repo-stored state
Monitors:
- New subdomains (daily passive enum)
- New cert transparency entries (real-time via certstream)
- JS file hash changes (every 6 hours)
- New endpoints in changed JS
- Daily nuclei sweep (critical/high only)
- Weekly tech re-fingerprint
- GitHub commit activity on public repos
Notifications: Discord/Slack/Telegram via configurable rules (severity thresholds, quiet hours, dedup).
Systematic methodology to chain findings into Account Takeover.
For each of the 9 ATO paths, provides:
- What to look for
- How to test
- Real example chain
- Severity matrix
- Pitfalls
Anti-failure patterns:
- Don't chain weak → weak → "critical" (each link must be solid)
- Don't include speculative links
- Don't claim "potential" ATO (demonstrate or don't)
The most-paid chain in cloud-hosted apps.
End-to-end:
- Confirm SSRF works (interactsh OOB)
- Determine cloud provider
- Hit IMDSv1 (or pivot if v2)
- Use credentials (sts get-caller-identity)
- Enumerate permissions (enumerate-iam, pacu)
- Pivot to high-impact (S3 read, Secrets Manager, RDS info, Lambda code, SES)
- Document severity matrix
- Report with H1 template
Includes: GCP and Azure variants, ethical reminders for cloud-impacting reports.
The AI security frontier — 11-step methodology.
Step 1: Map the AI surface
Step 2: Identify architecture
Step 3: Test direct prompt injection
Step 4: Extract system prompt
Step 5: Test indirect prompt injection (high-impact)
Step 6: Test agentic/tool injection (ASI01)
Step 7: Test memory poisoning (ASI03)
Step 8: IDOR in chat history
Step 9: ASCII smuggling (output exfil)
Step 10: RAG poisoning (ASI04)
Step 11: Resource exhaustion (ASI08)
Bounty expectations table:
- Direct injection (popup only): $50-200 (often informative)
- System prompt extraction: $200-1k
- Indirect prompt injection → data exfil: $2k-15k
- Tool injection → RCE: $5k-30k
- IDOR in chat history (PII): $1k-5k
The arsenal/ directory ships ready-to-use security resources that augment the tools.
Detects Spring Boot Actuator /env exposure AND extracts secrets from the response (AWS keys, JWT secrets, DB credentials, Stripe keys, SendGrid, Slack, GitHub tokens). Goes beyond standard nuclei templates that just detect exposure.
Detects GraphQL endpoints with introspection enabled and extracts:
- Query and Mutation root type names
- Admin-looking query names
- Privileged mutations (delete, set role, promote, grant, impersonate)
Turns informational "introspection enabled" into actionable attack surface.
Tests Firebase Realtime Databases for public read AND public write (using a canary path), then cleans up. Multi-step nuclei workflow.
Three-layer WAF bypass combining:
- Random case on SQL keywords (
SeLeCt) - Spaces to
/**/ =replaced withBETWEEN x AND x
Primary use: Cloudflare and AWS WAF bypass.
Replaces SQL keywords with Unicode escape sequence equivalents (SELECT → SELECT). Bypasses WAFs that pattern-match without normalizing Unicode.
Double URL-encodes dangerous characters (%27 → %2527). Bypasses WAFs that decode once and check, then backend decodes twice and uses.
arsenal/semgrep-rules/javascript-secrets.yml includes 20+ rules for detecting:
- AWS Access/Secret Keys (all prefixes: AKIA, ASIA, AGPA, etc.)
- Google API Keys
- Stripe Live + Test Keys
- Slack tokens (xoxb, xoxa, xoxp, xoxr, xoxs)
- Slack webhooks
- GitHub PATs (ghp, gho, ghu, ghs, ghr)
- Twilio Account SID + Auth Token
- SendGrid API keys
- Mailgun API keys
- PayPal/Braintree access tokens
- Generic labeled credentials (
api_key,secret,password) - JWT signing secrets
- Firebase URLs
- Cognito Identity Pool IDs
- Private keys (RSA, OpenSSH, DSA, EC, PGP)
- Database connection strings with credentials
200+ paths organized by category: API versions, GraphQL endpoints, well-known files, admin paths, auth endpoints, billing, file handling, Firebase paths, configuration files, backup files, environment paths, CMS-specific, Spring Boot actuator paths, Kubernetes paths, service-specific (Solr, Elastic, Kibana, Grafana, Prometheus).
