Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

ghostonbutterbread/recon

Name: recon
Author: ghostonbutterbread

skills/recon/SKILL.md

npx skillsauth add ghostonbutterbread/bug-bounty-harness recon

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Reconnaissance

Enumerate targets, discover endpoints, map attack surface.

Required Preflight

Read shared state in this order before testing:

notes/summary.md
notes/observations.md
checklist.md (recon items only)
todo.md (recon items only)

Primary Harness

Use agents/autonomous_recon.py for the default one-shot recon pipeline. It handles discovery, crawling, technology fingerprinting, JS extraction, secret scanning, and artifact organization.

python agents/autonomous_recon.py --target https://target.com --program target

Mode Matrix

| Mode | Use When | What It Produces | |------|----------|------------------| | discover | You need host, port, header, and WAF fingerprints | Ports, services, tech, and headers | | crawl | You need reachable pages, forms, params, and JS files | URLs, forms, parameters, and JS references | | analyze | You need follow-up signal from fetched content | Secrets, API endpoints, and interesting paths | | organize | You need durable artifacts for later modules | Shared recon output files and summary |

Primary Commands

# Full recon run
python agents/autonomous_recon.py --target https://target.com --program target

# Let the script derive the program from the host
python agents/autonomous_recon.py --target https://app.target.com

CLI Notes

`agents/autonomous_recon.py`

| Option | Description | |--------|-------------| | --target | Target URL or domain (required) | | --program | Program name for shared storage; derived from host if omitted |

Files

Playbook: $HARNESS_ROOT/prompts/recon-playbook.md
Shared Root: $HARNESS_SHARED_BASE/{program}/agent_shared/
Recon Findings: $HARNESS_SHARED_BASE/{program}/agent_shared/findings/recon/findings.md
Recon Artifacts: $HARNESS_SHARED_BASE/{program}/agent_shared/findings/recon/

Workflow

Complete the required preflight reads in shared state order.
Read prompts/recon-playbook.md.
Run agents/autonomous_recon.py for the target host or domain.
Promote only durable surface-mapping outcomes into findings.
Write findings to agent_shared/findings/recon/findings.md.
Update recon entries in checklist.md, todo.md, and relevant notes.

ghostonbutterbread/recon

skills/recon/SKILL.md

Use when doing reconnaissance, enumerating targets, discovering endpoints, mapping attack surface, collecting domains, probing services, or preparing targets for security testing.

testing

Updated Apr 23, 2026

$ install --global

skillsauth

npx skillsauth add ghostonbutterbread/bug-bounty-harness recon

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 23, 2026, 3:40 AM198.5s1 file scanned

SKILL.md

name:: recon
description:: Use when doing reconnaissance, enumerating targets, discovering endpoints, mapping attack surface, collecting domains, probing services, or preparing targets for security testing.

Reconnaissance

Enumerate targets, discover endpoints, map attack surface.

Required Preflight

Read shared state in this order before testing:

notes/summary.md
notes/observations.md
checklist.md (recon items only)
todo.md (recon items only)

Primary Harness

Use agents/autonomous_recon.py for the default one-shot recon pipeline. It handles discovery, crawling, technology fingerprinting, JS extraction, secret scanning, and artifact organization.

python agents/autonomous_recon.py --target https://target.com --program target

Mode Matrix

Primary Commands

# Full recon run
python agents/autonomous_recon.py --target https://target.com --program target

# Let the script derive the program from the host
python agents/autonomous_recon.py --target https://app.target.com

CLI Notes

`agents/autonomous_recon.py`

| Option | Description | |--------|-------------| | --target | Target URL or domain (required) | | --program | Program name for shared storage; derived from host if omitted |

Files

Playbook: $HARNESS_ROOT/prompts/recon-playbook.md
Shared Root: $HARNESS_SHARED_BASE/{program}/agent_shared/
Recon Findings: $HARNESS_SHARED_BASE/{program}/agent_shared/findings/recon/findings.md
Recon Artifacts: $HARNESS_SHARED_BASE/{program}/agent_shared/findings/recon/

Workflow

Complete the required preflight reads in shared state order.
Read prompts/recon-playbook.md.
Run agents/autonomous_recon.py for the target host or domain.
Promote only durable surface-mapping outcomes into findings.
Write findings to agent_shared/findings/recon/findings.md.
Update recon entries in checklist.md, todo.md, and relevant notes.

Related Skills

ghostonbutterbread/ato

testing

VerifiedTrustedCommunity

Route account takeover testing across password reset, recovery, SSO/OAuth, account linking, MFA, email change, session, invite, and identity-binding flows.

SKILL.mdUpdated Jun 5, 2026

ghostonbutterbread/ato

ghostonbutterbread/url-ingest

testing

VerifiedTrustedCommunity

Use when importing, indexing, filtering, queueing, checking, or marking recon URLs in the SQLite-backed per-lane URL review tracker.

SKILL.mdUpdated Jun 4, 2026

ghostonbutterbread/url-ingest

ghostonbutterbread/payment-testing

testing

VerifiedTrustedCommunity

Route checkout, billing, subscriptions, coupons, credits, gift cards, invoices, refunds, payment authorization, and paid-entitlement testing into safe zero-dollar-first workflows.

SKILL.mdUpdated Jun 4, 2026

ghostonbutterbread/payment-testing

ghostonbutterbread/intercepted-proxy

data-ai

VerifiedTrustedCommunity

Launch scoped browsers through the correct Caido proxy, enable live intercept or Tamper one lane at a time, modify selected requests, forward them, then disable intercept.

SKILL.mdUpdated Jun 4, 2026

ghostonbutterbread/intercepted-proxy

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/ghostonbutterbread/bug-bounty-harness.git

# Copy into Claude Code skills folder (global)
cp -r bug-bounty-harness/skills/recon ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

ghostonbutterbread/bug-bounty-harness

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT