bb-local-toolkit

What problem does it solve?

This Skill helps you run an end-to-end bug bounty workflow that turns recon and testing into only report-worthy, real-world exploitable findings.

Core Features & Use Cases

• Full Bug Bounty Pipeline: Guides Recon -> Learn -> Hunt -> Validate -> Report with explicit decision gates to prevent theoretical or low-impact results.
• Cluster Hunting & Chaining: Uses A->B signal methodology to systematically pivot from an initial bug class into higher-value exploit chains.
• Validation-First Reporting: Enforces scope checks, reproducibility, data-leak verification, CVSS 3.1 framing, and human-tone writeups with templates and checklists.
• Broad Coverage (Web + API + AI): Includes practical tactics for IDOR, SSRF, XSS, auth bypass, OAuth/OIDC chains, cloud misconfigs, race conditions, GraphQL auth gaps, and LLM/agentic AI security (prompt/indirect injection, exfil, tool RCE, ASI01-ASI10).
• Source/Tech Recon Tooling: Provides OSINT and fingerprinting guidance, plus language-specific greps for common dangerous sinks across JS/Python/PHP/Go/Ruby/Rust.

Quick Start

Use it to plan and execute a complete bug bounty run for a new target by following the Recon -> Learn -> Hunt -> Validate -> Report steps and applying the 7-Question Gate before writing anything.