We find vulnerabilities in open-source software using AI-powered tools and submit them to bounty platforms. Join the team, find bugs, get paid.
OwlMind is a professional bug bounty team. We find real security vulnerabilities in open-source software — WordPress plugins, AI/LLM frameworks, web applications — and submit them to bounty platforms for cash rewards.
This is real work with real money. Every accepted vulnerability report = a bounty payout. The better your findings, the more you earn.
Open Claude Code and research targets. Find real vulnerabilities with code analysis. Register and submit findings via owlhunt.
AI-powered scanning tools. Deduplicates against known CVEs. Submits to platforms via secure proxy. Tracks payouts.
Fill out the form at bounty.muravey.app/bounty with your name, email, OS, and language.
The team lead reviews your application. Check status at /bounty/status/yourname.
Once approved, a one-time download link appears on your status page. Download owlmind-yourname.tar.gz.
Extract and run the installer. It sets up everything automatically.
Dependencies, scripts, 500+ detectors, Claude Code config, heartbeats, daily reports, team sync. You see 7/7 check at the end.
Open Claude Code and start hunting. Your portal status changes to ACTIVE.
AI assistant that reads code, searches files, traces data flows, and finds vulnerabilities. Already knows the OwlMind methodology.
| Command | What it does |
|---|---|
owlhunt new URL | Start new target session (clone + quick audit) |
owlhunt list | List all active sessions |
owlhunt add SESS --file path --type idor | Register a confirmed finding |
owlhunt submit SESS | Submit finding to bounty platform |
owlhunt submit SESS --dry-run | Test submission without sending |
owlhunt scan-ast | Run AST scanner (500+ detectors) |
owlhunt lab-up | Start local WordPress test lab (Docker) |
owlhunt deephunt OWNER/REPO | Full pipeline: scope, clone, scan, triage, dedup, draft |
owlhunt slop-check DRAFT.md | Check report for AI-sounding language |
owlhunt record SLUG --type idor | Record submission to team ledger |
--dry-run first. It runs dedup and quality checks without sending.| Requirement | Details |
|---|---|
| OS | macOS (recommended), Windows 10+, or Linux |
| Node.js | 18+ (for Claude Code) |
| Python | 3.10+ (for scanning tools) |
| Git | For cloning target repos |
| RAM | 8 GB minimum |
| Internet | Stable (required for API calls and heartbeats) |
Open Claude Code. Ask for available targets or run owlhunt new URL --wp for a WordPress plugin.
Read the code. Look for AJAX handlers, REST endpoints, SQL queries, file operations. Trace data flows from user input to dangerous sinks.
Use Claude Code + owlhunt scan-ast. Set up a test lab (owlhunt lab-up). Write a PoC. Confirm it works.
Use owlhunt add to register, then owlhunt submit to send to the platform.
file:line → file:line → sink@muravey.app email. Details during onboarding.| Fixed salary | ¥4,000 CNY/month (~$550) — guaranteed monthly payment |
| KPI bonus | Performance-based percentage calculated monthly based on findings, severity, acceptance rate |
| Payout | PayPal, bank transfer, or crypto — arranged individually |
| Timing | Salary: monthly. Bonuses: after platform pays (7–30 days after acceptance) |
| Tracking | Every submission recorded with platform ID, amount, dual-signature |
| LLM costs | Paid by the team. Default $3/day budget, configurable up to $50/day |
owlhunt add and submit via owlhunt submit. No side-channel submissions.owlhunt submit.Apply now. Get approved. Start finding bugs and earning money.
Apply to Join the Team