blaxkmiradev/opencode-bug-bounty

GitHub: blaxkmiradev/opencode-bug-bounty

一款面向漏洞赏金猎人及安全人员的自动化全流程安全测试框架，解决从侦察到报告的一站式高效协作问题。

Stars: 0 | Forks: 0

# 🐛 Bug Hunter Toolkit ## 专业漏洞赏金与安全测试框架 **Created by:** [rikixz](https://github.com/blaxkmiradev) | [blaxkmiradev](https://github.com/blaxkmiradev) **Version:** 2.0.0 **License:** MIT ## 目录 1. [Introduction](#introduction) 2. [Setup](#setup) 3. [How to Use](#how-to-use) 4. [Skills](#skills) 5. [Tools](#tools) 6. [Vulnerability Levels](#vulnerability-levels) 7. [CVE Finding & Writing](#cve-finding--writing) 8. [Report Writing](#report-writing) 9. [Adding New Skills](#adding-new-skills) 10. [Commands Reference](#commands-reference) 11. [Credits](#credits) ## 介绍 Bug Hunter Toolkit 是一个全面的安全测试框架，适用于漏洞赏金猎人、渗透测试人员和安全专业人员。它包含： - **9 种专业技能**，覆盖不同的安全领域 - **40+ 个 Python 工具**，用于漏洞扫描 - **15+ 个 PowerShell 工具**，用于 Windows 自动化 - **完整的工作流程**，从侦察到报告 ## 设置 ### 要求 #### Python（必需） ``` # 安装 Python 依赖 pip install -r requirements.txt # 或单独安装 pip install requests urllib3 dnspython colorama ``` #### Go（可选 - 适用于高级工具） ``` # 安装 Go 工具 go install github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest go install github.com/projectdiscovery/httpx/cmd/httpx@latest go install github.com/projectdiscovery/nuclei/cmd/nuclei@latest go install github.com/projectdiscovery/katana/cmd/katana@latest go install github.com/dw1zard/dalfox/v2/cmd/dalfox@latest go install github.com/ffuf/ffuf@latest ``` #### PowerShell（Windows） ``` # 运行设置 .\tools\bug-hunter\setup.ps1 -All # 或使用单独的工具 .\run.ps1 setup ``` ### 快速设置 ``` # 克隆或下载工具包 git clone https://github.com/blaxkmiradev/bug-hunter.git # 安装依赖 cd bug-hunter pip install -r scripts/requirements.txt # 测试安装 python tools/python/fast_scanner.py example.com ``` ## 如何使用 ### 主启动器（PowerShell） ``` # 显示帮助 .\run.ps1 # 侦察 .\run.ps1 recon example.com # 扫描漏洞 .\run.ps1 scan example.com -type xss # 测试特定漏洞 .\run.ps1 test xss https://example.com/search?q=test .\run.ps1 test ssrf https://example.com/webhook .\run.ps1 test idor https://api.example.com .\run.ps1 test oauth https://example.com/oauth/authorize # 网络枚举 .\run.ps1 test network 192.168.1.1 # 移动测试 .\run.ps1 test mobile app.apk # 生成报告 .\run.ps1 report example.com IDOR /api/users "read all user data" ``` ### 主启动器（Python） ``` # 显示帮助 python scripts/run.py # 快速扫描 python scripts/run.py fast example.com # 子域名枚举 python scripts/run.py subdomain example.com # 端口扫描 python scripts/run.py port target.com # 目录扫描 python scripts/run.py dirs https://example.com # 漏洞扫描 python scripts/run.py xss https://example.com/search?q=test python scripts/run.py sqli https://example.com/product?id=1 python scripts/run.py ssrf https://example.com/webhook # 头部分析 python scripts/run.py header https://example.com # CORS 扫描器 python scripts/run.py cors https://api.example.com # JWT 分析器 python scripts/run.py jwt eyJhbGciOi... # 运行所有工具 python tools/python/ALL.py scan example.com ``` ### 单独工具 ``` # 侦察 python tools/python/fast_scanner.py target.com python tools/python/subdomain_enum.py target.com python tools/python/parameter_scanner.py https://example.com python tools/python/fingerprint.py https://example.com python tools/python/nmap_scan.py