Offers dedicated Drupal CMS security scanning capabilities, including module analysis, vulnerability detection, and configuration security assessment
Provides reconnaissance capabilities for code repository analysis, including searching for repositories that mention target domains and analyzing source code for sensitive information during security assessments
Enables automated Google dorking for security reconnaissance, allowing systematic search engine queries to discover exposed information, files, and potential vulnerabilities on target domains
Provides specialized security testing tools for GraphQL APIs, including query analysis, schema introspection, and GraphQL-specific vulnerability detection
Enables comprehensive Joomla CMS security testing with specialized tools for component analysis, vulnerability scanning, and security configuration review
Integrates threat intelligence capabilities for analyzing domains, URLs, and files during security assessments, providing malware detection and reputation scoring for discovered assets
Provides specialized CMS scanning tools for WordPress security analysis, including vulnerability detection, plugin enumeration, and configuration assessment
BugBounty MCP Server
A comprehensive Model Context Protocol (MCP) server for bug bounty hunting and web application penetration testing. This tool allows you to perform extensive security testing through natural language conversations with an LLM.
π Features
π Reconnaissance (13 Tools)
Subdomain Enumeration: Passive and active subdomain discovery
DNS Enumeration: Comprehensive DNS record analysis
WHOIS Lookup: Domain registration and ownership information
Certificate Transparency: SSL certificate log analysis
Google Dorking: Automated search engine reconnaissance
Shodan/Censys Integration: IoT and service discovery
GitHub Reconnaissance: Code repository analysis
Archive.org Search: Historical website analysis
Technology Detection: Web stack fingerprinting
Social Media Search: OSINT across platforms
Email Enumeration: Email address discovery
Reverse DNS: IP to hostname resolution
WAF Detection: Web Application Firewall identification
π Scanning (15 Tools)
Port Scanning: Comprehensive network port analysis
Service Enumeration: Detailed service fingerprinting
Web Directory Scanning: Hidden file/directory discovery
Web Crawling: Automated website exploration
Parameter Discovery: Hidden parameter identification
Subdomain Takeover: Vulnerability detection
SSL/TLS Analysis: Certificate security assessment
CMS Scanning: WordPress/Drupal/Joomla analysis
JavaScript Analysis: Client-side security review
HTTP Methods Testing: Verb tampering detection
CORS Analysis: Cross-origin policy testing
Security Headers: HTTP header security analysis
Nuclei Integration: Vulnerability template scanning
Fuzzing: Input validation testing
API Endpoint Discovery: REST/GraphQL/SOAP analysis
π‘οΈ Vulnerability Assessment (15 Tools)
SQL Injection Testing: Automated SQLi detection
XSS Testing: Cross-site scripting analysis
Command Injection: OS command execution testing
File Inclusion (LFI/RFI): Path traversal analysis
XXE Testing: XML external entity detection
SSRF Testing: Server-side request forgery
IDOR Testing: Insecure direct object reference
CSRF Testing: Cross-site request forgery
Authentication Bypass: Login mechanism testing
Privilege Escalation: Permission boundary testing
JWT Security: JSON Web Token analysis
Session Management: Session security assessment
Race Condition: Concurrency vulnerability testing
Business Logic: Workflow security analysis
Deserialization: Unsafe object handling detection
π Web Application (10 Tools)
Access Control Testing: Authorization boundary testing
Security Misconfiguration: Configuration weakness detection
Sensitive Data Exposure: Information leakage analysis
API Security Testing: REST/GraphQL security assessment
File Upload Security: Upload mechanism testing
Input Validation: Data sanitization analysis
Cookie Security: Session cookie analysis
WebSocket Security: Real-time communication testing
GraphQL Security: Query language vulnerability testing
Error Handling Analysis: Information disclosure via errors
π§ Network Security (10 Tools)
Network Discovery: Live host identification
Firewall Detection: Security device identification
Load Balancer Detection: Traffic distribution analysis
CDN Detection: Content delivery network analysis
Proxy Detection: Intermediary service identification
Routing Analysis: Network path examination
Bandwidth Testing: Network performance analysis
Wireless Security: WiFi network assessment
Network Sniffing: Packet capture and analysis
Lateral Movement: Internal network exploration
π΅οΈ OSINT (10 Tools)
Person Investigation: Individual background research
Company Investigation: Corporate intelligence gathering
