Program Research
Invoke the greyhatcc:program-research skill for program: {{ARGUMENTS}}
This automates Phase 0 of any bug bounty engagement:
- Browse the program page via Playwright (renders JS-heavy HackerOne pages)
- Extract scope, bounty table, exclusions, rules, response targets, stats
- Research tech stack, previous disclosures, company intel via Perplexity + WebSearch
- Lookup framework-specific security docs via Context7
- Create full engagement directory with scope.md, attack_plan.md, state files
- Initialize scope.json for all greyhatcc hooks (scope validation, finding tracking)
What Gets Extracted:
- Complete in-scope and out-of-scope asset lists with asset types
- Bounty table: severity tiers, minimum/maximum payouts, bonus criteria
- Program exclusions: specific vulnerability types they will not accept
- Rules of engagement: required headers, test account usage, rate limit policies
- Response SLA targets: time to first response, triage, bounty, resolution
- Program statistics: reports resolved, average bounty, response efficiency
- Required report format: any program-specific submission requirements
- Test accounts: credentials or signup procedures for authenticated testing
Intel Gathering:
- Company acquisitions and subsidiary domains
- Technology stack from job postings, BuiltWith, Wappalyzer
- Previous disclosed reports from hacktivity for pattern analysis
- Known CVEs affecting their disclosed tech stack
- Organizational structure and key engineering contacts