target.com # 漏洞扫描 python tools/python/xss_scanner.py "https://example.com/search?q=test" python tools/python/sqli_scanner.py "https://example.com/product?id=1" python tools/python/ssrf_scanner.py https://example.com/urlfetch python tools/python/lfi_scanner.py "https://example.com/view?page=" python tools/python/cmdi_scanner.py "https://example.com/ping?ip=" python tools/python/open_redirect.py "https://example.com/redirect?url=" # 分析 python tools/python/header_analyzer.py https://example.com python tools/python/cors_scanner.py https://example.com/api python tools/python/secret_scanner.py https://example.com python tools/python/jwt_analyzer.py eyJhbGciOi... python tools/python/graphql_scanner.py https://example.com/graphql # 特殊 python tools/python/race_tester.py https://example.com/redeem -c 20 python tools/python/bruteforce.py https://example.com /login users.txt passwords.txt python tools/python/generate_csv.py --vuln XSS --target example.com --endpoint /search python tools/python/cvss.py ``` ## 技能 ### 技能结构每个技能都是一个 `skills/` 目录，包含： - `SKILL.md` - 主要技能内容 - `skills.yaml` - 技能元数据 ### 可用技能 | Skill | Description | Trigger | |-------|------------|---------| | **bug-bounty** | 主要漏洞赏金工作流程 | bug bounty, recon, 漏洞赏金 | | **web-audit** | Web 应用安全审计 | web audit, code review, API | | **mobile-security** | Android/iOS 安全 | mobile security, Android, Frida | | **cloud-security** | AWS/GCP/Azure/K8s | cloud security, S3, K8s | | **network-security** | 网络渗透测试 | network, port scan, SMB | | **api-security** | REST/GraphQL 测试 | API, REST, GraphQL | | **red-team** | 红队操作 | red team, C2, AD | | **report-writing** | 报告模板与 CVSS | report, cvss, 漏洞报告 | | **osint** | OSINT 侦察 | OSINT, Google hacking | ### 激活技能技能会根据提示中的关键词自动激活： ``` # 与漏洞赏金相关漏洞赏金, 安全测试, 渗透测试, bug bounty, recon, pentest IDOR, SSRF, XSS, SQLi, vulnerability hunting # Web 审计 web audit, code review, source audit, API security # 移动 mobile security, Android, iOS, APK analysis, Frida # 云 cloud security, AWS, S3 bucket, Kubernetes, K8s # 报告 report writing, cvss, severity, triage response ``` ## 工具 ### Python 工具（40+） #### 侦察工具 | Tool | Description | Usage | |------|------------|--------| | `fast_scanner.py` | 快速全场景扫描 | `python fast_scanner.py target.com` | | `subdomain_enum.py` | 子域名枚举 | `python subdomain_enum.py target.com` | | `nmap_scan.py` | 端口扫描器 | `python nmap_scan.py target.com` | | `fingerprint.py` | 技术识别 | `python fingerprint.py https://target.com` | | `parameter_scanner.py` | 参数发现 | `python parameter_scanner.py https://target.com` | | `dir_scanner.py` | 目录扫描 | `python dir_scanner.py https://target.com` | #### 漏洞扫描器 | Tool | Description | Usage | |------|------------|--------| | `xss_scanner.py` | XSS 检测 | `python xss_scanner.py https://target.com/search?q=test` | | `sqli_scanner.py` | SQL 注入 | `python sqli_scanner.py https://target.com/product?id=1` | | `ssrf_scanner.py` | SSRF 检测 | `python ssrf_scanner.py https://target.com/urlfetch` | | `lfi_scanner.py` | LFI/RFI 检测 | `python lfi_scanner.py https://target.com/view?page=` | | `cmdi_scanner.py` | 命令注入 | `python cmdi_scanner.py https://target.com/ping?ip=` | | `ssti_scanner.py` | SSTI 检测 | `python