Dark Web Monitoring: Hidden service surveillance
Data Breach Checking: Credential exposure analysis
Social Media Investigation: Profile analysis across platforms
Paste Site Monitoring: Leaked information detection
Code Repository Search: Source code intelligence
Geolocation Investigation: Physical presence analysis
Threat Intelligence: IoC analysis and attribution
Metadata Extraction: Document forensics
βοΈ Exploitation (10 Tools)
Exploit Search: Vulnerability database queries
Payload Generation: Custom exploit creation
Privilege Escalation: System access expansion
Lateral Movement: Network propagation techniques
Persistence Mechanisms: Backdoor installation methods
Data Exfiltration: Information extraction techniques
Credential Dumping: Password harvesting methods
Anti-Forensics: Evidence elimination techniques
Evasion Techniques: Security control bypass
Social Engineering: Human factor exploitation
π Reporting (10 Tools)
Vulnerability Reports: Comprehensive security assessments
Executive Summaries: Business-focused reporting
Finding Tracking: Vulnerability lifecycle management
Metrics Dashboard: Security KPI visualization
Data Export: Multi-format result export
Remediation Planning: Prioritized fix roadmaps
Compliance Mapping: Framework alignment analysis
Risk Assessment: Business impact evaluation
Scan Comparison: Historical trend analysis
Proof of Concept: Exploit documentation
π Total: 92+ Security Testing Tools
π οΈ Installation
Prerequisites
Python 3.10 or higher (Python 3.11+ recommended)
Git
Docker (for containerized deployment)
macOS, Linux, or Windows with WSL
π³ Docker Installation (Recommended)
The easiest way to get started is using Docker, which includes all dependencies and security tools pre-installed.
Quick Docker Start
Clone the repository:
git clone https://github.com/gokulapap/bugbounty-mcp-server.git cd bugbounty-mcp-serverConfigure API keys (optional but recommended):
# Copy environment template cp env.example .env # Edit .env with your API keys nano .envBuild and run with Docker Compose:
# Build and start the container docker-compose up --build -d # View logs docker-compose logs -f bugbounty-mcp # Stop the container docker-compose down
Manual Docker Commands
Docker Environment Variables
You can pass API keys and configuration directly to Docker:
What's Included in Docker Image
The Docker image includes:
β Python 3.11 with all required packages
β All 20+ security tools (nmap, nuclei, subfinder, httpx, etc.)
β Essential wordlists for scanning
β Optimized for security and performance
β Non-root user for enhanced security
β Health checks and monitoring
π§ Native Installation
Quick Start
Clone the repository:
git clone https://github.com/gokulapap/bugbounty-mcp-server.git cd bugbounty-mcp-serverRun the automated installation:
# Make the run script executable chmod +x run.sh # Install everything automatically ./install.shOR for manual installation:
Create virtual environment:
python3 -m venv venv source venv/bin/activate # On Windows: venv\Scripts\activateInstall dependencies:
pip install -r requirements.txt pip install -e .Install external security tools (optional but recommended):
# On Ubuntu/Debian sudo apt update sudo apt install nmap masscan nikto dirb sqlmap # On macOS with Homebrew brew install nmap masscan nikto dirb sqlmap # Install Go-based tools go install github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest go install github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest go install github.com/projectdiscovery/httpx/cmd/httpx@latest go install github.com/OJ/gobuster/v3@latest go install github.com/ffuf/ffuf@latestConfigure API keys (optional):
# Copy environment template cp env.example .env # Edit .env file with your API keys nano .envDownload wordlists:
# Download all wordlists (recommended) ./run.sh download-wordlists # Or download specific types ./run.sh download-wordlists --type subdomains ./run.sh download-wordlists --type directories ./run.sh download-wordlists --type parameters ./run.sh download-wordlists --type files # See available options ./run.sh download-wordlists --helpValidate configuration:
./run.sh validate-config
π― Usage
Starting the MCP Server
οΏ½ Docker Usage (Recommended)
Using Docker Compose (easiest):
Using Docker directly:
π Native Usage with run.sh
The easiest way to start the server natively is using the provided run.sh
script:
The script will:
β Automatically activate the virtual environment
β Load environment variables from
.env
fileβ Display server status and available tools
β Start the MCP server for LLM integration
π Command Line Interface
π€ MCP Server Integration with LLMs
The BugBounty MCP Server implements the Model Context Protocol (MCP), enabling seamless integration with various LLM applications for natural language penetration testing.
