Bug Bounty MCP Server

# Full End-to-End Vulnerability Assessment Prompt Template **Version:** 1.1 **Date:** October 12, 2025 **Purpose:** Comprehensive security testing of bug bounty programs **Tools:** All 28 available MCP bug bounty tools including traffic analysis --- ## 📋 Master Prompt for Complete Vulnerability Assessment Copy and paste this prompt to run a full security assessment: --- ### **PROMPT START** ``` I need you to perform a COMPLETE end-to-end vulnerability assessment and security audit on the following bug bounty program. Use ALL available tools and create comprehensive documentation. PROGRAM DETAILS: - Program Name: [PROGRAM_NAME] - Platform: [hackerone/bugcrowd/intigriti/yeswehack/custom] - Primary Domain: [example.com] - Additional Domains: [example.io, example.net] (if any) - Program URL: [https://hackerone.com/program-name] SCOPE INFORMATION: In-Scope Domains: - *.example.com - *.example.io - api.example.com In-Scope IPs/CIDR (if any): - 192.168.1.0/24 - 10.0.0.5 Out-of-Scope (if any): - *.test.example.com - blog.example.com ASSESSMENT REQUIREMENTS: Phase 1: Program Setup & Validation 1. Add the program to bug bounty MCP with all scope details 2. Validate all in-scope targets before any testing 3. Get and display program scope information 4. Verify targets are actually in scope Phase 2: Reconnaissance & Asset Discovery 5. Basic subdomain enumeration (passive) for ALL in-scope domains 6. Advanced subdomain enumeration (amass active mode) for primary domains 7. Web crawling and spidering (gospider + katana) on main applications 8. DNS enumeration for each primary domain 9. Technology detection on main web properties (www, api, app, etc.) 10. Port scanning (quick scan) on critical infrastructure 11. Fast network scanning (masscan) on discovered IP ranges 12. SSL/TLS analysis on all HTTPS endpoints 13. API endpoint discovery on main applications 14. Screenshot reconnaissance for visual analysis 15. Git repository discovery and secret scanning 16. Cloud asset enumeration (AWS/Azure/GCP) 17. Certificate transparency log monitoring 18. Email harvesting and OSINT collection Phase 3: Automated Vulnerability Scanning 19. Nuclei scans (critical/high/medium severity) on: - Main website - API endpoints - Staging/development environments - Admin/dashboard portals - Mobile API endpoints - Any discovered subdomains of interest 20. XSS scanning on: - Main application - User input forms - Search functionality - Comment sections 21. Parameter fuzzing on: - API endpoints - Query parameters - Hidden parameters 22. Path fuzzing on: - Main domain - API endpoints - Admin paths Phase 4: Deep Analysis and Custom Testing 23. SSL/TLS analysis for: - Certificate validity - Cipher suite weaknesses - Protocol vulnerabilities 24. Technology detection for all discovered assets 25. Screenshot reconnaissance for visual analysis 26. Git repository reconnaissance for: - Public repositories - Potential secret exposures 27. LDAP/Active Directory enumeration (if in scope) 28. Port scanning for discovered services 29. Network scanning of infrastructure Phase 4.5: Traffic Interception & Analysis (NEW!) 30. Start traffic interception with mitmproxy on localhost:8080 31. Configure browser/application to use proxy 32. Capture traffic during manual browsing of main application 33. Analyze captured traffic flows for: - Authentication mechanisms - API endpoints and parameters - Session handling - Sensitive data in requests/responses 34. Extract all API endpoints from captured traffic 35. Identify hidden parameters and endpoints not found by crawling Phase 5: Data Analysis & Reporting 18. Export all findings from scans 19. Get complete statistics for the program 20. Generate comprehensive vulnerability report Phase 6: Documentation & Deliverables 21. Create detailed reconnaissance report including: - Executive summary - Total subdomains found with categorization - High-value targets identified - Technology stack analysis - All scan results organized by severity - Recommendations for manual testing 22. Create a quick-start testing guide with: - Priority targets ranked by risk - Step-by-step manual testing methodology - Common vulnerability patterns for