What are the requirements for Bug Bounty MCP Server?

Bug Bounty MCP Server requires a compatible MCP client such as Claude Desktop, Claude Code, or Cursor. No additional environment variables are needed for basic setup.

Is Bug Bounty MCP Server free to use?

Yes, Bug Bounty MCP Server is open source and free to use. You can find the source code on GitHub.

What MCP clients support Bug Bounty MCP Server?

Bug Bounty MCP Server works with any MCP-compatible client including Claude Desktop (Anthropic's official desktop app), Claude Code (CLI tool), Cursor, and other editors with MCP support.

How do I configure Bug Bounty MCP Server?

Configure Bug Bounty MCP Server by adding it to your MCP client's config file. For Claude Desktop, edit claude_desktop_config.json and add the server configuration. See the Configuration section above for a ready-to-use example.

Bug Bounty MCP Server

Q: What tools does Bug Bounty MCP Server provide?

subdomain_enum: Fast subdomain discovery using subfinder.. advanced_subdomain_enum: Advanced subdomain enumeration using amass.. web_crawl: Web crawling using gospider and katana.. nuclei_scan: Comprehensive vulnerability scanning.. generate_report: Generate comprehensive findings reports..

Q: How do I install Bug Bounty MCP Server?

Install Bug Bounty MCP Server by running: git clone https://github.com/akinabudu/bug-bounty-mcp.git && cd bug-bounty-mcp && ./setup.sh install

Local setup required. This server has to be cloned and prepared on your machine before you register it in Claude Code.

Set the server up locally

Run this once to clone and prepare the server before adding it to Claude Code.

Run in terminal

git clone https://github.com/akinabudu/bug-bounty-mcp.git
cd bug-bounty-mcp
./setup.sh install

Register it in Claude Code

After the local setup is done, run this command to point Claude Code at the built server.

Run in terminal

claude mcp add bug-bounty-mcp -- python "<FULL_PATH_TO_BUG_BOUNTY_MCP>/dist/index.js"

Replace <FULL_PATH_TO_BUG_BOUNTY_MCP>/dist/index.js with the actual folder you prepared in step 1.

README.md

Automated bug bounty hunting and security reconnaissance

Bug Bounty MCP Server

A comprehensive Model Context Protocol (MCP) server for automated bug bounty hunting and security reconnaissance.

🚀 Quick Start

# Clone and install
git clone https://github.com/akinabudu/bug-bounty-mcp.git
cd bug-bounty-mcp

# Complete installation (dependencies + 25+ security tools)
./setup.sh install

# Start the MCP server
./setup.sh start

✨ Features

28+ Security Tools - Comprehensive reconnaissance to vulnerability scanning
Automated Scope Validation - Never test out-of-scope targets
Multiple Platforms - HackerOne, Bugcrowd, Intigriti, YesWeHack support
Intelligent Caching - Avoid duplicate work with smart caching
Complete Audit Trail - Track all testing activities
Professional Reports - Generate detailed findings reports
Traffic Interception - Real-time HTTP/HTTPS traffic analysis with mitmproxy

🛠️ Available Tools

Management (5 tools)

Program management, scope validation, statistics

Reconnaissance (14 tools)

subdomain_enum - Fast subdomain discovery (subfinder)
advanced_subdomain_enum - Advanced enumeration (amass)
web_crawl - Web crawling (gospider + katana)
network_scan - Fast network scanning (masscan)
screenshot_recon - Visual reconnaissance (gowitness)
git_recon - Git repository and secret scanning
cloud_asset_enum - Cloud asset discovery (AWS/Azure/GCP)
cert_transparency_search - Certificate transparency logs
email_harvest - Email harvesting (theHarvester)
ldap_enum - LDAP/Active Directory enumeration
api_discovery - API endpoint discovery
port_scan - Port scanning with nmap
technology_detection - Web technology detection
dns_enumeration - DNS record discovery

Vulnerability Scanning (3 tools)

nuclei_scan - Comprehensive vulnerability scanning
xss_scan - Cross-Site Scripting detection
ssl_analysis - SSL/TLS configuration analysis

Fuzzing (2 tools)

path_fuzzing - Directory and file fuzzing
parameter_fuzzing - HTTP parameter fuzzing

Traffic Analysis (3 tools) NEW!

start_traffic_intercept - Start mitmproxy for traffic capture
analyze_traffic_flows - Analyze captured HTTP/HTTPS traffic
extract_api_endpoints - Extract API endpoints from traffic

Reporting (3 tools)

generate_report - Comprehensive reports
export_findings - Export in multiple formats
get_statistics - Detailed metrics

📋 Requirements

Python 3.8+
Go 1.19+ (for reconnaissance tools)
Linux/macOS (Ubuntu 20.04+ recommended)
4GB+ RAM, 10GB+ disk space

🔧 Installation Options

# Full installation
./setup.sh install

# Install dependencies only
./setup.sh install-deps

# Install reconnaissance tools only  
./setup.sh install-tools

# Setup configuration
./setup.sh setup

# Test installation
./setup.sh test

# Verify tools are working
./setup.sh verify

# Clean temporary files
./setup.sh clean

🎯 Usage Example

# 1. Add bug bounty program
await add_program(
    program_name="Example Corp",
    platform="hackerone", 
    scope_domains=["*.example.com"]
)

# 2. Comprehensive reconnaissance
subdomains = await advanced_subdomain_enum(
    program_id="example",
    domain="example.com",
    mode="passive"
)

# 3. Web application testing
crawl_data = await web_crawl(
    program_id="example",
    url="https://example.com",
    depth=3,
    js_analysis=True
)

# 4. Vulnerability scanning  
vulns = await nuclei_scan(
    program_id="example",
    target="https://example.com"
)

# 5. Generate professional report
report = await generate_report(
    program_id="example",
    scan_ids=["scan1", "scan2"],
    format="markdown"
)

📖 Documentation

For complete documentation, see DOCUMENTATION.md:

Installation Guide - Detailed setup instructions
Configuration - Program and tool configuration
Tool Reference - Complete tool documentation
Usage Examples - Real-world usage patterns
Troubleshooting - Common issues and solutions
Contributing - Development and contribution guide

🔒 Security & Ethics

Scope Validation: All tools automatically validate targets against program scope
Rate Limiting: Built-in rate limiting to avoid overwhelming targets
Audit Logging: Complete audit trail of all testing activities
Responsible Disclosure: Always follow program rules and responsible disclosure

⚠️ Important: This tool is for authorized security testing only. Always ensure you have proper authorization before testing any targets.

📁 Project Structure

bug-bounty-mcp/
├── src/bugbounty_mcp/     # Main source code
├── config/                # Configuration files
├── data/                  # Nuclei templates, payloads
├── reports/               # Generated reports and findings
├── logs/                  # Audit logs and debugging
├── cache/

Tools (5)

subdomain_enumFast subdomain discovery using subfinder.

advanced_subdomain_enumAdvanced subdomain enumeration using amass.

web_crawlWeb crawling using gospider and katana.

nuclei_scanComprehensive vulnerability scanning.

generate_reportGenerate comprehensive findings reports.

Configuration

claude_desktop_config.json

{"mcpServers": {"bug-bounty": {"command": "python", "args": ["/path/to/bug-bounty-mcp/src/main.py"]}}}

Try it

→Perform a passive subdomain enumeration for example.com under the program ID 'example'.

→Run a web crawl on https://example.com with a depth of 3 and JS analysis enabled.

→Execute a nuclei vulnerability scan against the target https://example.com.

→Generate a markdown report for the recent scans performed on the 'example' program.

Frequently Asked Questions

What are the key features of Bug Bounty MCP Server?

28+ security tools for reconnaissance and vulnerability scanning. Automated scope validation to ensure compliance with program rules. Support for multiple bug bounty platforms including HackerOne and Bugcrowd. Real-time HTTP/HTTPS traffic interception and analysis with mitmproxy. Professional report generation and detailed audit logging.

What can I use Bug Bounty MCP Server for?

Automating reconnaissance workflows for bug bounty hunters. Validating target scope before initiating security scans. Analyzing web application traffic to discover hidden API endpoints. Generating standardized security reports for bug bounty submissions.

How do I install Bug Bounty MCP Server?

Install Bug Bounty MCP Server by running: git clone https://github.com/akinabudu/bug-bounty-mcp.git && cd bug-bounty-mcp && ./setup.sh install

What MCP clients work with Bug Bounty MCP Server?

Bug Bounty MCP Server works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep Bug Bounty MCP Server docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.

Open Conare

View all other servers →

Bug Bounty MCP Server

Set the server up locally

Register it in Claude Code

Bug Bounty MCP Server

🚀 Quick Start

✨ Features

🛠️ Available Tools

Management (5 tools)

Reconnaissance (14 tools)

Vulnerability Scanning (3 tools)

Fuzzing (2 tools)

Traffic Analysis (3 tools) **NEW!**

Reporting (3 tools)

📋 Requirements

🔧 Installation Options

🎯 Usage Example

📖 Documentation

🔒 Security & Ethics

📁 Project Structure

Tools (5)

Configuration

Try it

Frequently Asked Questions

Turn this server into reusable context

Related MCP Servers

Traffic Analysis (3 tools) NEW!