ghostonbutterbread/pullscope
skills/pullscope/SKILL.md
Use when pulling bug bounty scope, checking in-scope assets, fetching HackerOne, Bugcrowd, or Intigriti program scope, or initializing normalized target lists before recon or testing.
testing
Updated May 26, 2026
$ install --global
skillsauthnpx skillsauth add ghostonbutterbread/bug-bounty-harness pullscopeInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 26, 2026, 2:30 AM46.6s2 files scanned
SKILL.md
- name:
- pullscope
- description:
- Use when pulling bug bounty scope, checking in-scope assets, fetching HackerOne, Bugcrowd, or Intigriti program scope, or initializing normalized target lists before recon or testing.
Pullscope — Fetch Bug Bounty Scope
What It Does
Fetches and parses scope from bug bounty platforms (HackerOne, Bugcrowd, Intigriti).
Invocation
/pullscope <program>
Usage
/pullscope superdrug
/pullscope h1/superdrug
/pullscope superdrug --platform hackerone
/pullscope canva --platform bugcrowd
Output
~/Shared/scopes/{program}/
├── in-scope.txt # All in-scope domains/URLs
├── assets.json # Normalized target groups/assets
├── rules-of-engagement.json # Platform, source URL, rules text, machine tags
├── program-policy.md # Human-readable policy summary
└── raw/ # Raw platform response snapshots
How It Works
- Fetches program page from platform
- Parses domains, URLs, target groups, platform metadata, and rules-of-engagement when available
- Saves to canonical scope directory
- Scope readers prefer
~/Shared/scopes/{program}/and fall back to legacy~/Shared/bounty_recon/{program}/scope/
For Bugcrowd, public /engagements/<program> scraping is the default. Use --api only when an authenticated API path is intentionally implemented and configured.
Related
- scope_manager.py — validates targets against scope
- All harnesses check scope before testing
Related Skills
ghostonbutterbread/request-exploration
testing
VerifiedTrustedCommunity
Systematic live request mutation: flip booleans, field ops, headers, content-type, parser differentials, replay vs intercept, null/empty testing. Inherits live-testing-policy scope/rate/ownership rules.
SKILL.mdUpdated Jun 13, 2026
ghostonbutterbread/password-reset
development
VerifiedTrustedCommunity
Test password reset, forgot-password, reset-token, email reset, and account recovery flows for account takeover risks.
SKILL.mdUpdated Jun 13, 2026
ghostonbutterbread/intelligent-fuzzing
tools
VerifiedTrustedCommunity
Targeted param/field discovery using tech stack clues, naming conventions, and controlled-rate ffuf — then feeds findings into request-exploration for mutation. Not brute-force; informed and scoped.
SKILL.mdUpdated Jun 13, 2026
ghostonbutterbread/create-account
testing
VerifiedTrustedCommunity
Ghost-only workflow for creating approved bug bounty test accounts and saving credential references.
SKILL.mdUpdated Jun 13, 2026