Bug Bounty¶

RedPick has a dedicated bug bounty workspace that combines platform sync, program intelligence, engagement setup, specialized hunting modes, continuous loops, submission controls, evidence generation, and post-submission learning.

This is not a thin wrapper around the generic pentest flow. The bug bounty stack has its own:

dashboard workspace with dedicated tabs for platforms, programs, intelligence, findings, pipeline, submissions, scope changes, earnings, and stats
API surface under /api/v1/bugbounty/*
Claude skills for setup, hunting, monitoring, submission, continuous sessions, and perpetual loop control
on-disk persistence under bugbounty/ for program knowledge, findings, evidence, loop runtime state, and compact memory artifacts
feedback loop that reuses submission outcomes to influence future targeting

Flow Map¶

flowchart TD
    A[Connect platform accounts] --> B[Sync programs and own reports]
    B --> C[Intelligence scoring and change detection]
    C --> D[Select program]
    D --> E[One-click setup or existing program workspace]
    E --> F[Manual bb-hunt or continuous bb-session]
    F --> G[Perpetual loop manager and worker]
    F --> H[Finding and evidence generation]
    G --> H
    H --> I[Readiness checks and dedup]
    I --> J[Draft submission or push to platform]
    J --> K[Poll status and collect bounty outcome]
    K --> L[Learning loop updates knowledge and next tests]
    L --> C

Supported Operating Modes¶

Mode	Primary entry point	Best use
Platform browsing and setup	Bug Bounty dashboard, `/bb-setup`	Select a program, create an engagement, and launch scoped testing
Manual focused hunting	`/bb-hunt --mode ...` or `--auto`	Depth-first testing on one target with a selected vuln class
Continuous session loop	`/bb-session`	Timed rotation across multiple programs with knowledge reuse
Perpetual background loop	`bugbounty/loop-manager.sh`	Always-on multi-wave hunting with live events and cooldown handling
Submission operations	`/bb-submit`, dashboard submissions and pipeline views	Prepare, verify, push, and track reports
Learning and reprioritization	backend services + program knowledge files	Feed outcomes back into future target and technique selection

Core Design Principles¶

1. Program-scoped persistence¶

Every bug bounty program accumulates its own memory on disk. The canonical layout is:

bugbounty/programs/{platform}/{handle}/

The runtime also supports legacy locations under:

bugbounty/{platform}/{handle}/

The compatibility layer keeps the perpetual loop and evidence pipeline working while migrating toward the canonical structure.

2. Bug bounty specific guardrails¶

The flow is designed to protect researcher reputation and reduce wasted submissions:

policy parsing extracts exclusions, out-of-scope patterns, and special rules
low-signal or speculative findings are screened before they reach submission
deterministic readiness and dedup checks gate auto-push
video evidence can be generated directly from disk findings

3. Claude and Codex split¶

RedPick uses a dual-engine bug bounty model:

Claude remains responsible for live interaction with the target and final exploit judgment
Codex carries bounded support work such as ranking support, advisory checkpoints, compact memory, candidate finding triage, and submission-side verification

This matters most in long-running loops where context churn is expensive.

Main Surfaces¶

Dashboard workspace¶

The Bug Bounty page is the operator control surface. It exposes:

platform onboarding and sync
program browse and one-click setup
intelligence rankings
disk findings and generated evidence
submission pipeline and history
scope and bounty change monitoring
perpetual loop controls and hunting log view
earnings and performance stats

API¶

The backend exposes dedicated routes for:

platform management and sync
program browsing and setup
eligible in-scope targets for bughunter launches
intelligence scores and program analysis
change detection and acted-on tracking
draft submissions, push, retest, and polling
disk findings and video artifact access
hunting events, loop status, and loop configuration

Skills and scripts¶

The user-facing workflows are backed by:

/bb-setup
/bb-monitor
/bb-hunt
/bb-submit
/bb-session
/bb-loop
bugbounty/PERPETUAL-HUNTING-LOOP.sh
bugbounty/loop-manager.sh

Documentation Map¶

Platforms & Sync: account onboarding, sync, report import, target gating, and change monitoring
Program Selection & Setup: scoring, rotation logic, one-click setup, and engagement bootstrap
Hunting Workflows: focused manual hunts, prerequisite phases, policy enforcement, passive recon, and hunting artifacts
Perpetual Hunting Loop: control plane, wave execution, Codex-heavy orchestration, and runtime metrics
Submission & Evidence: finding lifecycle, FP gates, video generation, readiness, dedup, push, and tracking
Learning, Memory & Analytics: program knowledge, compact memory, learning loop, and performance views