A brand new open-source bug bounty looking toolkit referred to as BugHunter, constructed on prime of Anthropic’s Claude Code and now prolonged to help free AI suppliers like Ollama and Groq, is gaining traction within the safety analysis neighborhood for automating the complete vulnerability discovery and reporting pipeline.
Developed by safety researcher Shuvon Md Shariar Shanaz and hosted at GitHub, BugHunter covers each section of a bug bounty operation: subdomain enumeration, stay host discovery, vulnerability testing throughout 20+ Web2 and 10 Web3 bug lessons, discovering validation by way of a 7-Query Gate, and submission-ready report era for HackerOne, Bugcrowd, Intigriti, and Immunefi, all from a single terminal command.
Beforehand restricted to customers with a Claude Code or Claude Professional subscription, BugHunter now ships as a completely standalone CLI device the bughunter command powered by free and low-cost AI suppliers. The replace considerably lowers the barrier to entry for unbiased researchers. Free supplier help consists of:
- Ollama – absolutely offline, runs regionally on the researcher’s machine at zero price
- Groq – free cloud tier with very quick inference speeds
- DeepSeek – cloud-based at roughly $0.001 per 1,000 tokens
- Claude API / OpenAI – paid, for customers preferring Anthropic or OpenAI fashions
BugHunter auto-detects suppliers in precedence order (Ollama → Groq → DeepSeek → Claude → OpenAI), defaulting to essentially the most cost-efficient out there possibility. Researchers can swap suppliers at any time by way of bughunter setup.
As soon as put in, the toolkit exposes a structured CLI that mirrors a professional bug bounty workflow:
textual contentbughunter recon goal.com # Assault floor mapping
bughunter hunt goal.com # Multi-class vulnerability testing
bughunter validate "discovering" # 7-Query Gate validation
bughunter report # Generates platform-specific submission
bughunter chat # Interactive AI looking shell
The 7-Query Gate executed in the course of the validate command is designed to remove weak or duplicate findings earlier than a researcher wastes time on a submission. Internally, the toolkit orchestrates roughly 35 scanning instruments together with subfinder, httpx, nuclei, katana, ffuf, and dalfox, with lacking instruments skipped gracefully moderately than inflicting laborious errors.
One technically notable functionality is cross-session reminiscence persistence. BugHunter logs findings and found patterns to a JSONL-based reminiscence retailer, permitting vulnerability patterns recognized on one goal to floor as context when testing a brand new one.
Session state is preserved throughout restarts, so researchers can resume interrupted hunts prioritizing untested endpoints by way of bughunter pickup goal.com.
Past conventional web application testing, BugHunter features a devoted good contract audit mode masking 10 vulnerability lessons, together with reentrancy, flash mortgage assaults, oracle manipulation, and proxy/improve flaws.
A token auditor module additionally scans for rug pull indicators, mint authority, LP lock standing, honeypot detection, and bonding curve anomalies — related to Immunefi-style Web3 packages.
9 specialised AI brokers deal with particular person duties throughout the pipeline: a recon agent, report author, validator, Web3 auditor, chain builder, autopilot, recon ranker, token auditor, and credential hunter with built-in authorized guardrails that hard-stop earlier than any credential spraying exercise.
The toolkit installs as a Claude Code plugin, a standalone CLI, or into different agent harnesses together with OpenCode, Pi Agent, and Codex, making it one of many extra versatile open-source choices in AI-assisted bug bounty automation presently out there on GitHub.
Observe us on Google News, LinkedIn, and X to Get Extra On the spot Updates.