Bug Bounty Hunter MCP

README.md•4.92 KiB

# Bug Bounty Hunter MCP for Gemini Antigravity [![Python 3.10+](https://img.shields.io/badge/python-3.10+-blue.svg)](https://www.python.org/downloads/) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) [![MCP](https://img.shields.io/badge/MCP-Enabled-green.svg)](https://modelcontextprotocol.io) [![Gemini Antigravity](https://img.shields.io/badge/Gemini-Antigravity_Ready-purple.svg)]() **The Ultimate Offensive Security MCP Server for your Gemini AI.** Transform your **Gemini Antigravity** environment into an elite **Bug Bounty Hunter**. This MCP server integrates **50+ professional security tools** to perform autonomous reconnaissance, vulnerability scanning, and exploitation analysis directly from your chat interface. --- ## Why This MCP? * **AI-Powered Security**: Let Gemini orchestrate complex attack chains. * **Automated Recon**: Go from domain to vulnerability report in minutes. * **Comprehensive Coverage**: From Subdomain Enumeration to RCE detection. * **Built for Antigravity**: Optimized for seamless integration with Gemini's ecosystem. --- ## Installation for Gemini Antigravity Follow these steps to equip your Gemini with Bug Bounty superpowers. ### 1. Prerequisites Ensure you have the following installed on your system: * **Python 3.10+** * **Go** (for external tools like `subfinder`, `nuclei`) * **Git** ### 2. Clone & Setup Environment ```bash # Clone the repository git clone https://github.com/MauricioDuarte100/BugBountyMCP.git cd BugBountyMCP # Create a virtual environment (Crucial for isolation) python3 -m venv bb_venv source bb_venv/bin/activate # Install Python dependencies pip install -e . ``` ### 3. Install External Tools (The Arsenal) To unlock the full potential, install the core tools. We've included a helper script: ```bash # Make the install script executable chmod +x install.sh # Run the installer ./install.sh ``` *(Alternatively, check [INSTALL.md](INSTALL.md) for manual instructions)* ### 4. Configure Gemini Antigravity You need to register this MCP server so your Gemini AI can access it. **Option A: Using the Gemini CLI (Recommended)** If your Gemini environment supports dynamic MCP loading, locate your MCP configuration file (typically `mcp.json` or similar in your Gemini config directory, e.g., `~/.gemini/mcp.json` or `~/.antigravity/mcp.json`). Add the following configuration: ```json { "mcpServers": { "bugbounty": { "command": "/bin/bash", "args": [ "-c", "source /path/to/BugBountyMCP/bb_venv/bin/activate && python /path/to/BugBountyMCP/bug_bounty_mcp.py" ], "env": { "PYTHONUNBUFFERED": "1" }, "disabled": false, "autoUpgrade": true } } } ``` **IMPORTANT:** Replace `/path/to/BugBountyMCP` with the **absolute path** to your cloned directory. ### 5. Verify Installation Start your Gemini session and type: ```text /mcp list ``` You should see `bugbounty` listed as an active tool server. --- ## The Arsenal (Capabilities) Your Gemini is now equipped with these capabilities: ### Reconnaissance (The Eyes) * **Subdomain Enumeration**: `subfinder`, `amass`, `assetfinder` * **Port Scanning**: `nmap`, `naabu` * **HTTP Probing**: `httpx` (with tech detection) * **DNS & CT Logs**: Deep DNS queries & Certificate Transparency checks ### Spidering & Content (The Legs) * **Deep Crawling**: `katana`, `gospider` * **JS Analysis**: Extract secrets from JavaScript files * **Hidden Files**: `dirsearch`, `gobuster`, `ffuf` ### Vulnerability Scanning (The Fangs) * **Nuclei Engine**: Template-based vulnerability scanning * **Injection Testing**: SQLi (`sqlmap`), XSS, SSTI, Command Injection * **Access Control**: IDOR, Path Traversal, LFI/RFI * **Cloud Security**: S3 Bucket scanning, Metadata exposure ### Authentication & API (The Brain) * **Auth Testing**: JWT analysis, OAuth flow testing * **API Security**: GraphQL inspection, Swagger parsing, Rate limit testing --- ## Usage Examples Once installed, just talk to Gemini! ### Full Recon Mission > **You:** "Run a full reconnaissance on `example.com`." > > **Gemini:** *Starts subdomain enumeration, port scanning, and probing...* ### Specific Vulnerability Scan > **You:** "Check `https://target.com` for XSS vulnerabilities." > > **Gemini:** *Deploys XSS scanner and reports findings...* ### Cloud Audit > **You:** "Scan this S3 bucket `my-bucket` for public access." > > **Gemini:** *Checks ACLs and content...* --- ## Legal Disclaimer **With great power comes great responsibility.** This tool is designed for **authorized security testing** and **bug bounty hunting** only. * Do not use on targets you do not have permission to test. * Always adhere to the Scope and Rules of Engagement. * Use responsibly. --- ## Contributing Join the hunt! PRs are welcome. Check [CONTRIBUTING.md](CONTRIBUTING.md) for details. --- **Built for the Gemini Antigravity Community** *Happy Hunting!*

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/MauricioDuarte100/BugBountyMCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

README.md•4.92 KiB