## https://sploitus.com/exploit?id=1F0689B9-F9D7-5DF5-984B-936858044F79
# Gemini Bug Bounty
### Find security vulnerabilities, get paid โ with AI doing the heavy lifting
*Your AI hunting partner that remembers past targets, spots vulnerabilities, and writes reports for you.*
*Ported from [claude-bug-bounty](https://github.com/shuvonsec/claude-bug-bounty) for Google's Gemini CLI*
Original by shuvonsec ยท Gemini port by xennt
[](LICENSE)
[](https://python.org)
[](https://github.com/google-gemini/gemini-cli)
What Is This? | Quick Start | Commands | Differences | Install | FAQ
```
14 command triggers ยท 8 AI agent roles ยท 9 skill domains
20 web2 vuln classes ยท 10 web3 bug classes
Burp MCP ยท HackerOne MCP ยท Autonomous Mode
```
---
## What Is This?
**Bug bounty hunting** is when companies pay you real money to find security vulnerabilities in their websites and apps before bad actors do.
**This tool** is a context plugin for [Gemini CLI](https://github.com/google-gemini/gemini-cli) (Google's AI coding assistant) that turns it into a professional bug bounty hunting partner. This is a **community port** of the excellent [claude-bug-bounty](https://github.com/shuvonsec/claude-bug-bounty) project, adapted for the Gemini CLI ecosystem.
**In plain terms:**
- You give it a target website
- It automatically scans the site, finds vulnerabilities, validates they're real, and writes a professional report
- You can even put it on autopilot and let it hunt on its own while you sleep
**Who is it for?**
- Security researchers who want to move faster
- Bug bounty hunters who are tired of the manual grind
- People who have **Gemini Pro** tokens but not Claude tokens
---
## Quick Start
> **Prerequisite:** You need [Gemini CLI](https://github.com/google-gemini/gemini-cli) installed and a Gemini API key.
**Step 1 โ Install tools + context**
```bash
git clone https://github.com/YOUR_USERNAME/gemini-bug-bounty.git
cd gemini-bug-bounty
chmod +x install_tools.sh && ./install_tools.sh # installs scanning tools (subfinder, httpx, nuclei...)
chmod +x install.sh && ./install.sh # installs AI context into ~/.gemini/
```
**Step 2 โ Start hunting**
```bash
gemini # open Gemini CLI in your terminal
# Then type naturally:
recon target.com # step 1: map the target (subdomains, live pages, URLs)
hunt target.com # step 2: test for vulnerabilities
validate # step 3: make sure the finding is real
report # step 4: generate a professional submission report
```
**That's the core loop.** Four commands, full workflow.
**Step 3 โ Go autonomous**
```bash
autopilot target.com --normal # AI does the whole thing, pauses for review
pickup target.com # continue where you left off
intel target.com # get CVEs + disclosed reports
```
> **Want to use the Python tools directly?**
> ```bash
> python3 tools/hunt.py --target target.com
> ./tools/recon_engine.sh target.com
> ```
---
## Gemini vs Claude: Differences
This port adapts the Claude Code architecture to Gemini CLI's context system:
| Feature | Claude Code | Gemini CLI |
|:---|:---|:---|
| **Instructions file** | `CLAUDE.md` | `GEMINI.md` |
| **Slash commands** | `/recon`, `/hunt`, etc. | Natural language: `recon target.com` |
| **Skills loading** | `~/.claude/skills/` auto-load | `GEMINI.md` references skill files |
| **Commands** | `~/.claude/commands/` | Command docs in `commands/` read on-demand |
| **Agents** | Built-in `model:` routing | Agent roles described in `agents/` docs |
| **Context hierarchy** | Global โ Project | Global `~/.gemini/GEMINI.md` โ Project `./GEMINI.md` |
| **Hooks** | `hooks.json` events | Not supported โ session tips in GEMINI.md |
| **MCP** | Native integration | Gemini CLI MCP support (if available) |
### What's Preserved
- โ All 9 skill domains with full content
- โ All 14 command procedures (as reference docs)
- โ All 8 agent role definitions
- โ All 24 Python/shell tools
- โ All hunting rules and reporting rules
- โ Wordlists, payloads, docs
- โ Memory system (pattern_db, audit_log)
- โ MCP integration configs
---
## Commands
### The Core 4 (start here)
| Trigger | What It Does | When To Use |
|:---|:---|:---|
| `recon target.com` | Maps the target โ subdomains, live pages, APIs, scans | Always first |
| `hunt target.com` | Actively tests for vulnerabilities | After recon |
| `validate` | 7-question check to confirm a finding | Before every report |
| `report` | Generates a professional submission report | After validation |
### Power Commands
| Trigger | What It Does |
|:---|:---|
| `autopilot target.com` | AI runs the full loop automatically |
| `surface target.com` | Ranked list of best places to test |
| `pickup target.com` | Continue where you left off |
| `remember` | Saves current finding to memory |
| `intel target.com` | Pulls CVEs and disclosed reports |
| `chain` | Finds bugs B and C when you found A |
| `scope ` | Checks if domain/URL is in scope |
| `triage` | Quick 2-minute go/no-go check |
| `web3 audit ` | Smart contract security audit |
| `token scan ` | Meme coin/token rug pull scanner |
---
## AI Agent Roles
8 specialized roles, each for one job:
| Agent | What It Does |
|:---|:---|
| **recon-agent** | Finds all subdomains, live hosts, and URLs |
| **report-writer** | Writes professional, impact-first reports |
| **validator** | Runs the 7-Question Gate on findings |
| **web3-auditor** | Audits smart contracts for 10 vuln classes |
| **chain-builder** | Finds chains of related bugs |
| **autopilot** | Runs the whole hunt loop autonomously |
| **recon-ranker** | Ranks attack surface by priority |
| **token-auditor** | Meme coin / token rug pull analysis |
---
## Installation
### What You Need First
```bash
# Install Gemini CLI
npm install -g @anthropic-ai/gemini-cli
# Or follow: https://github.com/google-gemini/gemini-cli
# Set your API key
export GEMINI_API_KEY="your-key-here"
# Linux (Ubuntu/Debian)
sudo apt install golang python3 nodejs jq
# macOS
brew install go python3 node jq
```
### Install
```bash
git clone https://github.com/YOUR_USERNAME/gemini-bug-bounty.git
cd gemini-bug-bounty
chmod +x install_tools.sh && ./install_tools.sh # scanning tools
chmod +x install.sh && ./install.sh # Gemini context files
```
---
## The Rules (Always Active)
```
1. READ FULL SCOPE FIRST โ only test what the program says you can
2. ONLY REAL BUGS โ "Can an attacker do this RIGHT NOW?" if no, stop
3. KILL WEAK FINDINGS FAST โ 30-second check saves hours of wasted reporting
4. NEVER GO OUT OF SCOPE โ one wrong request can get you banned
5. 5-MINUTE RULE โ no progress after 5 min? move to the next target
6. VALIDATE BEFORE REPORT โ run validate before you spend 30 min writing
7. IMPACT FIRST โ start with the bugs that have the worst consequences
```
---
## Credits
- **Original project:** [claude-bug-bounty](https://github.com/shuvonsec/claude-bug-bounty) by [shuvonsec](https://shuvonsec.me)
- **Gemini CLI port:** Adapted for Google's Gemini CLI ecosystem
---
**For authorized security testing only.** Only test targets within an approved bug bounty program scope.
Never test systems without explicit written permission. Follow responsible disclosure.
---
MIT License ยท **Built by bug hunters, for bug hunters.**
If this helped you find a bug, leave a star โญ