150+ extensions organized by language: PHP variants (php, phtml, phar, etc.), ASP variants, JSP variants, scripting (js, py, rb, sh, bat, ps1), Java (jar, class, war), HTML/XML, config (.env, .json, .yml), archive (zip, tar.gz, 7z), database (db, sqlite, sql), document, certificate, font, etc.
15+ universal XSS polyglots covering multiple contexts in one payload. Includes the classic compact ("><svg onload=alert(1)>), 0xsobky's polyglot, attribute escapes, JS string breaks, HTML comment escapes, SVG file upload XSS, markdown XSS, DOM XSS via location.hash, stealth XSS for cookie theft.
17 CSP bypass techniques mapped to specific weaknesses:
- Bypass 1: unsafe-eval → setTimeout/Function/eval with strings
- Bypass 2: unsafe-inline (rare but check)
- Bypass 3: AngularJS payload (unsafe-eval + AngularJS)
- Bypass 4: JSONP endpoints on whitelisted domains
- Bypass 5: trusted CDN with outdated libs
- Bypass 6: base-uri attack
- Bypass 7: dangling markup
- Bypass 8: object-src not 'none'
- Bypass 9: nonce reuse
- Bypass 10: weak hash + script reflection
- Bypass 11: strict-dynamic chained loaders
- Bypass 12: form-action exfil
- Bypass 13: connect-src wildcard
- Bypass 14: report-uri leak
- Bypass 15: iframe sandbox-allows-*
- Bypass 16: SVG use element
- Bypass 17: ServiceWorker takeover
WAF-specific bypass payloads for Cloudflare, Akamai, Imperva, AWS WAF, plus encoding tricks (double URL encode, HTML entity, Unicode escape, octal escape, hex escape), unusual tag fuzzing, event handler variants, JavaScript scheme variants.
The reference guide for SSRF bypass:
- 127.0.0.1 representations (decimal, octal, hex, mixed, IPv6, URL-encoded, DNS rebinding)
- 169.254.169.254 (AWS metadata) representations
- URL parser confusion bypasses (12 variants)
- Schemes when http:// blocked (file://, gopher://, dict://, ftp://, LDAP, jar://)
- Cloud provider metadata URLs (AWS IMDSv1/v2, GCP, Azure, DO, Alibaba, Oracle, Kubernetes)
- Internal services often reachable via SSRF (30+ ports)
- Common internal hostnames
200+ payloads organized by template engine:
- Jinja2 (Python/Flask/Django) — 15+ RCE chains
- Twig (PHP/Symfony/Drupal) — filter chains, environment abuse
- Freemarker (Java) — Execute utility variants
- Velocity (Java) — full RCE script
- Spring SpEL — T() expressions
- Smarty — {php}/Write_File abuse
- ERB (Ruby) — backtick, system, exec, Kernel
- Pug (JavaScript) — child_process abuse
- Razor (.NET) — Process invocation
- Handlebars — prototype pollution (when applicable)
- Liquid (Shopify/Jekyll) — info disclosure
Plus blind SSTI OOB payloads and engine fingerprinting probes.
Generation instructions for:
- GIF + PHP polyglot
- PNG + PHP polyglot
- JPEG + PHP polyglot
- SVG + XSS (inline JavaScript)
- SVG + XXE
- SVG + blind XXE (OOB)
- HTML disguised as PNG
- .htaccess upload (Apache)
- ZIP slip / path traversal in archive
- PDF + JavaScript (NamedDestination)
- Malicious EXIF (ImageTragick)
100+ direct prompt injection payloads:
- Classic instruction override (multiple phrasings)
- Role separation tokens (model-specific: ChatML, Claude, Llama)
- System prompt extraction (multiple angles)
- Encoded injection (base64, French, ROT13)
- Roleplay variants (DAN, AIM, etc.)
