{"id":50778529,"url":"https://github.com/elementalsouls/Claude-BugHunter","last_synced_at":"2026-06-19T13:00:55.413Z","repository":{"id":358890714,"uuid":"1229774092","full_name":"elementalsouls/Claude-BugHunter","owner":"elementalsouls","description":"A Claude Code skill bundle for bug hunting and external red-team work — 71 skills, 15 slash commands, 681 disclosed-report patterns curated across 24 core vulnerability classes, plus enterprise identity + infrastructure attack matrices.","archived":false,"fork":false,"pushed_at":"2026-06-05T17:18:35.000Z","size":3295,"stargazers_count":1672,"open_issues_count":2,"forks_count":253,"subscribers_count":12,"default_branch":"main","last_synced_at":"2026-06-05T18:23:50.799Z","etag":null,"topics":["ai-security","anthropic","application-security","bug-bounty","bugbounty","bugcrowd","claude","claude-code","claude-skills","ethical-hacking","hackerone","offensive-security","pentesting","red-team","security-tools","web-security"],"latest_commit_sha":null,"homepage":"https://elementalsouls.github.io/Claude-BugHunter","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/elementalsouls.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["elementalsouls"],"custom":["https://www.atlascloud.ai/console/coding-plan"]}},"created_at":"2026-05-05T11:22:32.000Z","updated_at":"2026-06-05T18:00:47.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/elementalsouls/Claude-BugHunter","commit_stats":null,"previous_names":["elementalsouls/claude-bughunter"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/elementalsouls/Claude-BugHunter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elementalsouls%2FClaude-BugHunter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elementalsouls%2FClaude-BugHunter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elementalsouls%2FClaude-BugHunter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elementalsouls%2FClaude-BugHunter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/elementalsouls","download_url":"https://codeload.github.com/elementalsouls/Claude-BugHunter/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elementalsouls%2FClaude-BugHunter/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34532260,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-19T02:00:06.005Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-security","anthropic","application-security","bug-bounty","bugbounty","bugcrowd","claude","claude-code","claude-skills","ethical-hacking","hackerone","offensive-security","pentesting","red-team","security-tools","web-security"],"created_at":"2026-06-12T02:00:25.395Z","updated_at":"2026-06-19T13:00:55.406Z","avatar_url":"https://github.com/elementalsouls.png","language":"Python","funding_links":["https://github.com/sponsors/elementalsouls","https://www.atlascloud.ai/console/coding-plan"],"categories":["🔒 安全与逆向 (Security \u0026 Reverse Engineering)","Python"],"sub_categories":["架构演进：代码优先 (Code-First)"],"readme":"![claude-bughunter banner](assets/banner-v2.svg)\n\n# claude-bughunter\n\n\u003e A self-contained Claude skill bundle for bug hunting and external red-team work · **71 skills** · 15 slash commands · **681 disclosed-report patterns** across 24 core vulnerability classes · enterprise identity + infrastructure attack matrices · engagement-folder scaffolding · Burp MCP integration · battle-tested across authorized red-team and bug-hunting engagements, plus public training platforms (DVWA, OWASP Juice Shop, Hacker101, testphp.vulnweb.com).\n\nBuilt by **[Sachin Sharma](https://www.linkedin.com/in/sachinsharma8080/)** — Bug Hunting \u0026 GenAI Security Research.\n\n\u003cp align=\"center\"\u003e\n  \u003csub\u003eSPONSORED BY\u003c/sub\u003e\n  \u003cbr/\u003e\n  \u003ca href=\"https://www.atlascloud.ai/console/coding-plan\"\u003e\n    \u003cpicture\u003e\n      \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"assets/sponsors/atlas-cloud-dark.svg\"\u003e\n      \u003cimg alt=\"Atlas Cloud\" src=\"assets/sponsors/atlas-cloud-light.svg\" height=\"36\"\u003e\n    \u003c/picture\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n---\n\n## What is this?\n\n`claude-bughunter` is a drop-in skill bundle for the [Claude Code skills system](https://docs.claude.com/en/docs/claude-code/skills). Install once and Claude Code stops being a chatbot and starts behaving like a senior bug-hunting researcher or red-team operator: it knows the techniques, the chain templates, the VRT mappings, the platform CVE chains, and the hygiene — and it stays in scope.