'%3e%3cpath%20d='M12.4997%201.33325C10.39%201.33325%208.32772%201.95884%206.5736%203.13091C4.81947%204.30298%203.4523%205.96888%202.64496%207.91796C1.83763%209.86704%201.62639%2012.0118%202.03797%2014.0809C2.44955%2016.15%203.46545%2018.0506%204.95721%2019.5424C6.44897%2021.0342%208.34959%2022.0501%2010.4187%2022.4616C12.4878%2022.8732%2014.6326%2022.662%2016.5816%2021.8546C18.5307%2021.0473%2020.1966%2019.6801%2021.3687%2017.926C22.5408%2016.1719%2023.1663%2014.1096%2023.1663%2011.9999C23.1663%209.17094%2022.0425%206.45783%2020.0422%204.45745C18.0418%202.45706%2015.3287%201.33325%2012.4997%201.33325ZM12.4997%2021.3333C10.6537%2021.3333%208.84922%2020.7859%207.31436%2019.7603C5.7795%2018.7347%204.58322%2017.2771%203.8768%2015.5716C3.17039%2013.8662%202.98555%2011.9896%203.34568%2010.1791C3.70581%208.36859%204.59473%206.70554%205.90002%205.40025C7.20531%204.09496%208.86835%203.20605%2010.6788%202.84592C12.4893%202.48579%2014.3659%202.67063%2016.0714%203.37704C17.7768%204.08346%2019.2345%205.27974%2020.2601%206.8146C21.2856%208.34945%2021.833%2010.154%2021.833%2011.9999C21.833%2014.4753%2020.8497%2016.8492%2019.0993%2018.5996C17.349%2020.3499%2014.975%2021.3333%2012.4997%2021.3333Z'%20fill='white'/%3e%3cpath%20d='M19.167%208.06667C19.042%207.9425%2018.8731%207.8728%2018.697%207.8728C18.5208%207.8728%2018.3519%207.9425%2018.227%208.06667L10.8269%2015.4333L6.82695%2011.4333C6.70495%2011.3016%206.53562%2011.2237%206.35621%2011.2169C6.1768%2011.21%206.00201%2011.2747%205.87028%2011.3967C5.73856%2011.5187%205.66069%2011.688%205.65382%2011.8674C5.64694%2012.0468%205.71162%2012.2216%205.83362%2012.3533L10.8269%2017.3333L19.167%209.01333C19.2294%208.95136%2019.279%208.87762%2019.3129%208.79638C19.3467%208.71514%2019.3642%208.62801%2019.3642%208.54C19.3642%208.45199%2019.3467%208.36485%2019.3129%208.28361C19.279%208.20237%2019.2294%208.12864%2019.167%208.06667Z'%20fill='white'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_2790_31187'%3e%3crect%20width='24'%20height='24'%20fill='white'%20transform='translate(0.5)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
At HackenProof, we believe that some of the most valuable security knowledge is created inside the hacker community itself. This belief is reflected in our ongoing series of guest articles, where security researchers from our community share practical insights, practical knowledge, and real-world lessons from their work in smart contract security, Web3 development, and bug bounty research. By publishing hacker-authored content, we aim to make expert-level security knowledge more accessible and to support continuous learning across the broader Web3 security ecosystem.
We regularly curate and publish the strongest technical articles based on their educational value, technical depth, and relevance to real security challenges. Authors whose work is published on the HackenProof blog receive the Star Author achievement, recognizing their contribution to knowledge sharing and community growth.
Read the article, explore the ideas, and share your thoughts with the community — and if you have expertise to share, this could be your first step toward becoming our next Star Author.
Introduction
This article was written by Zakaria Eddafri (@GallopingMrOwl) – an ethical hacker who began his journey with nothing more than an Android phone. His path on HackenProof started on October 1, 2019. Now he has 61 paid reports, and this is his third article on our blog. Check his latest article.
This article teaches complete beginners how to go from zero Python knowledge to building autonomous AI agents that automatically hunt for vulnerabilities in Web2 and Web3 targets. It walks through Python fundamentals, subprocess automation, HTTP testing, Web3 smart contract scanning, and LangChain ReAct agent construction. Instead of teaching security theory, it teaches how to build the tools that do the hunting for you.
The Elite Autonomous Agent Masterclass
“The best hackers don’t work harder. They build tools that work FOR them.”
