hackerone_skill
- Python
42
GitHub Stars
2
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill transilienceai/communitytools --skill hackerone- README.md8.1 KB
- SKILL.md4.3 KB
Overview
This skill automates HackerOne bug bounty workflows end-to-end: parse program scope, run parallel pentesting agents per asset, validate proof-of-concepts (PoCs), and produce HackerOne-ready submission reports. It speeds up large-scope testing by running many specialized checks concurrently and enforces strict PoC and report quality requirements.
How this skill works
Provide a HackerOne program URL or a scope CSV and the skill parses eligible assets and program guidelines. It deploys a pentester agent per asset (each spawning specialized sub-agents) to test vulnerabilities in parallel, collects validated PoCs, and formats findings into platform-compliant reports. Built-in validators check PoC artifacts, CVSS scoring, reproduction steps, and evidence before generating submission files.
When to use it
- Testing a HackerOne program with many assets or broad scope
- Preparing professionally formatted, validated submissions for HackerOne
- Speeding up reconnaissance and validation by parallelizing tests
- Verifying PoC reproducibility and collecting timestamped proof
- Generating consistent, submission-ready reports at scale
Best practices
- Only test assets with eligible_for_submission=true in the scope CSV
- Always include a working poc.py and a timestamped poc_output.txt for each finding
- Sanitize or avoid including real user data and sensitive information
- Follow program-specific guidelines and check max_severity limits
- Run the report validator to ensure HackerOne format and completeness
Example use cases
- Import a program URL, parse its CSV scope, and run parallel agents to find and validate vulnerabilities across 100+ assets
- Submit a single high-severity finding with a validated PoC, CVSS score, step-by-step reproduction, and remediation guidance
- Triage a large scope by filtering eligible assets and prioritizing targets by max_severity and attack surface
- Rapid testing of new programs (high response probability) to capture early, high-value vulnerabilities
FAQ
Every finding requires an executable poc.py, a timestamped poc_output.txt, workflow.md for manual steps if needed, and visual evidence (screenshots or video).
Can I test all assets in parallel?
Yes — the skill deploys one pentester agent per asset and spawns specialized sub-agents; resource limits and program rules should guide concurrency.