src-hunter-skill  by MyuriKanao

AI-powered vulnerability discovery for bug bounty hunters

Created 2 months ago
540 stars

Top 58.1% on SourcePulse

GitHubView on GitHub
Project Summary

Summary

src-hunter-skill is a Claude Code skill tailored for security researchers focused on bug bounty hunting and bug bounty programs (SRC). It automates vulnerability discovery through a structured five-stage workflow: intake, reconnaissance, enumeration, hunting, and reporting. The skill provides curated knowledge bases and integrates advanced tooling to streamline the identification of security flaws.

How It Works

The project follows a systematic five-stage process: intake, recon, enum, hunt, and report. It utilizes an extensive knowledge base including 19 attack playbooks, 305 structured payloads, and WAF/EDR bypass techniques, augmented by data from HackerOne and WooYun. A key feature is the integration of a local MCP server for advanced capabilities like automated browsing, CDP debugging, network interception, and reverse engineering during the 'hunt' phase. Playbooks are designed from a black-box perspective, assuming only a target URL is available.

Quick Start & Requirements

Installation can be done via the Claude Marketplace: /plugin marketplace add MyuriKanao/src-hunter-skill then /plugin install src-hunter@src-hunter. Alternatively, clone the Git repository: git clone https://github.com/MyuriKanao/src-hunter-skill.git ~/.claude/skills/src-hunter. The primary requirement is a Claude environment; no other specific prerequisites like OS, hardware, or CUDA versions are detailed.

Highlighted Details

  • Features 19 distinct attack playbooks covering common vulnerability classes such as XSS, RCE, SQLi, IDOR, SSRF, and logic flaws.
  • Includes 305 structured payloads and 263 WAF/EDR bypass variations.
  • Incorporates data from 2887 disclosed HackerOne High/Critical reports and statistical remnants from 88,636 WooYun cases.
  • Integrates local MCP tools for advanced automation, including browser automation, CDP debugging, network interception, JS hooking, and AST deobfuscation.
  • Playbooks are designed for black-box testing scenarios.

Maintenance & Community

No specific details regarding contributors, sponsorships, partnerships, or community channels (like Discord/Slack) were found in the provided README.

Licensing & Compatibility

The project is released under the MIT License, which is generally permissive for broad use, including commercial applications. It explicitly states that it organizes, translates, and repackages publicly available information and does not contain proprietary data.

Limitations & Caveats

The project enforces strict ethical guidelines ("Red Line") to prevent adverse effects. This includes limiting data dumping, using only self-registered accounts for privilege tests, performing read-only actions, avoiding side-effect operations (e.g., actual SMS sending, financial transactions), limiting DoS/concurrency tests, not leaving artifacts, not misusing leaked credentials, sanitizing PII in reports, and requiring verifiable evidence (HTTP packets, screenshots) for all findings. Specific limitations apply per vulnerability class, with DoS and file uploads being particularly sensitive.

Health Check
Last Commit

1 month ago

Responsiveness

Inactive

Pull Requests (30d)
0
Issues (30d)
1
Star History
147 stars in the last 30 days

Explore Similar Projects

Feedback? Help us improve.