Welcome, future elite. You clicked on this course because you saw an AI agent autonomously find a CRITICAL reentrancy vulnerability in a real smart contract. That wasn’t magic. That was Python + a ReAct loop + the right tools.
By the end of this course, you will:
- Write Python fluently
- Build scripts that automate Web2 & Web3 bug hunting
- Create your own autonomous AI agent with custom tools
- Understand MCP servers (the future of AI tool sharing)
No prior coding knowledge required. We start from absolute zero.
Let’s go.
MODULE 1: Python — Your New Superpower
“Every hacker tool you admire — Burp Suite extensions, Nuclei templates, Slither, Foundry scripts — they’re all built by people who learned exactly what you’re about to learn.”
Python is the #1 language for hacking, automation, and AI. Not because it’s the fastest, but because it’s the most readable and has the most libraries. Let’s master the basics.
1.1 — Variables: Storing Information
A variable is just a name for a piece of data. Think of it as a label on a box.
Exercise 1.1
Run it: python3 basics.py. You just wrote your first recon report!
Pro Tip: The `f"..."` syntax is called an f-string. It lets you inject variables directly into text. You will use this EVERYWHERE in hacking scripts.
1.2 — Lists: Collections of Things
A list holds multiple items in order. Think of it as your target list.
Exercise 1.2
1.3 — Dictionaries: Labeled Data
A dictionary stores data as key: value pairs. Think of it as a JSON object (because it literally IS one).
Exercise 1.3
1.4 — Loops: Doing Things Repeatedly
Loops let you automate repetitive actions. This is the core of scripting.
The for Loop (When you know how many times)
The while Loop (When you DON’T know how many times)
Exercise 1.4
1.5 — Functions: Reusable Blocks of Code
A function is a block of code you can call by name. This is the #1 most important concept for building AI agents, because every tool an agent uses IS a function.
Why Type Hints Matter (: str and > str)
KEY INSIGHT: When you later use @tool to give a function to an AI agent, LangChain reads the type hints (: str, -> str) AND the docstring ("""...""") to tell the LLM exactly what the function does. If you skip these, the AI will be blind.
Exercise 1.5
1.6 — Conditionals: Making Decisions
MODULE 1 FINAL CHALLENGE
“If you can build this, you’re ready for Module 2.”
Build a script called recon_report.py that:
- Creates a list of 3 target contracts
- Loops through each one
- Assigns a random severity score (1–10)
- Prints a formatted report
Run it: python3 recon_report.py
If that runs and you understand every line, congratulations — you have the Python foundation to build AI agents. Let’s level up.
MODULE 2: Python for Hackers — Talking to the Real World
“A Python script that can’t touch the terminal, read files, or make HTTP requests is useless. In this module, you give Python its HANDS.”
2.1 — Subprocess: Running Terminal Commands from Python
This is the MOST IMPORTANT skill for building AI agents. subprocess is how you make Python run grep, gfunc, nmap, curl, or ANY terminal command.
Making it Safe (CRITICAL for Agents!)
KEY INSIGHT: The safe_run() function above is essentially the EXACT skeleton of every tool in our agent.py. The three things that make it production-ready are: try/except, timeout, and output truncation.
Exercise 2.1
2.2 — HTTP Requests: Talking to APIs and Websites
Bug bounty hunters live on HTTP. The requests library lets you send GET, POST, PUT, DELETE requests from Python.
Sending POST requests (like submitting a form)
Exercise 2.2: Build a Header Scanner
2.3 — File I/O: Reading and Writing Files
Agents need to read smart contract files and write reports. File handling is essential.
Exercise 2.3: Build a Contract Scanner
MODULE 2 FINAL CHALLENGE
“Combine everything. Build a mini recon tool.”
Build web_recon.py:
You now have Python skills that directly translate to bug bounty hunting. Time to apply them.
MODULE 3: Web2 Bug Hunting with Python
“Every time you manually test something twice, you should have automated it the first time.”
3.1 — Directory Bruteforcing
3.2 — API Endpoint Testing
3.3 — Parameter Fuzzing
MODULE 4: Building Web3 Security Tools
“Smart contracts are just programs. And programs have bugs. Let’s find them.”
4.0 — Introduction to gfunc: Your Static Analysis Companion
Before diving into Python automation, let’s introduce gfunc — a powerful static analysis tool that you’ll use throughout this module and the next.
