An autonomous multi-agent AI system built with LangGraph that automatically discovers, analyzes, and reports security vulnerabilities in GitHub repositories to earn bug bounties.
- Repository Scanner Agent: Automatically discovers GitHub repositories with potential vulnerabilities
- Vulnerability Analyzer Agent: Performs static code analysis using Semgrep and Bandit
- Exploit Generator Agent: Creates proof-of-concept exploits for discovered vulnerabilities
- Report Writer Agent: Generates professional bug bounty reports
- Submission Agent: Automatically submits reports to bug bounty platforms
- π Automated Repository Discovery: Searches for high-value targets with smart filtering
- π‘οΈ Multi-Tool Security Analysis: Integrates Semgrep and Bandit for comprehensive scanning
- π° Bounty Estimation: Intelligent bounty value estimation based on vulnerability severity
- π Professional Report Generation: AI-powered bug report writing with industry standards
- π― Multi-Platform Submission: Supports HackerOne and Bugcrowd platforms
- πΎ State Persistence: LangGraph memory system for session continuity
- Anthropic API Key - For Claude AI model
- GitHub Token - For repository access
- HackerOne API Token - For bug report submission
- Bugcrowd API Token - For bug report submission
-
Clone the repository:
git clone <your-repo-url> cd bounty-agent
-
Create virtual environment:
python -m venv .venv source .venv/bin/activate # On Windows: .venv\Scripts\activate
-
Install dependencies:
pip install -r requirements.txt
OR
-
Install external tools:
pip install langgraph langchain-anthropic github semgrep bandit
-
Create a
.envfile in the project root:ANTHROPIC_API_KEY=your_anthropic_api_key_here GITHUB_TOKEN=your_github_token_here HACKERONE_API_TOKEN=your_hackerone_api_token_here BUGCROWD_API_TOKEN=your_bugcrowd_api_token_here
-
Configuration Options:
MAX_CONCURRENT_SCANS: Maximum number of concurrent repository scans (default: 5)EARNINGS_THRESHOLD: Minimum estimated bounty value to report (default: $100)
python main.py- Repository Discovery: The system searches GitHub for repositories with potential vulnerabilities
- Vulnerability Analysis: Each repository is cloned and analyzed using Semgrep and Bandit
- Exploit Generation: AI creates proof-of-concept exploits for discovered vulnerabilities
- Report Writing: Professional bug bounty reports are generated
- Submission: Reports are automatically submitted to HackerOne and Bugcrowd
- Earnings Tracking: The system tracks estimated earnings from submitted reports
Repository Scanner β Vulnerability Analyzer β Exploit Generator β Report Writer β Submission Agent
The system maintains state across the workflow including:
- Current repository being analyzed
- Scan results and vulnerabilities found
- Generated exploits and reports
- Submission status and earnings
- Searches GitHub for repositories with specific criteria
- Filters by language, stars, and update frequency
- Prioritizes repositories without security policies
- Uses Semgrep for general security pattern detection
- Employs Bandit for Python-specific security issues
- Focuses on high-impact vulnerability types:
- SQL Injection
- Cross-Site Scripting (XSS)
- Authentication bypasses
- Input validation issues
- Cryptographic weaknesses
- Creates non-destructive proof-of-concept exploits
- Explains attack vectors and impact
- Provides remediation recommendations
- Generates professional bug bounty reports
- Includes executive summary, technical details, and impact assessment
- Follows industry-standard formats
- Automatically submits to multiple platforms
- Handles API authentication and rate limiting
- Tracks submission status and responses
The system uses intelligent bounty estimation based on:
- Vulnerability Severity: Critical ($2000), High ($1000), Medium ($300), Low ($100)
- Vulnerability Type Multipliers:
- Remote Code Execution: 3.0x
- Authentication Bypass: 2.5x
- SQL Injection: 2.0x
- Cross-Site Scripting: 1.5x
- Path Traversal: 1.3x
- CSRF: 1.2x
- All exploits are proof-of-concept only
- No destructive actions are performed
- Follows responsible disclosure practices
- Respects GitHub API rate limits
- Implements delays between repository scans
- Limits concurrent operations
- Comprehensive logging of all operations
- Real-time progress tracking
- Error logging and recovery
- Earnings tracking and reporting
- API Rate Limits: Reduce
MAX_CONCURRENT_SCANSif hitting rate limits - Missing Dependencies: Ensure Semgrep and Bandit are installed
- Authentication Errors: Verify all API tokens are valid
- Permission Issues: Ensure proper file system permissions for cloning
Set logging level to DEBUG in the code:
logging.basicConfig(level=logging.DEBUG)- Fork the repository
- Create a feature branch
- Make your changes
- Add tests if applicable
- Submit a pull request
This tool is for educational and authorized security testing purposes only. Users are responsible for:
- Obtaining proper authorization before testing
- Complying with all applicable laws and regulations
- Following responsible disclosure practices
- Respecting platform terms of service
This project is licensed under the MIT License - see the LICENSE file for details.
- Support for additional programming languages
- Integration with more bug bounty platforms
- Advanced machine learning for vulnerability prediction
- Real-time monitoring and alerting
- Web dashboard for monitoring and control