Bug Bounty MCP Server

Instructions

Implementation Reference

• src/mcp_server/app.py:1376-1400 (handler)

  Primary MCP tool handler for 'bugbounty_business_logic_workflow'. Proxies the input parameters to the backend REST API endpoint and returns the result.
  def bugbounty_business_logic_workflow( domain: str, program_type: str = "web" ) -> dict[str, Any]: """Create business logic testing workflow for bug bounty hunting. Args: domain: Target domain program_type: Type of program (web, api, mobile, iot) Returns: Business logic testing workflow """ data = {"domain": domain, "program_type": program_type} logger.info(f"🎯 Creating business logic testing workflow for {domain}") result = api_client.safe_post("api/bugbounty/business-logic-workflow", data) if result.get("success"): logger.info(f"✅ Business logic testing workflow created for {domain}") else: logger.error( f"❌ Failed to create business logic testing workflow for {domain}" ) return result
• src/rest_api_server/workflows/business_logic/business_logic.py:11-33 (handler)

  REST API endpoint handler for '/api/bugbounty/business-logic-workflow'. Creates a BugBountyTarget and calls the workflow manager to generate the workflow.
  @workflow() def create_business_logic_workflow(): """Create business logic testing workflow.""" # Import here to avoid circular imports from src.rest_api_server.managers import BugBountyTarget, bugbounty_manager data = request.get_json() domain = data["domain"] program_type = data.get("program_type", "web") logger.info(f"Creating business logic testing workflow for {domain}") # Create bug bounty target target = BugBountyTarget(domain=domain, program_type=program_type) # Generate business logic testing workflow workflow = bugbounty_manager.create_business_logic_testing_workflow(target) logger.info(f"Business logic testing workflow created for {domain}") return workflow
• src/rest_api_server/managers.py:339-405 (helper)

  Core helper method in BugBountyWorkflowManager that defines and returns the detailed structure of the business logic testing workflow, including test categories and specific tests.
  def create_business_logic_testing_workflow( self, target: BugBountyTarget ) -> dict[str, Any]: """Create business logic testing workflow.""" workflow = { "target": target.domain, "business_logic_tests": [ { "category": "Authentication Bypass", "tests": [ {"name": "Password Reset Token Reuse", "method": "manual"}, { "name": "JWT Algorithm Confusion", "method": "automated", "tool": "jwt_tool", }, {"name": "Session Fixation", "method": "manual"}, {"name": "OAuth Flow Manipulation", "method": "manual"}, ], }, { "category": "Authorization Flaws", "tests": [ { "name": "Horizontal Privilege Escalation", "method": "automated", "tool": "arjun", }, {"name": "Vertical Privilege Escalation", "method": "manual"}, { "name": "Role-based Access Control Bypass", "method": "manual", }, ], }, { "category": "Business Process Manipulation", "tests": [ { "name": "Race Conditions", "method": "automated", "tool": "race_the_web", }, {"name": "Price Manipulation", "method": "manual"}, {"name": "Quantity Limits Bypass", "method": "manual"}, {"name": "Workflow State Manipulation", "method": "manual"}, ], }, { "category": "Input Validation Bypass", "tests": [ { "name": "File Upload Restrictions", "method": "automated", "tool": "upload_scanner", }, {"name": "Content-Type Bypass", "method": "manual"}, {"name": "Size Limit Bypass", "method": "manual"}, ], }, ], "estimated_time": 480, # 8 hours for thorough business logic testing "manual_testing_required": True, } return workflow
• src/rest_api_server/managers.py:7-19 (helper)

  Dataclass defining the target structure used in workflow generation, including program_type relevant to this tool.
  @dataclass class BugBountyTarget: """Bug bounty target information.""" domain: str scope: list[str] = field(default_factory=list) out_of_scope: list[str] = field(default_factory=list) program_type: str = "web" # web, api, mobile, iot priority_vulns: list[str] = field( default_factory=lambda: ["rce", "sqli", "xss", "idor", "ssrf"] ) bounty_range: str = "unknown"