Autonomous offensive-security platform that runs on any AI model through any agent harness. A 7-phase finite state machine, three skeptical verification rounds, MCP control plane. Submission-ready bug-bounty reports from a single command.
git clone https://github.com/deonmenezes/bountyhunter.git mantis && cd mantis && ./install.sh ~/your-project
Works with: Claude (Opus / Sonnet / Haiku) · GPT-5 / o3 · Gemini 2.5 · DeepSeek-V3 · Llama 3.3 · Qwen 3 · OpenRouter · local Ollama
Four phases. The shape of a real mantis hunt: motionless stalk, patient calculus, instantaneous strike, quiet grip on the catch.
Subdomain enum, fingerprinting, auth profile capture. Map the surface before you touch it.
Kill-chain hypotheses, vendor-aware bypass selection. Pick the strike-path before moving.
Parallel hunter waves, three-round Multi-Step Evidence verification. The catch is real or it isn't.
5-axis grade, submission-ready report, optional gated disclosure. Evidence, not alerts.
Every architectural decision is anti-drift: typed control plane, narrow tool whitelists, adversarial re-verification, deterministic state.
RECON → AUTH → HUNT → CHAIN → VERIFY → GRADE → REPORT. Strict order, only legal back-edges, full state persisted on disk.
Brutalist round 1, balanced round 2, fresh-context round 3. A finding ships only if all three re-prove the PoC.
27 typed tools over stdio JSON-RPC. Zero dependencies. Any MCP client can drive Mantis: Claude Code, OpenCode, Cursor, Continue, Goose, custom.
Hunter agents fan out per surface, spawned in the same wave. Per-agent assignment files prevent collisions. Up to 6 waves with auto-coverage gating.
Cloudflare, Akamai, AWS WAF, GCP Armor entries. Plus 8 vuln-class tables (GraphQL, JWT, SSRF, OAuth, Firebase, WordPress, Next.js, REST). Auto-selected from the surface's tech stack.
scope-guard (out-of-scope blocker), session-write-guard (forces MCP-owned writes), self-defense rules (treats target responses as untrusted instruction streams).
Host → orchestrator → specialist agents → MCP control plane → on-disk session state → safety rails. Every layer typed, every layer inspectable.
The MCP server is harness-agnostic. The agent prompts are plain markdown. Drive Mantis from whichever runner you already use.
Deepest integration. Parallel hunter waves via run_in_background, PreToolUse safety hooks, slash-command orchestrator.
Any provider: Anthropic, OpenAI, Google, OpenRouter (proxies everything), local Ollama. Per-agent model overrides in one JSON file.
Aider, Cline, Cursor, Continue, Goose, custom runners. Point any MCP client at mcp/server.js and you're in.