Share
## https://sploitus.com/exploit?id=1F0689B9-F9D7-5DF5-984B-936858044F79
# Gemini Bug Bounty

### Find security vulnerabilities, get paid โ€” with AI doing the heavy lifting

*Your AI hunting partner that remembers past targets, spots vulnerabilities, and writes reports for you.*

*Ported from [claude-bug-bounty](https://github.com/shuvonsec/claude-bug-bounty) for Google's Gemini CLI*

Original by shuvonsec ยท Gemini port by xennt



[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg?style=flat-square)](LICENSE)
[![Python 3.8+](https://img.shields.io/badge/Python-3.8+-3776AB.svg?style=flat-square&logo=python&logoColor=white)](https://python.org)
[![Gemini CLI](https://img.shields.io/badge/Gemini_CLI-Plugin-4285F4.svg?style=flat-square&logo=google&logoColor=white)](https://github.com/google-gemini/gemini-cli)



What Is This?  |  Quick Start  |  Commands  |  Differences  |  Install  |  FAQ



```
  14 command triggers  ยท  8 AI agent roles  ยท  9 skill domains
  20 web2 vuln classes  ยท  10 web3 bug classes
  Burp MCP  ยท  HackerOne MCP  ยท  Autonomous Mode
```





---



## What Is This?

**Bug bounty hunting** is when companies pay you real money to find security vulnerabilities in their websites and apps before bad actors do.

**This tool** is a context plugin for [Gemini CLI](https://github.com/google-gemini/gemini-cli) (Google's AI coding assistant) that turns it into a professional bug bounty hunting partner. This is a **community port** of the excellent [claude-bug-bounty](https://github.com/shuvonsec/claude-bug-bounty) project, adapted for the Gemini CLI ecosystem.

**In plain terms:**
- You give it a target website
- It automatically scans the site, finds vulnerabilities, validates they're real, and writes a professional report
- You can even put it on autopilot and let it hunt on its own while you sleep

**Who is it for?**
- Security researchers who want to move faster
- Bug bounty hunters who are tired of the manual grind
- People who have **Gemini Pro** tokens but not Claude tokens



---



## Quick Start

> **Prerequisite:** You need [Gemini CLI](https://github.com/google-gemini/gemini-cli) installed and a Gemini API key.

**Step 1 โ€” Install tools + context**

```bash
git clone https://github.com/YOUR_USERNAME/gemini-bug-bounty.git
cd gemini-bug-bounty
chmod +x install_tools.sh && ./install_tools.sh   # installs scanning tools (subfinder, httpx, nuclei...)
chmod +x install.sh && ./install.sh               # installs AI context into ~/.gemini/
```

**Step 2 โ€” Start hunting**

```bash
gemini                          # open Gemini CLI in your terminal

# Then type naturally:
recon target.com               # step 1: map the target (subdomains, live pages, URLs)
hunt target.com                # step 2: test for vulnerabilities
validate                       # step 3: make sure the finding is real
report                         # step 4: generate a professional submission report
```

**That's the core loop.** Four commands, full workflow.

**Step 3 โ€” Go autonomous**

```bash
autopilot target.com --normal  # AI does the whole thing, pauses for review
pickup target.com              # continue where you left off
intel target.com               # get CVEs + disclosed reports
```



> **Want to use the Python tools directly?**
> ```bash
> python3 tools/hunt.py --target target.com
> ./tools/recon_engine.sh target.com
> ```



---



## Gemini vs Claude: Differences

This port adapts the Claude Code architecture to Gemini CLI's context system:

| Feature | Claude Code | Gemini CLI |
|:---|:---|:---|
| **Instructions file** | `CLAUDE.md` | `GEMINI.md` |
| **Slash commands** | `/recon`, `/hunt`, etc. | Natural language: `recon target.com` |
| **Skills loading** | `~/.claude/skills/` auto-load | `GEMINI.md` references skill files |
| **Commands** | `~/.claude/commands/` | Command docs in `commands/` read on-demand |
| **Agents** | Built-in `model:` routing | Agent roles described in `agents/` docs |
| **Context hierarchy** | Global โ†’ Project | Global `~/.gemini/GEMINI.md` โ†’ Project `./GEMINI.md` |
| **Hooks** | `hooks.json` events | Not supported โ€” session tips in GEMINI.md |
| **MCP** | Native integration | Gemini CLI MCP support (if available) |

