Pentest Agents Bug Bounty Framework
Stand up an autonomous bug-bounty workspace in Claude Code or similar agents with hunt loops, exploit chains, and platform MCP integrations.
Overview
Pentest Agents Bug Bounty Framework is an agent skill for the Ship phase that orchestrates autonomous bug-bounty hunting with 50 agents, hunt loops, MCP platform integration, and gated report submission.
Install
npx skills add https://github.com/aradotso/security-skills --skill pentest-agents-bug-bounty-frameworkWhat is this skill?
- 50 specialized agents, 26 commands, 19 CLI tools, and 11 bundled skills for end-to-end hunting
- 2 MCP servers for bounty-platform APIs and writeup search plus ~2,500 lines of concrete payloads
- 7-Question Gate to validate findings before you submit reports
- Autonomous hunt loops with A→B exploit-chain building and persistent brain endpoint tracking
- Cross-IDE installer for Claude Code, Codex, Gemini, Cursor, Windsurf, Copilot, and OpenClaw
- 50 agents
Adoption & trust: 379 installs on skills.sh; 1 GitHub stars; 0/3 security scanners passed (skills.sh audits).
What problem does it solve?
You are authorized to hunt on a bounty program but lack a repeatable agent workflow for loops, payloads, chains, and quality-checked reports.
Who is it for?
Solo security-minded builders or indie teams running structured, in-scope bug bounty or pentest campaigns inside Claude Code-style environments.
Skip if: Developers seeking passive SAST-only checks, unauthorized scanning, or lightweight "fix my npm audit" tasks without a formal program scope.
When should I use this skill?
User asks to set up pentest agents, configure bug bounty hunting agents, start an autonomous hunt loop, search writeups, build exploit chains, submit reports, or validate findings with the 7-Question Gate.
What do I get? / Deliverables
You get a scaffolded bounty workspace, MCP-connected hunt tooling, validated findings via the 7-Question Gate, and submission-ready exploit narratives.
- Scaffolded bounty workspace with hunt-loop configuration
- Validated finding package and bug bounty report draft
Recommended Skills
Journey fit
Offensive security validation and report submission belong on the Ship shelf where you harden and prove findings before release. Subphase security covers pentest workflows, bounty submission gates, and exploit-chain validation—not generic feature coding.
How it compares
Use as a full autonomous hunt orchestration stack, not a single-purpose OWASP checklist skill or passive dependency linter.
Common Questions / FAQ
Who is pentest-agents-bug-bounty-framework for?
It is for builders who already have legal scope on a bounty or pentest target and want agent-native hunting with platform MCPs, payloads, and submission discipline.
When should I use pentest-agents-bug-bounty-framework?
Use it during Ship when configuring hunt agents, starting autonomous loops, searching writeups, building exploit chains, or submitting reports—after you have set credentials and a scaffolded workspace.
Is pentest-agents-bug-bounty-framework safe to install?
It is powerful offensive tooling—review the Security Audits panel on this Prism page, verify the GitHub source, and only run against in-scope assets with explicit permission.
SKILL.md
READMESKILL.md - Pentest Agents Bug Bounty Framework
# Pentest Agents Bug Bounty Framework > Skill by [ara.so](https://ara.so) — Security Skills collection. Autonomous bug-bounty framework for Claude Code, Codex, Gemini, Cursor, Windsurf, Copilot, and OpenClaw. Ships 50 agents, 26 commands, 19 CLI tools, 11 skills, and 2 MCP servers (bounty platforms + writeup search). Includes 2,500 lines of concrete payloads, 7-Question Gate validation, autonomous hunt loops, A→B exploit chain building, persistent brain with endpoint tracking, and cross-IDE installer. ## Installation ### For Claude Code (Native) ```bash # Clone the repository git clone https://github.com/H-mmer/pentest-agents-suite cd pentest-agents-suite/pentest-agents # Quick start with MCP servers (no global pip install) export HACKERONE_USERNAME=your_username export HACKERONE_TOKEN=your_api_token # Scaffold a new bounty workspace uv run python3 tools/scaffold.py hackerone tesla cd ~/bounties/hackerone-tesla # Launch Claude Code claude ``` ### For Other AI Coding Tools ```bash # Use pre-rendered bundles directly cd pentest-agents-suite/pentest-agents/providers/codex # or gemini, cursor, etc. codex # or: gemini, cursor, windsurf # OR install into your project python3 -m tools.installer install --targets all --scope project python3 -m tools.installer install --targets codex --scope global ``` ### Installer Commands ```bash # List installed targets pentest-agents list # Install to specific targets pentest-agents install --targets claude_code,codex --scope global pentest-agents install --dry-run # Preview before installing # Verify installation pentest-agents verify # Uninstall (safe rollback) pentest-agents uninstall # Regenerate provider bundles pentest-agents render --targets all pentest-agents render --check # Check for drift ``` ## MCP Servers ### Bounty Platforms Server (16 Platforms) HackerOne (full API), Bugcrowd, Intigriti, Immunefi, YesWeHack + 11 stubs. **Configuration:** ```bash # HackerOne (full API support) export HACKERONE_USERNAME=your_username export HACKERONE_TOKEN=your_api_token # Bugcrowd export BUGCROWD_EMAIL=your_email export BUGCROWD_TOKEN=your_token # Intigriti export INTIGRITI_TOKEN=your_token # YesWeHack export YWH_API_KEY=your_api_key ``` **7 MCP Tools:** - `list_platforms` - List all configured platforms - `get_program_scope` - Fetch in/out-of-scope assets - `get_program_policy` - Get submission rules - `search_hacktivity` - Find similar reports - `sync_program` - Download scope to local brain - `draft_report` - Prepare submission - `submit_report` - Submit to platform ### Writeup Search Server (BYO Index) **Three search modes** (auto-detected, graceful fallback): | Mode | Requires | Searches | |------|----------|----------| | **FAISS** (semantic) | `faiss-cpu`, `sentence-transformers`, your `metadata.db` + `index.faiss` | Your writeup corpus via vector embeddings | | **SQLite** (keyword) | Your `metadata.db` only | Your writeup corpus via `LIKE` over text | | **Local** (default) | Nothing | `rules/payloads.md` + shipped skills | **Configuration:** ```bash # Point to your index directory export WRITEUP_DB_DIR="$HOME/.local/share/pentest-writeups" # OR place files in default location: # ~/.local/share/pentest-writeups/metadata.db # ~/.local/share/pentest-writeups/index.faiss (optional) ``` **Build Your Own Index:** ```bash cd rag-builder # 1. Inspect the plan (dry-run, no writes) python3 build.py status python3 build.py ingest # 2. Pre-f