Discover and explore top open-source AI tools and projects—updated daily.
MyuriKanaoAI-powered vulnerability discovery for bug bounty hunters
Top 58.1% on SourcePulse
Summary
src-hunter-skill is a Claude Code skill tailored for security researchers focused on bug bounty hunting and bug bounty programs (SRC). It automates vulnerability discovery through a structured five-stage workflow: intake, reconnaissance, enumeration, hunting, and reporting. The skill provides curated knowledge bases and integrates advanced tooling to streamline the identification of security flaws.
How It Works
The project follows a systematic five-stage process: intake, recon, enum, hunt, and report. It utilizes an extensive knowledge base including 19 attack playbooks, 305 structured payloads, and WAF/EDR bypass techniques, augmented by data from HackerOne and WooYun. A key feature is the integration of a local MCP server for advanced capabilities like automated browsing, CDP debugging, network interception, and reverse engineering during the 'hunt' phase. Playbooks are designed from a black-box perspective, assuming only a target URL is available.
Quick Start & Requirements
Installation can be done via the Claude Marketplace: /plugin marketplace add MyuriKanao/src-hunter-skill then /plugin install src-hunter@src-hunter. Alternatively, clone the Git repository: git clone https://github.com/MyuriKanao/src-hunter-skill.git ~/.claude/skills/src-hunter. The primary requirement is a Claude environment; no other specific prerequisites like OS, hardware, or CUDA versions are detailed.
Highlighted Details
Maintenance & Community
No specific details regarding contributors, sponsorships, partnerships, or community channels (like Discord/Slack) were found in the provided README.
Licensing & Compatibility
The project is released under the MIT License, which is generally permissive for broad use, including commercial applications. It explicitly states that it organizes, translates, and repackages publicly available information and does not contain proprietary data.
Limitations & Caveats
The project enforces strict ethical guidelines ("Red Line") to prevent adverse effects. This includes limiting data dumping, using only self-registered accounts for privilege tests, performing read-only actions, avoiding side-effect operations (e.g., actual SMS sending, financial transactions), limiting DoS/concurrency tests, not leaving artifacts, not misusing leaked credentials, sanitizing PII in reports, and requiring verifiable evidence (HTTP packets, screenshots) for all findings. Specific limitations apply per vulnerability class, with DoS and file uploads being particularly sensitive.
1 month ago
Inactive