- Home
- MCP servers
- BugBounty
BugBounty
- python
13
GitHub Stars
python
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"gokulapap-bugbounty-mcp-server": {
"command": "docker",
"args": [
"exec",
"-i",
"bugbounty-mcp-server",
"bugbounty-mcp",
"serve"
],
"env": {
"PATH": "<PATH>",
"LOG_LEVEL": "INFO",
"DOCKER_HOST": "UNSPECIFIED",
"GITHUB_TOKEN": "your_github_token",
"SHODAN_API_KEY": "your_shodan_api_key",
"VIRUSTOTAL_API_KEY": "your_virustotal_api_key"
}
}
}
}The BugBounty MCP Server enables natural language conversations with an LLM to drive a comprehensive security testing workflow. It aggregates a broad set of reconnaissance, scanning, vulnerability assessment, web application, network security, OSINT, exploitation, and reporting capabilities into an MCP (Model Context Protocol) interface so you can orchestrate security testing from conversational prompts.
How to use
You interact with the BugBounty MCP Server through an MCP client that connects via stdio (local process I/O) or via an HTTP endpoint. Start the server using one of the provided startup methods, then issue high-level security testing requests. Begin with a reconnaissance plan to map subdomains and services, then progressively run scanning and vulnerability assessment tools, and finally generate a comprehensive report. The system exposes 92+ security testing tools, so you can request targeted checks (for example subdomain discovery, port scanning, and SQL injection checks) or broader comprehensive assessments. Use natural language prompts to guide the toolchain, and let the MCP client surface the results in your preferred format.
How to install
Prerequisites you need before installation are Python and Git, plus Docker if you want containerized deployment.
# Prerequisites
python3 --version
git --version
docker --version
# Native installation flow (recommended if you are not using Docker)
# 1) Clone the project
git clone https://github.com/gokulapap/bugbounty-mcp-server.git
cd bugbounty-mcp-server
# 2) Run the installer script if you prefer automatic setup
chmod +x run.sh
./run.sh serve
# If you prefer a pure Python environment setup
python3 -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
pip install -r requirements.txt
pip install -e .
# External security tools can be installed optionally (examples shown)
# On Ubuntu/Debian
sudo apt update
sudo apt install nmap masscan nikto dirb sqlmap
# On macOS with Homebrew
brew install nmap masscan nikto dirb sqlmap
# Install Go-based tools
go install github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
Additional sections
Configuration, security considerations, troubleshooting tips, and example usage patterns are provided below to help you tailor the MCP server to your testing environment.
Configuration and usage notes
MCP integration supports both local stdio commands and Docker-based execution paths. The following startup options are available.
-
Docker-based startup via stdio (recommended for integration with Claude Desktop or similar clients): use Docker to execute the MCP server inside the container. This runs the MCP process in the host via docker exec and exposes the serve command through the MCP interface.
-
Native startup via stdio: run the local script to start the MCP server in your environment.
Security and best practices
Operate only on targets you are authorized to test. Respect rate limits to avoid disrupting services. Enable safe mode and target whitelisting where available, and keep comprehensive audit logs for accountability.
Troubleshooting
If the server does not start, verify that the selected startup method is accessible and executable. Check container health or script permissions, and inspect the logs for errors. Ensure required environment variables are correctly loaded from the environment file or command line.
Notes and examples
To reference common tool coverage, you can prompt the MCP to run reconnaissance (subdomain checks, DNS analysis, and WAF detection), followed by scanning (port and web directory discovery), vulnerability assessment (SQLi, XSS, and CSRF checks), and web application testing (API and input validation). The system supports exporting findings and producing remediation plans.
Available tools
Subdomain Enumeration
Passive and active subdomain discovery and enumeration to map the target’s presence on the internet.
DNS Enumeration
Comprehensive analysis of DNS records to reveal domain configurations and exposure.
WHOIS Lookup
Query domain registration information to identify ownership and registration details.
Certificate Transparency
Analyze SSL certificate logs for anomalies and exposure.
Google Dorking
Automated search engine reconnaissance to uncover publicly exposed information.
Shodan Integration
Query Shodan for internet-facing devices and services.
GitHub Reconnaissance
Analyze code repositories for sensitive information and exposure.
Archive.org Search
Historical site analysis to track changes and legacy assets.
Technology Detection
Fingerprint web technologies and stacks used by the target.
Social Media Search
OSINT gathering across social platforms for contextual info.
Email Enumeration
Discover email addresses associated with the target.
Reverse DNS
Resolve IPs back to hostnames to map infrastructure.
WAF Detection
Identify presence and characteristics of Web Application Firewalls.
Port Scanning
Comprehensive network port analysis to reveal open services.
Service Enumeration
Fingerprint services to identify software and versions.
Web Directory Scanning
Discover hidden files and directories on web servers.
