CyberSecurityUP
|
f2971b6630
|
train agent with bug-bounty techniques: methodology meta-agent + recon tricks
- New meta/bugbounty_methodology.md (library 398): distilled high-signal techniques
from public writeups (HackerOne Hacktivity, KingOfBugBounty, Awesome-Bugbounty-
Writeups, bug-bounty-reference, top hunters) — hunter mindset + per-class tricks
(IDOR/BOLA, 403 bypass, account takeover, SSRF->cloud, business logic/race, cache
poisoning, subdomain takeover, GraphQL), chaining and reporting.
- RECON_SYS gains KingOfBugBounty-style recon: subdomain enum (crt.sh/subfinder/
amass->httpx), historical URLs (gau/waybackurls/katana), gf patterns, param mining
(arjun+JS/wayback), content discovery (ffuf/feroxbuster), classic exposure checks
(.git/.env/swagger/actuator, dangling CNAMEs). Degrades to installed tools.
- Docs: counts 397->398, RELEASE note.
|
2026-07-09 19:46:55 -03:00 |
|