What is gfunc?
gfunc is a universal function call graph tool that analyzes multiple programming languages, including Solidity, Rust, Move, and Go. It can:
- Extract complete function bodies with dependencies
- Generate call graphs showing which functions call which
- Slice code to show data flows
- Find function definitions across multiple files
For this course, we’ll focus on its Solidity analysis capabilities, but know that the same tool works across different blockchain languages!
Installation
Alternatively, download pre-built binaries from the releases page.
Basic Usage
Example Output
KEY INSIGHT: gfunc gives you deterministic code extraction. Unlike an LLM which might hallucinate code, gfunc reads the actual source files and returns exactly what’s there. This is why it’s perfect for AI agents — the AI can trust the output completely.
Now let’s automate gfunc with Python!
4.1 — Grep-Based Vulnerability Scanner
The fastest way to find bugs? Search for dangerous patterns.
CRITICAL INSIGHT: Everything grep finds is a starting point, not proof of a vulnerability. A function using .call() might be perfectly safe if it follows Checks-Effects-Interactions. Always verify manually before reporting.
Exercise 4.1
Add 3 more patterns to SECURITY_PATTERNS:
"Uninitialized Storage":r"storage.*;\\n.*function""Magic Numbers":r"[0-9]{4,}""TODO Comments":r"TODO""FIXME Comments":r"FIXME"
4.2 — Wrapping gfunc as a Python Tool
This is how we turn your custom gfunc binary into a Python function that an AI can use:
KEY INSIGHT: This exact function, with @tool added on top, is what gives the AI agent the power to read code deterministically. The AI calls this function, reads the output, and reasons about it. No hallucination possible.
MODULE 5: Building Autonomous AI Agents
“This is where everything comes together. You’ve been training. Now you build the machine.”
5.1 — What IS an Agent?
An agent is an LLM (like GPT-4, Claude, or Qwen) that has been given tools (Python functions) and a reasoning loop (ReAct).
| Component | What It Does | Our Example |
|---|---|---|
Brain | The LLM that thinks |
|
Tools | Python functions the LLM can call |
|
Loop | Forces Thought → Action → Observation | LangGraph’s |
Prompt | Instructions that guide behavior | “You are a security auditor…” |
5.2 — Building It Step by Step
Step 1: Install
Step 2: Define Your Tools
Step 3: Connect the Brain
Step 4: Write the System Prompt
Step 5: Create the Agent Loop
That’s it. You just built an autonomous AI security agent. 🎉
MODULE 5 FINAL CHALLENGE
“Customize the agent. Make it YOURS.”
- Add a NEW tool:
list_contracts()— Lists all.solfiles incontracts/ - Add a NEW tool:
count_lines(filepath)— Returns the line count of a file - Modify the system prompt to also check for “flash loan attacks”
- Run the agent against a real project
MODULE 6: The MCP Server (The Final Boss)
“Your AI tools are incredible. But they only work inside your Python script. What if Claude Desktop, Cursor, or ANY AI could use them? That’s MCP.”
What is MCP?
MCP (Model Context Protocol) is a universal standard that lets AI apps connect to your tools over a local socket.
| Feature | @tool (What we built) | MCP Server |
|---|---|---|
Works in | Only your | Claude Desktop, Cursor, any MCP client |
Setup | 1 line ( | Requires a server process |
Sharing | Copy the Python file | Connect via URL/stdio |
Best for | Quick prototyping | Production tool sharing |
Building a Basic MCP Server (Python FastMCP)
Now, Claude Desktop or Cursor can connect to this server and use your gfunc tool natively!
GRADUATION
“You started this course not knowing what a variable was. Now you can build autonomous AI agents that hunt bugs in smart contracts. That’s not learning. That’s evolution.”
What you built:
- Python scripts that automate Web2 recon (headers, directories, parameters)
- Python scripts that automate Web3 auditing (grep patterns, gfunc integration)
- A full ReAct AI agent that autonomously finds vulnerabilities
- Understanding of MCP servers for universal tool sharing
What’s next:
- Drop REAL bug bounty targets into your
contracts/cage - Add more tools (Slither, Mythril, Foundry test runners)
- Build MCP servers so you can use your tools everywhere
- Hunt bugs. Earn bounties. Build your reputation.
“The best time to start was yesterday. The second best time is right now.”
Go get it.
