Skip to main content
Glama

VulneraMCP

by telmon95
OverviewInspectNewSchemaRelated ServersScore
TypeScript
Hybrid
MIT License

VulneraMCP

An AI-Powered Bug Bounty Hunting Platform - Comprehensive Model Context Protocol (MCP) server for security testing, vulnerability research, and bug bounty hunting.

License: MIT TypeScript Node.js

VulneraMCP integrates with industry-standard security tools (OWASP ZAP, Caido, Burp Suite) and provides AI-powered automation for reconnaissance, JavaScript analysis, security testing, and vulnerability detection. All findings are automatically stored in PostgreSQL for analysis and reporting.

šŸŒŸ Features

šŸ” Reconnaissance Tools

  • Subdomain Discovery: Subfinder, Amass integration

  • Live Host Detection: HTTPx for checking active endpoints

  • DNS Resolution: DNS record enumeration (A, AAAA, CNAME, MX, TXT)

  • Full Recon Workflow: Automated multi-tool reconnaissance

šŸ” Security Testing

  • XSS Testing: Automated cross-site scripting detection

  • SQL Injection: SQLi vulnerability testing with sqlmap fallback

  • IDOR Detection: Insecure Direct Object Reference testing

  • CSP Analysis: Content Security Policy misconfiguration detection

  • Auth Bypass: Authentication bypass attempt testing

  • CSRF Testing: Cross-Site Request Forgery detection with advanced techniques

šŸ“œ JavaScript Analysis

  • JS Download: Download and analyze JavaScript files

  • Code Beautification: Format and beautify minified JS

  • Endpoint Extraction: Find API endpoints and URLs in JS

  • Secret Detection: Heuristic API key and token extraction

  • Full Analysis: Combined download, beautify, and analyze workflow

šŸ•·ļø OWASP ZAP Integration

  • Spider Scans: Automated web crawling

  • Active Scanning: Vulnerability scanning

  • Proxy Integration: Process requests through ZAP proxy

  • Alert Management: Retrieve and analyze security alerts

  • Context Management: Define scanning contexts

šŸ’¾ Database Integration

  • PostgreSQL: Store findings, test results, and scores

  • Redis: Working memory and caching (optional)

  • Finding Management: Save and retrieve bug findings

  • Test Result Storage: Track all security tests with statistics

šŸ–¼ļø Rendering Tools

  • Screenshots: Capture webpage screenshots with Puppeteer

  • DOM Extraction: Extract and analyze page structure

  • Form Extraction: Find and analyze web forms

  • JavaScript Execution: Execute JS in page context

šŸ¤– AI Training & Pattern Matching

  • Training Data Import: Import from HTB, PortSwigger labs

  • Pattern Matching: Learn from successful exploits

  • Writeup Analysis: Extract patterns from bug bounty writeups

  • CSRF Patterns: Pre-loaded CSRF exploitation patterns

šŸ“Š Web Dashboard

  • Real-time Statistics: View test results and findings

  • Finding Management: Browse and analyze discovered vulnerabilities

  • Visual Analytics: Track testing progress and success rates

šŸš€ Quick Start

Prerequisites

  • Node.js 20+ and npm

  • PostgreSQL 18+ (or Docker)

  • Redis (optional, for caching)

  • OWASP ZAP (optional, for active scanning)

  • Caido (optional, for traffic analysis)

Installation

# Clone the repository git clone https://github.com/telmonmaluleka/VulneraMCP.git cd VulneraMCP # Install dependencies npm install # Build the project npm run build

Configuration

  1. Copy environment template:

    cp mcp.json.example mcp.json

  2. Configure your environment variables:

    • Set up PostgreSQL connection details

    • Configure Caido API token (if using)

    • Set ZAP API URL (default: http://localhost:8081)

  3. Initialize the database:

    node init-db.js

Running the Server

# Start the MCP server npm start # Start the dashboard (in another terminal) npm run dashboard # Access dashboard at http://localhost:3000

Docker Setup

# Start all services with Docker Compose docker-compose up -d # Or use the startup script ./start-services.sh

šŸ“– Usage

Via MCP Client (Cursor, Claude Desktop, etc.)

