hunt-source-leak

Solid

Hunt source code and build artifact leakage — JavaScript source maps (.js.map) reconstructing TypeScript/ES6 source, Swagger/OpenAPI JSON endpoint discovery, .env/.git exposure, webpack chunks with hardcoded secrets, robots.txt/security.txt recon, build-info files, asset-manifest.json API route discovery, .DS_Store file listing. Use at the START of every recon session — these findings often unlock the entire attack surface.

AI & Automation 1,912 stars 279 forks Updated 3 days ago NOASSERTION

Install

View on GitHub

Quality Score: 86/100

Stars 20%

100

Recency 20%

100

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# HUNT-SOURCE-LEAK — Source Code & Build Artifact Leakage ## Crown Jewel Targets Source map exposing TypeScript source = see all API routes, auth logic, secrets. Swagger/OpenAPI JSON = complete API surface map. **Highest-value findings:** - **`.js.map` source maps** — reconstruct full TypeScript/ES6 source code → find hardcoded API keys, internal endpoints, auth logic bypasses - **`swagger.json` / `openapi.json`** — complete REST API specification with all endpoints, parameters, auth schemes, and internal route names - **`.env` / `.env.production`** — APP_KEY, DB_PASSWORD, API_KEY, SECRET_KEY in plaintext - **`.git/` exposure** — `git clone` the entire source history → all past hardcoded secrets - **`asset-manifest.json` / `_next/static/`** — all JS bundle paths → systematic source map discovery - **`build-info` / `info.json`** — git commit hash, build timestamp, dependency versions → CVE targeting --- ## Phase 1 — Quick Wins (Run First) ```bash # These 10 requests take <30 seconds and often yield Critical findings for PATH in \ "/.env" \ "/.env.production" \ "/.env.local" \ "/.git/HEAD" \ "/swagger.json" \ "/api/swagger.json" \ "/v1/swagger.json" \ "/openapi.json" \ "/api/openapi.json" \ "/api-docs"; do STATUS=$(curl -s -o /tmp/sl_test -w "%{http_code}" "https://$TARGET$PATH") if [ "$STATUS" = "200" ]; then echo "[+] HIT: https://$TARGET$PATH" head -5 /tmp/sl_test echo "---" fi done ``` --- ## Phase 2 — Source Map Discovery ```b...

Details

Author: elementalsouls
Repository: elementalsouls/Claude-BugHunter
Created: 1 months ago
Last Updated: 3 days ago
Language: Python
License: NOASSERTION

Integrates with

Anthropic · AI REST API · API

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Solid

hunt-nodejs

Hunt Node.js specific vulnerabilities — Prototype Pollution → RCE chains (lodash/merge/assign), Express trust proxy misconfiguration, child_process/eval injection, template engine SSTI (EJS/Pug/Handlebars), path traversal in file servers, require() injection, environment variable exfil via /proc/self/environ. Use when target runs Node.js/Express/Fastify/NestJS/Koa.

1,912 Updated 3 days ago

elementalsouls

Web & Frontend Listed

web2-recon

Web2 recon pipeline — subdomain enumeration (subfinder, Chaos API, assetfinder), live host discovery (dnsx, httpx), URL crawling (katana, waybackurls, gau), directory fuzzing (ffuf), JS analysis (LinkFinder, SecretFinder), continuous monitoring (new subdomain alerts, JS change detection, GitHub commit watch). Use when starting recon on any web2 target or when asked about asset discovery, subdomain enum, or attack surface mapping.

1 Updated today

Mikacr1138

Web & Frontend Solid

hunt-nextjs

Hunt Next.js specific vulnerabilities — Server Actions arbitrary function execution, Middleware auth bypass via static asset paths, ISR cache poisoning, Image Optimization SSRF (/_next/image), RSC payload leakage, getServerSideProps injection, source map exposure, debug endpoint leakage. Use when target runs Next.js 13/14/15 or any React SSR framework.

1,912 Updated 3 days ago

elementalsouls