From claude-bughunter
Runs an autonomous bug-hunt cycle on a target domain — scoping, recon, surface ranking, systematic testing, validation, and report drafting with configurable checkpoint modes.
How this command is triggered — by the user, by Claude, or both
Slash command
/claude-bughunter:autopilotThe summary Claude sees in its command listing — used to decide when to auto-load this command
# /autopilot Autonomous hunt loop with deterministic scope safety and configurable checkpoints. ## Usage ## Session Isolation (Important) **Start a fresh Claude Code session per target.** Claude accumulates context across a session — testing multiple targets in one session causes cross-contamination where findings, payloads, and tech stack assumptions from target A bleed into target B. Best practice: If you must test multiple targets in one session, run `/pickup target.com` at the start of each target switch to reload the correct context. ## Token Optimization Use `--quick` for f...
Autonomous hunt loop with deterministic scope safety and configurable checkpoints.
/autopilot target.com # default: --paranoid mode
/autopilot target.com --normal # batch checkpoint after validation
/autopilot target.com --yolo # minimal checkpoints (still requires report approval)
/autopilot target.com --quick # fast surface scan, fewer checks, lower token use
/autopilot targets.txt # multiple targets — one domain per line in the file
Start a fresh Claude Code session per target. Claude accumulates context across a session — testing multiple targets in one session causes cross-contamination where findings, payloads, and tech stack assumptions from target A bleed into target B.
Best practice:
# Terminal 1: target A
claude → /autopilot targetA.com
# Terminal 2: target B (separate process)
claude → /autopilot targetB.com
If you must test multiple targets in one session, run /pickup target.com at the start of
each target switch to reload the correct context.
Use --quick for faster, lower-cost scans (skips deep fuzzing and extended nuclei templates):
/autopilot target.com --quick # ~40% fewer tokens, covers main attack surface
/hunt target.com --vuln-class idor # single bug class — lowest token use
For long hunts, run /compact (Claude Code built-in) periodically to compress context
without losing findings.
Runs the full hunt cycle without stopping for approval at each step:
1. SCOPE Load and confirm program scope
2. RECON Run recon (or use cached if < 7 days old)
3. RANK Prioritize attack surface (recon-ranker agent)
4. HUNT Test P1 endpoints systematically
5. VALIDATE 7-Question Gate on findings
6. REPORT Draft reports for validated findings
7. CHECKPOINT Present to human for review
hunt-memory/audit.jsonl| Mode | When it stops | Best for |
|---|---|---|
--paranoid | Every finding + partial signal | New targets, learning the surface |
--normal | After validation batch | Systematic coverage |
--yolo | After full surface exhausted | Familiar targets, experienced hunters |
/remember to log successful patterns to hunt memory/pickup target.com next time to pick up where you left offhunt-memory/audit.jsonl for a full request lognpx claudepluginhub joyanes97/claude-bughunter4plugins reuse this command
First indexed Jun 11, 2026
/autopilotRuns an autonomous bug-hunt cycle on a target domain — scoping, recon, surface ranking, systematic testing, validation, and report drafting with configurable checkpoint modes.
/recommendRoutes a freeform pentesting task to the best specialist agent and outputs classification, agent selection, scope assumptions, CLI commands, and a pitfall warning.
/pentestActivates pentest mode: displays ASCII banner, offers session isolation, collects scope details (target URL/IP, engagement name, restrictions, testing window, auth), starts Recon phase.
/pentestRuns a structured security assessment against a URL, codebase, or dependencies — scans for vulnerabilities, audits packages, and generates a remediation report.
/scanRuns an agentic security scanner on the project, detecting vulnerabilities across SCA, secrets, authz, MCP, pipeline, and logic surfaces. Supports focused scans per surface and supplementary output blocks.
/engageStarts pentesting engagement for target: verifies scope from scope.txt, creates evidence directories, launches recon agent, parses results, and recommends attack vectors.