This project provides a comprehensive Claude Code skill bundle designed to transform an LLM into a specialized bug-hunting researcher or red-team operator. It addresses the need for structured, context-aware security testing by integrating methodologies, curated attack patterns, and reporting discipline directly into the AI's capabilities, benefiting security engineers, researchers, and power users.

How It Works

The bundle operates as a "drop-in" skill set for Claude Code, stacking four layers: bug-bounty, methodology, red-team mindset, and a security arsenal. Skills auto-load based on natural language descriptions of the target or vulnerability class. It employs a 5-phase non-linear hunting workflow, a critical-thinking framework, and operator discipline corrections. The core novelty lies in codifying 574+ disclosed HackerOne report patterns across 24 vulnerability classes and enterprise attack chains, enabling Claude to apply real-world tradecraft rather than generic prompts. It offers dual interfaces: LLM-driven Claude Code slash commands and a deterministic, terminal-native cbh CLI.

Quick Start & Requirements

• Primary install / run command: Clone the repository (git clone https://github.com/elementalsouls/Claude-BugHunter.git) and run the install script (./scripts/install.sh).
• Non-default prerequisites: macOS or Linux (WSL2 recommended for Windows), Claude Code CLI (requires Claude Pro/Team/Max plan or API key), Python 3.9+, git. Optional: Burp Suite Pro/Community.
• Estimated setup time: Approximately 10-25 minutes.
• Relevant links: Claude Code Download, Claude Upgrade, Burp Suite.

Highlighted Details

• Features 51 skills, 15 slash commands, and 574+ disclosed report patterns covering 24 vulnerability classes.
• Includes enterprise attack matrices for M365/Entra ID, Okta, VMware vCenter, and various SSL VPN appliances.
• Battle-tested on platforms like DVWA, OWASP Juice Shop, and through authorized red-team engagements.
• Incorporates a mandatory 7-Question Gate (/triage or /validate) to vet findings before reporting, significantly reducing N/A rejections.
• Provides both conversational Claude Code slash commands and a scriptable cbh CLI for different use cases.

Maintenance & Community

The project is authored by Sachin Sharma, focusing on GenAI Security Research. It includes 43 original skills and 8 vendored from upstream projects. No specific community channels (like Discord/Slack) are listed in the README.

Licensing & Compatibility

The project is released under the MIT license, allowing for free use, modification, and distribution, including in commercial and closed-source applications.

Limitations & Caveats

The bundle deliberately excludes internal Active Directory attacks, post-exploitation, C2 frameworks, evasion techniques, and specialized areas like kernel exploitation or hardware/RF/ICS security. Its focus is strictly on the external attack surface, with the handoff to internal tooling considered out of scope. It requires a macOS or Linux environment.