- Output format manipulation
- Hypothetical/fiction framing
- Confusion attacks (code + injection)
- Multi-step manipulation
- Token/context boundary attacks
- Tool injection probes
- Memory poisoning
- Output exfil (markdown image side channel)
- Format-string injections
- Popular jailbreak templates
The high-impact pattern. 15 indirect injection patterns:
- HTML comment injection (for URL summarization)
- Inline visible-but-overlooked instructions
- CSS-hidden text
- ARIA-label/accessibility injection
- Email injection (for AI inbox readers)
- PDF/document metadata injection
- Image OCR injection (steganographic)
- Markdown injection (for chat-based AI)
- JSON/API response injection
- ASCII smuggling (Unicode tag chars)
- SVG/XML injection
- RAG poisoning (for indexed content)
- Webhook payload injection
- Comment box/form input injection
- Code comment injection (for code-review AI)
subfinder, amass, assetfinder, chaos, findomain, sublist3r
httpx, dnsx, naabu, masscan, nmap, gowitness
katana, waybackurls, gau, hakrawler, gospider
ffuf, feroxbuster, dirsearch, gobuster
arjun, paramspider, x8
LinkFinder, SecretFinder, JSluice, mantra, getJS
nuclei, nikto, wapiti, droopescan
sqlmap, ghauri, NoSQLMap, dalfox, XSStrike, kxss, gxss, SSRFmap, Gopherus, tplmap, commix
jwt_tool, jwtcat, hashcat, hydra
kiterunner, graphw00f, clairvoyance, inql, graphql-cop
trufflehog, gitleaks, noseyparker, semgrep
prowler, ScoutSuite, pacu, enumerate-iam, s3scanner, cloudsplaining
apktool, jadx, MobSF, frida, objection
garak, PyRIT, promptfoo
interactsh-client, notify, anew, qsreplace, unfurl, gron, gf, git-dumper
subjack, nuclei takeover templates
mapcidr, httprobe
# Clone
git clone https://github.com/YOUR_USERNAME/claude-cybersecurity-skills.git
cd claude-cybersecurity-skills
# Run installer (installs 60+ tools)
chmod +x INSTALL.sh
./INSTALL.sh
# What it does:
# 1. Apt packages (curl, wget, jq, python3, build tools, nmap, masscan)
# 2. Go toolchain (1.22)
# 3. ~25 Go-based tools (ProjectDiscovery + community)
# 4. ~12 Python tools via pipx
# 5. Git-cloned tools (LinkFinder, SecretFinder, SSRFmap, etc.)
# 6. feroxbuster (Rust prebuilt)
# 7. Nuclei templates + Claude CyberSecurity Skills custom templates
# 8. gf patterns
# 9. Custom sqlmap tampers
# 10. Optional: install skills to ~/.claude/skills/git clone https://github.com/YOUR_USERNAME/claude-cybersecurity-skills.git
cd claude-cybersecurity-skills
.\INSTALL.ps1Supports Chocolatey, Scoop, or winget for base toolchain. Note: some Linux-only tools (MobSF, certain Python libs) require WSL.
docker build -t claude-css -f docker/claude-cybersecurity-skills.Dockerfile .
docker run -it -v $(pwd)/loot:/loot claude-cssBased on Kali Linux rolling. ~3.5GB image with all 60+ tools.
# Globally (all projects)
mkdir -p ~/.claude/skills
cp -r skills/* ~/.claude/skills/
# Project-specific
mkdir -p ./.claude/skills
cp -r skills/* ./.claude/skills/The INSTALL.sh prompts to do this automatically.
Configure these once to dramatically boost recon coverage:
# ~/.config/subfinder/provider-config.yaml
chaos: # FREE for BB hunters at chaos.projectdiscovery.io
- "YOUR_KEY"
github: # any GitHub PAT
- "ghp_YOUR_PAT"
securitytrails: # 50 free queries/month
- "YOUR_KEY"
virustotal: # 4 req/min free
- "YOUR_KEY"
censys: # 250 free queries/month
- "ID:SECRET"
shodan: # $5/month membership for API
- "YOUR_KEY"Without keys: ~30% coverage. With keys: ~95% coverage. Configure them.
# Start Claude Code in any directory
claude
# In Claude:
> "I just got invited to a private H1 program for *.example.com. Help me decide if it's worth hunting."
# Claude auto-loads program-selection skill, scores the program against 7 criteria, gives a recommendation.
> "OK let's hunt. Run full recon."