\n\nFour layers stack:\n\n- **Think** — `bb-methodology` + `redteam-mindset`: the 5-phase non-linear workflow, critical-thinking framework, and red-team operator discipline.\n- **Hunt webapps** — 48 `hunt-*` skills curated from 681 disclosed HackerOne reports: per-class detection patterns, payloads, bypass tables, and chain templates.\n- **Hit the perimeter** — enterprise platform chains (M365/Entra, Okta, vCenter, SSL-VPN appliances, SharePoint, cloud IAM): current 2024–2026 CVE chains + post-credential escalation.\n- **Ship it** — `triage-validation` + reporting + `evidence-hygiene`: the 7-Question Gate, VRT-aware severity, OOS rebuttals, PII redaction, and red-team deliverables.\n\nAll triggered automatically by topic — describe what you're testing in plain English and the relevant skill loads. No invocation by name.\n\n---\n\n## Quickstart\n\n**Option A — install as a Claude Code plugin (recommended).** From inside Claude Code:\n\n```text\n/plugin marketplace add elementalsouls/Claude-BugHunter\n/plugin install claude-bughunter@elementalsouls\n```\n\nAll 71 skills + 15 commands load namespaced under `claude-bughunter:` and update when you bump the plugin version — no files copied into `~/.claude/`.\n\n**Option B — copy install (no plugin system / pin to a clone):**\n\n```bash\ngit clone https://github.com/elementalsouls/Claude-BugHunter.git\ncd Claude-BugHunter\nbash scripts/install.sh        # copies skills + commands into ~/.claude/\n```\n\nThat's it. Open Claude Code and describe what you're testing in plain English — the right skill loads automatically, no invocation by name:\n\n```text\n\u003e Testing acme.com — an in-scope HackerOne target. Run recon and rank the surface.\n\n  ⟳ loading skills: web2-recon, offensive-osint, bb-methodology …\n    → subdomain enum (subfinder + crt.sh) … 47 hosts\n    → live hosts (httpx) … 12 · tech fingerprint … 6 distinct stacks\n    → ranked surface: api.acme.com (GraphQL, introspection ON)  ← start here\n                      auth.acme.com (OAuth, SSO)               ← hunt-oauth\n\n  Next: want me to probe the GraphQL introspection + OAuth redirect_uri?\n```\n\n→ Full [Installation guide](INSTALL.md) · [Usage guide](USAGE.md) · [searchable skill catalog](docs/skills.md).\n\n\u003e The block above is an illustrative transcript. To record a real demo of your own session: `asciinema rec demo.cast` → upload to [asciinema.org](https://asciinema.org) and drop the badge here.\n\n---\n\n## Runs on four harnesses\n\n![One install, four agent harnesses — Claude Code, OpenCode, Codex CLI, Hermes Agent](assets/harness-routing.svg)\n\nThe skills are plain [Agent Skills](https://docs.claude.com/en/docs/claude-code/skills) — the same `SKILL.md` format that **Claude Code · OpenCode · OpenAI Codex CLI · Hermes Agent** all load. One command installs them everywhere:\n\n```bash\nbash scripts/install.sh --all --burp-mcp\n```\n\n`--all` copies the skills to every harness's path (`~/.claude/skills`, `~/.agents/skills`, `~/.hermes/skills`); `--burp-mcp` wires the Burp MCP server into each. The full *knowledge* layer ports to all four — the slash commands and `/hunt` engine stay Claude-Code-only by design.\n\n→ [Multi-harness guide](docs/multi-harness.md)\n\n---\n\n## Star History\n\n\u003ca href=\"https://www.star-history.com/?repos=elementalsouls%2FClaude-BugHunter\u0026type=date\u0026legend=top-left\"\u003e\n \u003cpicture\u003e\n   \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://api.star-history.com/chart?repos=elementalsouls/Claude-BugHunter\u0026type=date\u0026theme=dark\u0026legend=top-left\" /\u003e\n   \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://api.star-history.com/chart?repos=elementalsouls/Claude-BugHunter\u0026type=date\u0026legend=top-left\" /\u003e\n   \u003cimg alt=\"Star History Chart\" src=\"https://api.star-history.com/chart?repos=elementalsouls/Claude-BugHunter\u0026type=date\u0026legend=top-left\" /\u003e\n \u003c/picture\u003e\n\u003c/a\u003e\n\n---\n\n\n## Scope — what this bundle is for, and what it isn't\n\nThis bundle covers the **external attack surface** — anything reachable from the internet without first compromising an internal endpoint.