Skills

hunt-rce

Installation
SKILL.md

Crown Jewel Targets

RCE vulnerabilities command the highest payouts in bug bounty programs because they grant attackers direct execution control over target infrastructure. The highest-value targets are:

Highest-paying asset types:

  • Enterprise server products (GitHub Enterprise Server, self-hosted GitLab) — privilege escalation chains from low-privileged console roles to root SSH access consistently pay critical/high
  • Supply chain / package registries — dependency confusion attacks against npm, PyPI, etc. hit critical severity across every major program
  • Cloud-native infrastructure — exposed Kubernetes API servers, ingress controllers, and misconfiqured CI/CD pipelines
  • Mobile app backends and OAuth flows — where server-side processing of attacker-controlled data meets execution contexts
  • Admin/management consoles — template injection in configuration panels reaches root with a single payload

Why this class pays most:

  • Blast radius is infrastructure-wide, not user-scoped
  • Proof-of-concept is unambiguous — shell output is undeniable
  • Fix requires architectural changes, not just a patch
  • Programs cannot afford false negatives on RCE
Installs
36
Repository
elementalsouls/…ughunter
GitHub Stars
2.6K
First Seen
May 24, 2026
Security Audits
Gen Agent Trust HubFail
SocketWarn
SnykFail
hunt-rce — elementalsouls/claude-bughunter