ssti_scanner.py https://target.com/template` | | `xml_injection.py` | XXE 检测 | `python xml_injection.py https://target.com/upload` | | `open_redirect.py` | 开放重定向 | `python open_redirect.py https://target.com/redirect?url=` | | `proto_pollution.py` | 协议污染 | `python proto_pollution.py https://target.com/api` | | `race_tester.py` | 竞争条件 | `python race_tester.py https://target.com/redeem -c 20` | | `upload_tester.py` | 文件上传 | `python upload_tester.py https://target.com/upload` | #### 分析工具 | Tool | Description | Usage | |------|------------|--------| | `header_analyzer.py` | 安全头分析 | `python header_analyzer.py https://target.com` | | `cors_scanner.py` | CORS 配置错误 | `python cors_scanner.py https://target.com/api` | | `csp_bypass.py` | CSP 绕过 | `python csp_bypass.py https://target.com` | | `jwt_analyzer.py` | JWT 攻击 | `python jwt_analyzer.py eyJ...` | | `secret_scanner.py` | 查找密钥 | `python secret_scanner.py https://target.com` | | `graphql_scanner.py` | GraphQL 测试 | `python graphql_scanner.py https://target.com/graphql` | | `oauth_scanner.py` | OAuth 测试 | `python oauth_scanner.py https://target.com/oauth` | | `web_scanner.py` | Web 漏洞 | `python web_scanner.py https://target.com` | #### 特殊工具 | Tool | Description | Usage | |------|------------|--------| | `s3_scanner.py` | S3 存储桶 | `python s3_scanner.py bucket-name` | | `bruteforce.py` | HTTP 暴力破解 | `python bruteforce.py target /login users.txt passwords.txt` | | `heartbleed.py` | Heartbleed 漏洞 | `python heartbleed.py target.com 443` | | `shellshock.py` | Shellshock 漏洞 | `python shellshock.py https://target.com/cgi-bin/test` | | `subdomain_takeover.py` | 子域名接管 | `python subdomain_takeover.py subs.txt` | | `enum_users.py` | 用户枚举 | `python enum_users.py target.com` | | `fuzz.py` | 模糊测试 | `python fuzz.py https://target.com/api?param=FUZZ` | | `cvss_calculator.py` | CVSS 计算 | `python cvss_calculator.py` | #### 报告工具 | Tool | Description | Usage | |------|------------|--------| | `generate_csv.py` | 生成报告 | `python generate_csv.py --vuln XSS --target example.com` | | `cvss_calculator.py` | CVSS 评分 | `python cvss_calculator.py` | #### CVE 工具 | Tool | Description | Usage | |------|------------|--------| | `cve_finder.py` | 搜索 CVE | `python cve_finder.py nginx` | | `cve_writer.py | 生成 CVE 报告 | `python cve_writer.py --product nginx --impact "RCE"` | | `vuln_level.py` | 漏洞严重性扫描 | `python vuln_level.py target.com` | #### 漏洞级别扫描器 | Tool | Description | Usage | |------|------------|--------| | `vuln_level.py` | 基于级别的漏洞扫描 | `python vuln_level.py target.com` | ### PowerShell 工具 ``` # 侦察 .\tools\bug-hunter\recon.ps1 -Target example.com # 扫描 .\tools\bug-hunter\scan.ps1 -Target example.com -Type all .\tools\bug-hunter\scan.ps1 -Target example.com -Type xss # 测试漏洞 .\tools\bug-hunter\test-idor.ps1 -Target https://api.example.com .\tools\bug-hunter\test-ssrf.ps1 -Target https://example.com/webhook .\tools\bug-hunter\test-xss.ps1 -Target https://example.com -Param q # 特殊 .\tools\bug-hunter\test-api.ps1 -Target https://api.example.com -All .\tools\bug-hunter\test-oauth.ps1 -Target https://example.com/oauth/authorize .\tools\bug-hunter\test-mobile.ps1 -Target app.apk # 报告 .