# claude-bug-bounty > AI-powered bug bounty hunting from your terminal - recon, 20 vuln classes, autonomous hunting, and report generation. All inside Claude Code. - **URL**: https://www.freshcrate.ai/projects/claude-bug-bounty - **Author**: shuvonsec - **Category**: Uncategorized - **Latest version**: `v4.0.0` (2026-04-13) - **License**: MIT - **Source**: https://github.com/shuvonsec/claude-bug-bounty - **Language**: Python - **GitHub**: 1,832 stars, 313 forks - **Registry**: github - **Tags**: `ai-security`, `bug-bounty`, `bugcrowd`, `claude-ai`, `claude-code`, `ethical-hacking`, `hackerone`, `penetration-testing`, `python` ## Description AI-powered bug bounty hunting from your terminal - recon, 20 vuln classes, autonomous hunting, and report generation. All inside Claude Code. ## Recent releases | Version | Date | Urgency | Changes | | --- | --- | --- | --- | | `v4.0.0` | 2026-04-13 | High | ## Meme Coin Security Module New `/token-scan` command and full meme coin rug pull detection for EVM and Solana tokens. ### New Files (8) \| Component \| What It Does \| \|---\|---\| \| `skills/meme-coin-audit/SKILL.md` \| New skill — rug pull detection, token authority checks, bonding curve exploits \| \| `tools/token_scanner.py` \| Automated red flag scanner — hidden mint, honeypot, fee traps, LP drain, fake renounce \| \| `agents/token-auditor.md` \| Fast token audit agent (8-class protocol) \| \| `comman | | `v3.0.0` | 2026-03-26 | Medium | ## Bionic Hunter Release Transforms Claude Bug Bounty from a knowledge-only tool into a **bionic hacker** -- AI that sees your traffic, remembers past hunts, fetches real-time intel, and runs autonomous hunt loops. ### New Features **Autonomous Hunt Loop** (`/autopilot`) - 7-step loop: scope, recon, rank, hunt, validate, report, checkpoint - 3 modes: `--paranoid` (stop per finding), `--normal` (batch), `--yolo` (minimal checkpoints) - Circuit breaker stops hammering hosts after consecutive fa | | `v1.0.0` | 2026-03-13 | Low | ## Initial Release AI-assisted bug bounty hunting with Claude Code — point it at any target and Claude maps the attack surface, runs scanners, validates findings, and writes the HackerOne or Bugcrowd report. ### What's included - Full recon pipeline — subdomain enum, DNS resolution, live host detection, URL crawling - Vulnerability scanners — IDOR, SSRF, XSS, SQLi, OAuth, GraphQL, LLM injection, race conditions - AI/LLM testing — prompt injection, chatbot IDOR, system prompt extraction - Web3 | ## Dependency audit - **Score**: 100/100 - **Total deps**: 0 - **Resolved**: 0 - **Unresolved**: 0 - **License conflicts**: 0 - **Warnings**: 0 - **Scanned**: 2026-06-01 ## Citation - HTML: https://www.freshcrate.ai/projects/claude-bug-bounty - Markdown: https://www.freshcrate.ai/projects/claude-bug-bounty.md - Dependencies JSON: https://www.freshcrate.ai/api/projects/claude-bug-bounty/deps _Generated by freshcrate.ai. Indexes github releases for AI-agent ecosystem packages._