Summary

This repository offers a curated collection of specialized AI agent prompts designed for bug bounty hunting, penetration testing, and offensive security workflows. It targets security professionals and researchers who utilize agent-capable Large Language Models (LLMs) like Claude, Copilot, and Cursor. The primary benefit is transforming generic LLMs into specialized security assistants with built-in scope enforcement, eliminating the need for complex frameworks or dependencies.

How It Works

The project leverages disciplined, well-defined prompts that act as "drop-in personas" for LLM clients. Each prompt guides the LLM to adopt a specific security role, such as reconnaissance, web vulnerability hunting, or exploit chaining. This approach allows users to integrate specialized AI assistance directly into their existing workflows without introducing new tooling, relying on the LLM's capabilities rather than external scanners. Strict scope enforcement is a core design principle, ensuring agents operate within defined boundaries.

Quick Start & Requirements

• Primary install: Clone the repository (git clone https://github.com/matty69v/Bug-Bounty-Agents.git) and run the ./install.sh script, which auto-detects and configures agents for supported clients. Specific targets like --target claude or --target copilot are available.
• Prerequisites: Git and Bash installed. An LLM client supporting custom system prompts or instruction files (e.g., Claude Code, GitHub Copilot Chat, Cursor, ChatGPT, Gemini).
• Links: Quick Start, Catalog, Setup, Workflows, Examples.

Highlighted Details

• Features 43 specialized agents categorized by offensive engagement phases (Reconnaissance, Web/API, Infrastructure, Exploitation, etc.).
• Supports integration with multiple LLM clients, including Claude Code, GitHub Copilot Chat, Cursor, and generic ChatGPT/Gemini interfaces.
• Offers integration with PortSwigger's MCP Server, enabling LLM-driven interaction with Burp Suite for proxy, Repeater, and Intruder operations.
• Provides example walkthroughs and workflow diagrams illustrating coordinated agent usage for end-to-end engagements.

Maintenance & Community

The project is maintained via GitHub issues and pull requests, with clear contribution guidelines provided. While specific community channels like Discord or Slack are not listed, the repository structure encourages community involvement through its contribution process.

Licensing & Compatibility

The project is licensed under the MIT License, permitting broad use, modification, and distribution, including for commercial purposes, with standard attribution requirements.

Limitations & Caveats

These agents function as prompt-based methodologies, not automated scanners; users remain responsible for driving the engagement and interpreting results. The effectiveness relies on the LLM's adherence to the prompt's instructions and scope limitations.