Systematic Vulnerability Identification Methodology

v20260415

offensive-bug-identification

A comprehensive methodology for discovering potential software vulnerabilities. It outlines advanced techniques including static analysis, dynamic analysis, fuzzing, taint tracking, and modern attack surface mapping (e.g., kernel, drivers). Ideal for professional code audits, bug bounty hunting, and building robust vulnerability research pipelines.

Security Vulnerability Testing Code Review Fuzzing Static Analysis Dynamic Analysis Hacking

Get Skill

382 downloads

Overview

SKILL: Bug Identification

Metadata

Skill Name: bug-identification
Folder: offensive-bug-identification
Source: https://github.com/SnailSploit/offensive-checklist/blob/main/bug-identification.md

Description

Systematic bug identification methodology: source code review patterns, black-box testing strategies, taint analysis, dangerous function hunting, data flow tracing, and automated scanning setup. Use for code audits, bug bounty triage, or building vulnerability identification pipelines.

Trigger Phrases

Use this skill when the conversation involves any of: bug identification, code review, taint analysis, dangerous functions, data flow, source audit, black box, vulnerability identification, static analysis, code audit, bug hunting

Instructions for Claude

When this skill is active:

Load and apply the full methodology below as your operational checklist
Follow steps in order unless the user specifies otherwise
For each technique, consider applicability to the current target/context
Track which checklist items have been completed
Suggest next steps based on findings

----------------- | ----------------- | ------------------- | | Linux Kernel | Syzkaller, AFL++ | KASAN, KCOV, ftrace | | Windows Kernel | ICICLE, WinAFL | Verifier, KFUZZ | | Browsers | LibFuzzer, Domato | ClusterFuzz, Dharma | | Network Services | AFL++, Boofuzz | Peach, Sulley | | Mobile Apps | QARK, Frida | MobSF, Objection | | Web Apps | Burp Suite, FFUF | Nuclei, Semgrep | | Firmware | Binwalk, EMBA | FACT, Firmwalker | | Containers | Trivy, Falco | Grype, Syft |

By Technique

Technique	Recommended Tools	Notes
Coverage Fuzzing	AFL++ 4.21+	Cross-platform, CMPLOG support
Snapshot Fuzzing	Nyx, QEMU+AFL++	Stateful target support
Concurrency Fuzzing	RFF, ThreadSanitizer	Race condition detection
Symbolic Execution	Angr, Triton	Path exploration
Taint Analysis	DynamoRIO, Triton	Data flow tracking
Binary Diffing	BinDiff 8, Ghidriff	Patch analysis
Static Analysis	CodeQL, Semgrep	Pattern matching
Dynamic Analysis	Frida, DynamoRIO	Runtime instrumentation

Tool Migration Path

Old Tool	New Alternative	Migration Notes
Intel Pin	DynamoRIO	Pin is sustain-only
WinAFL	AFL++ 4.x	Integrated Windows support
Radamsa	LibAFL mutators	Better coverage awareness
BinDiff 7	BinDiff 8/Ghidriff	Improved algorithms
IDA 7.x	IDA 8.x/Ghidra 11	Better decompilation

Info

Category Engineering

Name offensive-bug-identification

Version v20260415

Size 54.59KB

Source SnailSploit/Claude-Red

Updated At 2026-04-28