A collection of security testing skills built from analyzing 4,000+ paid HackerOne bug bounty reports. These skills can be used with Claude Code, Gemini CLI, or any agent that supports MCP/Skills.
This repo contains specialized prompts (skills) that teach AI coding agents how to find real security vulnerabilities. Instead of dumping thousands of bug reports into context, each skill distills the patterns and techniques from hundreds of real-world findings into actionable guidance.
| Skill | Description |
|---|---|
mitm-find-idor |
Find Insecure Direct Object Reference vulnerabilities |
mitm-find-auth |
Detect authentication and authorization issues |
mitm-find-bizlogic |
Identify business logic flaws |
mitm-find-ssrf |
Find Server-Side Request Forgery vulnerabilities |
mitm-find-sqli |
Detect SQL injection patterns |
mitm-find-otp |
Find OTP/2FA bypass vulnerabilities |
mitm-find-pii |
Identify PII exposure issues |
mitm-find-secrets |
Detect leaked secrets and API keys |
mitm-find-callback |
Find callback/webhook security issues |
mitm-find-checksum |
Identify checksum/integrity bypass opportunities |
mitm-find-enumerable |
Find enumerable endpoints and IDs |
mitm-find-insecure |
Detect insecure configurations |
mitm-find-referer |
Find referer-based vulnerabilities |
mitm-list-apis |
List and analyze captured API endpoints |
mitm-subdomains |
Analyze subdomain patterns |
mitm-security-audit |
Run comprehensive security audit |
mitm-report |
Generate security report |
Copy skills to your project's .claude/skills/ directory:
mkdir -p .claude/skills
cp *.md .claude/skills/Copy as commands to .gemini/commands/:
mkdir -p .gemini/commands
cp *.md .gemini/commands/-
Start mitmproxy to capture traffic:
mitmdump -w traffic.mitm --set flow_detail=3 2>&1 | tee log.txt &
-
Configure your browser/app to proxy through
localhost:8080 -
Browse the target application to capture traffic
-
Ask your AI agent to analyze:
Find security issues in example.com Check for idor and auth issues Run a full security audit
Rather than overwhelming the AI with raw bug reports, each skill contains:
- High-value patterns extracted from real bounty-winning reports
- Specific grep/regex patterns to search traffic logs
- Testing methodology with curl examples
- Severity ratings and impact assessment
- False positive guidance
Only use these tools on systems you have explicit permission to test. Unauthorized security testing is illegal. These skills are intended for:
- Authorized penetration testing
- Bug bounty programs where you have permission
- Security research on your own systems
- Educational purposes
Built by analyzing 4,000+ paid bug bounty reports from HackerOne's public disclosures.