\tools\bug-hunter\report.ps1 -Target example.com -VulnClass IDOR -Impact "data breach" ``` ## 漏洞级别 ### 严重性分类 | Level | Score | Description | Example | |-------|-------|------------|---------| | **CRITICAL** | 9.0-10.0 | 完全系统妥协 | 身份验证绕过 → 管理员，RCE | | **HIGH** | 7.0-8.9 | 重大影响 | IDOR 写入，SQLi 数据泄露 | | **MEDIUM** | 4.0-6.9 | 有限影响 | IDOR 读取 PII，存储型 XSS | | **LOW** | 0.1-3.9 | 最小影响 | 自 XSS，信息泄露 | | **INFO** | 0.0 | 无漏洞 | 横幅信息泄露 | ### 快速 CVSS 参考 | Vulnerability | Typical CVSS | Severity | |-------------|-------------|----------| | IDOR (read PII) | 6.5 | Medium | | IDOR (write/delete) | 7.5 | High | | Auth bypass → admin | 9.8 | Critical | | Stored XSS | 5.4-8.8 | Medium-High | | SQLi (data exfil) | 8.6 | High | | SSRF (cloud metadata) | 9.1 | Critical | | Race condition | 7.5 | High | | GraphQL auth bypass | 8.7 | High | | JWT none algorithm | 9.1 | Critical | | Open redirect alone | 3.5 | Low | | Self-XSS | 3.5 | Low | ### 严重性升级同一漏洞在串联时可能升级为更高严重级别： ``` Open redirect + OAuth = Account Takeover (High) Self-XSS + Login CSRF = Stored XSS (Medium) SSRF (DNS only) + Internal proof = Internal access (Medium) CORS wildcard + Credentials = Data theft (Medium) Clickjacking + Sensitive action = Account action (Medium) ``` ## CVE 查找与编写 ### 查找 CVE 1. **Version Detection** # 查找版本 python tools/python/fingerprint.py target.com # 检查已知 CVE curl -s "https://services.nvd.nist.gov/rest/json/cves/2.0?keywordSearch=TARGET_SOFTWARE" 2. **Common CVE Vectors** - 过时的软件版本 - 已知易受攻击的参数 - 公开利用数据库 - 变更日志和安全公告 3. **发现新的 CVE** - 零日研究 - 新型攻击向量 - 业务逻辑漏洞 - 配置问题 ### CVE 编写格式 ``` # CVE 提交格式 CVE ID: CVE-YYYY-XXXXX ## 描述 [Software name] [version] and earlier contains a [vulnerability type] in [component] that allows [attacker] to [impact]. ## 受影响版本 [Software name] [start version] through [end version] ## 参考 https://example.com/advisory https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-YYYY-XXXXX ## 致谢 Discovered by: [Your Name] Date: [Discovery Date] ## 概念验证 [HTTP Request] GET /vulnerable?param=PAYLOAD HTTP/1.1 Host: target.com [Response] HTTP/1.1 200 OK [Payload executed] ## 时间线 Discovery Date: YYYY-MM-DD Vendor Notified: YYYY-MM-DD Patch Released: YYYY-MM-DD CVE Assigned: YYYY-MM-DD ``` ### CVE 资源 - [MITRE CVE](https://cve.mitre.org) - [NVD](https://nvd.nist.gov) - [Exploit-DB](https://exploit-db.com) - [PacketStorm](https://packetstormsecurity.com) - [Google Project Zero](https://bugs.chromium.org) ## 报告编写 ### 报告模板 #### HackerOne 格式 ``` # 标题 [ vuln class ] in [ endpoint/feature ] allows [ attacker ] to [ impact ] ## 摘要 [ 2-3 sentences: what it is, where it is, what attacker can do ] ## 复现步骤 1. [Step with exact HTTP request] 2. [Step] 3. [Step] ## 支持材料 [ Screenshot / video / PoC request ] ## 影响 An attacker can [ specific action ] resulting in [ specific harm ]. ## 严重性评估 CVSS 3.1 Score: X.X ( severity ) Attack Vector: Network | Complexity: Low | Privileges: None | User Interaction: None ``` #### 快速报告生成器 ``` python tools/python/generate_csv.py \ --vuln XSS \ --target example.com \ --endpoint /search?q= \ --poc "GET /search?q=" \ --severity Medium \ --impact "Execute JavaScript in user context" ``` ### 影响陈述公式 ### 人性化语气规则 ✓ 以影响开头，而不是漏洞名称 ✓ 像向开发者解释一样撰写 ✓ 使用 "我发现..." 