{"id":48305739,"url":"https://github.com/matador-og/huntbot","last_synced_at":"2026-06-03T00:01:19.859Z","repository":{"id":349236935,"uuid":"1201552332","full_name":"Matador-og/huntbot","owner":"Matador-og","description":"Autonomous offensive security pipeline — bug bounty, pentesting, red teaming. Install and let AI agents hunt.","archived":false,"fork":false,"pushed_at":"2026-04-04T23:02:17.000Z","size":16,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-04-05T00:03:39.286Z","etag":null,"topics":["ai-agents","bug-bounty","bugbounty","offensive-security","pentesting","red-team","security-automation","vulnerability-scanner"],"latest_commit_sha":null,"homepage":"https://matador.indiesecurity.com","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Matador-og.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-04T20:42:28.000Z","updated_at":"2026-04-04T23:02:20.000Z","dependencies_parsed_at":"2026-04-05T00:01:54.637Z","dependency_job_id":null,"html_url":"https://github.com/Matador-og/huntbot","commit_stats":null,"previous_names":["matador-og/huntbot"],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/Matador-og/huntbot","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Matador-og%2Fhuntbot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Matador-og%2Fhuntbot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Matador-og%2Fhuntbot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Matador-og%2Fhuntbot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Matador-og","download_url":"https://codeload.github.com/Matador-og/huntbot/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Matador-og%2Fhuntbot/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33841996,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-02T02:00:07.132Z","response_time":109,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agents","bug-bounty","bugbounty","offensive-security","pentesting","red-team","security-automation","vulnerability-scanner"],"created_at":"2026-04-05T00:00:59.152Z","updated_at":"2026-06-03T00:01:19.845Z","avatar_url":"https://github.com/Matador-og.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg width=\"1390\" height=\"477\" alt=\"huntbot\" src=\"https://github.com/user-attachments/assets/83c006f6-3dd1-4ab1-a4d5-9d42f9322c8d\" /\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/Matador-og/huntbot/releases\"\u003e\u003cimg src=\"https://img.shields.io/github/v/release/Matador-og/huntbot?style=flat-square\u0026color=red\" alt=\"version\"\u003e\u003c/a\u003e\n  \u003ca href=\"LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/license-BSD--3-blue?style=flat-square\" alt=\"license\"\u003e\u003c/a\u003e\n  \u003cimg src=\"https://img.shields.io/badge/platform-macOS%20%C2%B7%20Linux%20%C2%B7%20WSL-black?style=flat-square\" alt=\"platform\"\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  Multi-model offensive security harness for bug bounty, pentesting, red teaming, and CVE-aware research.\u003cbr\u003e\n  Runs recon, maps the app, tests for vulns, validates findings, writes reports.\n\u003c/p\u003e\n\n---\n\n## Why huntbot?\n\nMost security tools find things. Huntbot **understands** things.\n\n- **Accumulates context** — Run 5 knows everything Runs 1-4 discovered. 211KB+ of knowledge per target.\n- **Knows when to stop** — Efficiency tracking (bytes/sec) detects when a stage is exhausted vs productive.\n- **Tests like a human** — Registers accounts, fills forms, clicks through SPAs with a real browser.\n- **Runs multiple model providers** — Claude Code by default; Codex is opt-in with `--codex`.\n- **Loads methodology by stage** — Recon stays focused, mapping gets app/API guidance, and attack stages get deeper validation workflows.\n- **Validates before reporting** — 4-gate triage kills false positives so you don't waste program time.\n- **Writes the report** — Submission-ready markdown with title, severity, steps to reproduce, impact.\n- **You can steer it** — `huntbot chat` redirects agents mid-run. \"Focus on the payment API.\"\n\n## Install\n\n```bash\ncurl -fsSL https://matador.indiesecurity.com/huntbot/install.sh | sh\nhuntbot setup\n```\n\n\u003e [View the install script source](install.sh) before running.\n\n**Requires at least one model provider:** [Claude Code](https://claude.ai/code) for the default path, or Codex CLI for `--codex` runs. Each run consumes model tokens.\n\n\u003cdetails\u003e\n\u003csummary\u003eAlternative install methods\u003c/summary\u003e\n\n**Direct download:**\n\nDownload the binary for your platform from [Releases](https://github.com/Matador-og/huntbot/releases), make it executable, and move to your PATH.