pickup
The /pickup command resumes a previous bug bounty hunt on a target by loading hunt history, displaying untested endpoints from prior reconnaissance, and suggesting attack techniques based on the target's technology stack and patterns from past findings. Use this command to continue hunting where a previous session left off rather than starting fresh recon.
mkdir -p ~/.claude/commands && curl -fsSL https://raw.githubusercontent.com/elementalsouls/Claude-BugHunter/HEAD/commands/pickup.md -o ~/.claude/commands/pickup.mdpickup.md
# /pickup
Pick up where you left off on a target.
> **Renamed from `/resume`** — `/resume` is a reserved Claude Code command. Use `/pickup` to continue a previous hunt.
## What This Does
1. Reads the target profile from `hunt-memory/targets/<target>.json`
2. Shows hunt history (sessions, findings, payouts)
3. Lists untested endpoints from last recon
4. Suggests techniques based on tech stack + pattern DB
5. Asks: continue hunting or re-run recon?
## Usage
```
/pickup target.com
```
## Output
```
PICKUP: target.com
═══════════════════════════════════════
Hunt History:
Sessions: 3
Last hunt: 2026-03-24
Total time: 2h 00m
Findings: 1 confirmed (IDOR, $1500 paid)
Untested Surface:
3 endpoints from last recon:
1. /api/v2/users/{id}/export
2. /api/v2/users/{id}/share
3. /api/v2/users/{id}/history
Memory Suggestions:
Tech stack [Next.js, GraphQL, PostgreSQL] matches 2 targets
where you found auth bypass. Try introspection → mutation pattern.
Actions:
[r] Continue hunting untested endpoints
[n] Re-run recon first (surface may have changed)
[s] Show full hunt journal for this target
```
## If No Previous Hunt
```
No previous hunt data for target.com.
Run /recon target.com first, then /hunt target.com.
```Run autonomous hunt loop on a target — scope check → recon → rank surface → hunt → validate → report with configurable checkpoints. Usage: /autopilot target.com [--paranoid|--normal|--yolo]
Build an exploit chain — given bug A, finds B and C to combine for higher severity and payout. Knows common chain patterns: IDOR→ATO, SSRF→cloud metadata, XSS→ATO, open redirect→OAuth theft, S3→bundle→secret→OAuth. Usage: /chain
Active vulnerability hunting. Two-track dispatcher — asks Red Team vs WAPT, hands off to hunt-dispatch skill and sibling commands. Usage: /hunt target.com | /hunt *.target.com | /hunt targets.txt [--vuln-class X] [--source-code P] [--chrome]
On-demand intelligence fetch for a target — CVEs, disclosed reports, new features. Wraps learn.py + hunt memory context. Usage: /intel target.com
Inspect or rotate hunt-memory JSONL files (audit.jsonl, patterns.jsonl, journal.jsonl). Caps file size and keeps N rotated backups so memory does not grow unbounded.
Run full recon pipeline on a target — subdomain enum (Chaos API + subfinder), live host discovery (dnsx + httpx), URL crawl (katana + waybackurls + gau), gf pattern classification, nuclei scan. Outputs to recon/<target>/ directory. Usage: /recon target.com
Log current finding or successful pattern to hunt memory. Auto-fills from /validate output if available. Usage: /remember
Write a submission-ready bug bounty report. Generates H1/Bugcrowd/Intigriti/Immunefi format with CVSS 3.1 score, proof of concept, impact statement, and remediation. Run /validate first. Usage: /report