Skills

hunt-auth-bypass

Installation
SKILL.md

Crown Jewel Targets

Auth bypass is consistently one of the highest-paying vulnerability classes in bug bounty because it directly violates the most fundamental security control. High-value targets include:

  • SSO/SAML implementations at enterprise SaaS companies (Slack, Okta, OneLogin integrations) — payouts regularly in the $5K–$25K+ range
  • Admin panels and partner/internal portals — subdomain-separated admin surfaces like partners.shopify.com, admin.company.com
  • Third-party auth plugin integrations — WordPress plugins (OneLogin, WP-SAML-Auth), Drupal SSO modules, any CMS with pluggable auth
  • XMLRPC endpoints on WordPress — often forgotten, bypasses standard WP auth flows entirely
  • OAuth callback flows — state parameter mishandling, redirect_uri mismatches
  • API authentication layers — especially where auth was bolted on after the fact

Asset priority: Targets with federated identity (SAML, OAuth, OIDC) connected to large user populations. Partner/reseller portals are particularly juicy because they often have elevated permissions and less security scrutiny than the main product.

Attack Surface Signals

Installs
37
Repository
elementalsouls/…ughunter
GitHub Stars
2.6K
First Seen
May 24, 2026
Security Audits
Gen Agent Trust HubPass
SocketWarn
SnykFail
hunt-auth-bypass — elementalsouls/claude-bughunter