shuvonsec

shuvonsec / claude-bug-bounty

Public

Claude Code skill for AI-assisted bug bounty hunting β€” recon, IDOR, XSS, SSRF, OAuth, GraphQL, LLM injection, and report generation

ai-security bug-bounty bugcrowd claude-ai claude-code
326
60
100% credibility
Found Mar 14, 2026 at 283 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

An open-source AI-powered toolkit that automates bug bounty hunting by performing reconnaissance, vulnerability scanning, validation, and report generation from the terminal.

How It Works

1
πŸ” Discover the bug hunting companion

You find this free AI helper on a coding site that makes finding security issues in websites easy and fun.

2
πŸ› οΈ Set it up simply

Follow a few easy steps to get everything ready on your computer, like installing helpful tools.

3
πŸ₯· Choose your target

Pick a website from a bug bounty program and tell your companion what to explore.

4
πŸš€ Start the adventure

Launch the hunt and watch your companion map the site, test for weaknesses, and gather clues automatically.

5
πŸ“‹ Review the treasures

See a collection of potential security finds with clear explanations and ready reports.

πŸ’° Submit and celebrate

Share your validated discoveries with programs and earn rewards for making the web safer.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 283 to 326 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is claude-bug-bounty?

Claude-bug-bounty is a Python-based toolkit that turns Claude AI into a bug bounty co-pilot, handling everything from subdomain recon to vuln scanning and HackerOne report generation. Point it at a target via the claude code cli, and it maps attack surfaces, runs tools for IDOR, XSS, SSRF, OAuth flaws, GraphQL issues, and even LLM injections, then validates findings with a 4-gate checklist. Developers get an end-to-end pipeline that reasons about methodology, prioritizing high-payout bugs over raw script dumps.

Why is it gaining traction?

Unlike basic scanner wrappers, it leverages Claude's reasoning to chain recon output into targeted hunts, orchestrating 25+ tools like subfinder and nuclei in the right sequence. The claude code skills file packs 1200+ lines of battle-tested playbooks for 18 vuln classes, plus bypass tables and report templates, making complex workflows feel conversational. At 251 stars, it's hooking security folks tired of manual orchestration, especially with free claude code install and claude github integration for seamless workflows.

Who should use this?

Bug bounty hunters on HackerOne, Bugcrowd, or Intigriti chasing web, API, or Web3 targets. Security researchers grinding recon or validation who want Claude ai bug bounty automation without losing context. Teams doing claude github code review or claude bug bounty program audits, particularly those handling GraphQL, OAuth, or AI-specific vulns.

Verdict

Grab it if you're in the claude bug bounty gameβ€”quick claude code download and setup deliver real value for structured hunts, despite the 1.0% credibility score signaling early maturity and sparse claude code docs. Polish the reports manually before submitting, as 251 stars and Python simplicity make it a solid starter over fragmented alternatives.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.