# Claude auto-loads subdomain-enum + asset-discovery + fingerprinting + js-analysis skills.
# It chains the commands together and outputs a structured loot/ directory.
> "The JS file at app.example.com/main.js exposes /api/v3/users/{id}. Hunt IDOR."
# Claude loads idor-hunting skill, walks you through the testing pattern.
> "Found one. Run the 7-Question Gate."
# Claude loads triage-validation skill, asks you the 7 questions.
> "All pass. Write the H1 report."
# Claude loads hackerone-reporting skill, drafts the full report with proper formatting.# Add target
echo "target.com" >> ~/ccs-state/targets.txt
# Run the monitoring script manually first
./scripts/monitor-subs.sh
# Set up cron
crontab -e
# Add:
# 0 3 * * * /home/user/claude-cybersecurity-skills/scripts/monitor-subs.sh
# 0 4 * * * /home/user/claude-cybersecurity-skills/scripts/monitor-js.sh
# 0 5 * * * /home/user/claude-cybersecurity-skills/scripts/nuclei-sweep.sh
# Real-time CertStream
export BB_WEBHOOK="https://discord.com/api/webhooks/YOUR_HOOK"
python3 scripts/certstream-monitor.py
# (Or set up as systemd service per playbooks/continuous-recon-pipeline.md)claude
> "I found SSRF on /api/import/url. The target is on AWS. Walk me through the full exploitation."
# Claude loads:
# - ssrf skill (cloud metadata section)
# - cloud-misconfig skill (IAM enumeration)
# - playbooks/ssrf-to-rce-aws.md
# Claude walks through:
# 1. Confirm SSRF with interactsh
# 2. Hit IMDSv1 for role name
# 3. Get credentials
# 4. sts get-caller-identity
# 5. enumerate-iam
# 6. Pivot decisions
# 7. Severity matrix
# 8. Report drafting with proper ethical framingclaude
> "Target has /api/graphql with introspection enabled. Find IDORs."
# Claude loads:
# - graphql skill
# - idor-hunting skill
# Suggests:
# 1. Pull full schema with introspection
# 2. Filter Query.*ById fields
# 3. Test each with victim's IDs
# 4. Batched queries for rate limit bypass
# Provides exact GraphQL query payloads ready to send.This is the highest-ROI component of the project. Most BB hunters scan once a month; with continuous monitoring, you find new attack surface within hours of it appearing.
| Signal | Frequency | Detection method |
|---|---|---|
| New subdomains | Daily (cron) | passive enum diff |
| New CT log certs | Real-time | CertStream WebSocket |
| JS file changes | Every 6 hours | md5 hash diff |
| New endpoints in JS | Every 6 hours | LinkFinder diff |
| Critical nuclei findings | Daily | nuclei sweep diff |
| Subdomain takeover candidates | Daily | nuclei takeover templates on new subs |
| GitHub commit activity | Hourly (optional) | gh api orgs/X/events |
| Tech stack changes | Weekly | httpx -tech-detect re-run |
- DigitalOcean / Linode / Hetzner
- 1 CPU / 1GB RAM enough
- cron + bash + systemd
- State in
~/ccs-state/ - Full control
- Scheduled workflows
- State stored in private repo as artifacts
- 2000 minutes/month free (plenty for monitoring)
- Built-in notification via Discord webhook
- No infrastructure to manage
Recommended Discord channel structure:
#bb-critical— critical findings (push to mobile)#bb-feed— all subdomain + JS changes (muted)#bb-discoveries— historical record (search by target)
Alternative: Telegram for mobile-first; Slack for team setups.
alert_rules:
new_subdomain:
threshold: 1
quiet_hours: ['22:00', '08:00']
nuclei_finding:
only_severities: [critical, high]
skip_if_seen: true
js_change:
only_with_new_endpoints: trueScenario: Target deploys admin-staging.target.com at 11 PM. Cron picks it up at 3 AM. Discord alert. You wake up at 8 AM. Visit URL. It's a Spring Boot Actuator with /env exposed → CRITICAL. Report at 10 AM. $5,000 paid by EOD.
This is the difference between hobby BB and professional BB.
The most underappreciated part of bug bounty is what you do AFTER finding the bug.