而不是 "发现了一个漏洞..." ✓ 一个具体的例子胜过三个抽象的句子 ✓ 避免使用 "comprehensive/leverage/seamless/ensure" ✓ 句子中不使用破折号 ### 60 秒提交前检查清单 - [ ] 标题符合公式：[Class] in [endpoint] allows [actor] to [impact] - [ ] 第一句用纯英文说明确切的影响 - [ ] 重现步骤包含确切的 HTTP 请求 - [ ] 包含显示漏洞的响应 - [ ] 使用了两个测试账号 - [ ] 包含已计算的 CVSS 分数 - [ ] 推荐修复是一句话 - [ ] 端点路径没有拼写错误 - [ ] 报告少于 600 个词 - [ ] 严重性与描述的影响匹配 ## 添加新技能 ### 技能结构 ``` skills/ ├── skill-name/ │ ├── SKILL.md # Main content │ ├── skills.yaml # Metadata │ └── agent.yaml # (optional) Agent config ``` ### SKILL.md 格式 ``` name: skill-name description: Skill description trigger: - trigger_word1 - trigger_word2 - trigger_word3 --- # 技能内容 ## 第 1 节 Content here... ## 第 2 节 More content... ``` ### skills.yaml 格式 ``` name: skill-name description: Skill description trigger: - trigger_word - another_trigger author: rikixz version: 1.0.0 ``` ### 添加新工具 1. 在 `tools/python/` 中创建 Python 工具： #!/usr/bin/env python3 """ Tool Name Usage: python tool.py """ import sys import requests def main(): if len(sys.argv) < 2: print("Usage: python tool.py ") sys.exit(1) target = sys.argv[1] # Tool logic here print(f"[*] Testing {target}...") if __name__ == "__main__": main() 2. 添加到 `scripts/run.py` 以用于主启动器 ## 命令参考 ### 快速参考 ``` # 快速扫描 python tools/python/fast_scanner.py target.com # 完整侦察 python scripts/run.py recon target.com # 扫描漏洞 python scripts/run.py xss "https://target.com/search?q=test" python scripts/run.py sqli "https://target.com/product?id=1" python scripts/run.py ssrf "https://target.com/urlfetch" # 分析 python scripts/run.py header https://target.com python scripts/run.py cors https://api.target.com python scripts/run.py jwt eyJhbGciOi... # 报告 python scripts/run.py report target.com IDOR /api/users "read data" python tools/python/generate_csv.py --vuln XSS --target target.com python tools/python/cvss_calculator.py ``` ## 🚀 OpenCode 设置与用法 ### 如何向 OpenCode 添加技能 OpenCode 会自动从 `skills/` 目录加载技能。以下是使用方法： #### 1. Skill 目录结构 ``` skills/ ├── skill-name/ │ ├── SKILL.md # Required - Main skill content │ ├── skills.yaml # Required - Skill metadata │ └── agent.yaml # Optional - Agent configuration ``` #### 2. SKILL.md 格式（必需） ``` name: skill-name description: Your skill description trigger: - trigger_word1 - trigger_word2 - 中文触发词 --- # 技能内容 ## 第 1 节 Content here... ``` #### 3. skills.yaml 格式（必需） ``` name: skill-name description: Skill description trigger: - trigger_word - another_trigger author: rikixz version: 1.0.0 ``` ### 如何请求 OpenCode 使用工具 #### 🐛 基础漏洞赏金问题 ``` "do recon on example.com" "scan for XSS vulnerabilities" "test for SQL injection in https://example.com/product?id=1" "find subdomains" "check security headers" ``` #### 🎯 特定漏洞测试 ``` "test for IDOR in https://api.example.com/users" "test for SSRF in https://example.com/webhook" "test for XSS in https://example.com/search?q=" "check for open redirect in https://example.com/redirect" "analyze JWT tokens" ``` #### 🔍 侦察问题 ``` "what technologies does example.com use?" "find all endpoints in https://api.example.com" "enumerate subdomains" "scan ports on target.com" "directory scan" ``` #### 📊 分析问题 ``` "analyze HTTP security headers" "check CORS