hackerone
HackerOne Bug Bounty
Automates: scope parsing → parallel testing per asset → PoC validation → submission reports.
Quick start
- Input: HackerOne program URL or scope CSV.
- Parse scope and program guidelines.
- Spawn one coordinator per eligible asset (parallel).
- Each coordinator runs the standard engagement flow (see
skills/coordination/SKILL.md). - Validate PoCs, generate HackerOne-formatted reports.
Scope CSV format
Expected columns:
identifier— asset URL/domain.asset_type— URL, WILDCARD, API, CIDR.eligible_for_submission— must betrue.max_severity— critical / high / medium / low.
More from transilienceai/communitytools
reconnaissance
Domain assessment and web application mapping - subdomain discovery, port scanning, endpoint enumeration, API discovery, and attack surface analysis.
47social-engineering
Social engineering testing - phishing, pretexting, vishing, and physical security assessment techniques.
45ai-threat-testing
Offensive AI security testing and exploitation framework. Systematically tests LLM applications for OWASP Top 10 vulnerabilities including prompt injection, model extraction, data poisoning, and supply chain attacks. Integrates with pentest workflows to discover and exploit AI-specific threats.
44osint
Open-source intelligence gathering - company repository enumeration, secret scanning, git history analysis, employee footprint, and code exposure discovery.
43source-code-scanning
Security-focused source code review and SAST. Scans for vulnerabilities (OWASP Top 10, CWE Top 25), CVEs in third-party dependencies/packages, hardcoded secrets, malicious code, and insecure patterns. Use when given source code, a repo path, or asked to "audit", "scan", "review" code security, or "check dependencies for CVEs".
42web-app-logic
Web application logic testing - business logic flaws, race conditions, access control, cache poisoning/deception, and information disclosure.
41