π Supported LLM Clients
1. Claude Desktop (Recommended)
Add to your Claude Desktop configuration file:
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json
For Docker (recommended):
For Native Installation:
2. VS Code with GitHub Copilot Integration
To use the BugBounty MCP Server with VS Code and GitHub Copilot:
Prerequisites:
VS Code with GitHub Copilot extension enabled
MCP extension for VS Code (if available in marketplace)
Configuration Steps:
For Docker Deployment (Recommended):
First, ensure your Docker container is running with port 3001 exposed:
# Start the container with automatic MCP server startup docker-compose up --build -d # Verify the server is accessible on port 3001 nc -z localhost 3001 && echo "MCP server is ready"Then configure VS Code MCP settings by opening VS Code settings (
Cmd/Ctrl + ,
) and adding:{ "mcp.servers": { "bugbounty-docker": { "command": "nc", "args": ["localhost", "3001"], "description": "BugBounty MCP Server running in Docker", "env": { "LOG_LEVEL": "info" } } } }Alternative Docker configuration using direct Docker exec:
{ "mcp.servers": { "bugbounty-docker": { "command": "docker", "args": ["exec", "-i", "bugbounty-mcp-server", "bugbounty-mcp", "serve"], "description": "BugBounty MCP Server via Docker exec", "env": { "DOCKER_HOST": "unix:///var/run/docker.sock" } } } }For Native Installation:
{ "mcp.servers": { "bugbounty-native": { "command": "/Users/your-username/Documents/bugbounty-mcp-server/run.sh", "args": ["serve"], "description": "BugBounty MCP Server native installation", "env": { "PATH": "/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin" } } } }Verify Connection:
Restart VS Code or reload the MCP extension
Open the MCP panel in VS Code (if available)
You should see the BugBounty server connected
Test by asking GitHub Copilot: "List available security tools from BugBounty MCP"
Troubleshooting Docker Integration:
If using the Docker network approach and experiencing issues:
# Check if container is running and healthy docker-compose ps # Test network connectivity nc -z localhost 3001 || echo "Port 3001 not accessible" # Check container logs docker-compose logs -f bugbounty-mcp # Verify MCP server response echo '{"jsonrpc": "2.0", "method": "initialize", "params": {"protocolVersion": "2024-11-05", "capabilities": {}, "clientInfo": {"name": "test", "version": "1.0"}}, "id": 1}' | nc localhost 3001
3. Custom MCP Clients
4. Integration Examples
Start the server and test:
Example LLM conversation:
π§ Troubleshooting MCP Integration
If the server doesn't start in Claude Desktop:
For Docker deployment:
Ensure Docker container is running:
docker ps | grep bugbounty-mcp # Should show running containerCheck container logs:
docker logs bugbounty-mcp-serverTest Docker integration:
docker exec bugbounty-mcp-server bugbounty-mcp --help # Should show help outputVerify Docker socket access (macOS/Linux):
ls -la /var/run/docker.sock # Should be accessible
For Native deployment:
Check the path in your config:
# Get the absolute path pwd # Use this full path in claude_desktop_config.jsonVerify the run.sh script is executable:
chmod +x run.shTest the server manually:
./run.sh serve # Should show "BugBounty MCP Server started successfully"Check Claude Desktop logs:
macOS:
~/Library/Logs/Claude/
Windows:
%LOCALAPPDATA%\Claude\logs\
π³ Docker Advanced Usage
Development with Docker
Performance Tuning
Backup and Persistence
Docker Management Script
For easier Docker management, use the included docker.sh
script:
Example Configuration
π£οΈ Natural Language Examples
