Skills

hunt-business-logic

Installation
SKILL.md

Crown Jewel Targets

Business logic vulnerabilities pay highest in platforms where financial transactions, identity verification, and access controls intersect with real-world consequences. The richest targets are:

  • E-commerce & payment platforms (Valve/Steam, Shopify) — payment flow manipulation, free goods, price tampering
  • Marketplace & gig economy apps (Airbnb, Uber) — identity/verification bypass enabling fraud or unsafe interactions
  • SaaS with tiered access (Mozilla Monitor) — bypassing verification to unlock monitoring features without entitlement
  • High-traffic consumer apps (Snapchat, Yelp) — rate-limit bypass enabling spam, enumeration, or abuse at scale

Asset types that pay: checkout flows, subscription endpoints, callback/verification systems, webhook handlers, employee/internal portals exposed to the internet, and any endpoint that trusts client-supplied data to make authorization decisions.

Attack Surface Signals

Installs
34
Repository
elementalsouls/…ughunter
GitHub Stars
2.6K
First Seen
May 24, 2026
Security Audits
Gen Agent Trust HubPass
SocketWarn
SnykFail
hunt-business-logic — elementalsouls/claude-bughunter