this tech stack - IDOR/Business logic testing scenarios - Expected bug types and bounty ranges 23. Create a vulnerability assessment report with: - All automated findings with severity ratings - False positive analysis - Risk assessment matrix - Remediation recommendations - Manual testing recommendations where automated scans failed 24. Create an attack surface analysis document with: - Complete asset inventory - Entry points mapped - Authentication mechanisms identified - Data flow analysis - Trust boundaries identified TOOL USAGE REQUIREMENTS: Required Tools (use ALL of these): ✓ mcp_bugbounty_add_program - Initial program setup ✓ mcp_bugbounty_validate_target - Before testing ANY target ✓ mcp_bugbounty_get_program_scope - Verify scope ✓ mcp_bugbounty_subdomain_enum - Basic subdomain discovery (passive) ✓ mcp_bugbounty_advanced_subdomain_enum - Advanced subdomain enumeration (amass) ✓ mcp_bugbounty_web_crawl - Comprehensive web crawling (gospider + katana) ✓ mcp_bugbounty_dns_enumeration - For each primary domain ✓ mcp_bugbounty_technology_detection - On main properties ✓ mcp_bugbounty_port_scan - Quick scan on key infrastructure ✓ mcp_bugbounty_network_scan - Fast network scanning (masscan) ✓ mcp_bugbounty_ssl_analysis - On all HTTPS endpoints ✓ mcp_bugbounty_nuclei_scan - Multiple targets, severity filtering ✓ mcp_bugbounty_xss_scan - On main application ✓ mcp_bugbounty_parameter_fuzzing - On API endpoints ✓ mcp_bugbounty_path_fuzzing - On main domain and APIs ✓ mcp_bugbounty_api_discovery - API endpoint discovery ✓ mcp_bugbounty_screenshot_recon - Visual reconnaissance (gowitness) ✓ mcp_bugbounty_git_recon - Repository and secret scanning ✓ mcp_bugbounty_cloud_asset_enum - Cloud asset discovery (AWS/Azure/GCP) ✓ mcp_bugbounty_cert_transparency_search - Certificate transparency logs ✓ mcp_bugbounty_email_harvest - Email harvesting and OSINT ✓ mcp_bugbounty_start_traffic_intercept - Start mitmproxy for traffic capture (NEW!) ✓ mcp_bugbounty_analyze_traffic_flows - Analyze captured HTTP/HTTPS traffic (NEW!) ✓ mcp_bugbounty_extract_api_endpoints - Extract API endpoints from traffic (NEW!) ✓ mcp_bugbounty_export_findings - After all scans ✓ mcp_bugbounty_get_statistics - Final statistics ✓ mcp_bugbounty_generate_report - Comprehensive report Advanced Tools (use if applicable): □ mcp_bugbounty_ldap_enum - If LDAP/AD services discovered □ mcp_bugbounty_list_programs - If exploring multiple programs □ Additional scans based on discovered attack surface OUTPUT FORMAT: 1. Real-time Progress Updates: - Show what tool is being run - Display results as they come in - Highlight critical findings immediately 2. Structured Documentation: - Create 4 markdown files in /reports/ folder: * [program-name]-reconnaissance.md * [program-name]-vulnerability-assessment.md * [program-name]-quickstart.md * [program-name]-attack-surface-analysis.md 3. Executive Summary at the end with: - Total assets discovered - Critical/High/Medium/Low findings count - Top 5 priority targets for manual testing - Expected bug types and bounty ranges - Recommended next steps ANALYSIS REQUIREMENTS: For each finding: - Categorize by severity (Critical/High/Medium/Low/Info) - Assess exploitability - Estimate potential impact - Provide remediation guidance - Flag false positives For the overall program: - Identify attack surface size - Assess security maturity - Compare to similar programs - Estimate competition level - Predict most likely vulnerability types CRITICAL REMINDERS: ⚠️ ALWAYS validate targets are in scope before testing ⚠️ Do NOT test out-of-scope targets ⚠️ Be thorough but respect rate limits ⚠️ Document everything systematically ⚠️ Prioritize findings by real-world impact TIME ESTIMATE: 30-60 minutes for complete assessment BEGIN THE ASSESSMENT NOW. Provide detailed output at each phase. ``` ### **PROMPT END** --- ## 🎯 How to Use This Prompt ### Step 1: Fill in Program Details Replace the bracketed placeholders: - `[PROGRAM_NAME]` → "Shopify" or "GitLab" etc. - `[hackerone/bugcrowd/intigriti]` → Choose platform - `[example.com]` → Actual domain - `[https://hackerone.com/program-name]` → Real program URL ### Step 2: Add Scope Information Get this from the