Once integrated with an LLM, you can perform security testing through conversation:
Reconnaissance
Vulnerability Testing
Comprehensive Testing
OSINT Gathering
π§ Configuration
Environment Variables
Variable | Description | Required |
| Shodan API key for device discovery | No |
| VirusTotal API key for threat intelligence | No |
| Censys API ID for certificate/host search | No |
| Censys API secret | No |
| GitHub token for repository search | No |
| SecurityTrails API for DNS history | No |
| Hunter.io API for email discovery | No |
| BinaryEdge API for internet scanning | No |
Tool Paths
The server automatically detects tools in your PATH, but you can specify custom paths:
Safety Features
π Project Structure
π Security Considerations
Responsible Usage
This tool is designed for authorized security testing only. Users must:
Obtain explicit permission before testing any systems
Comply with local laws and regulations
Respect rate limits and avoid DoS conditions
Follow responsible disclosure for any vulnerabilities found
Safety Features
Target Whitelisting: Configure allowed targets
Rate Limiting: Prevent overwhelming target systems
Safe Mode: Enable additional safety checks
Logging: Comprehensive audit trails
Legal Disclaimer
Users are solely responsible for ensuring their use of this tool complies with applicable laws and regulations. Gokul (apgokul008@gmail.com) is not responsible for any misuse or damage caused by this software.
π€ Contributing
We welcome contributions! Please see our Contributing Guidelines for details.
Development Setup
Clone and install in development mode:
git clone https://github.com/gokulapap/bugbounty-mcp-server.git cd bugbounty-mcp-server pip install -e ".[dev]"Install pre-commit hooks:
pre-commit installRun tests:
pytest
π License
This project is licensed under the MIT License - see the LICENSE file for details.
π Acknowledgments
OWASP for security testing methodologies
ProjectDiscovery for excellent security tools
SecLists for comprehensive wordlists
The bug bounty and security research community
π Documentation
RUN_SCRIPT.md - Detailed
run.sh
script documentationUSAGE.md - Comprehensive usage examples and workflows
SECURITY.md - Security guidelines and best practices
env.example - Environment configuration template
π Support
Issues: GitHub Issues
Discussions: GitHub Discussions
Security: See SECURITY.md for reporting security issues
π Roadmap
Web-based dashboard
Integration with popular bug bounty platforms
Machine learning-powered vulnerability detection
Collaborative testing features
Advanced evasion techniques
Mobile application testing tools
Cloud security assessment tools
Blockchain security testing
β οΈ Warning: This tool is for authorized security testing only. Unauthorized use against systems you don't own or have explicit permission to test is illegal and unethical.
This server cannot be installed
hybrid server
The server is able to function both locally and remotely, depending on the configuration or use case.
Enables comprehensive security testing and penetration testing through natural language conversations with 92+ tools for reconnaissance, vulnerability assessment, web application testing, OSINT, and reporting. Designed for authorized bug bounty hunting and security assessments.
- π Features
- π Total: 92+ Security Testing Tools
- π οΈ Installation
- π³ Docker Installation (Recommended)
- π§ Native Installation
- π― Usage
- π£οΈ Natural Language Examples
- π§ Configuration
- π Project Structure
- π Security Considerations
- π€ Contributing
- π License
- π Acknowledgments
- π Documentation
- π Support
- π Roadmap