Matador-og/huntbot

# huntbot 面向漏洞赏金、渗透测试和红队演练的进攻性安全工具。执行侦察、绘制应用地图、测试漏洞、验证发现并生成报告。 ## 安装 ``` curl -fsSL https://matador.indiesecurity.com/huntbot/install.sh | sh huntbot setup ``` **平台：** macOS · Linux · WSL **需要：** [Claude Code](https://claude.ai/code) (Claude Max) ## 快速开始 安装 Claude Code 插件，然后直接对话： ``` /plugin marketplace add Matador-og/huntbot /plugin install huntbot@huntbot ``` ``` > Set up PayPal's bug bounty and start hunting > Run recon on *.staging.company.com > What findings do we have? > Focus on the payment API ``` 或直接使用 CLI： ``` huntbot init paypal --scope "PayPal bug bounty" huntbot auto paypal --max-runs 5 --timeout 7200 -v huntbot monitor huntbot chat paypal "focus on IDOR in /api/users/{id}" ``` ## 工作原理 ``` S0 Recon → Subdomains, endpoints, tech stack S1 App Mapping → Use the app, document features and APIs S2 Attack Testing → Find vulnerabilities S3 Triage → Validate, kill false positives, write reports S4 Final Review → Last gate before submission ``` 每个阶段运行多个轮次。当某个轮次没有发现新内容时，阶段推进。 ## 命令 ``` huntbot init # Create target huntbot auto # Full pipeline (S0-S4) huntbot run --stage N # Single stage huntbot monitor # Dashboard huntbot chat "msg" # Guide mid-run huntbot status # Target info huntbot update # Self-update huntbot setup # Install deps ``` ## 内置工具 ``` huntbot crawl # Browser automation (Playwright) huntbot ingestor # Attack surface graph (Neo4j) huntbot matador # Android testing (ADB + Frida) ``` ## 文档 查看 [docs/](

标签：ADB, AI安全工具, Android安全, Bug Bounty, CISA项目, Claude AI, Cutter, Docker支持, Frida, HTTP工具, Neo4j, PE 加载器, Playwright, Recon, Web安全, 可自定义解析器, 子域名枚举, 安全报告自动化, 实时处理, 密码管理, 攻击面分析, 数据展示, 无线安全, 浏览器自动化, 特征检测, 移动安全测试, 系统安全, 红队, 网络安全, 蓝队分析, 进攻性安全, 隐私保护