train agent with bug-bounty techniques: methodology meta-agent + recon tricks

- New meta/bugbounty_methodology.md (library 398): distilled high-signal techniques
  from public writeups (HackerOne Hacktivity, KingOfBugBounty, Awesome-Bugbounty-
  Writeups, bug-bounty-reference, top hunters) — hunter mindset + per-class tricks
  (IDOR/BOLA, 403 bypass, account takeover, SSRF->cloud, business logic/race, cache
  poisoning, subdomain takeover, GraphQL), chaining and reporting.
- RECON_SYS gains KingOfBugBounty-style recon: subdomain enum (crt.sh/subfinder/
  amass->httpx), historical URLs (gau/waybackurls/katana), gf patterns, param mining
  (arjun+JS/wayback), content discovery (ffuf/feroxbuster), classic exposure checks
  (.git/.env/swagger/actuator, dangling CNAMEs). Degrades to installed tools.
- Docs: counts 397->398, RELEASE note.
This commit is contained in:
CyberSecurityUP
2026-07-09 19:46:55 -03:00
parent a50178ae71
commit f2971b6630
5 changed files with 96 additions and 6 deletions
+2 -2
View File
@@ -11,7 +11,7 @@
<img src="https://img.shields.io/badge/Version-3.5.5-blue?style=flat-square">
<img src="https://img.shields.io/badge/Harness-Rust%20%7C%20tokio-e6b673?style=flat-square">
<img src="https://img.shields.io/badge/License-MIT-green?style=flat-square">
<img src="https://img.shields.io/badge/MD%20Agents-397-red?style=flat-square">
<img src="https://img.shields.io/badge/MD%20Agents-398-red?style=flat-square">
<img src="https://img.shields.io/badge/Models-14%20providers-success?style=flat-square">
<img src="https://img.shields.io/badge/Modes-Black%20%7C%20White%20%7C%20Grey%20%7C%20Host-9cf?style=flat-square">
<img src="https://img.shields.io/badge/Auth-API%20key%20%7C%20Subscription-orange?style=flat-square">
@@ -44,7 +44,7 @@ LLMs** — via **API key** or local **subscription** (Claude Code / Codex / Gemi
Grok) — recons the target, **intelligently selects only the agents that match the
discovered surface**, runs them in parallel, **chains** findings into deeper
impact, and **validates every claim by cross-model voting + tool-receipt
grounding** before reporting. It ships **397 markdown agents** and a **Mission
grounding** before reporting. It ships **398 markdown agents** and a **Mission
Control TUI**.
### Engagement modes