### What's Preserved
- โœ… All 9 skill domains with full content
- โœ… All 14 command procedures (as reference docs)
- โœ… All 8 agent role definitions
- โœ… All 24 Python/shell tools
- โœ… All hunting rules and reporting rules
- โœ… Wordlists, payloads, docs
- โœ… Memory system (pattern_db, audit_log)
- โœ… MCP integration configs



---



## Commands

### The Core 4 (start here)

| Trigger | What It Does | When To Use |
|:---|:---|:---|
| `recon target.com` | Maps the target โ€” subdomains, live pages, APIs, scans | Always first |
| `hunt target.com` | Actively tests for vulnerabilities | After recon |
| `validate` | 7-question check to confirm a finding | Before every report |
| `report` | Generates a professional submission report | After validation |

### Power Commands

| Trigger | What It Does |
|:---|:---|
| `autopilot target.com` | AI runs the full loop automatically |
| `surface target.com` | Ranked list of best places to test |
| `pickup target.com` | Continue where you left off |
| `remember` | Saves current finding to memory |
| `intel target.com` | Pulls CVEs and disclosed reports |
| `chain` | Finds bugs B and C when you found A |
| `scope ` | Checks if domain/URL is in scope |
| `triage` | Quick 2-minute go/no-go check |
| `web3 audit ` | Smart contract security audit |
| `token scan ` | Meme coin/token rug pull scanner |



---



## AI Agent Roles

8 specialized roles, each for one job:

| Agent | What It Does |
|:---|:---|
| **recon-agent** | Finds all subdomains, live hosts, and URLs |
| **report-writer** | Writes professional, impact-first reports |
| **validator** | Runs the 7-Question Gate on findings |
| **web3-auditor** | Audits smart contracts for 10 vuln classes |
| **chain-builder** | Finds chains of related bugs |
| **autopilot** | Runs the whole hunt loop autonomously |
| **recon-ranker** | Ranks attack surface by priority |
| **token-auditor** | Meme coin / token rug pull analysis |



---



## Installation

### What You Need First

```bash
# Install Gemini CLI
npm install -g @anthropic-ai/gemini-cli
# Or follow: https://github.com/google-gemini/gemini-cli

# Set your API key
export GEMINI_API_KEY="your-key-here"

# Linux (Ubuntu/Debian)
sudo apt install golang python3 nodejs jq

# macOS
brew install go python3 node jq
```

### Install

```bash
git clone https://github.com/YOUR_USERNAME/gemini-bug-bounty.git
cd gemini-bug-bounty
chmod +x install_tools.sh && ./install_tools.sh   # scanning tools
chmod +x install.sh && ./install.sh               # Gemini context files
```



---



## The Rules (Always Active)

```
 1. READ FULL SCOPE FIRST   โ€” only test what the program says you can
 2. ONLY REAL BUGS          โ€” "Can an attacker do this RIGHT NOW?" if no, stop
 3. KILL WEAK FINDINGS FAST โ€” 30-second check saves hours of wasted reporting
 4. NEVER GO OUT OF SCOPE   โ€” one wrong request can get you banned
 5. 5-MINUTE RULE           โ€” no progress after 5 min? move to the next target
 6. VALIDATE BEFORE REPORT  โ€” run validate before you spend 30 min writing
 7. IMPACT FIRST            โ€” start with the bugs that have the worst consequences
```



---



## Credits

- **Original project:** [claude-bug-bounty](https://github.com/shuvonsec/claude-bug-bounty) by [shuvonsec](https://shuvonsec.me)
- **Gemini CLI port:** Adapted for Google's Gemini CLI ecosystem



---





**For authorized security testing only.** Only test targets within an approved bug bounty program scope.
Never test systems without explicit written permission. Follow responsible disclosure.

---



MIT License ยท **Built by bug hunters, for bug hunters.**

If this helped you find a bug, leave a star โญ