Universal AI agent skill arsenal for bug bounty hunters and crypto researchers.
git clone https://github.com/ouwibo/awskill
cd awskill
bash install.sh| Category | Skills |
|---|---|
| Security & Penetration Testing | 128 |
| Developer Tools | 29 |
| Web & Frontend Development | 19 |
| Content & Documents | 18 |
| AI & Agent Automation | 17 |
| SEO & Marketing | 13 |
| Finance & Crypto | 12 |
| Productivity & Utilities | 12 |
| Total | 254 |
| Tool | Purpose |
|---|---|
subfinder |
Subdomain discovery |
httpx |
HTTP probing |
nuclei |
Template-based vulnerability scanning |
katana |
Web crawler |
gau |
Fetch all known URLs |
dnsx |
DNS toolkit |
ffuf |
Fast web fuzzer |
nmap |
Network scanner |
dalfox |
XSS scanner |
sqlmap |
SQL injection |
trufflehog |
Secrets scanning |
gitleaks |
Git secrets detection |
slither |
Solidity static analyzer |
arjun |
HTTP parameter discovery |
python3 scripts/tools/scan.py target.com
python3 scripts/tools/scan.py target.com --mode recon
python3 scripts/tools/scan.py target.com --mode full
python3 scripts/tools/scan.py target.com --mode xss
python3 scripts/tools/scan.py target.com --mode sqli
python3 scripts/tools/scan.py target.com --mode secretspython3 scripts/tools/crypto_audit.py 0xCONTRACT_ADDRESS
python3 scripts/tools/crypto_audit.py https://github.com/org/repo
python3 scripts/tools/crypto_audit.py https://project.iopython3 scripts/awskill.py --list
python3 scripts/awskill.py --search xss
python3 scripts/awskill.py --cat "Security & Penetration Testing"
python3 scripts/awskill.py --run bug-bounty| Command | Description |
|---|---|
/recon |
Full reconnaissance on a target |
/hunt |
Start a bug bounty hunt |
/validate |
Validate a finding |
/report |
Generate a bug report |
/autopilot |
Fully automated hunting |
/bypass-403 |
Bypass 403/401 responses |
/chain |
Chain vulnerabilities |
/cloud-recon |
Cloud asset discovery |
/intel |
OSINT and intelligence gathering |
/scope |
Define target scope |
/secrets-hunt |
Hunt for exposed secrets |
/takeover |
Subdomain takeover check |
/token-scan |
Scan for exposed tokens |
/triage |
Triage and prioritize findings |
/scan-cves |
Scan for known CVEs |
/param-discover |
Parameter discovery |
/surface |
Attack surface mapping |
/arsenal |
List available tools |
/web3-audit |
Smart contract audit |
/scope-aggregate |
Aggregate scope across programs |
/pickup |
Resume a previous session |
/remember |
Save context to memory |
/memory-gc |
Clear agent memory |
- Python 3.8+
- Go 1.21+ (auto-installed by
install.shif missing) - Linux / macOS
See CONTRIBUTING.md for guidelines on adding skills, tools, and documentation.
This toolkit is for authorized security research only. See SECURITY.md for responsible use policy and vulnerability reporting.
See CHANGELOG.md for release history.
MIT — free to use, fork, and contribute.
by ouwibo