Share
## https://sploitus.com/exploit?id=1D1C4E1F-EFDB-5317-97FF-352C1F0B674C
# /hunt โ€” Bug Bounty Hunt Skill for Claude Code

A complete bug bounty hunting skill for [Claude Code](https://claude.ai/code) covering recon, discovery, and 30 vulnerability classes.

## Install

```bash
curl -s https://raw.githubusercontent.com/BaymaxPop23/hunt-skill/main/hunt.md -o ~/.claude/commands/hunt.md
```

Then in any Claude Code session:

```
/hunt
```

## What's Inside

### Phase 0 โ€” Recon
- Subdomain enumeration (crt.sh, CSP leaks, Wayback, DNS brute)
- JS bundle analysis (endpoints, secrets, developer PII, hardcoded keys)
- Security header baseline (HSTS, CSP, SameSite, CORS)
- Infrastructure fingerprinting
- Dependency version audit
- Always-on HTTP checks (actuator, swagger, .env, S3)

### Phase 1 โ€” Architecture Mapping
- Trust boundary mapping (CORS trust rings, CSP frame-ancestors)
- OAuth/OIDC discovery
- Cookie inventory

### Phase 2 โ€” 30 Vulnerability Classes

| Class | Max Payout |
|---|---|
| SSRF | $90kโ€“$288k |
| SQL Injection | $288k chain |
| Deserialization | $20k+ |
| Auth/OAuth/JWT/2FA | $100k |
| XSS | $150k |
| SSTI | $25k+ |
| XXE | $28k |
| IDOR/BOLA/BFLA | $59k |
| Business Logic | $64k |
| LFI/Path Traversal | $15k |
| CSRF | High |
| CORS | Critical (chained) |
| Open Redirect | $44k chained |
| File Upload | High |
| Subdomain Takeover + Dep Confusion | $130k |
| GraphQL | High |
| Race Conditions | $30k |
| HTTP Smuggling | $46k |
| Prototype Pollution + Electron | $150k |
| LLM Prompt Injection | $50k |
| Android Intents | $10k+ |
| CSPT | ATO chain |
| SAML | Critical |
| HTTP Parameter Pollution | $13.5k |
| Cache Attacks | ATO |
| CRLF Injection | High |
| Kubernetes / Cloud PrivEsc | Critical |
| Supply Chain Extended | $130k+ |
| Novel Exfil | High |
| IDN / Unicode | ATO |

Also includes: Advanced chains from real reports, tools arsenal, full payout reference table.

## Requirements

- [Claude Code](https://claude.ai/code) CLI installed
- Skills directory: `~/.claude/commands/`