Skip to main content
Glama

Bug Bounty Hunter MCP

by MauricioDuarte100
OverviewSchemaRelated ServersScoreDiscussions
Python
Local
.env.exampleโ€ข5.17 kB
# Bug Bounty Hunter MCP - Environment Variables # ============================================================================ # API KEYS (Optional - for enhanced functionality) # ============================================================================ # VirusTotal API (for domain/IP reputation) VIRUSTOTAL_API_KEY= # Shodan API (for exposed services) SHODAN_API_KEY= # SecurityTrails API (for DNS history) SECURITYTRAILS_API_KEY= # Censys API CENSYS_API_ID= CENSYS_API_SECRET= # Hunter.io (email enumeration) HUNTER_IO_API_KEY= # ============================================================================ # CALLBACK URLs (For OOB Testing) # ============================================================================ # Your server for out-of-band callbacks (SSRF, XXE, etc.) CALLBACK_URL= # Burp Collaborator or similar BURP_COLLABORATOR= # Interactsh server INTERACTSH_SERVER= # ============================================================================ # RATE LIMITING & PERFORMANCE # ============================================================================ # Default rate limit (requests per second) DEFAULT_RATE_LIMIT=150 # Number of concurrent threads THREADS=50 # Request timeout (seconds) TIMEOUT=30 # ============================================================================ # OUTPUT & REPORTING # ============================================================================ # Output directory for results OUTPUT_DIR=./results # Report format (markdown, html, json, pdf) REPORT_FORMAT=markdown # Auto-save results AUTO_SAVE=true # ============================================================================ # SECURITY & SAFETY # ============================================================================ # Dry-run mode (don't execute destructive actions) DRY_RUN=false # Verbose output VERBOSE=true # Log level (DEBUG, INFO, WARNING, ERROR) LOG_LEVEL=INFO # Log file path LOG_FILE=./logs/bugbounty_mcp.log # ============================================================================ # TOOL PATHS (Usually auto-detected) # ============================================================================ # Subdomain enumeration SUBFINDER_PATH=/usr/local/bin/subfinder AMASS_PATH=/usr/local/bin/amass ASSETFINDER_PATH=/usr/local/bin/assetfinder # HTTP probing HTTPX_PATH=/usr/local/bin/httpx # Port scanning NMAP_PATH=/usr/bin/nmap NAABU_PATH=/usr/local/bin/naabu # Fuzzing FFUF_PATH=/usr/local/bin/ffuf GOBUSTER_PATH=/usr/local/bin/gobuster # Vulnerability scanning NUCLEI_PATH=/usr/local/bin/nuclei SQLMAP_PATH=/usr/bin/sqlmap # Web crawling GOSPIDER_PATH=/usr/local/bin/gospider KATANA_PATH=/usr/local/bin/katana # ============================================================================ # WORDLISTS # ============================================================================ # Wordlist directory WORDLIST_DIR=/usr/share/wordlists # Subdomain wordlist SUBDOMAIN_WORDLIST=/usr/share/wordlists/subdomains-top1million-5000.txt # Directory wordlist DIRECTORY_WORDLIST=/usr/share/wordlists/dirb/common.txt # Parameter wordlist PARAMETER_WORDLIST=/usr/share/wordlists/parameters.txt # ============================================================================ # NUCLEI TEMPLATES # ============================================================================ # Nuclei templates directory NUCLEI_TEMPLATES=/root/nuclei-templates # Custom templates directory CUSTOM_TEMPLATES=./templates # ============================================================================ # PROXY (Optional) # ============================================================================ # HTTP Proxy (for tools that support it) HTTP_PROXY= HTTPS_PROXY= # Burp Suite proxy BURP_PROXY=http://127.0.0.1:8080 # ============================================================================ # NOTIFICATION (Optional) # ============================================================================ # Slack webhook for notifications SLACK_WEBHOOK= # Discord webhook DISCORD_WEBHOOK= # Telegram bot TELEGRAM_BOT_TOKEN= TELEGRAM_CHAT_ID= # ============================================================================ # DATABASE (Optional - for result storage) # ============================================================================ # Database URL DATABASE_URL=sqlite:///bugbounty.db # ============================================================================ # ADVANCED OPTIONS # ============================================================================ # User-Agent string USER_AGENT=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 # Follow redirects FOLLOW_REDIRECTS=true # Verify SSL certificates VERIFY_SSL=true # Maximum redirects MAX_REDIRECTS=10 # Cookie file (for authenticated scans) COOKIE_FILE= # ============================================================================ # SCOPE MANAGEMENT # ============================================================================ # In-scope domains (comma-separated) IN_SCOPE_DOMAINS= # Out-of-scope domains (comma-separated) OUT_OF_SCOPE_DOMAINS= # Excluded patterns (regex) EXCLUDED_PATTERNS=

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/MauricioDuarte100/BugBountyMCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server