Skip to main content
Glama

Bug Bounty Hunter MCP

by MauricioDuarte100
OverviewSchemaRelated ServersScoreDiscussions
Python
Local
config.example.jsonโ€ข6.48 kB
{ "recon": { "subdomain_enumeration": { "tools": ["subfinder", "amass", "assetfinder"], "passive_only": false, "bruteforce": false, "recursive": false, "timeout": 300 }, "port_scanning": { "default_tool": "naabu", "default_ports": "top-1000", "service_detection": true, "os_detection": false, "script_scan": false }, "http_probing": { "tool": "httpx", "threads": 50, "timeout": 10, "follow_redirects": true, "extract_title": true, "detect_tech": true, "screenshot": false } }, "fuzzing": { "directory_fuzzing": { "tool": "ffuf", "wordlist": "common", "extensions": ["php", "html", "js", "txt", "asp", "aspx", "jsp"], "threads": 50, "recursion_depth": 2, "filter_status": [404], "filter_size": [], "match_status": [] }, "parameter_fuzzing": { "wordlist": "parameters", "methods": ["GET", "POST"], "threads": 50, "filter_status": [404] }, "subdomain_bruteforce": { "wordlist": "common", "resolver": "8.8.8.8", "threads": 100, "wildcard_detection": true } }, "vuln_scan": { "nuclei": { "templates": ["all"], "severity": ["critical", "high", "medium", "low", "info"], "rate_limit": 150, "bulk_size": 25, "concurrency": 25, "timeout": 10, "retries": 1 }, "xss": { "payloads": "all", "reflection_check": true, "dom_check": true, "waf_detection": true, "blind_xss": false }, "sqli": { "level": 3, "risk": 2, "dbms": "auto", "techniques": ["B", "E", "U", "S", "T", "Q"], "timeout": 30, "threads": 10 }, "ssrf": { "payloads": "auto", "cloud_metadata": true, "internal_services": true, "callback_required": false } }, "api_testing": { "discovery": { "common_paths": [ "/api", "/api/v1", "/api/v2", "/v1", "/v2", "/rest", "/graphql", "/swagger", "/swagger.json", "/api-docs" ], "methods": ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"] }, "graphql": { "introspection": true, "mutations": true, "batch_queries": true, "deep_recursion": true }, "rate_limiting": { "requests": 100, "concurrent": 10, "interval": 1 } }, "injection": { "command_injection": { "payloads": ["auto"], "os_detection": true, "blind_detection": true, "callback_required": false }, "ssti": { "template_engines": ["all"], "blind_detection": true }, "xxe": { "payloads": ["auto"], "oob_required": false } }, "access_control": { "idor": { "min_value": 1, "max_value": 1000, "step": 1, "methods": ["GET", "POST", "PUT", "DELETE"] }, "path_traversal": { "os_type": "auto", "depth": 10, "null_byte": true } }, "authentication": { "jwt": { "crack_secret": true, "none_algorithm": true, "weak_keys": true, "kid_injection": true }, "session": { "fixation": true, "hijacking": true, "timeout": true, "cookie_flags": true }, "oauth": { "redirect_uri": true, "state_parameter": true, "token_leakage": true } }, "cloud": { "s3_buckets": { "permutations": true, "check_permissions": true, "list_objects": false, "download_objects": false }, "subdomain_takeover": { "services": [ "github", "heroku", "shopify", "aws", "azure", "pantheon", "tumblr", "wordpress" ] } }, "content_discovery": { "sensitive_files": { "backup_extensions": [".bak", ".old", ".backup", ".swp", ".tmp", "~"], "config_files": [ "web.config", ".htaccess", "config.php", "database.yml", ".env", "settings.py" ], "git_exposure": true, "svn_exposure": true, "ds_store": true } }, "ssl_tls": { "protocols": ["TLSv1.0", "TLSv1.1", "TLSv1.2", "TLSv1.3"], "ciphers": true, "certificate": true, "vulnerabilities": [ "heartbleed", "poodle", "beast", "crime", "freak", "logjam" ] }, "workflows": { "full_recon": { "steps": [ "subdomain_enumeration", "certificate_transparency", "port_scan", "http_probe", "technology_detection", "wayback_urls", "directory_fuzzing" ], "parallel": true, "timeout": 3600 }, "web_vuln_scan": { "quick": ["nuclei", "xss", "cors"], "medium": ["nuclei", "xss", "sqli", "ssrf", "cors", "sensitive_files"], "thorough": [ "nuclei", "xss", "sqli", "ssrf", "cors", "command_injection", "ssti", "xxe", "idor", "path_traversal", "lfi_rfi", "sensitive_files", "git_exposure" ] }, "api_security_test": { "steps": [ "api_discovery", "swagger_parser", "graphql_testing", "rate_limit_test", "authentication_bypass", "injection_tests" ] } }, "reporting": { "format": "markdown", "include_screenshots": true, "include_payloads": true, "include_requests": true, "include_responses": false, "cvss_scoring": true, "remediation": true, "references": true, "auto_submit": false }, "security": { "dry_run": false, "scope_check": true, "rate_limiting": true, "respect_robots": false, "max_requests_per_second": 150, "blacklist_status": [429, 500, 502, 503], "retry_on_error": true, "max_retries": 3 }, "output": { "directory": "./results", "format": "json", "subdirectories": { "by_date": true, "by_target": true }, "compression": false, "backup": true }, "notifications": { "enabled": false, "on_completion": true, "on_finding": true, "severity_threshold": "high", "channels": { "slack": false, "discord": false, "telegram": false, "email": false } } }

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/MauricioDuarte100/BugBountyMCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server