By su1ph3r
End-to-end bug bounty hunting pipeline that orchestrates 8 security tools (Reticustos, Indago, BypassBurrito, Mobilicustos, Nubicustos, Cepheus, Vinculum, Ariadne) through agent-driven phases — from recon to attack path synthesis
Use this agent for API security fuzzing using Indago. Scans APIs from an OpenAPI spec or Reticustos endpoint export, exports WAF-blocked findings for BypassBurrito. Produces indago-report.json and waf-blocked.json. Examples: <example> assistant: "I'll launch the api-fuzz-agent to fuzz the discovered API endpoints." <Task tool invocation to launch api-fuzz-agent> </example>
Use this agent for attack path synthesis using Ariadne. Analyzes correlated findings to build attack graphs, generate operator playbooks, and identify privilege escalation chains. Produces ariadne-report.json. Examples: <example> assistant: "I'll launch the attack-path-agent to synthesize attack paths from correlated findings." <Task tool invocation to launch attack-path-agent> </example>
Use this agent for cloud security auditing using Nubicustos. Scans cloud infrastructure, exports findings and container inventory. Produces nubicustos-findings.json and nubicustos-containers.json (for Cepheus). Examples: <example> assistant: "I'll launch the cloud-audit-agent to audit the cloud infrastructure." <Task tool invocation to launch cloud-audit-agent> </example>
Use this agent for container escape scenario modeling using Cepheus. Enumerates container posture, analyzes escape paths with Nubicustos cloud context enrichment. Produces cepheus-report.json. Examples: <example> assistant: "I'll launch the container-escape-agent to analyze container escape paths." <Task tool invocation to launch container-escape-agent> </example>
Use this agent for finding correlation using Vinculum. Ingests all tool reports from the workspace, deduplicates and correlates findings, then exports in Ariadne format. Produces vinculum-correlated.json and vinculum-ariadne.json. Examples: <example> assistant: "I'll launch the correlation-agent to correlate all findings across tools." <Task tool invocation to launch correlation-agent> </example>
Uses power tools
Uses Bash, Write, or Edit tools
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
Custom Claude Code plugin marketplace.
Multi-agent bug hunting for Claude Code. Launches parallel specialist agents across 8 bug categories, deduplicates and scores findings, runs a regression guard, and produces a prioritized report.
Usage:
/bug-hunter:bughunt # Diff-based scan, top 5 agents
/bug-hunter:bughunt --full # Full codebase, top 5 agents
/bug-hunter:bughunt --thorough # All 8 agents, diff-based
/bug-hunter:bughunt --security # Deep security audit only
/bug-hunter:bughunt src/auth/ # Specific path
/bug-hunter:bughunt --thorough --full # All agents, full codebase
Agents:
| Agent | Hunts For |
|---|---|
logic-hunter | Off-by-ones, wrong comparisons, inverted conditions, unreachable code |
error-handler | Silent failures, swallowed exceptions, empty catches, fallback masking |
edge-case-finder | Null paths, empty collections, boundary values, overflow, Unicode |
security-scanner | Injection, auth bypass, path traversal, SSRF, hardcoded secrets |
race-condition-detector | Shared mutable state, TOCTOU, deadlocks, async pitfalls |
resource-leak-hunter | Unclosed files/connections, missing cleanup, thread leaks |
api-contract-checker | Type mismatches, wrong arg order, schema drift, return value misuse |
state-bug-finder | Stale state, missing UI updates, cache invalidation, state machine bugs |
regression-guard | Test coverage gaps, downstream consumers, public API breaks, fix risk |
Add this marketplace to Claude Code:
/plugins marketplace add su1ph3r/claude-plugins
Then install a plugin:
/plugins install bug-hunter
npx claudepluginhub su1ph3r/claude-plugins --plugin bounty-pipelineMulti-agent bug hunting plugin that launches parallel specialist agents to find bugs across categories, deduplicates and scores findings, runs regression guard analysis, and produces prioritized reports
Battle-tested Claude Code workflows with persistent storage and searchable learnings. Self-correcting memory, parallel worktrees, wrap-up rituals, and the 80/20 AI coding ratio.
Security research toolkit for discovering and remediating vulnerabilities
Claude Code skills and agents for authorized security testing, bug bounty hunting, and pentesting workflows
71-skill bug-hunting & external red-team bundle for Claude Code — 48 hunt-* web/vuln-class + framework skills, enterprise platform attack chains (M365/Entra, Okta, SharePoint, vCenter, SSL-VPN, APK), recon/OSINT, reporting & validation gates, and Burp MCP integration. Skills auto-load by topic; 15 slash commands included.
Systematic false positive verification for security bug analysis with mandatory gate reviews
Agentic-Security is a powerful Claude Code plugin that automatically performs Application Security Testing (SAST, SCA, secrets detection, and more). Think of it as the easy button for making your Claude-generated code safe and secure.
The AI pentest co-pilot that actually finds bugs. Phase-chained, evidence-gated offensive security skills for bug bounty and authorized pentesting.