\n\n### In scope\n\n- **Bug bounty hunting** — web apps, APIs, SaaS, GraphQL, OAuth, JWT, file upload, IDOR, SSRF, RCE chains\n- **Web application pentesting** — full hunt-* coverage of OWASP-mapped bug classes + discipline rules\n- **External red-team engagements** — initial-access against internet-facing enterprise estate: M365 / Entra ID, Okta-as-IdP, SharePoint on-prem (ToolShell + legacy SOAP), VMware vCenter / Workspace ONE, SSL VPN appliances (Cisco / Fortinet / Citrix / Palo Alto / Pulse / SonicWall / F5), Android APK red-team, supply-chain recon\n- **Cloud misconfig + post-credential escalation** — public S3, IMDS chains, STS AssumeRole, cross-account confused-deputy\n- **Recon + OSINT** — subdomain enum, identity-fabric mapping, certificate transparency, JS analysis, secret scanning\n- **Reporting** — H1, Bugcrowd (VRT-aware), Intigriti, Immunefi, plus client-facing red-team deliverable format\n\n### Out of scope (deliberate — not gaps, design decisions)\n\n- **Internal Active Directory attacks** — BloodHound, Kerberoasting, ASREProast, DCSync, Pass-the-Hash, AD CS abuse, ntlmrelayx, Responder, PetitPotam, etc. Different operational risk profile; needs different tooling and judgment. **Future bundle, not this one.**\n- **C2 frameworks** — Cobalt Strike, Sliver, Mythic, Havoc, BRC4 tradecraft. Out of scope for external-only engagement model.\n- **Post-exploit / persistence / lateral** — Mimikatz/comsvcs LSASS dumping, golden/silver tickets, named-pipe impersonation, persistence (registry, scheduled tasks, WMI events, COM hijacking), token theft. These start after the perimeter has already broken — different bundle territory.\n- **Evasion** — AMSI bypass, ETW patching, AV/EDR bypass. Tied to C2 tradecraft above.\n- **iOS pentesting / hardware / RF / ICS** — out of scope by design.\n- **Binary exploitation / kernel pwn / browser internals** — different skill universe.\n\nIf you're running an internal red team that includes domain-takeover chains via Kerberos or lateral movement, **this bundle won't help you in those phases** — and we'd rather say that up front than have you find out mid-engagement. The external surface handoff to internal-RT tooling (Impacket, NetExec, CrackMapExec, Rubeus, Certify, BloodHound) is intentionally outside our scope. **Coverage for internal AD and post-exploit may come in a future update.**\n\n---\n\n## What's inside\n\n**71 skills**, auto-loaded by topic — no invocation by name. Coverage across the external attack surface:\n\n| Category | # | Examples |\n|---|---|---|\n| Web application hunting | 13 | XSS, SQLi, SSRF, IDOR, LFI, SSTI, XXE, CSRF, CORS, open-redirect |\n| Authentication \u0026 identity | 7 | auth-bypass, session, OAuth, SAML, MFA-bypass, ATO |\n| API \u0026 infrastructure | 15 | GraphQL, gRPC, WebSocket, API-misconfig, host-header, RCE |\n| Advanced \u0026 concurrency | 6 | race-condition, HTTP smuggling, deserialization, cache-poison |\n| Framework-specific | 4 | Next.js, Node.js, Laravel, Spring Boot |\n| Enterprise identity \u0026 cloud ★ | 3 | M365/Entra, Okta, cloud-IAM-deep |\n| Infrastructure \u0026 appliance ★ | 4 | VMware vCenter, enterprise VPN, SharePoint, ASP.NET/NTLM |\n| Red-team tradecraft ★ | 4 | redteam-mindset, APK pipeline, supply-chain recon, mid-engagement IR |\n| Recon \u0026 OSINT | 4 | web2-recon, offensive-osint, subdomain |\n| Workflow, reporting \u0026 specialized | 11 | methodology, triage-validation, evidence-hygiene, VRT-aware reporting |\n\nFull searchable catalog → **[docs/skills.md](docs/skills.md)**. Also ships **15 slash commands** (`/hunt`, `/recon`, `/report`, …) and a deterministic **engagement engine** (`engine/`) that maps a target's attack surface and routes each finding to the skill that handles it.\n\n---\n\n## How it works\n\nA 6-phase, non-linear workflow — **recon → map \u0026 rank → hunt → validate → report** — with scope enforced in code and a **7-Question Gate** before anything is submitted. Two ways to drive it:\n\n- **Plain English** — describe what you're testing and the relevant skill loads automatically.\n- **`/hunt` scaffold + `cbh` CLI** — engagement-folder structure, state, and orchestration.\n\n→ [Usage guide \u0026 worked example](USAGE.md) · [6-phase architecture \u0026 skill-to-phase map](docs/architecture.md) · [`cbh` CLI](docs/cbh-cli.md)\n\n---\n## Authorization\n\nThese skills are intended for assets you **own** or have **written authorization to assess** (bug-bounty in-scope assets, pentest engagement letters, CTF challenges, your own infrastructure).