Open Source Claude Code Tools for Automated Bug Bounty Hunting

Three open source repositories turn Claude Code into an automated bug bounty hunting pipeline. The tools cover both web2 and web3 security testing, running entirely within Claude Code conversations.

Key Components

The trilogy consists of three interconnected repositories:

• claude-bug-bounty: You point it at a target and Claude handles recon, maps the attack surface, runs scanners for IDOR, SSRF, XSS, SQLi, OAuth, GraphQL, race conditions, and LLM injection. It walks you through a 4-gate validation checklist, then writes a submission-ready HackerOne or Bugcrowd report.
• web3-bug-bounty-hunting-ai-skills: Focuses on smart contract security, covering 10 bug classes including reentrancy, flash loan attacks, oracle manipulation, and access control issues. Includes Foundry PoC templates and real Immunefi case studies so Claude understands what paid bugs look like.
• public-skills-builder: Feed it 500 disclosed reports from HackerOne or GitHub writeups and it generates structured skill files, one per vulnerability class, ready to load into Claude Code. No private reports needed.

How They Work Together

The three repos function as a pipeline: public-skills-builder builds the knowledge base, web3 repo provides smart contract context, and claude-bug-bounty runs the actual hunting operations. All tools are free and open source, available on GitHub.

The creator is open to contributions for adding scanners or Claude prompt templates. The tools aim to automate manual recon, scanning, and report writing processes that security researchers typically perform manually.