security-bounty-hunter

Hunt for remotely reachable, bounty-worthy vulnerabilities (SSRF, auth bypass, deserialization/upload-to-RCE, SQLi, command injection, path traversal, auto-triggered XSS) instead of low-signal best-practice findings. Enforces scope/`SECURITY.md` checks, duplicate search, a reachable-user-control-to-sink proof requirement, and a standardized report template (Description / Vulnerable Code / PoC / Impact / Affected Version) before submission to Huntr, HackerOne, and similar.