Before writing any report, every finding must pass:
- Is this in scope? (asset + vuln class)
- Is the vuln class accepted by this program? (read program rules)
- Do I have a working PoC? (reproducible from cold start)
- What is the real-world impact? (concrete, not theoretical)
- Is this a duplicate? (check disclosed reports)
- What severity will the program assign? (CVSS conservatively)
- Does it pass the "would I pay for this" test? (real value question)
One No → kill the finding or improve it. This single discipline reduces N/A ratio by 60-80%.
Documented categories that programs reject:
- Tier 1: Almost always rejected (self-XSS, missing headers, etc.)
- Tier 2: Often rejected program-dependent (subdomain takeover if excluded, etc.)
- Tier 3: Specific contexts only (WAF bypass alone, etc.)
- Tier 4: Always informational (robots.txt, etc.)
Plus AI-specific rejection patterns (popup jailbreaks, etc.).
40+ chain combinations where weak findings become Critical:
- Open redirect alone → N/A
- Open redirect + OAuth callback → Critical ATO
- IDOR reading email → Low
- IDOR (email) + email-only password reset → Critical ATO
- SSRF (localhost only) → Medium
- SSRF + cloud metadata → Critical IAM access
The art of bug bounty is finding the chain. This table teaches the pattern.
Each report platform has different conventions:
- HackerOne: CVSS 3.1, CWE, structured fields
- Bugcrowd: VRT (Vulnerability Rating Taxonomy), P1-P5
- Intigriti: CVSS + impact-based
- Immunefi: Web3-specific, Foundry PoC required
Templates provide:
- Title formula
- Summary structure
- Step-by-step format
- Impact framing
- Suggested fix patterns
- Negotiation scripts for downgrades
Profile: Self-employed, hunting part-time or full-time.
Value:
- Single-source-of-truth for methodology
- Custom arsenal that grows over time
- Continuous monitoring catches new bugs while sleeping
- Report templates ensure consistent quality
- Validation gates protect signal score
Workflow:
- Daily: Check monitoring alerts (5 min)
- Pick a target signal worth pursuing
- Use Claude Code with skills for the hunt session
- Run triage-validation before any report
- Use platform template for submission
Profile: Small team coordinating on multiple programs.
Value:
- Standardized methodology across team
- Shared continuous monitoring (one VPS for whole team)
- Consistent report quality regardless of team member
- Onboarding: new hunters learn from the skills
- Audit trail (every skill is a documented decision)
Workflow:
- Centralized monitoring infrastructure
- Skills shared via git repo
- Per-program loot directories
- Weekly sync on findings
Profile: Professional pentester running scoped engagements.
Value:
- Faster recon (less time on setup)
- Comprehensive coverage (less chance of missing classes)
- Better report formatting (clients value polish)
- Methodology evidence (defensible audit trail)
Workflow:
- Use new-target-day1 playbook per engagement
- Use vuln class skills for each finding
- Use H1 template (adapted to engagement format)
- Deliver structured loot folder + final report
Profile: Studying bug bounty, doing labs, considering going pro.
Value:
- Every skill is a learning resource
- Shows real-world workflows (not just labs)
- Tool integration teaches by example
- Validation gates teach what professional reports look like
Workflow:
- Read SKILL.md files as study material
- Practice on PortSwigger Academy / HackTheBox / TryHackMe
- Use skills when transitioning to real programs
- Build reputation gradually
Profile: Internal security testing of own apps.
