Logic Hunter v1.1: A Bug Bounty Logic Framework

A Simple Tool for Finding Logic Bugs Without Losing Your Mind

By: NeanderPaul

What it is: A framework + CLI tool for Bug Bounty Hunting

Status: Actively used and evolving

What Is Logic Hunter?

Logic Hunter is a tool I built to help me find logic bugs without losing track of my train of thought.

When you’re hunting things like IDORs, auth bypasses, broken workflows, or transaction abuse, the hard part usually isn’t sending requests. The hard part is remembering:

• what you tested,

• Why did you test it?

• what assumptions you were checking,

• and what happened.

Logic Hunter gives that process structure. It doesn’t scan anything, it doesn’t find bugs for you, and it doesn’t try to be clever. It just helps you think clearly and record what you’re doing while you hunt.

Why This Exists

Most modern systems don’t fall apart because of obvious bugs anymore. The interesting issues come from logic:

• users doing things out of order,

• repeating actions that were meant to happen once,

• accessing objects, they technically shouldn’t,

• or workflows that break when real people use them in weird ways.

These bugs are easy to miss and hard to keep straight in your head. Logic Hunter exists to slow you down just enough to catch them and write them down properly.

How Logic Hunter Is Organized

Logic Hunter is a command-line tool that stores everything on disk as plain text. There’s nothing hidden, and nothing abstracted away.

Hunts

A hunt is just a folder for one target.

One app, one API, one system, one hunt.

When you create a hunt, Logic Hunter makes a directory and a place to store findings. That’s it. This keeps you from mixing notes between targets and helps you stay focused on one thing at a time.

Playbooks

A playbook is a set of questions for a specific type of logic bug.

For example:

• IDOR

• Auth or authorization bypass

• Workflow abuse

• Transaction and entitlement abuse

Each playbook asks you the kinds of questions you’d normally think about anyway, like:

• what object is being accessed,

• what controls access to it,

• What happens if you change or repeat something?

• and what the real impact would be.

The playbooks don’t tell you what to find. They just stop you from skipping steps or forgetting obvious checks.

Findings

A “Finding” is one idea you tested.

When you add a finding, Logic Hunter walks you through the playbook questions one by one. You type what you observed in your own words. Nothing is reformatted or normalized.

Each finding is saved as a numbered text file that includes:

• which playbook you used,

• who wrote it,

• when it was recorded,

• the severity you chose,

• and all of your answers.

This creates a clear record of how you were thinking at the time.

Severity

You decide the severity yourself using simple guidance:

• Low: interesting but no real impact

• Medium: limited abuse, no real profit

• High: financial or entitlement impact

• Critical: repeatable profit or serious system failure

There are no scoring systems and no math. Context matters more than numbers.

Reviewing and Exporting

You can list findings, read them exactly as you wrote them, delete them if needed, and export an entire hunt to Markdown.

The export is ready to drop into a report, a submission, or an archive without having to rewrite everything later.

What Logic Hunter Is (and Is Not)

Logic Hunter is:

• A thinking aid

• a structured notebook

• A way to keep logic hunting disciplined

Logic Hunter is not:

• A vulnerability scanner

• an automated exploitation tool

• a replacement for skill or experience

It assumes you already know how to test systems. It just helps you do it more cleanly.

When It’s Useful

Logic Hunter works best when you’re dealing with:

• logic and business-rule bugs

• authorization edge cases

• API workflows

• games, platforms, or economies

• systems where "nothing obvious is broken."

If you’ve ever found a bug and thought, “I need to write this down before I forget how I got here,” this tool is for that moment.

RevLab Context

Logic Hunter is part of RevLab’s broader R&D work: building tools and frameworks that come from real use, not theory. It exists because this is how I hunt, just made repeatable and less chaotic.

Logic Hunter v1 is intentionally simple. If it ever feels complicated, it’s probably doing the wrong thing.