BugHunter: an AI agent that recons, hunts, and validates before it writes the report

Seventeen-year-old Shuvon Md Shariar Shanaz (TryHackMe global #1, NASA-credited for a verified disclosure) built this tool to solve a concrete problem: most bug bounty pipelines waste time writing reports for findings that would never get accepted. The result is BugHunter (GitHub: shuvonsec/claude-bug-bounty), now at 3,500 stars and 613 forks, and the first offensive-security Agent Skill covered in this channel. 1

The project started as a Claude Code plugin called "Claude Bug Hunter," then in June 2026 rebranded and went standalone. 2 The new name signals exactly what changed: you no longer need a Claude subscription. Ollama, Groq, DeepSeek, and OpenAI all work. So does Claude, if you have it.

github.com · GitHub 仓库

shuvonsec/claude-bug-bounty

https://github.com/shuvonsec/claude-bug-bounty

正在加载内容卡片…

What it does

BugHunter orchestrates 9 specialized AI agents — Recon Agent, Report Writer, Validator, Web3 Auditor, Chain Builder, Autopilot, Recon Ranker, Token Auditor, and Credential Hunter — against a target, coordinating roughly 35 external security tools (subfinder, httpx, nuclei, katana, ffuf, dalfox, and others) in the process. 3 Missing tools are skipped gracefully; you don't need all 35 installed to get value.

Coverage spans 20 Web2 vulnerability classes — IDOR, SSRF, XSS, SQLi, authentication bypass, and more — and 10 Web3 categories including reentrancy, flash loan exploitation, and oracle manipulation. 1 Reports are formatted for direct submission to HackerOne, Bugcrowd, Intigriti, and Immunefi.

The architectural centerpiece is the 7-Question Gate, a validation step run by the Validator agent before any report gets written. It asks: is this exploitable right now against a real user who's done nothing unusual? Does it cause stolen money, leaked PII, account takeover, or code execution? The SKILL.md file states it plainly: 4

"Can an attacker do this RIGHT NOW against a real user who has taken NO unusual actions — and does it cause real harm (stolen money, leaked PII, account takeover, code execution)? If the answer is NO — STOP. Do not write. Do not explore further. Move on."

Surendra Reddy, who published the most detailed external analysis of the tool to date, called the Gate "the most operationally important feature in BugHunter — the validation step that prevents weak, duplicate, or underdocumented findings from reaching the submission phase." 5

The tool also carries explicit legal guardrails. The Credential Hunter agent has a hard stop before any credential spraying action; it surfaces discovered credentials without crossing into unauthorized access. Per Reddy, "the toolkit is designed to produce validated, scope-compliant, documented findings — not maximum output." 5

Sessions are persistent: findings on one target inform the next, and you can pick up where you left off with /pickup target.com.

Install

Prerequisites: macOS or Linux (Windows via WSL only), Go, Python 3.9+, jq. 1

Standalone CLI (no subscription required)

git clone https://github.com/shuvonsec/claude-bug-bounty
cd claude-bug-bounty
./install.sh --agent standalone
bughunter setup

bughunter setup runs an interactive provider selector. The fully free, offline path: choose Ollama, then pull qwen2.5:14b (~9 GB). Groq's free API tier is the fastest cloud option. DeepSeek costs roughly $0.001 per 1K tokens.

To install the external security tools:

./install_tools.sh

This pulls subfinder, httpx, nuclei, katana, ffuf, dalfox, and the rest. You can skip this and the relevant scan stages will simply not run. 1

Claude Code plugin

npx skills add shuvonsec/claude-bug-bounty

Or manually: copy SKILL.md into your project, then open the directory in Claude Code. The slash commands (/recon, /hunt, /validate, /report, /autopilot) become available immediately.

Other agent frameworks

BugHunter also runs in OpenCode, Pi Agent, and Codex. See AGENTS.md for per-framework config. 3

Optional: a Chaos API key expands subdomain coverage. Burp Suite MCP integration is supported for proxy-based testing.

Usage

The core bug bounty workflow is four commands:

bughunter recon target.com      # passive + active recon, subdomain enum
bughunter hunt target.com       # vulnerability discovery across all modules
bughunter validate "finding"    # 7-Question Gate — pass/fail before writing
bughunter report                # generates platform-ready submission

Or run the whole pipeline with a single command:

bughunter autopilot target.com

There's also a --paranoid flag for /autopilot in Claude Code that increases validation strictness.

BugHunter official logo 1

Web3 workflow (for smart contract audit targets):

/web3-audit contract.sol        # Claude Code slash command
/token-scan &lt;contract-address&gt;  # Solana and EVM supported

The Token Auditor covers 8 meme coin vulnerability categories including rug pull detection — something unique in the current skill ecosystem.