Value:
- Same methodology as external attackers
- Find bugs before BB hunters do
- Continuous monitoring on your own assets
- Custom payloads test your defenses
Workflow:
- Scope = your own assets
- Run recon to map external surface
- Hunt vulnerabilities pre-emptively
- Feed findings to dev team
For a hunter spending 10 hours/week:
| Activity | Without arsenal | With arsenal | Savings |
|---|---|---|---|
| Initial recon per target | 4-8 hours | 30 min | 87% |
| Hunting per vuln class | 2-6 hours | 1 hour | 75% |
| Report writing | 1-2 hours | 15 min | 80% |
| Validation before submit | 30 min ad-hoc | 10 min structured | 67% |
| Continuous monitoring setup | 8-16 hours | 1 hour | 90% |
| Per finding total | 7-16 hours | 2-4 hours | ~75% |
| Metric | Without arsenal | With arsenal | Improvement |
|---|---|---|---|
| N/A ratio | ~30-40% | ~5-15% | 4x reduction |
| Average severity | Medium | Medium-High | +1 level |
| Time to first finding (new target) | 1-2 weeks | 1-3 days | 5x |
| Findings per month (10 hrs/week) | 1-2 | 4-8 | 4x |
For a hunter earning $1k average per finding:
| Without | With | Annual gain | |
|---|---|---|---|
| Findings/year | 12-24 | 48-96 | +36-72 |
| Annual income (estimate) | $12k-24k | $48k-96k | $36k-72k |
(All numbers are estimates; individual results vary significantly based on skill, target choice, market timing.)
| Cost/month | |
|---|---|
| VPS (DigitalOcean basic) | $5-10 |
| Chaos API | $0 (free for BB) |
| Free API tiers | $0 |
| Burp Suite Community | $0 |
| Total | $5-10 |
Optional Burp Suite Professional: $475/year (worth it after first $1k bounty).
- Markdown — Skills, playbooks, documentation
- YAML — Skill frontmatter, nuclei templates, semgrep rules
- Bash — Installer, monitoring scripts
- PowerShell — Windows installer
- Python — sqlmap tampers, certstream monitor
- Go — Most ProjectDiscovery tools (installed via INSTALL.sh)
- Dockerfile — All-in-one image
- Linux/WSL (recommended) OR Windows (native) OR Docker
- Python 3.10+
- Go 1.22+
- Git 2.x+
- Docker (optional)
- ProjectDiscovery suite (subfinder, httpx, nuclei, etc.)
- SecLists wordlists
- assetnote wordlists
- Various community tools (see INSTALL.sh)
- Claude Code (claude.ai/code)
- Skills are auto-loaded based on natural language triggers
- ✅ Linux (Ubuntu 22.04+, Debian 12+, Kali rolling)
- ✅ WSL2 on Windows
- ✅ macOS (with Homebrew adaptations)
⚠️ Windows native (some tools require WSL fallback)- ✅ Docker (Linux container)
- Repo itself: ~5 MB
- After INSTALL.sh: ~3-4 GB (tools + wordlists)
- Docker image: ~3.5 GB
- Per-target loot: ~100 MB - 5 GB depending on scan depth
mkdir -p skills/31-my-new-skill
cat > skills/31-my-new-skill/SKILL.md << 'EOF'
---
name: my-new-skill
description: <description>
metadata:
type: skill
phase: <phase>
---
# My New Skill
## When to invoke
...
## Methodology
...
EOFAdd link in README.md skill index.
cat > arsenal/nuclei-templates/ccs-my-check.yaml << 'EOF'
id: ccs-my-check
info:
name: My Custom Check
author: me
severity: medium
tags: ccs
http:
- method: GET
path: ["{{BaseURL}}/path"]
matchers:
- type: word
words: ["pattern"]
EOF
# Re-run INSTALL.sh to merge with nuclei templates dircat > arsenal/sqlmap-tampers/ccs_my_tamper.py << 'EOF'
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.NORMAL
def tamper(payload, **kwargs):
if payload:
# transformation logic
return modified_payload
return payload
EOF
# Install:
cp arsenal/sqlmap-tampers/ccs_my_tamper.py \
~/.local/pipx/venvs/sqlmap/lib/python*/site-packages/sqlmap/tamper/
# Use:
sqlmap -u URL --tamper=ccs_my_tampercat > playbooks/my-workflow.md << 'EOF'
# Playbook: My Workflow
...skill chain...
EOFLink from README.
