web3-ai-tools
AI TOOLS ARSENAL
AI-powered automation for every phase of Web3 bug hunting. Replaces: 28-cai-framework, 29-claude-skills-security, 30-shannon-ai-pentester, 31-luan1ao-agent, 32-ai-generated-code-hunting, 33-smartguard-agent
TOOL SELECTION GUIDE
| Tool | Target Type | Best For | Cost |
|---|---|---|---|
| Shannon | Web apps + API (white-box) | IDOR, SQLi, SSRF, auth bypass | ~$50/run |
| LuaN1ao | Any web target | Autonomous OWASP Top 10 | $0.09/exploit |
| CAI | Web/network/IoT | Bug bounty recon + validation | API cost only |
| SmartGuard | Solidity files | Auto PoC generation for SC bugs | API cost |
| AI Code Hunt | AI-written contracts | Bugs Slither/Forge miss | Manual (patterns) |
For DeFi smart contracts: SmartGuard + AI Code Hunt patterns For DeFi web frontends: Shannon (web layer) + skills 01-07 (contract layer)
More from shuvonsec/web3-bug-bounty-hunting-ai-skills
web3-triage-report
Bug triage validation system, Immunefi report format, and 20 real paid bounty examples dissected. Use this when validating a finding before submitting, writing an Immunefi report, checking if a bug is actually valid, or studying real examples of paid vulnerabilities.
4web3-poc-foundry
Complete Foundry PoC writing guide + all cheatcodes + DeFiHackLabs reproduction patterns. Use this when building a proof of concept exploit, setting up a fork test, using Foundry cheatcodes, or reproducing a known DeFi hack for learning.
3web3-start-here
Master index for the web3 smart contract security knowledge base. Use this to navigate the skill chain. Read files in order — each ends with NEXT.
3web3-bug-classes
Complete reference for all 10 DeFi smart contract bug classes. Use this when hunting for specific vulnerability types, need attack patterns for accounting desync, access control, incomplete path, off-by-one, oracle manipulation, ERC4626 vaults, reentrancy, flash loans, signature replay, or proxy/upgrade bugs.
3web3-hunt-zksync-era
ZKsync Era (Immunefi) completed hunt — 0 findings after exhaustive 5-session audit. Use as a DEFENSE STUDY — learn what makes a protocol unhuntable, which patterns block all 10 bug classes, and when to abandon a target. Contains architecture breakdown, 25 tested attack vectors, and pre-dive scoring refinements for large L1 bridge protocols.
3web3-solidity-audit-mcp
MCP server integrating Slither + Aderyn + SWC patterns into Claude Code for smart contract auditing. Use when analyzing Solidity files, running DeFi-specific detectors, or generating invariants. 10 MCP tools, 86 SWC detectors, DeFi preset pack, CI/CD workflow.
3