Web Crawling
Automated exploration of the target site to map pages.
Parameter Discovery
Identify hidden or undocumented parameters and inputs.
Subdomain Takeover
Detect potential subdomain takeover risks.
SSL/TLS Analysis
Assess certificate validity and configuration security.
CMS Scanning
Analyze WordPress/Drupal/Joomla and similar CMS deployments.
JavaScript Analysis
Review client-side code for security flaws.
HTTP Methods Testing
Test HTTP methods for improper handling and exposure.
CORS Analysis
Evaluate cross-origin resource sharing configurations.
Security Headers
Analyze HTTP security headers for best practice exposure.
Nuclei Integration
Run vulnerability templates from the Nuclei engine.
Fuzzing
Provide input fuzzing to test input validation and error handling.
API Endpoint Discovery
Identify REST/GraphQL/SOAP endpoints and assess exposure.
SQL Injection Testing
Automated checks for SQL injection vulnerabilities.
XSS Testing
Assess cross-site scripting risks in inputs and parameters.
Command Injection
Test OS command execution paths for vulnerability.
File Inclusion (LFI/RFI)
Analyze path traversal weaknesses in file inclusion.
XXE Testing
Detect XML external entity vulnerabilities.
SSRF Testing
Check server-side request forgery risks.
IDOR Testing
Identify insecure direct object references.
CSRF Testing
Evaluate protection against cross-site request forgery.
Authentication Bypass
Test login mechanisms for bypass possibilities.
Privilege Escalation
Assess permission boundaries and elevation paths.
JWT Security
Analyze JSON Web Token handling and protection.
Session Management
Evaluate session creation, storage, and invalidation.
Race Condition
Detect concurrency-related vulnerabilities.
Business Logic
Identify weaknesses in workflow logic and controls.
Deserialization
Detect unsafe object handling during deserialization.
Access Control Testing
Test authorization boundaries and access controls.
Security Misconfiguration
Find misconfigurations in deployed systems.
Sensitive Data Exposure
Detect leakage of passwords, tokens, and secrets.
API Security Testing
Assess REST/GraphQL API security and controls.
File Upload Security
Validate file upload handling and content validation.
Input Validation
Check data sanitization and parameter validation.
Cookie Security
Assess session cookies for security flaws.
WebSocket Security
Test real-time communication channels.
GraphQL Security
Evaluate GraphQL queries for vulnerabilities.
Error Handling Analysis
Identify information leakage through errors.
Network Discovery
Identify live hosts and reachable devices.
Firewall Detection
Detect firewall presence and behavior.
Load Balancer Detection
Identify load balancers and distribution methods.
CDN Detection
Detect content delivery networks in use.
Proxy Detection
Identify intermediary proxies between you and the target.
Routing Analysis
Examine network paths to reach the target.
Bandwidth Testing
Measure network throughput and performance.
Wireless Security
Assess WiFi security and configuration.
Network Sniffing
Capture and analyze network traffic.
Lateral Movement
Explore internal network movement tactics.
Person Investigation
Background research on individuals related to the target.
Company Investigation
Corporate intelligence gathering about organizations.
Dark Web Monitoring
Watch for dark web indicators related to the target.
Data Breach Checking
Check for leaked credentials and breach exposure.
Social Media Investigation
Profile research across social platforms.
Paste Site Monitoring
Monitor paste sites for leaked information.
Code Repository Search
Search code repositories for sensitive information.
Geolocation Investigation
Determine physical presence and geolocation cues.
Threat Intelligence
IoC analysis and attribution for threat actors.
Metadata Extraction
Extract metadata from documents and files.
Exploit Search
Query vulnerability databases for known exploits.
Payload Generation
Create custom payloads for testing payload delivery.
Privilege Escalation
Explore paths to elevate access within systems.
Lateral Movement
Techniques to move laterally across an environment.
Persistence Mechanisms
Backdoor installation methods and persistence strategies.
Data Exfiltration
Techniques to extract data from targets.
Credential Dumping
Harvest credentials from systems.
Anti-Forensics
Techniques to hinder forensic analysis.
Evasion Techniques
Strategies to bypass security controls.
Social Engineering
Human-factor based testing and manipulation.
Vulnerability Reports
Comprehensive security assessment reports.
Executive Summaries
High-level business-focused summaries of findings.
Finding Tracking
Manage vulnerability lifecycles from discovery to remediation.
Metrics Dashboard
Visualize security KPIs and testing progress.
Data Export
Export results in JSON, CSV, or PDF formats.
Remediation Planning
Prioritize fixes and create remediation roadmaps.
Compliance Mapping
Assess alignment with security frameworks.
Risk Assessment
Evaluate business impact of identified risks.
Scan Comparison
Track historical trends across scans.
Proof of Concept
Document exploit steps and PoC details.