configuration" "find secrets in JavaScript files" "test GraphQL for vulnerabilities" ``` #### 💻 运行工具的指令 ``` "run fast_scanner on example.com" "run xss_scanner on https://example.com/search?q=test" "run subdomain enumeration on target.com" "run port scan on target.com" ``` ### 自动使用技能技能会根据关键词自动激活——只需自然提问： ``` # 与漏洞赏金相关 "我需要做漏洞赏金测试" → Activates bug-bounty skill "do a security audit" → Activates web-audit skill "test mobile app security" → Activates mobile-security skill "check cloud security" → Activates cloud-security skill # 特定漏洞 "test for IDOR" → IDOR testing tools "find XSS" → XSS scanner "check for SQLi" → SQLi scanner ``` ### OpenCode AI 指令 #### 快速操作 ``` "run recon on [target]" → Full recon "quick scan [target]" → Fast scanner "vuln scan [target]" → All vulns "subdomain enum [target]" → Find subdomains # 特定测试 "test XSS [url]" "test SQLi [url]" "test SSRF [url]" "test IDOR [url]" "test auth [url]" # 分析 "scan headers [target]" "check CORS [target]" "analyze JWT [token]" "fingerprint [target]" ``` ### 按用户类型划分的工具类别 #### 👀 初级用户 ``` # 只需询问！ "scan example.com" "find vulnerabilities" "check security" # 或使用快速扫描器 python tools/python/fast_scanner.py target.com ``` #### 🔧 中级用户 ``` # 特定漏洞测试 python tools/python/xss_scanner.py "https://target.com/search?q=test" python tools/python/sqli_scanner.py "https://target.com/product?id=1" python tools/python/header_analyzer.py https://target.com # 使用主启动器 python scripts/run.py fast example.com python scripts/run.py xss "https://target.com/search" ``` #### 🚀 高级用户 ``` # 完整扫描套件 python tools/python/ALL.py scan target.com python tools/python/ALL.py vuln target.com # 使用特定焦点运行所有工具 python tools/python/ALL.py xss target.com python tools/python/ALL.py sqli target.com # 自定义工具组合 python tools/python/fast_scanner.py target.com && \ python tools/python/xss_scanner.py target.com && \ python tools/python/sqli_scanner.py target.com ``` ### OpenCode CLI 参考 ``` # PowerShell（Windows） .\run.ps1 recon example.com .\run.ps1 scan example.com -type xss .\run.ps1 test xss https://example.com/search?q=test # Python python scripts/run.py fast example.com python scripts/run.py xss "https://example.com/search?q=test" # 直接工具 python tools/python/fast_scanner.py example.com ``` ### 如何获取帮助 ``` # 显示可用命令 python scripts/run.py # 显示工具帮助 python tools/python/fast_scanner.py # 显示 CVSS 参考 python tools/python/cvss_calculator.py # 查找 CVE python tools/python/cve_finder.py --help ``` ### 快速命令速查表 | Action | Command | |--------|---------| | Quick Scan | `python ALL.py quick target.com` | | Full Scan | `python ALL.py scan target.com` | | Recon | `python fast_scanner.py target.com` | | XSS Test | `python xss_scanner.py URL` | | SQLi Test | `python sqli_scanner.py URL` | | Headers | `python header_analyzer.py URL` | | CORS | `python cors_scanner.py URL` | | JWT | `python jwt_analyzer.py TOKEN` | | CVE Search | `python cve_finder.py PRODUCT` | | CVSS | `python cvss_calculator.py` | | Report | `python generate_csv.py --vuln XSS --target domain` | ### 用户场景与提问方式 #### 📌 “我想扫描一个目标” ``` Just say: "scan example.com" → Runs fast_scanner.py ``` #### 📌 “我发现一个漏洞，需要编写报告” ``` Say: "generate report for XSS in /search on