\n\nThe skills include validation gates that auto-trigger when you point Claude at unverified third-party targets — `triage-validation`'s 7-Question Gate explicitly asks whether the asset is in scope (Q3) and on the program's accepted-impact list (Q2). The `bugcrowd-reporting` skill includes researcher-side hygiene (Bugcrowdninja alias, account-state restoration, friendly-tester posture) that signals legitimate authorized testing to the target's fraud team.\n\nThe bundle explicitly **excludes**: weaponizing 0-days against unauthorized targets, post-exploitation tooling, malware development, mass-targeting infrastructure. See [`SECURITY.md`](SECURITY.md) for the full posture.\n\n\u003e **Heads-up — Anthropic runtime cyber safeguards.** Anthropic's models apply real-time safeguards that **block \"vulnerability exploitation or offensive security tooling development\" by default** — so even *authorized, in-scope* work can hit a refusal that isn't this bundle's doing. If you do authorized offensive security (pentest / bug bounty / red team), enroll in Anthropic's **free, application-based [Cyber Verification Program (CVP)](https://claude.com/form/cyber-use-case)** to get safeguards adjusted for legitimate dual-use work. (Mass data exfiltration and ransomware development stay prohibited and are *not* adjustable.) Details: [Anthropic — real-time cyber safeguards](https://support.claude.com/en/articles/14604842-real-time-cyber-safeguards-on-claude).\n\n---\n\n## Documentation\n\n| Doc | Contents |\n|---|---|\n| [`README.md`](README.md) | This file — overview, quickstart, scope, skill summary |\n| [`INSTALL.md`](INSTALL.md) | Full setup with Burp MCP integration and optional skill regenerator |\n| [`USAGE.md`](USAGE.md) | Workflow walkthrough · decision tree · worked engagement example |\n| [`docs/architecture.md`](docs/architecture.md) | 6-phase architecture · skill-to-phase mapping · engagement composition |\n| [`docs/cbh-cli.md`](docs/cbh-cli.md) | `cbh` CLI — native runner orchestrating recon + classify + triage + report |\n| [`docs/cve-coverage.md`](docs/cve-coverage.md) | CISA KEV coverage snapshot — refreshed weekly via the workflow template at `docs/automation/cve-refresh.yml.template` |\n| [`docs/credits.md`](docs/credits.md) | Full attribution: 43 original skills + 8 vendored from upstream |\n| [`CONTRIBUTING.md`](CONTRIBUTING.md) | PR guidelines · skill quality standards · scope |\n| [`SECURITY.md`](SECURITY.md) | Authorized-use posture · responsible disclosure · what's excluded |\n| [`LICENSE`](LICENSE) | MIT |\n\n---\n\n## Why this exists\n\nMost bug-hunting Claude setups are either too generic (one big \"security\" prompt) or too fragmented (you bookmark 30 disclosed reports and re-read them every engagement). Neither scales past the second target.\n\nThis bundle was built and validated through authorized engagements that exposed different capability gaps:\n\n**Bug-bounty engagement** — surfaced four gaps a starter 3-skill stack could not close:\n\n1. **No hypothesis discipline** — drafts written before validation → wasted hours, hurt validity ratio\n2. **No per-program reporting tactics** — VRT defaults auto-downgraded P3-worthy findings to P4\n3. **No engagement coordination** — findings, evidence, and submission IDs scattered across folders\n4. **No evidence hygiene** — screenshots leaked cookies and victim PII\n\n**External red-team engagement** — exposed five additional gaps that bug-bounty defaults made worse:\n\n1. **Conservative defaults retracted real findings** — WAPT mindset stopped tests early on defended targets where red-team continuation would have surfaced bypass chains → `redteam-mindset`\n2. **No mid-engagement situational awareness** — client SOC patched confirmed SQLi within 30 min; external attacker locked 14 accounts during a live test session — both invisible without explicit detection methodology → `mid-engagement-ir-detection`\n3. **No enterprise-platform attack chains** — M365 + Entra ID, on-prem SharePoint, Cisco SSL VPN, vCenter, and 7 Android APKs all needed current 2024-2026 CVE knowledge and platform-specific tradecraft → `m365-entra-attack`, `okta-attack`, `hunt-sharepoint`, `hunt-aspnet`, `hunt-ntlm-info`, `vmware-vcenter-attack`, `enterprise-vpn-attack`, `apk-redteam-pipeline`\n4. **No client-facing deliverable format** — bug-bounty