program's policy page: - In-scope domains (wildcards like `*.example.com`) - In-scope IPs/CIDR ranges - Out-of-scope exclusions ### Step 3: Copy and Send - Copy the filled prompt - Send to AI assistant - Wait for comprehensive results ### Step 4: Review Outputs Check the 4 generated reports in `/reports/`: 1. Reconnaissance report 2. Vulnerability assessment 3. Quick-start guide 4. Attack surface analysis --- ## 📝 Example: Complete Filled Prompt Here's an example for a fictional program: ``` I need you to perform a COMPLETE end-to-end vulnerability assessment and security audit on the following bug bounty program. Use ALL available tools and create comprehensive documentation. PROGRAM DETAILS: - Program Name: TechCorp - Platform: hackerone - Primary Domain: techcorp.com - Additional Domains: techcorp.io, techcorp.net - Program URL: https://hackerone.com/techcorp SCOPE INFORMATION: In-Scope Domains: - *.techcorp.com - *.techcorp.io - api.techcorp.net - app.techcorp.net In-Scope IPs/CIDR (if any): - 192.168.100.0/24 Out-of-Scope (if any): - *.staging.techcorp.com - test.techcorp.com - internal.techcorp.net [... rest of the prompt remains the same ...] ``` --- ## 🔧 Advanced Usage Options ### Option 1: Quick Assessment (15 minutes) ``` Perform a QUICK vulnerability assessment focusing on: - Subdomain enumeration only - Nuclei scans on top 5 subdomains - Basic SSL analysis - Single reconnaissance report Use these tools only: - mcp_bugbounty_add_program - mcp_bugbounty_subdomain_enum (passive only) - mcp_bugbounty_nuclei_scan (5 targets) - mcp_bugbounty_ssl_analysis (3 targets) ``` ### Option 2: Deep Dive Assessment (2-3 hours) ``` Perform an EXTENSIVE vulnerability assessment including: - All standard scans PLUS - Full port scans on all discovered IPs - Path fuzzing on top 20 subdomains - Parameter fuzzing on all API endpoints - Technology detection on 50+ subdomains - XSS scanning on multiple entry points - Custom wordlists for fuzzing - Traffic interception and analysis (mitmproxy) - Deep API endpoint extraction from traffic Create 6 reports: - Reconnaissance - Vulnerability Assessment - Attack Surface Analysis - Quick Start Guide - API Security Analysis - Traffic Analysis Report (NEW!) - Mobile Security Analysis (if applicable) ``` ### Option 3: Continuous Monitoring ``` Set up continuous assessment for [PROGRAM_NAME]: 1. Initial full assessment (all tools) 2. Monitor for new subdomains weekly 3. Re-scan changed assets monthly 4. Track statistics over time 5. Alert on new critical findings Generate trending reports showing: - New assets discovered over time - Vulnerability trends - Attack surface growth - Security posture improvements ``` --- ## 🎯 Tool Coverage Matrix Ensure ALL these tools are used in a complete assessment: | Phase | Tool | Purpose | Required | |-------|------|---------|----------| | Setup | `add_program` | Program configuration | ✅ Yes | | Setup | `validate_target` | Scope verification | ✅ Yes | | Setup | `get_program_scope` | Scope review | ✅ Yes | | Recon | `subdomain_enum` | Asset discovery | ✅ Yes | | Recon | `dns_enumeration` | DNS records | ✅ Yes | | Recon | `technology_detection` | Tech stack | ✅ Yes | | Scan | `port_scan` | Service discovery | ✅ Yes | | Scan | `ssl_analysis` | SSL/TLS security | ✅ Yes | | Scan | `nuclei_scan` | Vulnerability detection | ✅ Yes | | Scan | `xss_scan` | XSS testing | ✅ Yes | | Scan | `parameter_fuzzing` | Hidden params | ⚠️ If APIs | | Scan | `path_fuzzing` | Hidden paths | ⚠️ If web app | | Traffic | `start_traffic_intercept` | Start proxy capture | ⚠️ If web app | | Traffic | `analyze_traffic_flows` | Analyze HTTP traffic | ⚠️ If web app | | Traffic | `extract_api_endpoints` | Extract API endpoints | ⚠️ If APIs | | Report | `export_findings` | Data extraction | ✅ Yes | | Report | `get_statistics` | Analytics | ✅ Yes | | Report | `generate_report` | Final report | ✅ Yes | **Legend:** - ✅ Required for all assessments - ⚠️ Conditional based on target type --- ## 📊 Expected Outputs Checklist After running the full assessment, you should have: ### Files Created (4 minimum): - [ ] `[program]-reconnaissance.md` (300-500 lines) - [ ] `[program]-vulnerability-assessment.md` (400-600 