# Per-target config (your own pattern)
mkdir -p ~/.ccs-targets/target.com
cat > ~/.ccs-targets/target.com/config.yaml << 'EOF'
program: target-inc
platform: hackerone
skip_classes: [subdomain_takeover, csrf]
notes: |
Custom notes for this target
EOFIf you fork this repo for your own use:
- Keep the structure
- Add your own skills to
skills/31+ - Add your custom payloads to
arsenal/ - Update CONTRIBUTING.md with your fork's conventions
- Consider upstreaming high-quality additions
This project is for authorized security testing only:
- ✅ HackerOne, Bugcrowd, Intigriti, Immunefi programs you're enrolled in
- ✅ Systems you own or have written permission to test
- ✅ Lab environments (PortSwigger Academy, HackTheBox, TryHackMe)
- ✅ CTF competitions
- ✅ Academic research with institutional approval
- ❌ Unauthorized testing of any system
- ❌ Mass scanning without scope
- ❌ Targeting systems for the purpose of harm
- ❌ Data exfiltration beyond what's needed for PoC
- ❌ DoS / DDoS attacks
- ❌ Disrupting production services
- ❌ Sharing target information publicly before disclosure
Many skills include "Ethical reminders":
[[ssrf]]SKILL: don't actually create IAM users, don't extract real customer data[[subdomain-takeover]]SKILL: take over only enough to prove the issue[[http-smuggling]]SKILL: don't hijack real users' traffic[[llm-ai-security]]SKILL: test only the target's AI, not OpenAI/Anthropic themselves
- CFAA (US), CMA (UK), and equivalent laws make unauthorized access illegal in most jurisdictions
- Bug bounty programs provide a legal safe harbor for testing within scope
- Out-of-scope testing has resulted in criminal prosecution historically
- Always verify scope before testing
For non-BB findings:
- Find vulnerability
- Identify vendor / responsible party
- Notify privately with reasonable disclosure window (typically 90 days)
- Coordinate fix and disclosure
- Public disclosure only after fix OR after disclosure window elapsed
Using this project means you agree to:
- Operate within authorization
- Follow the law in your jurisdiction
- Respect bug bounty program rules
- Disclose responsibly
- Not cause harm
The authors of this project accept no liability for misuse.
- ✅ 30 skills
- ✅ 5 playbooks
- ✅ Custom arsenal (nuclei + sqlmap + semgrep)
- ✅ 5 report templates
- ✅ Continuous monitoring (cron + GitHub Actions)
- ✅ Docs (7Q Gate, rejected list, chain table)
- 🔜 iOS recon skill (companion to Android)
- 🔜 5+ additional custom nuclei templates per top vuln class
- 🔜 Burp Suite extension integration guide
- 🔜 ZAP scripting cookbook
- 🔜 Smart contract audit skills (Foundry + Slither workflows)
- 🔜 Additional playbooks (race condition deep-dive, GraphQL deep-dive)
- 🔜 MCP servers for direct tool integration (Burp, Semgrep, etc.)
- 🔜 Skill evaluation framework (test each skill's behavior)
- 🔜 Localization (Arabic, Spanish, Portuguese, Chinese)
- 🔜 Video walkthroughs of each playbook
- 🔜 Skill telemetry (opt-in usage analytics)
- 🔮 Multi-agent workflows (skills calling skills)
- 🔮 Knowledge graph linking findings across engagements
- 🔮 Compliance framework mapping (SOC2, PCI-DSS, HIPAA)
- 🔮 ICS/SCADA module (if community demand)
- 🔮 Bug bounty automation framework (autonomous hunting within tight scope)
We welcome:
- New skills for emerging attack classes
- Custom payloads (with testing notes)
- Tool integrations (especially MCP servers)
- Translated documentation
- Educational walkthroughs
See CONTRIBUTING.md.
A: No. Claude Code free tier works fine for using skills. Pro provides higher usage limits which helps for heavy multi-step sessions but isn't required.
A: Yes — the markdown SKILL.md files are valuable as reference documentation for any hunter. The integration value is highest with Claude Code, but the methodology and payloads work standalone.
A: Courses teach principles. This is a working arsenal you use day-to-day. Best combined with formal education (PortSwigger Academy, OSCP, etc.).
A: No. Like any tool, it amplifies your existing skills. Without web security fundamentals, no arsenal will produce bounties.
A: No — most techniques are public knowledge, sourced from:
- Disclosed reports
- HackTricks
- PortSwigger research
- Conference talks (DEF CON, BlackHat, BSides)
- Community knowledge sharing
The value is in the organization and integration, not novel techniques.
A: Together they cover ~80% of public BB programs. Skills generalize to Intigriti, YesWeHack, Immunefi (Web3), and self-hosted programs.