report templates don't fit enterprise red-team where output is a 50KB+ MD + DOCX with embedded screenshots → `redteam-report-template`\n5. **No post-credential escalation model** — when recon yielded credentials (AWS keys, JWTs, GCP JSON), it was unclear what they granted or how to escalate → `cloud-iam-deep`\n\nThe per-class `hunt-*` skills address gap-zero (*\"what should I look for in webapps\"*) — the original 24 codifying patterns from 681 disclosed HackerOne reports, with 20+ framework/surface skills added by the community v3 expansion — Claude knows the actual chain templates real triagers paid for, not abstract OWASP Top 10. The enterprise-platform and red-team-tradecraft layers address what bug-bounty alone cannot: external red-team engagements against monitored enterprise targets.\n\n---\n\n## Roadmap\n\n- [ ] HackerOne MCP integration (currently only Burp MCP wired in)\n- [ ] Per-engagement memory layer — pattern recall across targets\n- [ ] Industry-specific hunt skills — `hunt-fintech-graphql`, `hunt-healthcare-fhir`, `hunt-gov-compliance`\n- [ ] Program-rules-parser skill — auto-generate structured `scope.md` from program text\n- [ ] Refresh `hunt-*` skills with newer disclosed reports (re-run `public-skills-builder`)\n- [ ] Additional enterprise-platform skills — `citrix-netscaler-deep`, `f5-bigip-attack`, `ad-cs-attack` (AD Certificate Services)\n- [ ] Refresh enterprise-VPN CVE matrix quarterly to track 2026 advisories\n- [ ] Update architecture SVG to include the 7-skill enterprise-platform layer\n\n---\n\n## Sponsors\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://www.atlascloud.ai/console/coding-plan\"\u003e\n    \u003cpicture\u003e\n      \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"assets/sponsors/atlas-cloud-dark.svg\"\u003e\n      \u003cimg alt=\"Atlas Cloud\" src=\"assets/sponsors/atlas-cloud-light.svg\" height=\"48\"\u003e\n    \u003c/picture\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n**[Atlas Cloud](https://www.atlascloud.ai/console/coding-plan)** is a full-modal AI inference platform that gives developers a single AI API to access video generation, image generation, and LLM APIs. Instead of managing multiple vendor integrations, you connect once and get unified access to 300+ curated models across all modalities.\n\nCheck out Atlas Cloud's new coding plan promotion for more budget-friendly API access: **\u003chttps://www.atlascloud.ai/console/coding-plan\u003e**\n\n---\n\n## About\n\nOperational tradecraft accumulated across bug-bounty engagements and authorized pentests, codified into Claude skills. Platform-agnostic — slot into any engagement workflow you already use, or none.\n\n**Author:** [ElementalSoul](https://github.com/elementalsouls) · GenAI Security Research\n\n**Sister project:** [Claude-OSINT](https://github.com/elementalsouls/Claude-OSINT) — paired skills for the recon phase that this bundle picks up after.\n\n**Vendored foundation:** [shuvonsec/claude-bug-bounty](https://github.com/shuvonsec/claude-bug-bounty) — methodology, validation, reporting, payload library (8 of 71 skills + 15 slash commands)\n\n**Generator tool used (not vendored):** [shuvonsec/public-skills-builder](https://github.com/shuvonsec/public-skills-builder) — used to scaffold per-class skills from H1 disclosed reports\n\n**Inspirations:**\n- [archangel / douglasday](https://hackerone.com/) — top-10 H1 hunter; per-class skill pattern\n- [Trail of Bits — `trailofbits/skills`](https://github.com/trailofbits/skills) — skill-authoring discipline\n- [SecSkills — `trilwu/secskills`](https://github.com/trilwu/secskills) — subagent pattern\n\n**Tool inventory:**\n- [PortSwigger Burp Suite + MCP Server extension](https://portswigger.net/burp)\n- [ProjectDiscovery](https://github.com/projectdiscovery) — subfinder · dnsx · httpx · katana · nuclei\n- [SecLists](https://github.com/danielmiessler/SecLists) · [Assetnote Wordlists](https://wordlists.assetnote.io/)\n\n**License:** [MIT](LICENSE) — use freely, attribution appreciated.\n\n---\n\n\u003e *\"Give Claude the right skill and it stops being a chatbot. It becomes an operator.\"*\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felementalsouls%2FClaude-BugHunter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Felementalsouls%2FClaude-BugHunter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felementalsouls%2FClaude-BugHunter/lists"}