lines) - [ ] `[program]-quickstart.md` (200-300 lines) - [ ] `[program]-attack-surface-analysis.md` (300-400 lines) ### Data Collected: - [ ] Complete subdomain list (100s to 1000s) - [ ] DNS records for all domains - [ ] Technology stack for major properties - [ ] Open ports on critical infrastructure - [ ] SSL/TLS configuration details - [ ] All vulnerability findings - [ ] Scan statistics and metrics - [ ] Captured HTTP/HTTPS traffic flows (if applicable) - [ ] Extracted API endpoints from traffic (if applicable) - [ ] Authentication/session mechanisms identified ### Analysis Completed: - [ ] High-value targets identified (top 10+) - [ ] Vulnerability severity ratings - [ ] False positive filtering - [ ] Manual testing recommendations - [ ] Expected bug types documented - [ ] Bounty estimates provided - [ ] Competition level assessed ### Deliverables: - [ ] Executive summary (1 page) - [ ] Technical findings (detailed) - [ ] Testing methodology documented - [ ] Next steps clearly defined - [ ] Screenshots/proof where applicable --- ## 🚀 Quick Start Examples ### Example 1: HackerOne Program ``` I need a COMPLETE vulnerability assessment for: Program: Shopify Platform: hackerone Domain: shopify.com Additional: *.myshopify.com URL: https://hackerone.com/shopify Scope: - *.shopify.com (in scope) - *.myshopify.com (in scope) - shopify.dev (in scope) Out of scope: - *.shopifycloud.com - Hardware/physical security Use ALL available tools. Create all 4 reports. Time limit: 45 minutes ``` ### Example 2: Intigriti Program ``` I need a COMPLETE vulnerability assessment for: Program: Collibra Platform: intigriti Domain: collibra.com URL: https://app.intigriti.com/programs/collibra Scope: - *.collibra.com (in scope) - app.collibra.com (in scope) - university.collibra.com (in scope) Use ALL available tools including traffic analysis. Create all 4 reports. Focus on: API security, IDOR, business logic TRAFFIC ANALYSIS: - Start mitmproxy on port 8080 - Capture traffic while browsing app.collibra.com - Extract all API endpoints - Analyze authentication mechanisms ``` ### Example 3: Custom/Private Program ``` I need a COMPLETE vulnerability assessment for: Program: CompanyXYZ Internal VDP Platform: custom Domain: companyxyz.com Additional: api.companyxyz.io Scope: - *.companyxyz.com - api.companyxyz.io - app.companyxyz.io - 10.20.30.0/24 Out of scope: - mail.companyxyz.com - hr.companyxyz.com Use ALL available tools. Create all 4 reports + attack surface analysis. ``` --- ## 🎓 Interpreting Results ### When You Get Results Back: #### 1. Check Asset Discovery ``` Expected: - 50-500 subdomains for small programs - 500-2000 subdomains for medium programs - 2000+ subdomains for large programs If you get fewer than expected: - Run subdomain enum again with "all" method - Check if DNS enumeration worked - Verify scope is correct ``` #### 2. Review Vulnerability Findings ``` Critical Findings (Immediate attention): - RCE (Remote Code Execution) - SQL Injection - Authentication bypass - Sensitive data exposure High Findings (Priority testing): - XSS (Stored) - IDOR with sensitive data - Authorization issues - XXE, SSRF Medium Findings (Investigate): - XSS (Reflected) - CSRF - Information disclosure - Security misconfigurations Low/Info Findings (Note but deprioritize): - Missing headers - Verbose errors - Version disclosure ``` #### 3. Analyze Automated vs Manual Testing Needs ``` If automated scans find 0 vulnerabilities: → Focus on: Business logic, IDOR, GraphQL, multi-tenant If automated scans find many vulnerabilities: → Verify they're not false positives → Test variants of confirmed issues → Look for root cause patterns If port scans show unusual services: → Research specific service vulnerabilities → Check for default credentials → Test for service-specific exploits ``` #### 4. Prioritize Manual Testing ``` Based on reconnaissance, test these IN ORDER: Priority 1 (Day 1-2): - Multi-tenant IDOR - API authorization - GraphQL introspection Priority 2 (Day 3-4): - File upload vulnerabilities - Business logic flaws - Authentication issues Priority 3 (Day 5-7): - XSS variations - CSRF - Race conditions Priority 4 (Ongoing): - Mobile app security - OAuth/SSO flows - Advanced business logic ``` #### 5. Leverage Traffic Analysis (NEW!) ``` Use mitmproxy traffic analysis to discover: Hidden API Endpoints: - Endpoints not discovered by crawling - Internal API calls from JavaScript - Mobile API endpoints - GraphQL queries Authentication Flows: - OAuth/SAML implementation details - JWT token structure - Session management mechanisms - API key locations Sensitive Data Exposure: - PII in API responses - Debug information - Internal infrastructure details - Error messages with stack traces Business Logic Insights: - Multi-step workflows - State management - IDOR potential targets - Race condition opportunities ``` --- ## 🔍 Quality Assurance Checklist Before considering the assessment complete: ### Completeness Check: - [ ] All in-scope domains were tested - [ ] At least 10 different tool invocations - [ ] Both passive and active recon completed - [ ] Critical infrastructure scanned - [ ] API endpoints identified and tested - [ ] Traffic interception performed (if web app) - [ ] All findings documented - [ ] Statistics collected - [ ] Reports generated ### Accuracy Check: - [ ] No out-of-scope targets tested - [ ] All targets validated before scanning - [ ] False positives identified and flagged - [ ] Severity ratings are appropriate - [ ] Exploitability assessed correctly - [ ] Impact analysis is realistic ### Actionability Check: - [ ] Clear next steps provided - [ ] Manual testing guides included - [ ] Priority targets identified - [ ] Expected bug types documented - [ ] Bounty estimates provided - [ ] Testing methodology explained ### Documentation Check: - [ ] All 4 core reports created - [ ] Executive summary is clear - [ ] Technical details are sufficient - [ ] Screenshots/proof included - [ ] Recommendations are specific - [ ] References provided --- ## 📈 Success Metrics A successful full assessment should provide: ### Quantitative Metrics: - **Assets Discovered:** 100+ subdomains minimum - **Scans Completed:** 15+ different scans - **Tools Used:** All 28 available tools - **API Endpoints Found:** 50+ unique endpoints - **Traffic Flows Analyzed:** 100+ HTTP requests (if applicable) - **Findings Documented:** All discoveries catalogued - **Reports Generated:** 4 comprehensive documents - **Time Invested:** 30-60 minutes automated + planning for manual ### Qualitative Metrics: - **Clarity:** Reports are easy to understand - **Completeness:** No major gaps in coverage - **Accuracy:** High confidence in findings - **Actionability:** Clear next steps - **Value:** Provides ROI for time invested ### Outcome Metrics: - **Identified Targets:** Top 10 priority assets - **Vulnerability Hypothesis:** 3-5 likely bug types - **Manual Testing Plan:** 2-4 week roadmap - **Expected Bounties:** Realistic estimates - **Competition Assessment:** Low/Medium/High rating --- ## 🛠️ Troubleshooting Common Issues ### Issue 1: Tool Timeouts ``` Problem: Technology detection or scans timeout Solution: - Run scans on fewer targets at once - Skip technology detection if consistently failing - Use quick scans instead of full scans - Focus on critical assets only ``` ### Issue 2: No Subdomains Found ``` Problem: Subdomain enumeration returns 0 results Solution: - Check domain spelling - Try different enumeration method (passive vs active) - Verify domain is actually active - Check if wildcard DNS is blocking ``` ### Issue 3: Too Many Subdomains ``` Problem: 5000+ subdomains, assessment takes too long Solution: - Filter to interesting subdomains only - Focus on: api, app, staging, admin, dev - Skip customer-specific subdomains - Prioritize by naming patterns ``` ### Issue 4: All Scans Return 0 Findings ``` Problem: No vulnerabilities found by any automated tool Solution: - This is NORMAL for mature programs - Shift focus to manual testing - Document security posture as positive finding - Emphasize business logic testing approach ``` ### Issue 5: Scope Validation Failures ``` Problem: Targets failing scope validation Solution: - Verify scope in program setup - Check for typos in domain names - Ensure wildcards are configured correctly - Re-add program with correct scope ``` ### Issue 6: Traffic Interception Not