CERBERUS — Automated Bug Bounty Pipeline

ACTIVE — AUTOMATED BUG BOUNTY

The three-headed guardian that never sleeps.

Automated reconnaissance, AI-powered triage, and GPU-accelerated exploitation — all in one pipeline. Continuous Exploitation Recon & Bug Enumeration for Rapid Unified Scanning.

VIEW ON GITHUB EXPLORE PIPELINE

47 Scripts

10 Phases

29+ Tools

AI Triage

01 // PHASES

The Pipeline

Ten phases of automated destruction. From subdomain discovery to AI-written HackerOne reports.

Subdomain Enumeration

Comprehensive subdomain discovery across multiple data sources. DNS resolution and wildcard filtering.

subfinder amass dnsx

HTTP Probing

Live host detection across all discovered subdomains. Technology fingerprinting and WAF identification.

httpx

Port Scanning

Fast port scanning across all live hosts. Service detection and version fingerprinting.

naabu

URL Harvesting

Historical URL extraction from web archives. Active crawling for endpoint and parameter discovery.

gau katana wayback

Vulnerability Scanning

Template-based vulnerability detection across all assets. CVE checks, misconfigurations, and known exploit testing.

nuclei custom templates

Fuzzing

Directory and parameter brute forcing. Content discovery with custom wordlists and intelligent recursion.

ffuf

Deep Parameter Testing

Targeted injection testing across all discovered parameters. SQL injection, XSS, SSTI, LFI, and RCE checks.

sqlmap dalfox arjun

Cloud & API

Cloud asset enumeration. S3 bucket discovery, GraphQL introspection, and Swagger/OpenAPI endpoint testing.

s3 enum graphql swagger

AI Triage

Claude Haiku analyzes all findings. Severity scoring, false positive elimination, and exploit chain identification.

claude haiku severity scoring

Report Drafting

AI-written HackerOne-ready reports with CVSS scores, reproduction steps, and remediation guidance. Auto-submission ready.

ai reports h1 format auto-submit

02 // TOOLS

The Arsenal

29 weapons. Zero mercy. Every tool selected for maximum impact.

subfinder

Subdomain discovery

httpx

HTTP probing & fingerprinting

nuclei

Template vulnerability scanner

naabu

Fast port scanner

katana

Next-gen web crawler

gau

URL extraction engine

ffuf

Web fuzzer

nikto

Web server scanner

sqlmap

SQL injection engine

dalfox

XSS analysis framework

amass

Attack surface mapping

dnsx

DNS toolkit

wafw00f

WAF detection

gowitness

Screenshot engine

trufflehog

Secret detection

interactsh

OOB interaction server

radamsa

Mutation fuzzer

hashcat

GPU hash cracking

whatweb

Web technology ID

testssl

TLS/SSL analysis

arjun

Hidden parameter finder

corsy

CORS misconfiguration

subjack

Subdomain takeover

wpscan

WordPress scanner

JSON processor

python3

Custom exploit scripts

curl

HTTP request engine

dig

DNS interrogation

openssl

Cryptographic toolkit

03 // FEATURES

Capabilities

Every attack vector, covered. From GPU-accelerated cracking to AI-written reports.

⚡

GPU HASH CRACKING

Hardware-accelerated password cracking on RTX 5090. Thermal management with automatic throttle control.

hashcat --gpu-temp-retain=80

🧠

AI-POWERED TRIAGE

Claude Haiku analyzes every finding. Automated severity scoring, false positive elimination, and exploit chain mapping.

claude-3-haiku // severity-scoring

📡

OUT-OF-BAND SSRF

Interactsh callback server for blind SSRF confirmation. DNS and HTTP out-of-band interaction detection.

interactsh-client // oob-callbacks

🧬

MUTATION FUZZING

Radamsa generates intelligently malformed inputs. Protocol-aware mutations for maximum crash surface coverage.

radamsa // generational-fuzzing

🔄

CONTINUOUS MONITORING

Cron-ready diff-based change detection. New subdomain alerts, certificate transparency monitoring, and scope tracking.

cron // diff-analysis // n8n-webhooks

📝

AUTO REPORT DRAFTING

AI writes professional HackerOne reports with CVSS scoring, reproduction steps, impact analysis, and remediation guidance.

h1-format // cvss-3.1 // auto-submit

The Pipeline

The Arsenal

Capabilities

Forged With