BugBounty

Provides a multi-tool MCP server for comprehensive bug bounty and web security testing via natural language prompts.
  • python

13

GitHub Stars

python

Language

6 months ago

First Indexed

2 months ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "gokulapap-bugbounty-mcp-server": {
      "command": "docker",
      "args": [
        "exec",
        "-i",
        "bugbounty-mcp-server",
        "bugbounty-mcp",
        "serve"
      ],
      "env": {
        "PATH": "<PATH>",
        "LOG_LEVEL": "INFO",
        "DOCKER_HOST": "UNSPECIFIED",
        "GITHUB_TOKEN": "your_github_token",
        "SHODAN_API_KEY": "your_shodan_api_key",
        "VIRUSTOTAL_API_KEY": "your_virustotal_api_key"
      }
    }
  }
}

The BugBounty MCP Server enables natural language conversations with an LLM to drive a comprehensive security testing workflow. It aggregates a broad set of reconnaissance, scanning, vulnerability assessment, web application, network security, OSINT, exploitation, and reporting capabilities into an MCP (Model Context Protocol) interface so you can orchestrate security testing from conversational prompts.

How to use

You interact with the BugBounty MCP Server through an MCP client that connects via stdio (local process I/O) or via an HTTP endpoint. Start the server using one of the provided startup methods, then issue high-level security testing requests. Begin with a reconnaissance plan to map subdomains and services, then progressively run scanning and vulnerability assessment tools, and finally generate a comprehensive report. The system exposes 92+ security testing tools, so you can request targeted checks (for example subdomain discovery, port scanning, and SQL injection checks) or broader comprehensive assessments. Use natural language prompts to guide the toolchain, and let the MCP client surface the results in your preferred format.

How to install

Prerequisites you need before installation are Python and Git, plus Docker if you want containerized deployment.

# Prerequisites
python3 --version
git --version
docker --version
# Native installation flow (recommended if you are not using Docker)

# 1) Clone the project
git clone https://github.com/gokulapap/bugbounty-mcp-server.git
cd bugbounty-mcp-server

# 2) Run the installer script if you prefer automatic setup
chmod +x run.sh
./run.sh serve
# If you prefer a pure Python environment setup
python3 -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate
pip install -r requirements.txt
pip install -e .
# External security tools can be installed optionally (examples shown)
# On Ubuntu/Debian
sudo apt update
sudo apt install nmap masscan nikto dirb sqlmap

# On macOS with Homebrew
brew install nmap masscan nikto dirb sqlmap

# Install Go-based tools
go install github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest

Additional sections

Configuration, security considerations, troubleshooting tips, and example usage patterns are provided below to help you tailor the MCP server to your testing environment.

Configuration and usage notes

MCP integration supports both local stdio commands and Docker-based execution paths. The following startup options are available.

  1. Docker-based startup via stdio (recommended for integration with Claude Desktop or similar clients): use Docker to execute the MCP server inside the container. This runs the MCP process in the host via docker exec and exposes the serve command through the MCP interface.

  2. Native startup via stdio: run the local script to start the MCP server in your environment.

Security and best practices

Operate only on targets you are authorized to test. Respect rate limits to avoid disrupting services. Enable safe mode and target whitelisting where available, and keep comprehensive audit logs for accountability.

Troubleshooting

If the server does not start, verify that the selected startup method is accessible and executable. Check container health or script permissions, and inspect the logs for errors. Ensure required environment variables are correctly loaded from the environment file or command line.

Notes and examples

To reference common tool coverage, you can prompt the MCP to run reconnaissance (subdomain checks, DNS analysis, and WAF detection), followed by scanning (port and web directory discovery), vulnerability assessment (SQLi, XSS, and CSRF checks), and web application testing (API and input validation). The system supports exporting findings and producing remediation plans.

Available tools

Subdomain Enumeration

Passive and active subdomain discovery and enumeration to map the target’s presence on the internet.

DNS Enumeration

Comprehensive analysis of DNS records to reveal domain configurations and exposure.

WHOIS Lookup

Query domain registration information to identify ownership and registration details.

Certificate Transparency

Analyze SSL certificate logs for anomalies and exposure.

Google Dorking

Automated search engine reconnaissance to uncover publicly exposed information.

Shodan Integration

Query Shodan for internet-facing devices and services.

GitHub Reconnaissance

Analyze code repositories for sensitive information and exposure.

Archive.org Search

Historical site analysis to track changes and legacy assets.

Technology Detection

Fingerprint web technologies and stacks used by the target.

Social Media Search

OSINT gathering across social platforms for contextual info.

Email Enumeration

Discover email addresses associated with the target.

Reverse DNS

Resolve IPs back to hostnames to map infrastructure.

WAF Detection

Identify presence and characteristics of Web Application Firewalls.

Port Scanning

Comprehensive network port analysis to reveal open services.

Service Enumeration

Fingerprint services to identify software and versions.