Working (NEW!) ``` Problem: mitmproxy not capturing traffic or SSL errors Solution: - Install mitmproxy CA certificate in browser/OS Certificate location: ~/.mitmproxy/mitmproxy-ca-cert.pem - Configure browser proxy settings to 127.0.0.1:8080 - For mobile apps: Use device proxy configuration - For API clients: Add --proxy flag or set HTTP_PROXY env var - Check firewall isn't blocking port 8080 ``` ### Issue 7: No API Endpoints Extracted from Traffic ``` Problem: Traffic analysis returns 0 API endpoints Solution: - Ensure you browsed the application while proxy was running - Check flow files exist in ~/.mitmproxy/flows/ - Manually interact with API features (login, search, etc.) - For SPAs: Click through multiple pages to trigger API calls - Verify flows were saved (check save_flows=True) ``` --- ## 📚 Customization Guide ### For Different Program Types: #### API-Heavy Programs: ``` Add these emphases: - More parameter fuzzing - GraphQL-specific testing - API versioning checks - Rate limiting tests - Authentication token analysis ``` #### E-commerce Platforms: ``` Add these emphases: - Payment flow analysis - Cart/checkout testing - Coupon/discount logic - Inventory manipulation - Price manipulation scenarios ``` #### SaaS Applications: ``` Add these emphases: - Multi-tenant isolation - Subscription/billing logic - Role-based access control - Feature flag testing - Trial/upgrade flows ``` #### Mobile-First Applications: ``` Add these emphases: - Mobile API endpoints - Deep link testing - App-specific authentication - Push notification security - Local storage analysis ``` --- ## 🎯 Final Checklist Before Submitting Prompt Before running your customized assessment prompt: ### Preparation: - [ ] Program policy page reviewed - [ ] Scope clearly understood - [ ] Out-of-scope items identified - [ ] Platform confirmed (HackerOne/Bugcrowd/Intigriti) - [ ] Program URL verified - [ ] Time allocated (30-60 minutes) ### Prompt Customization: - [ ] Program name filled in - [ ] Platform selected - [ ] All domains listed - [ ] IPs/CIDR ranges added (if any) - [ ] Out-of-scope items listed - [ ] Special requirements noted ### Environment: - [ ] Bug Bounty MCP server running - [ ] All tools available - [ ] Network connection stable - [ ] Sufficient disk space for reports - [ ] /reports/ directory exists ### Expectations: - [ ] Understand this is automated reconnaissance - [ ] Manual testing will still be required - [ ] Results guide your testing strategy - [ ] Not all programs have vulnerabilities - [ ] Focus is on comprehensive coverage --- ## 🚀 Ready to Use Templates ### Template A: Standard Assessment ``` Perform a COMPLETE end-to-end vulnerability assessment for [PROGRAM_NAME] on [PLATFORM]. Use ALL available bug bounty MCP tools. Scope: [LIST_DOMAINS] Out of scope: [LIST_EXCLUSIONS] Create all 4 reports: 1. Reconnaissance report 2. Vulnerability assessment 3. Quick start guide 4. Attack surface analysis Tools to use: ALL 25 available tools Time: 45 minutes Priority: Thorough coverage ``` ### Template B: Quick Scan ``` Perform a QUICK vulnerability scan for [PROGRAM_NAME]. Focus on: - Subdomain discovery - Top 10 targets - Critical/High findings only - Single reconnaissance report Time: 15 minutes Tools: Essential only ``` ### Template C: Deep Dive ``` Perform an EXTENSIVE security audit for [PROGRAM_NAME]. Include: - All standard tools - Full port scans - Extensive fuzzing - Technology deep dive - 6 detailed reports Time: 90 minutes Tools: ALL plus extended scanning Priority: Maximum coverage ``` --- ## 📞 Support & Resources ### Getting Help: - Ask for clarification on any tool - Request specific scan types - Get custom testing scripts - Receive report interpretation help ### Additional Resources: - Tool documentation: See individual tool descriptions - Testing methodologies: OWASP Testing Guide - Report templates: Bug bounty report examples - Vulnerability databases: CVE, CWE references --- **This prompt template ensures comprehensive, systematic vulnerability assessment using all available tools while maintaining scope compliance and producing actionable results.** **Ready to use? Fill in your program details and start the assessment!** 🚀