BugHunter: Open-Source Bug Bounty Toolkit Now Supports Free AI Providers Like Ollama and Groq
BugHunter, an open-source toolkit built on Claude Code, now supports free AI providers including Ollama and Groq, automating vulnerability discovery and report generation for bug bounty hunters.
A new open-source bug bounty hunting toolkit called BugHunter, built on top of Anthropic's Claude Code and now extended to support free AI providers like Ollama and Groq, is gaining traction in the security research community for automating the full vulnerability discovery and reporting pipeline. Developed by security researcher Shuvon Md Shariar Shanaz and hosted on GitHub, BugHunter covers every phase of a bug bounty engagement: subdomain enumeration, live host discovery, vulnerability testing across 20+ Web2 and 10 Web3 bug classes, finding validation via a 7-Question Gate, and submission-ready report generation for HackerOne, Bugcrowd, Intigriti, and Immunefi, all from a single terminal command.
Previously limited to users with a Claude Code or Claude Pro subscription, BugHunter now ships as a fully standalone CLI tool — the bughunter command — powered by free and low-cost AI providers. The update significantly lowers the barrier to entry for independent researchers. Free provider support includes Ollama (fully offline, runs locally at zero cost), Groq (free cloud tier with very fast inference speeds), and DeepSeek (cloud-based at approximately $0.001 per 1,000 tokens). Claude API and OpenAI remain available as paid options. BugHunter auto-detects providers in priority order (Ollama → Groq → DeepSeek → Claude → OpenAI), defaulting to the most cost-efficient available option. Researchers can switch providers at any time via bughunter setup.
Once installed, the toolkit exposes a structured CLI that mirrors a professional bug bounty workflow: bughunter recon target.com for attack surface mapping, bughunter hunt target.com for multi-class vulnerability testing, bughunter validate "finding" for the 7-Question Gate validation, bughunter report for generating platform-specific submissions, and bughunter chat for an interactive AI hunting shell. The 7-Question Gate, executed during the validate command, is designed to eliminate weak or duplicate findings before a researcher wastes time on a submission. Internally, the toolkit orchestrates approximately 35 scanning tools including subfinder, httpx, nuclei, katana, ffuf, and dalfox, with missing tools skipped gracefully rather than causing hard errors.
One technically notable capability is cross-session memory persistence. BugHunter logs findings and discovered patterns to a JSONL-based memory store, allowing vulnerability patterns identified on one target to surface as context when testing a new one. Session state is preserved across restarts, so researchers can resume interrupted hunts prioritizing untested endpoints via bughunter pickup target.com. This feature enables a more continuous and context-aware hunting experience, reducing redundant testing and helping researchers build on prior knowledge.
Beyond traditional web application testing, BugHunter includes a dedicated smart contract audit mode covering 10 vulnerability classes, including reentrancy, flash loan attacks, oracle manipulation, and proxy/upgrade flaws. A token auditor module also scans for rug pull indicators, mint authority, LP lock status, honeypot detection, and bonding curve anomalies — relevant to Immunefi-style Web3 programs. Nine specialized AI agents handle individual tasks within the pipeline: a recon agent, report writer, validator, Web3 auditor, chain builder, autopilot, recon ranker, token auditor, and credential hunter with built-in legal guardrails that hard-stop before any credential spraying activity.
The toolkit installs as a Claude Code plugin, a standalone CLI, or into alternative agent harnesses including OpenCode, Pi Agent, and Codex, making it one of the more versatile open-source offerings in AI-assisted bug bounty automation currently available on GitHub. By integrating free AI providers and supporting both Web2 and Web3 testing, BugHunter democratizes access to advanced automated vulnerability discovery for independent researchers and small security teams alike.