feat(arsenal): HackerOne disclosed-reports reference agent + methodology trim#1
Closed
Ap6pack wants to merge 10 commits into
Closed
Conversation
Correct formatting and improve readability of the About section.
The v2.1.1 changelog and §16.24 validation note referenced 'shreecement.com' as the real-engagement smoke-test target. While that recon was passive-only OSINT against publicly listed corp infra (no creds collected, no active probes from this skill), the company name is unnecessary attribution that doesn't belong in a public skill. Replaced with generic 'internal smoke test' / 'real-engagement smoke run' framing. Public OSINT findings stay in operator's notes, not in the skill text. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Fix formatting issues in the skills list.
…55 lines - Compress implementation-detail sections to offensive-osint pointers - Remove duplicate content covered by companion skill - Retain core framework: confidence levels, pipeline, asset graph, severity rubric
Contributor
There was a problem hiding this comment.
Pull request overview
Refactors the osint-methodology skill to focus on methodology/framework guidance while relocating detailed implementation tradecraft to the companion offensive-osint skill, significantly reducing document size and updating repo documentation accordingly.
Changes:
- Compressed multiple implementation-detail sections into a short pointer block referencing
offensive-osint. - Consolidated specialty OSINT domains into a single summarized section while retaining core methodology (pipeline, confidence, asset graph, severity, OpSec).
- Updated
README.mdline counts and added an[Unreleased]changelog entry describing the refactor and renumbering.
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| skills/osint-methodology/SKILL.md | Major restructuring/condensation of methodology skill; adds companion-skill pointers and renumbers sections. |
| README.md | Updates headline stats and osint-methodology line-count reference. |
| CHANGELOG.md | Adds [Unreleased] entry documenting the refactor and section renumbering. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Contains operational details (H1 handle, scope targets, engagement methodology) that should not be public. File remains local only. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Protects findings/, refreshSession.js, mcp-proxy.jar, and engagement-specific skills from accidental public exposure. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Ap6pack
force-pushed
the
refactor/osint-methodology-trim-to-500-lines
branch
from
77fce4b to
a99ab6a
Compare
Adds scripts/h1_reference.py — a stdlib-only script that queries HackerOne's public GraphQL API for disclosed reports, surfacing community-validated findings during recon without requiring an API key. Supports top-voted, top-bounty, keyword search (with pagination), severity filter, CWE filter, and program-specific lookups. Works around three empirically discovered H1 server crashes (named vars + substate filter, disclosed_at field + substate filter, sort + substate filter). Documents the tool in offensive-osint §29.3 so it loads automatically into context during recon sessions. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Five gaps found when reviewing repo governance docs before proposing upstream: 1. Script was at scripts/ (root) — moved to skills/offensive-osint/scripts/ to match the established secret_scan.py pattern. 2. §29.3 path references updated throughout SKILL.md to match new location. 3. Six trigger phrases added to offensive-osint YAML frontmatter: hackerone reference, h1 hacktivity, disclosed reports, community bug reports, prior disclosures, bug bounty reference. 4. CHANGELOG.md updated under [Unreleased] with full feature description. 5. README.md updated: directory tree and Secret & Credential Hunting capability table both reference h1_reference.py. 6. Smoke-test prompt #33 added to tests/smoke-test-prompts.md with expected behavior and pass criteria. Aggregate updated to 36 prompts. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Ap6pack
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two independent improvements on this branch:
1. New tool — HackerOne hacktivity reference agent
skills/offensive-osint/scripts/h1_reference.py— stdlib-only Python script (no API key, no deps) that queries HackerOne's public GraphQL API for disclosed reports and surfaces community-validated findings during recon.New section
offensive-osint §29.3documents the tool with copy-paste commands for:--top-voted)--query "SSRF" --pages 10)--top-bounty)--program <handle>)python3 skills/offensive-osint/scripts/h1_reference.py --top-voted --limit 25 python3 skills/offensive-osint/scripts/h1_reference.py --top-voted --query "SSRF|OAuth" --pages 10 python3 skills/offensive-osint/scripts/h1_reference.py --top-bounty --severity critical high python3 skills/offensive-osint/scripts/h1_reference.py --program shopify --pages 3Three H1 GraphQL server bugs were discovered empirically and worked around (documented in the script and §29.3):
disclosed_atfield + substate filter → server 5002. Methodology trim
osint-methodology/SKILL.mdreduced from 1,694 → 455 lines. Removed sections that duplicate the arsenal skill (§11–§15, §27–§29 original) and collapsed specialty domains into a pointer block. Retained full strategic core: pipeline, asset graph, severity rubric, confidence upgrade workflows, OpSec, anti-patterns.3. Governance hygiene
.gitignoreupdated to exclude local engagement artifacts.CONTRIBUTING checklist
CHANGELOG.mdupdated under[Unreleased]README.mddirectory tree and capability table updatedoffensive-osintYAML frontmatter:hackerone reference,h1 hacktivity,disclosed reports,community bug reports,prior disclosures,bug bounty referenceskills/offensive-osint/scripts/matchingsecret_scan.pyconvention<type>(<scope>): <subject>formatSample prompt exercising §29.3
Expected behavior: Pulls
offensive-osint §29.3; providesh1_reference.pycommand with--top-voted --query "SSRF|OAuth" --pages 10; does NOT invent report URLs or fabricate findings.Test plan
python3 skills/offensive-osint/scripts/h1_reference.py --top-voted --limit 5— verify live results returnedpython3 skills/offensive-osint/scripts/h1_reference.py --top-voted --query "XSS" --pages 3— verify keyword filtering🤖 Generated with Claude Code