shuvonsec/claude-bug-bounty
Bug bounty hunting, but the intern is an AI with a memory
A Claude Code plugin that turns your terminal into an autonomous security researcher: recon, exploit validation, report writing, and it remembers what worked last time.
Velocity · 7d
+26
★ / day
Trend
→steady
star history
What it does
Claude Bug Bounty is a plugin for Anthropic’s Claude Code that wraps standard security tooling (subfinder, httpx, nuclei, ffuf, katana, nmap) behind slash commands like /recon, /hunt, /validate, and /report. You point it at a target; it maps the attack surface, tests for 20 web vulnerability classes, runs findings through a “7-Question Gate” to kill weak positives, and spits out platform-ready reports for HackerOne, Bugcrowd, or Immunefi. There’s also an /autopilot mode that chains the whole loop together while you watch.
The interesting bit
The memory system. Most scanners start from zero every run; this one writes findings to a hunt-memory JSONL file that feeds back into future sessions. It also supports auth-aware pipelines—set a session cookie once and the recon tools carry it—plus MCP integrations that let Claude read your Burp or Caido proxy history in real time. The web3 side is a nice curveball: /token-scan will check a meme coin for rug-pull signals and tell you “ape, watch, or avoid.”
Key highlights
- 23 slash commands covering recon, hunting, validation, reporting, and resumption (
/pickup) - 8 AI agents and 9 skill domains, including web3 smart-contract audits (10 bug classes) and token scans
- Auth-aware pipeline: one session setup, carried across httpx/katana/ffuf/nuclei
- Burp MCP, Caido MCP, and HackerOne MCP for live proxy intel and program scope checks
- Standalone Python fallback if you don’t use Claude Code:
python3 tools/hunt.py --target target.com
Caveats
- Requires Claude Pro/Max or API billing; the free Claude.ai web tier won’t run Claude Code
- The “thin wrappers over external tools” phrasing in the README is accurate—this is orchestration and prompt engineering, not a new scanner engine
- macOS/Linux only for the automated installer; Windows users are on their own
Verdict
Worth a look if you’re already paying for Claude Code and want to automate the tedious 80% of bug bounty workflow. Skip it if you want deep custom exploit logic or you’re allergic to shelling out for Anthropic’s paid plans.