Is this skill suitable for beginners in security?

Yes, it provides structured workflows and 'Quick Reference' guides that help beginners follow proven methodologies used by professional hunters, though some familiarity with the command line is required.

Does this skill perform automated exploitation?

The skill focuses primarily on reconnaissance and vulnerability discovery. While it can identify potential attack vectors, it is designed to assist security researchers in gathering data rather than executing destructive exploits.

How does this skill handle rate limiting and scope?

The skill includes guidelines for respecting program boundaries and implementing rate limits. Users are encouraged to use proxy rotation and adjust concurrency settings within the tool commands provided.

What tools are required to use this skill effectively?

This skill leverages industry-standard tools like Amass, Subfinder, httpx, Nuclei, and FFUF. These should be installed on a Linux-based attack machine (like Kali or Ubuntu) with Go and Python environments configured.

Red Team & Bug Bounty Methodology

Name: Red Team & Bug Bounty Methodology
Author: claudiodearaujo

byclaudiodearaujo

安全与测试

Automates professional reconnaissance and vulnerability discovery workflows using industry-standard red teaming tools and methodologies.

关于

This skill equips Claude with the sophisticated workflows used by top security researchers and bug bounty hunters to map attack surfaces and identify vulnerabilities. It integrates powerful open-source tools like Amass, Nuclei, and FFUF into a cohesive methodology covering subdomain enumeration, technology fingerprinting, and targeted application analysis. Whether you are performing a security audit or hunting for XSS and API flaws, this skill provides the structured commands and analytical frameworks—including the Jason Haddix method—to ensure thorough coverage and actionable security findings.

主要功能

Implementation of the Jason Haddix 'Bug Hunter's Methodology' for manual analysis
Advanced content discovery and hidden endpoint fuzzing with FFUF and Gau
Deep technology fingerprinting and infrastructure analysis
Automated multi-source subdomain enumeration and live host discovery
Specialized XSS hunting pipelines and API vulnerability testing
0 GitHub stars

使用场景

Automating reconnaissance pipelines for active bug bounty programs
Performing comprehensive external attack surface mapping for organizations
Identifying common web vulnerabilities and misconfigurations using Nuclei templates

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro-front red-team-tools

For use in Claude.ai and ChatGPT

Download Skill

GitHub

关于