Scope and triage utilities:

/scope <asset> — verifies an asset is in-scope before you touch it
/triage — runs a 2-minute pass/fail check before deeper analysis
/pickup target.com — resumes from the last session checkpoint
/bypass-403 — dedicated forbidden-response bypass module
/secrets-hunt — credential and secret discovery across the target surface

Interactive chat mode:

bughunter chat

Launches an AI terminal for conversational vulnerability exploration — useful for investigating edge cases you've already partially mapped.

The repo includes a demo/ directory with a locally-served vulnerable target (python3 serve.py) for trying the workflow without hitting a live program.

Community signal

The rebrand announcement from @trybughunter on June 11 drew 76,048 views, 1,790 likes, and 248 retweets. 2 Engagement spread across several languages — Spanish-language security account @elhackernet (140K followers), Turkish tech influencer @kaan_alper (23.7K followers), and @VivekIntel (14K followers) all recommended it to their audiences within days. 6 7

View on X

正在加载内容卡片…

AI/ML engineer Dan Kornas (92.8K followers) positioned it as "a structured bug bounty workflow package for authorized security assessments" — which captures what the 7-Question Gate and legal guardrails actually deliver. 8

Reddit's r/ClaudeCode, r/bugbounty, and r/netsec are silent on BugHunter as of June 24 — no direct threads found. 1 The community center of gravity is squarely on X/Twitter and the GitHub discussions.

One context item that's worth being direct about: there's a community-launched Solana meme coin called $BUG associated with the project. The FAQ is explicit — "The community launched a meme coin to support the project. It has nothing to do with the tool's functionality." 9 The tool works independently of any token activity. That said, the coin's presence is a real perception risk if you're evaluating this for organizational use — flag it to your team.

Yenniidegen (17.9K followers) vouched for the founder: "shuvonsec is one of the most credible founders you can come across... ethically hacked NASA at 17... he's a real developer. Verifiable track record. Building real utility." That track record matters for a security tool in active maintenance.

Known limitations

Issue	Details	Status
Grok API errors	Issue #80 (filed Jun 18): xAI/Grok API returns "400 Client Error: Bad Request" on chat calls	Open 10
No Windows native support	macOS and Linux only; Windows requires WSL	By design 1
External tool dependency	Full capability requires 35 tools from `install_tools.sh`; partial installs degrade scan coverage silently	Known limitation 1
Rate limits and WAF	High-volume scan modes can trigger target WAFs; built-in circuit breakers exist but require user awareness	Known limitation 5
macOS bash 3.2	Auth crash on macOS bash 3.2 — fixed in v4.3.1	Resolved 11
PatternDB performance	O(n²) slowdown at 10K entries (5+ min) — fixed in v4.2.1, now ~2 sec	Resolved 11

The 50–60% automation figure deserves context: Reddy's analysis estimates BugHunter handles that share of the work — recon, known-vuln testing, and report generation. The remaining 40–50% is business logic, exploitation chains, and novel vulnerability classes. 5 That math holds across all current AI security automation tools; this isn't a limitation specific to BugHunter.

The skill multiplies researcher output, not researcher skill. Reddy's framing is precise: "AI is a multiplier, not a replacement. If you multiply zero by a thousand, it's still zero." 5

When to install / when to skip

Install it if:

You're an active bug bounty researcher on HackerOne, Bugcrowd, Intigriti, or Immunefi and want to reduce time spent on recon and report drafting
You want a zero-subscription path to AI-assisted security research (Ollama + Groq free tier covers the model layer)
You're doing authorized smart contract audits and want Solana/EVM coverage built into your workflow
You use Claude Code, Codex, OpenCode, or any terminal-based agent and want /recon→/validate→/report as native slash commands

Skip it if:

You're on Windows without WSL configured
You need the Grok (xAI) API specifically — Issue #80 is unresolved
You're evaluating this for organizational deployment and the $BUG meme coin association is a compliance concern
You're looking for a tool that replaces security fundamentals — the 7-Question Gate and legal guardrails assume you understand what you're looking at

Skill reference

Repository	shuvonsec/claude-bug-bounty 1
License	MIT 1
Latest version	v5.0.0 (released Jun 9, 2026) — reduced false positives + repo optimization 11
Stars / forks / commits	3,500 stars · 613 forks · 140 commits 1
Supported agents	Claude Code, Codex, OpenCode, Pi Agent (standalone CLI runs in any terminal) 3
AI providers	Ollama (local, free) · Groq (free tier) · DeepSeek (~$0.001/1K tok) · Claude API · OpenAI 1
Prerequisites	macOS or Linux, Go, Python 3.9+, jq; Windows via WSL 1
Coverage	20 Web2 vulnerability classes · 10 Web3/smart contract categories 1
Platforms	HackerOne, Bugcrowd, Intigriti, Immunefi 1
Author	Shuvon Md Shariar Shanaz (@shuvonsec) 1
Open issues	#80 — Grok API 400 error (Jun 18, 2026) 10