For hunters tired
of dead ends.

Argus picks your target, hunts with you in the terminal, and checks every finding against the program's real triage history.

~/argus — waitlist.sh
argus init --waitlist
> enter email to join the waitlist:

# we'll email you once early access opens.

──

WHAT IT DOES

plan.sh
argus plan
? skills:
   web, idor, ssrf
? hours/week: 8
analyzing scope...
scoring 142 endpoints...
# target picked:
▸ acme.com/api/v3
# plan:
1. enum subdomains
2. map auth flows
3. probe IDOR on /orders
4. test webhook SSRF
workspace.sh
argus workspace open
spinning up sandbox...
subfinder v2.6.4
httpx v1.6.8
nuclei v3.3.0
ffuf v2.1.0
caido + plugins
last session restored
# ready in 3s
>
validate.sh
argus validate ./finding.md
parsing PoC...
checking impact...
cross-ref dupes...
# verdict:
▲ NEEDS-MORE-EVIDENCE
- impact: low without auth bypass
- try: chain w/ session fixation
- est. severity: medium
- dupe risk: low
# don't submit yet.
──

$ ARGUS DIAGNOSE --YOU

[01] 40 hours of tutorials in. zero bugs found.
# symptoms
portswigger academy done. 12 youtube playlists watched. you still don't know what to do on a real program at 9pm on a tuesday.
# fix
argus replaces the next tutorial with a real workflow — a target picked for your level, a plan for that specific app, tools already loaded. you start hunting in minutes, not months.
[02] every endpoint you find has been hunted by 1,000 others
# symptoms
the obvious targets are picked clean. automated scanners and the top 1% have farmed every login flow and api endpoint worth looking at. you're competing for crumbs.
# fix
argus scores programs by saturation and points you at the corners the scanners and pros skip — niche flows, recent scope additions, programs without an army of hunters already on them.
[03] spent 4 hours on a "bug" that wasn't a bug
# symptoms
a weird response, a hunch, a rabbit hole. you wrote up the PoC. triage closed it as informational. it was confirmation bias the whole time.
# fix
the validator checks your finding against the program's real triage history — accepted reports, rejected reports, common dupe patterns. you find out it's not a bug *before* you spend the afternoon writing it up.
[04] 6 months in. no idea if you're getting better.
# symptoms
some weeks you find things, some weeks you don't. you can't tell if you're improving, plateauing, or just lucky. progress feels like vibes.
# fix
every hunt is logged — targets picked, time spent, findings, validator scores, outcomes. you see what's actually moving the needle and what's burning your evenings.
──

$ MAN ARGUS

man(1) argus
who is this for?

hunters who've done a few CTFs or labs but haven't landed paid bounties consistently. if you can read burp output but get stuck deciding what to actually try, this is for you.

how much does argus do vs. me?

argus picks the target, runs the recon alongside you, and checks every finding against the program's triage history. you make the calls. what's worth digging into, what to escalate, what to submit. it's a co-pilot, not an autopilot.

which platforms does it support?

hackerone and bugcrowd at launch. intigriti soon after. you can also point it at any program with a public scope file.

what does it cost?

free for early access. pricing TBD — likely a flat monthly with a generous free tier.

when does it open?

rolling invites starting soon. waitlist gets first access.

early access is opening soon. drop your email, we'll be in touch.