A: Yes — the methodology applies equally. Report templates can be adapted to engagement formats.
A: Currently Android-focused. iOS coming in v1.1. IoT/ICS may come if community demand justifies it.
A: GitHub Issues. Security issues that could harm users: please email instead of public issue.
A: MIT with ethical use addendum (see LICENSE).
A: For some, yes. Top hunters earn $200k+/year. Average part-time hunters earn $5-30k/year. Highly variable; not a guaranteed income source.
A: Disclosed reports. Read 100+ across diverse programs. Pattern-match what gets paid. Then specialize in one or two vuln classes for depth.
- Masriyan's Claude-Code-CyberSecurity-Skill — the original Claude Code security skills repo that inspired this focused fork
- SecLists (Daniel Miessler) — the universal wordlist standard we depend on
- PayloadsAllTheThings (swisskyrepo) — the payload reference
- nuclei-templates (ProjectDiscovery) — the template ecosystem
- HackTricks (Carlos Polop) — the offensive encyclopedia
- PortSwigger Web Security Academy — methodology and labs
The methodologies in this repo distill knowledge from:
- Disclosed reports on HackerOne (h1.community), Bugcrowd, Intigriti
- Conference talks: DEF CON, BlackHat, Hack-in-Paris, NorthSec, BSides
- BB hunter blogs: NahamSec, STÖK, InsiderPhD, Hakluke, jhaddix, godfather Orwagodfather
- Research papers: Portswigger Research, Trail of Bits, Project Zero
- Twitter / X security community
Every tool we integrate represents years of work by maintainers. Credits:
- ProjectDiscovery (subfinder, httpx, nuclei, dnsx, naabu, katana, interactsh, chaos, notify)
- TomNomNom (assetfinder, waybackurls, anew, qsreplace, unfurl, gron, gf, hakrawler via Hakluke)
- ffuf team (ffuf)
- epi052 (feroxbuster)
- maurosoria (dirsearch)
- sqlmap team
- Hahwul (dalfox)
- s0md3v (arjun, XSStrike)
- swisskyrepo (SSRFmap)
- BishopFox (jsluice)
- m4ll0k (SecretFinder)
- And many others
The bug bounty community is generous with knowledge sharing. This repo is a small contribution back.
This project is licensed under the MIT License — see LICENSE for details.
You are free to:
- Use commercially
- Modify
- Distribute
- Use privately
You must:
- Include the original copyright
- Include the MIT license
In addition to the MIT terms, contributors strongly request that users:
- Operate within authorization on all targets
- Follow responsible disclosure practices
- Use this knowledge to improve security, not cause harm
- Respect the bug bounty community's norms
The authors and contributors:
- Accept no liability for misuse
- Have no obligation to support malicious use cases
- Reserve the right to refuse contributions that promote unethical use
"Claude Code" is a product of Anthropic. This project is an independent community resource and is not officially endorsed by or affiliated with Anthropic.
"HackerOne", "Bugcrowd", "Intigriti", "Immunefi" are trademarks of their respective owners. References herein are for educational purposes only.
This isn't a proof of concept. Every skill has been designed for real hunters working real bug bounty programs. The methodology is battle-tested. The tools are battle-tested. The reports work.
Bug bounty hunting is a skill that compounds. Every program teaches you something. Every report (even N/A) is data. Every payload variant you try gets stored in your head and applied to the next target.
This arsenal speeds up the compounding. It doesn't replace the work — there is no shortcut to becoming a great hunter. But it removes the friction that kills momentum: forgetting a payload, missing a class, fumbling a report.
Use it. Learn from it. Customize it. Contribute back.
Hunt ethically. Get paid. Help secure the web.
- Issues / bugs: GitHub Issues
- Feature requests: GitHub Discussions
- Security issues: [security contact email]
- Contributions: see CONTRIBUTING.md
- General questions: see FAQ first, then Discussions
Star ⭐ the repo if it's useful. Share with hunters who'd benefit. Build the community.
Document version 1.0 — Last updated: 2026-06
Total: 30 skills · 5 playbooks · 17 arsenal resources · 5 report templates · 5 automation scripts · 60+ integrated tools · 77 files · 1 mission.