\n\n**Custom location:**\n\n```bash\ncurl -fsSL https://matador.indiesecurity.com/huntbot/install.sh | HUNTBOT_INSTALL_DIR=/usr/local/bin sh\n```\n\u003c/details\u003e\n\n## Quick Start\n\n### With Claude Code (recommended)\n\nInstall the plugin, then talk:\n\n```\n/plugin marketplace add Matador-og/huntbot\n/plugin install huntbot@huntbot\n```\n\n```\n\u003e Set up PayPal's bug bounty and start hunting\n\u003e Run recon on *.staging.company.com\n\u003e What findings do we have?\n\u003e Focus on the payment API\n\u003e Write up finding-001 for submission\n```\n\n### CLI\n\n```bash\n# Create target\nhuntbot init paypal --scope \"PayPal bug bounty\"\nvim ~/.huntbot/programs/paypal/scope.md\n\n# Hunt\nhuntbot auto paypal --max-runs 5 --timeout 7200 -v\n\n# Hunt with Codex instead of Claude\nhuntbot run paypal --stage 0 --codex\nhuntbot run paypal --stage 2 --codex --model \u003cmodel\u003e\n\n# Monitor\nhuntbot monitor\n\n# Steer mid-run\nhuntbot chat paypal \"focus on IDOR in /api/users/{id}\"\n\n# Check results\ncat ~/.huntbot/programs/paypal/findings.md\n```\n\n## How It Works\n\n```\nS0 Recon          Runs subfinder, httpx, katana, gau. Crawls JS bundles.\n                  Maps the full attack surface with recon-focused skills.\n\nS1 App Mapping    Registers accounts, logs in, clicks through every feature\n                  with a real browser. Captures all HTTP traffic. Feeds\n                  everything into the attack surface graph.\n\nS2 Attack Testing Queries the graph for IDOR candidates, auth gaps, hidden\n                  endpoints. Loads attack skills only at this point. Every\n                  finding passes validation before being written.\n\nS3 Triage         Re-validates every finding. Reproduces 3/3 times. Kills\n                  false positives. Writes submission-ready reports.\n\nS4 Final Review   Senior reviewer. Destroys anything that doesn't hold up.\n                  Last gate before you submit.\n```\n\nEach stage runs multiple passes. Each pass reads what previous passes found and looks for what they missed. When a pass finds nothing new, the stage advances automatically.\n\n## Monitor\n\n```bash\nhuntbot monitor\n```\n\n```\nProgram              Stage  Runs     ctx    find  rpt      eff     status signal\n───────────────────────────────────────────────────────────────────────────────────\ntarget-1                S2     8    145K     12K    3  24.5b/s       IDLE  PRODUCTIVE\ntarget-2                S1     3     67K      0K    0   8.2b/s    RUNNING  OK\ntarget-3                S2     5     89K      4K    1   1.1b/s      STALE  LOW EFF\n```\n\nAuto-detects diminishing returns and stops wasting compute.\n\n## Built-in Tools\n\n| Tool | What it does |\n|------|-------------|\n| `huntbot crawl` | Playwright browser — navigate, click, fill forms, capture traffic, execute JS |\n| `huntbot ingestor` | Neo4j attack surface graph — IDOR detection, auth-gap analysis, endpoint classification |\n| `huntbot matador` | Android testing — ADB, Frida SSL bypass, mitmproxy capture |\n\nPlus recon tools: subfinder, httpx, katana, gau (installed by `huntbot setup`).\n\n## Commands\n\n| Command | Description |\n|---------|-------------|\n| `huntbot init \u003cslug\u003e` | Create target workspace |\n| `huntbot auto \u003cslug\u003e` | Run full pipeline (S0-S4) |\n| `huntbot run \u003cslug\u003e --stage N` | Run one stage |\n| `huntbot monitor [slug]` | Health dashboard |\n| `huntbot chat \u003cslug\u003e \"msg\"` | Steer agents mid-run |\n| `huntbot status \u003cslug\u003e` | Target info |\n| `huntbot update` | Self-update |\n| `huntbot setup` | Install dependencies |\n\n| Flag | Default | Recommended |\n|------|---------|-------------|\n| `--max-runs` | 3 | 5+ for complex apps |\n| `--timeout` | 1800 | 7200 (2 hours) |\n| `--codex` | off | Use Codex instead of Claude for a run or pipeline |\n| `--model` | provider default | Override the selected provider model |\n| `-v` | off | Always on |\n| `--max-stage` | 4 | 1 for recon-only |\n\n## Docs\n\n- [Workspace structure](docs/workspace.md) — what lives in `~/.huntbot/programs/`\n- [Configuration](docs/configuration.md) — config, flags, environment variables\n- [Tools reference](docs/tools.md) — crawl, ingestor, matador full command list\n- [Monitor \u0026 signals](docs/monitor.md) — dashboard, health signals, efficiency tracking\n- [Skills](docs/skills.md) — auto-loaded methodology per target type\n\n\n## Publisher\n\nHuntbot is published by [indieSecurity SARL](https://indiesecurity.com).\n\n## License\n\nBSD 3-Clause. See [LICENSE](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmatador-og%2Fhuntbot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmatador-og%2Fhuntbot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmatador-og%2Fhuntbot/lists"}