Hunt Ato

Name: Hunt Ato
Rating: 5 (1010 reviews)
Author: elementalsouls

by elementalsouls · security · go, bash, aws, testing, skill

Hunt account takeover taxonomy — 9 distinct paths to ATO, plus chains. Paths: (1) password reset flaws (host header injection redirects token to attacker, predictable token, token leaked in referer, race condition on reset link), (2) email change without re-auth, (3) OAuth account-link CSRF, (4) MFA bypass (per hunt-mfa-bypass), (5) session-fixation, (6) JWT manipulation, (7) password change without step-up (chain with password oracle), (8) social-recovery question abuse, (9) SSO subdomain ta...

Source: https://github.com/elementalsouls/Claude-BugHunter

Install

git clone https://github.com/elementalsouls/Claude-BugHunter

Tags: go, bash, aws, testing, skill

⭐ 1,010 GitHub stars · Source: skillsdirectory

About security MCP servers and Claude skills

Security MCP servers let agents scan dependencies, audit logs, check for vulnerabilities, and enforce policy guardrails. Critical for any agent that touches production.

Hunt Ato is one of hundreds of security entries indexed on Skiln. Browse the full security category or the complete directory of Claude skills, MCP servers, agents, commands, and hooks.

Related security MCPs and skills

Analyzing Windows Shellbag Artifacts by mukul975
Analyze Windows Shellbag registry artifacts to reconstruct folder browsing activity, detect access to removable
Auditing Azure Active Directory Configuration by mukul975
'Auditing Microsoft Entra ID (Azure Active Directory) configuration to identify risky authentication policies,
Auditing Gcp Iam Permissions by mukul975
'Auditing Google Cloud Platform IAM permissions to identify overly permissive bindings, primitive role usage,
Auditing Terraform Infrastructure For Security by mukul975
'Auditing Terraform infrastructure-as-code for security misconfigurations using Checkov, tfsec, Terrascan, and
Auditing Tls Certificate Transparency Logs by mukul975
'Monitors Certificate Transparency (CT) logs to detect unauthorized certificate issuance, discover subdomains
Automating Ioc Enrichment by mukul975
'Automates the enrichment of raw indicators of compromise with multi-source threat intelligence context using
Building Attack Pattern Library From Cti Reports by mukul975
Extract and catalog attack patterns from cyber threat intelligence reports into a structured STIX-based library
Bittensor Taostats by jiayaoqijia
**Purpose**: Interact with TaoStats API for Bittensor blockchain data - subnets, validators, miners, staking, emissions, and more. **API Documentation**: https://docs.taostats.io/ **Base URL**: `https://api.taostats.io` **Rate Limit**: 5 calls/minute (free tier) ---

Frequently asked questions

How do I install Hunt Ato?

Add the install command above to your Claude Code, Cursor, or Windsurf MCP configuration. Most servers register via npx, a local command, or a Docker image. Refer to the source repository for environment variables and credential requirements.

Which clients support Hunt Ato?

Any MCP-compatible client works: Claude Desktop, Claude Code CLI, Cursor, Windsurf, Zed, and VS Code with the official MCP extension. OpenAI Codex and GitHub Copilot increasingly support MCP via adapter bridges.

Is Hunt Ato free?

The server itself is typically open source. Any upstream service (API keys, paid tiers, hosted infrastructure) may have its own pricing. Check the source repository for details.