Web Directory Scanning

Discover hidden files and directories on web servers.

Web Crawling

Automated exploration of the target site to map pages.

Parameter Discovery

Identify hidden or undocumented parameters and inputs.

Subdomain Takeover

Detect potential subdomain takeover risks.

SSL/TLS Analysis

Assess certificate validity and configuration security.

CMS Scanning

Analyze WordPress/Drupal/Joomla and similar CMS deployments.

JavaScript Analysis

Review client-side code for security flaws.

HTTP Methods Testing

Test HTTP methods for improper handling and exposure.

CORS Analysis

Evaluate cross-origin resource sharing configurations.

Security Headers

Analyze HTTP security headers for best practice exposure.

Nuclei Integration

Run vulnerability templates from the Nuclei engine.

Fuzzing

Provide input fuzzing to test input validation and error handling.

API Endpoint Discovery

Identify REST/GraphQL/SOAP endpoints and assess exposure.

SQL Injection Testing

Automated checks for SQL injection vulnerabilities.

XSS Testing

Assess cross-site scripting risks in inputs and parameters.

Command Injection

Test OS command execution paths for vulnerability.

File Inclusion (LFI/RFI)

Analyze path traversal weaknesses in file inclusion.

XXE Testing

Detect XML external entity vulnerabilities.

SSRF Testing

Check server-side request forgery risks.

IDOR Testing

Identify insecure direct object references.

CSRF Testing

Evaluate protection against cross-site request forgery.

Authentication Bypass

Test login mechanisms for bypass possibilities.

Privilege Escalation

Assess permission boundaries and elevation paths.

JWT Security

Analyze JSON Web Token handling and protection.

Session Management

Evaluate session creation, storage, and invalidation.

Race Condition

Detect concurrency-related vulnerabilities.

Business Logic

Identify weaknesses in workflow logic and controls.

Deserialization

Detect unsafe object handling during deserialization.

Access Control Testing

Test authorization boundaries and access controls.

Security Misconfiguration

Find misconfigurations in deployed systems.

Sensitive Data Exposure

Detect leakage of passwords, tokens, and secrets.

API Security Testing

Assess REST/GraphQL API security and controls.

File Upload Security

Validate file upload handling and content validation.

Input Validation

Check data sanitization and parameter validation.

Cookie Security

Assess session cookies for security flaws.

WebSocket Security

Test real-time communication channels.

GraphQL Security

Evaluate GraphQL queries for vulnerabilities.

Error Handling Analysis

Identify information leakage through errors.

Network Discovery

Identify live hosts and reachable devices.

Firewall Detection

Detect firewall presence and behavior.

Load Balancer Detection

Identify load balancers and distribution methods.

CDN Detection

Detect content delivery networks in use.

Proxy Detection

Identify intermediary proxies between you and the target.

Routing Analysis

Examine network paths to reach the target.

Bandwidth Testing

Measure network throughput and performance.

Wireless Security

Assess WiFi security and configuration.

Network Sniffing

Capture and analyze network traffic.

Lateral Movement

Explore internal network movement tactics.

Person Investigation

Background research on individuals related to the target.

Company Investigation

Corporate intelligence gathering about organizations.

Dark Web Monitoring

Watch for dark web indicators related to the target.

Data Breach Checking

Check for leaked credentials and breach exposure.

Social Media Investigation

Profile research across social platforms.

Paste Site Monitoring

Monitor paste sites for leaked information.

Code Repository Search

Search code repositories for sensitive information.

Geolocation Investigation

Determine physical presence and geolocation cues.

Threat Intelligence

IoC analysis and attribution for threat actors.

Metadata Extraction

Extract metadata from documents and files.

Exploit Search

Query vulnerability databases for known exploits.

Payload Generation

Create custom payloads for testing payload delivery.

Privilege Escalation

Explore paths to elevate access within systems.

Lateral Movement

Techniques to move laterally across an environment.

Persistence Mechanisms

Backdoor installation methods and persistence strategies.

Data Exfiltration

Techniques to extract data from targets.

Credential Dumping

Harvest credentials from systems.

Anti-Forensics

Techniques to hinder forensic analysis.

Evasion Techniques

Strategies to bypass security controls.

Social Engineering

Human-factor based testing and manipulation.

Vulnerability Reports

Comprehensive security assessment reports.

Executive Summaries

High-level business-focused summaries of findings.

Finding Tracking

Manage vulnerability lifecycles from discovery to remediation.

Metrics Dashboard

Visualize security KPIs and testing progress.

Data Export

Export results in JSON, CSV, or PDF formats.

Remediation Planning

Prioritize fixes and create remediation roadmaps.

Compliance Mapping

Assess alignment with security frameworks.

Risk Assessment

Evaluate business impact of identified risks.

Scan Comparison

Track historical trends across scans.

Proof of Concept

Document exploit steps and PoC details.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational