Bug Bounty MCP Server
A comprehensive Model Context Protocol (MCP) server for automated bug bounty hunting and security reconnaissance.
๐ Quick Start
# Clone and install
git clone https://github.com/akinabudu/bug-bounty-mcp.git
cd bug-bounty-mcp
# Complete installation (dependencies + 25+ security tools)
./setup.sh install
# Start the MCP server
./setup.sh start
โจ Features
- 28+ Security Tools - Comprehensive reconnaissance to vulnerability scanning
- Automated Scope Validation - Never test out-of-scope targets
- Multiple Platforms - HackerOne, Bugcrowd, Intigriti, YesWeHack support
- Intelligent Caching - Avoid duplicate work with smart caching
- Complete Audit Trail - Track all testing activities
- Professional Reports - Generate detailed findings reports
- Traffic Interception - Real-time HTTP/HTTPS traffic analysis with mitmproxy
๐ ๏ธ Available Tools
Management (5 tools)
Program management, scope validation, statistics
Reconnaissance (14 tools)
- subdomain_enum - Fast subdomain discovery (subfinder)
- advanced_subdomain_enum - Advanced enumeration (amass)
- web_crawl - Web crawling (gospider + katana)
- network_scan - Fast network scanning (masscan)
- screenshot_recon - Visual reconnaissance (gowitness)
- git_recon - Git repository and secret scanning
- cloud_asset_enum - Cloud asset discovery (AWS/Azure/GCP)
- cert_transparency_search - Certificate transparency logs
- email_harvest - Email harvesting (theHarvester)
- ldap_enum - LDAP/Active Directory enumeration
- api_discovery - API endpoint discovery
- port_scan - Port scanning with nmap
- technology_detection - Web technology detection
- dns_enumeration - DNS record discovery
Vulnerability Scanning (3 tools)
- nuclei_scan - Comprehensive vulnerability scanning
- xss_scan - Cross-Site Scripting detection
- ssl_analysis - SSL/TLS configuration analysis
Fuzzing (2 tools)
- path_fuzzing - Directory and file fuzzing
- parameter_fuzzing - HTTP parameter fuzzing
Traffic Analysis (3 tools) NEW!
- start_traffic_intercept - Start mitmproxy for traffic capture
- analyze_traffic_flows - Analyze captured HTTP/HTTPS traffic
- extract_api_endpoints - Extract API endpoints from traffic
Reporting (3 tools)
- generate_report - Comprehensive reports
- export_findings - Export in multiple formats
- get_statistics - Detailed metrics
๐ Requirements
- Python 3.8+
- Go 1.19+ (for reconnaissance tools)
- Linux/macOS (Ubuntu 20.04+ recommended)
- 4GB+ RAM, 10GB+ disk space
๐ง Installation Options
# Full installation
./setup.sh install
# Install dependencies only
./setup.sh install-deps
# Install reconnaissance tools only
./setup.sh install-tools
# Setup configuration
./setup.sh setup
# Test installation
./setup.sh test
# Verify tools are working
./setup.sh verify
# Clean temporary files
./setup.sh clean
๐ฏ Usage Example
# 1. Add bug bounty program
await add_program(
program_name="Example Corp",
platform="hackerone",
scope_domains=["*.example.com"]
)
# 2. Comprehensive reconnaissance
subdomains = await advanced_subdomain_enum(
program_id="example",
domain="example.com",
mode="passive"
)
# 3. Web application testing
crawl_data = await web_crawl(
program_id="example",
url="https://example.com",
depth=3,
js_analysis=True
)
# 4. Vulnerability scanning
vulns = await nuclei_scan(
program_id="example",
target="https://example.com"
)
# 5. Generate professional report
report = await generate_report(
program_id="example",
scan_ids=["scan1", "scan2"],
format="markdown"
)
๐ Documentation
For complete documentation, see DOCUMENTATION.md:
- Installation Guide - Detailed setup instructions
- Configuration - Program and tool configuration
- Tool Reference - Complete tool documentation
- Usage Examples - Real-world usage patterns
- Troubleshooting - Common issues and solutions
- Contributing - Development and contribution guide
๐ Security & Ethics
- Scope Validation: All tools automatically validate targets against program scope
- Rate Limiting: Built-in rate limiting to avoid overwhelming targets
- Audit Logging: Complete audit trail of all testing activities
- Responsible Disclosure: Always follow program rules and responsible disclosure
โ ๏ธ Important: This tool is for authorized security testing only. Always ensure you have proper authorization before testing any targets.
๐ Project Structure
bug-bounty-mcp/
โโโ src/bugbounty_mcp/ # Main source code
โโโ config/ # Configuration files
โโโ data/ # Nuclei templates, payloads
โโโ reports/ # Generated reports and findings
โโโ logs/ # Audit logs and debugging
โโโ cache/ # Cached scan results
โโโ setup.sh # Installation and management script
โโโ DOCUMENTATION.md # Complete documentation
โโโ README.md # This file
๐ค Contributing
Contributions welcome! See CONTRIBUTING.md for guidelines.
๐ License
MIT License - see LICENSE for details.
๐ Acknowledgments
- ProjectDiscovery for excellent Go tools (subfinder, katana, nuclei)
- OWASP Amass team for advanced subdomain enumeration
- Security research community for tool development and feedback
Made with โค๏ธ for the bug bounty community
