MyuriKanao

MyuriKanao / src-hunter-skill

Public

实战 SRC / 众测 / Bug bounty 漏洞挖掘 Claude Code skill — 19 个攻击类 playbook、305 个结构化 payload、263 个 WAF/EDR 绕过、2887 份 HackerOne 真实案例、88,636 WooYun 案例统计

bug-bounty claude-code claude-code-skill hackerone owasp
14
4
100% credibility
Found May 10, 2026 at 14 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
AI Summary

A curated knowledge pack for AI chats that guides ethical bug hunters through structured phases of discovering and reporting website vulnerabilities using public examples and safe testing rules.

How It Works

1
🔍 Discover the Helper

While searching for ways to find website bugs safely, you come across this special guide for your AI chat buddy.

2
Add to Your AI Chat

You easily add this helper pack to your AI conversation tool so it's ready whenever you need it.

3
💬 Start Talking About Bugs

In your chat, you mention bug hunting or a website to test, and the helper notices right away.

4
🚀 Guide Kicks In

Your AI lights up with expert steps, walking you through checking, testing, and spotting issues step by step.

5
Pick Your Hunt Path
🔓
Account Tricks

Hunt for ways to access other people's info by mistake.

💥
Code Breaks

Look for spots where the site runs harmful commands.

🕷️
Sneaky Scripts

Test if harmful pop-ups can appear on the page.

6
Follow Safe Steps

You test carefully with the guide's tips, always staying within safe limits like using your own test accounts.

📝 Report Your Find

Put together a clear report with proof, ready to share with the website owners for a possible reward.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 14 to 14 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is src-hunter-skill?

src-hunter-skill is a Claude Code skill for bug bounty hunters tackling SRC bug bounty programs, pentests, and crowdsrc tests. It auto-loads in Claude chats when you drop keywords like "bug bounty," "hackerone," or "WAF bypass," then guides a five-phase hunt: intake, recon, enum, hunt, and report. You get 19 attack-class playbooks, 305 structured payloads with 263 WAF/EDR bypasses, plus 2887 HackerOne cases and WooYun stats—all public data organized for black-box URL testing.

Why is it gaining traction?

It stands out by bundling real-world ammo like High/Critical HackerOne reports and WooYun patterns into Claude-native playbooks, with strict rules of engagement to dodge report rejections. Triggers fire on natural queries like "arbitrary account takeover" or explicit `/src-hunter `, skipping generic tools. Devs hook on the black-box focus and Chinese-stack dictionaries for quick, legal bug reproduction.

Who should use this?

SRC bug bounty hunters chasing IDOR, RCE, or SQLi payouts on platforms like HackerOne. Pentest teams needing playbook-driven workflows for API endpoints or file uploads. Devs self-testing web apps ethically, especially with default creds or exposed actuators.

Verdict

With 14 stars and a 1.0% credibility score, it's raw and unproven—docs shine but expect tweaks for production hunts. Worth a Claude marketplace install if you're deep in src bug bounty; skip for battle-tested alternatives.

(178 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.