example.com" → Uses generate_csv.py ``` #### 📌 “这个漏洞的严重性是什么？” ``` Ask: "what CVSS score for IDOR?" → Shows cvss_calculator.py with typical scores ``` #### 📌 “检查目标是否易受 [v] 攻击” ``` Say: "check example.com for XSS" → Runs xss_scanner.py ``` #### 📌 “查找有关此软件的信息” ``` Ask: "search CVE for nginx" → Uses cve_finder.py ``` #### 📌 “审计此 Web 应用程序” ``` Say: "audit web application security" → Uses web_scanner.py + header_analyzer.py ``` ### 技能触发关键词 | Trigger | Skills Activated | |---------|----------------| | 漏洞赏金 / bug bounty / recon | bug-bounty | | web audit / code review / API | web-audit | | mobile / Android / iOS | mobile-security | | cloud / AWS / S3 / K8s | cloud-security | | network / port / SMB | network-security | | API / REST / GraphQL | api-security | | red team / C2 / AD | red-team | | report / CVSS / severity | report-writing | | OSINT / Google hacking / email | osint | ### 与 AI 的示例对话 ``` User: "I want to test this URL for SQL injection" AI: "I'll run sql_injection scanner on that URL. Found 3 potential issues..." User: "What's the severity of stored XSS in admin panel?" AI: "Stored XSS with admin access typically scores 7.5-8.8 (High). CVSS..." User: "Generate a bug bounty report for this IDOR" AI: "I'll create a report with CVSS score 6.5 (Medium) using the template..." User: "Search for known CVEs in WordPress" AI: "Searching NVD database... Found CVE-2024-XXXX for WordPress..." ``` ### 设置 OpenCode 集成 1. Clone or copy the bug-hunter directory: ``` git clone https://github.com/blaxkmiradev/bug-hunter.git cd bug-hunter ``` 2. Ensure Python dependencies are installed: ``` pip install -r scripts/requirements.txt ``` 3. Add to your PATH or use absolute paths: ``` # 选项 1：添加到 PATH export PATH="$PATH:/path/to/bug-hunter/tools/python" # 选项 2：始终使用完整路径 python /path/to/bug-hunter/tools/python/fast_scanner.py target.com ``` 4. For Windows PowerShell, use: ``` # 添加到 PATH $env:PATH += ";C:\path\to\bug-hunter\tools\python" # 或直接运行 & "C:\path\to\bug-hunter\run.ps1" recon target.com ``` ## 致谢 ### 创建者 **[rikixz](https://github.com/blaxkmiradev)** - [blaxkmiradev](https://github.com/blaxkmiradev) GitHub: [github.com/blaxkmiradev](https://github.com/blaxkmiradev) ### 灵感来源 - Bug Bounty methodology from top hunters - OWASP testing guide - PortSwigger Web Security Academy - Security community tools ### 使用的工具与资源 - ProjectDiscovery tools (nuclei, httpx, subfinder, katana) - OWASP - PortSwigger labs - HackerOne disclosed reports ## 免责声明 This toolkit is for **authorized security testing only**. Always get proper authorization before testing any system you don't own. Using this toolkit against systems without authorization is illegal and may result in legal action. ## 许可证 MIT License - Use at your own risk. ## 支持 - Issues: https://github.com/blaxkmiradev/bug-hunter/issues - Stars: ⭐⭐⭐⭐⭐ (If you find it useful!) **Made with 🔥 by [rikixz](https://github.com/blaxkmiradev)** | [blaxkmiradev](https://github.com/blaxkmiradev) Happy Hunting! 🐛🔍

标签：AI合规, Bug Hunter, Conpot, Go开发, HTTP探测, PowerShell安全工具, Python安全工具, Python开发, Windows安全, 子域名枚举, 安全专业, 安全工作流, 安全工具包, 安全报告, 安全测试, 开源安全工具, 攻击性安全, 日志审计, 系统安全, 网络安全, 逆向工具, 逆向工程平台, 隐私保护