hackerone_skill

This skill automates HackerOne workflows by parsing scope CSVs, deploying parallel pentest agents, validating PoCs, and generating ready-to-submit reports.
  • Python

42

GitHub Stars

2

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill transilienceai/communitytools --skill hackerone

  • README.md8.1 KB
  • SKILL.md4.3 KB

Overview

This skill automates HackerOne bug bounty workflows end-to-end: parse program scope, run parallel pentesting agents per asset, validate proof-of-concepts (PoCs), and produce HackerOne-ready submission reports. It speeds up large-scope testing by running many specialized checks concurrently and enforces strict PoC and report quality requirements.

How this skill works

Provide a HackerOne program URL or a scope CSV and the skill parses eligible assets and program guidelines. It deploys a pentester agent per asset (each spawning specialized sub-agents) to test vulnerabilities in parallel, collects validated PoCs, and formats findings into platform-compliant reports. Built-in validators check PoC artifacts, CVSS scoring, reproduction steps, and evidence before generating submission files.

When to use it

  • Testing a HackerOne program with many assets or broad scope
  • Preparing professionally formatted, validated submissions for HackerOne
  • Speeding up reconnaissance and validation by parallelizing tests
  • Verifying PoC reproducibility and collecting timestamped proof
  • Generating consistent, submission-ready reports at scale

Best practices

  • Only test assets with eligible_for_submission=true in the scope CSV
  • Always include a working poc.py and a timestamped poc_output.txt for each finding
  • Sanitize or avoid including real user data and sensitive information
  • Follow program-specific guidelines and check max_severity limits
  • Run the report validator to ensure HackerOne format and completeness

Example use cases

  • Import a program URL, parse its CSV scope, and run parallel agents to find and validate vulnerabilities across 100+ assets
  • Submit a single high-severity finding with a validated PoC, CVSS score, step-by-step reproduction, and remediation guidance
  • Triage a large scope by filtering eligible assets and prioritizing targets by max_severity and attack surface
  • Rapid testing of new programs (high response probability) to capture early, high-value vulnerabilities

FAQ

Every finding requires an executable poc.py, a timestamped poc_output.txt, workflow.md for manual steps if needed, and visual evidence (screenshots or video).

Can I test all assets in parallel?

Yes — the skill deploys one pentester agent per asset and spawns specialized sub-agents; resource limits and program rules should guide concurrency.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
hackerone skill by transilienceai/communitytools | VeilStrat