"""
Example usage of the Bug Bounty MCP Server
This demonstrates basic operations you can perform with the server.
"""
# Example 1: Add a new bug bounty program
add_program_example = {
"program_name": "example-corp",
"platform": "hackerone",
"url": "https://hackerone.com/example-corp",
"scope_domains": [
"*.example.com",
"example.io",
"api.example.com"
],
"scope_ips": [
"192.168.1.0/24"
],
"out_of_scope": [
"test.example.com",
"staging.example.com"
],
"api_token": "your_api_token_here"
}
# Example 2: Validate target is in scope
validate_target_example = {
"program_id": "example-corp",
"target": "app.example.com"
}
# Example 3: Subdomain enumeration
subdomain_enum_example = {
"program_id": "example-corp",
"domain": "example.com",
"method": "all" # Options: passive, active, all
}
# Example 4: DNS enumeration
dns_enum_example = {
"program_id": "example-corp",
"domain": "example.com"
}
# Example 5: Port scanning
port_scan_example = {
"program_id": "example-corp",
"target": "api.example.com",
"scan_type": "quick" # Options: quick, full, custom
}
# Example 6: Nuclei vulnerability scan
nuclei_scan_example = {
"program_id": "example-corp",
"target": "https://app.example.com",
"severity_filter": ["critical", "high", "medium"],
"tags": ["xss", "sqli", "rce"]
}
# Example 7: Path fuzzing
path_fuzzing_example = {
"program_id": "example-corp",
"base_url": "https://api.example.com",
"wordlist": "common.txt",
"extensions": ["php", "asp", "jsp"]
}
# Example 8: Parameter fuzzing
parameter_fuzzing_example = {
"program_id": "example-corp",
"url": "https://app.example.com/api/endpoint",
"method": "GET",
"wordlist": "parameters.txt"
}
# Example 9: XSS scanning
xss_scan_example = {
"program_id": "example-corp",
"url": "https://app.example.com/search?q=test"
}
# Example 10: SSL/TLS analysis
ssl_analysis_example = {
"program_id": "example-corp",
"domain": "app.example.com"
}
# Example 11: Technology detection
tech_detection_example = {
"url": "https://app.example.com"
}
# Example 12: Generate vulnerability report
generate_report_example = {
"program_id": "example-corp",
"scan_ids": ["scan_001", "scan_002", "scan_003"],
"format": "markdown" # Options: markdown, json
}
# Example 13: Get program scope
get_scope_example = {
"program_id": "example-corp"
}
# Example 14: Get statistics
get_statistics_example = {
"program_id": "example-corp" # Optional, omit for all programs
}
# Example 15: List all programs
list_programs_example = {
"platform": "hackerone", # Optional filter
"enrolled_only": True
}
# Example workflow: Full reconnaissance
def full_recon_workflow():
"""
Example of a complete reconnaissance workflow
"""
program_id = "example-corp"
target_domain = "example.com"
# Step 1: Validate the target
# validate_target(program_id, target_domain)
# Step 2: Enumerate subdomains
# subdomain_enum(program_id, target_domain, method="all")
# Step 3: DNS enumeration on discovered subdomains
# dns_enumeration(program_id, target_domain)
# Step 4: Technology detection
# tech_detection(f"https://{target_domain}")
# Step 5: Port scanning
# port_scan(program_id, target_domain, scan_type="quick")
# Step 6: Nuclei vulnerability scan
# nuclei_scan(program_id, f"https://{target_domain}")
# Step 7: Path fuzzing
# path_fuzzing(program_id, f"https://{target_domain}")
# Step 8: SSL/TLS analysis
# ssl_analysis(program_id, target_domain)
# Step 9: Generate report
# generate_report(program_id, scan_ids, format="markdown")
# Security Best Practices:
# 1. Always validate targets before testing
# 2. Only test programs where you're enrolled
# 3. Respect rate limits
# 4. Follow responsible disclosure
# 5. Keep API tokens secure
# 6. Review scope carefully
# 7. Never test out-of-scope assets
