ghostonbutterbread/live-map
skills/live-map/SKILL.md
Build runtime application maps from browser exploration, proxy traffic, manual observations, or hybrid source/runtime evidence.
development
Updated May 28, 2026
$ install --global
skillsauthnpx skillsauth add ghostonbutterbread/bug-bounty-harness live-mapInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 28, 2026, 2:29 AM137.7s1 file scanned
SKILL.md
- name:
- live-map
- description:
- Build runtime application maps from browser exploration, proxy traffic, manual observations, or hybrid source/runtime evidence.
Live Map
Use this when an agent needs to explore a live app without being told the vulnerability class.
/live-map complements /appmap:
/appmapmaps local source or extracted binaries./live-mapmaps runtime behavior from browser navigation, proxy traffic, and manual observations./mental-mapremains the detailed flow-note workflow;/live-mapwrites the universal JSONL map that other skills can query.
Load Order
- Read
$HARNESS_ROOT/prompts/live-map-playbook.md. - Read scope, live-testing policy, and approved account context.
- Initialize or load
$HARNESS_SHARED_BASE/{program}/agent_shared/application-map/. - Capture or ingest one small exploration slice at a time.
- Build bounded handoff packets before spawning child agents.
Commands
cd "${HARNESS_ROOT:-$HOME/projects/bug_bounty_harness}"
python3 agents/live_map.py init <program>
python3 agents/live_map.py add-route <program> --url https://target.example/my-account?id=123 --auth-state user-a --source browser
python3 agents/live_map.py add-route <program> --url https://target.example/admin --source browser --blind-mode
python3 agents/live_map.py ingest <program> --input observations.jsonl --source proxy
python3 agents/live_map.py ingest <program> --input observations.jsonl --source browser --blind-mode
python3 agents/live_map.py build-handoffs <program> --skill access-control
python3 agents/live_map.py build-handoffs <program> --skill access-control --blind-mode
python3 agents/live_map.py summary <program>
Output
Writes to:
$HARNESS_SHARED_BASE/{program}/agent_shared/application-map/
Primary artifacts:
routes.jsonlflows.jsonlobjects.jsonlauth-boundaries.jsonlstate-actions.jsonlhypotheses.jsonlhandoffs/*.jsonsummary.md
Child-Agent Rule
Do not pass page titles, lab titles, external Academy/training-platform hrefs, solution text, raw proxy dumps, cookies, bearer tokens, passwords, or broad app history to child agents.
For PortSwigger or any training target that exposes the lab name in the page chrome, use --blind-mode while ingesting observations and while building packets. The map should store neutral runtime observations, not lab titles or challenge hints. Blind packets also include browser redaction JavaScript that the parent/scout can run before child snapshots.
When extracting links in blind mode, keep same-origin links only. Discard external Academy/training-platform URLs before logging or handing data to child agents; their slugs can reveal the lab.
Pass only the handoff packet plus the relevant skill pack. The child should treat map entries as exploration leads, not proof.
Related Skills
ghostonbutterbread/request-exploration
testing
VerifiedTrustedCommunity
Systematic live request mutation: flip booleans, field ops, headers, content-type, parser differentials, replay vs intercept, null/empty testing. Inherits live-testing-policy scope/rate/ownership rules.
SKILL.mdUpdated Jun 13, 2026
ghostonbutterbread/password-reset
development
VerifiedTrustedCommunity
Test password reset, forgot-password, reset-token, email reset, and account recovery flows for account takeover risks.
SKILL.mdUpdated Jun 13, 2026
ghostonbutterbread/intelligent-fuzzing
tools
VerifiedTrustedCommunity
Targeted param/field discovery using tech stack clues, naming conventions, and controlled-rate ffuf — then feeds findings into request-exploration for mutation. Not brute-force; informed and scoped.
SKILL.mdUpdated Jun 13, 2026
ghostonbutterbread/create-account
testing
VerifiedTrustedCommunity
Ghost-only workflow for creating approved bug bounty test accounts and saving credential references.
SKILL.mdUpdated Jun 13, 2026