The server provides MCP tools that can be called through any MCP-compatible client:

Reconnaissance:

recon.subfinder domain: example.com recon.httpx input: example.com,subdomain.example.com recon.full domain: example.com

Security Testing:

security.test_xss url: https://example.com/search?q=<script> security.test_sqli url: https://example.com/user?id=1 security.test_csrf url: https://example.com/profile/update

JavaScript Analysis:

js.analyze url: https://example.com/static/app.js js.extract_secrets source: <javascript_code>

ZAP Integration:

zap.start_spider url: https://example.com zap.start_active_scan url: https://example.com zap.get_alerts baseURL: https://example.com

Caido Integration:

caido.query httpql: "req.host.cont:\"example.com\" AND req.path.cont:\"api\"" caido.agent_discover_endpoints host: example.com

Rate Limiting & Best Practices

When testing bug bounty programs, always respect rate limits:

// Example: 2 requests/second limit const rateLimiter = require('./hunting/rate-limiter'); const limiter = rateLimiter(2); // 2 req/sec await limiter(); // Make your request

šŸ—ļø Project Structure

VulneraMCP/ ā”œā”€ā”€ src/ ā”‚ ā”œā”€ā”€ integrations/ # External service integrations ā”‚ ā”‚ ā”œā”€ā”€ zap.ts # OWASP ZAP integration ā”‚ ā”‚ ā”œā”€ā”€ caido.ts # Caido integration ā”‚ ā”‚ ā”œā”€ā”€ postgres.ts # PostgreSQL database ā”‚ ā”‚ ā””ā”€ā”€ redis.ts # Redis caching ā”‚ ā”œā”€ā”€ tools/ # MCP tools (recon, security, etc.) ā”‚ ā”œā”€ā”€ mcp/ # MCP server implementation ā”‚ ā””ā”€ā”€ index.ts # Main entry point ā”œā”€ā”€ public/ # Dashboard frontend ā”œā”€ā”€ hunting/ # Bug bounty hunting scripts ā”œā”€ā”€ dist/ # Compiled TypeScript output ā””ā”€ā”€ dashboard-server.js # Dashboard API server

šŸ”§ Configuration

MCP Server Configuration (mcp.json)

{ "name": "vulneramcp", "command": "node", "args": ["dist/index.js"], "env": { "POSTGRES_HOST": "localhost", "POSTGRES_PORT": "5433", "POSTGRES_USER": "postgres", "POSTGRES_DB": "bugbounty" } }

Environment Variables

# PostgreSQL POSTGRES_HOST=localhost POSTGRES_PORT=5433 POSTGRES_USER=postgres POSTGRES_PASSWORD=your_password POSTGRES_DB=bugbounty # ZAP ZAP_API_URL=http://localhost:8081 # Caido CAIDO_API_TOKEN=your_token # Redis (optional) REDIS_HOST=localhost REDIS_PORT=6379

šŸ“Š Dashboard

The web dashboard provides:

  • Statistics: Test results, success rates, vulnerability distribution

  • Findings: Detailed view of discovered vulnerabilities

  • Search & Filter: Find specific findings by target, type, severity

Access at: http://localhost:3000

šŸ¤ Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

  1. Fork the repository

  2. Create your feature branch (git checkout -b feature/AmazingFeature)

  3. Commit your changes (git commit -m 'Add some AmazingFeature')

  4. Push to the branch (git push origin feature/AmazingFeature)

  5. Open a Pull Request

šŸ“ License

This project is licensed under the MIT License - see the LICENSE file for details.

āš ļø Disclaimer

This tool is for authorized security testing only. Always:

  • Get proper authorization before testing

  • Respect rate limits and terms of service

  • Follow responsible disclosure practices

  • Never use on systems you don't own or have explicit permission to test

šŸ™ Acknowledgments

  • OWASP ZAP for vulnerability scanning

  • Caido for traffic analysis

  • PortSwigger for Burp Suite integration

  • The bug bounty community for inspiration and feedback

šŸ“š Documentation

šŸ› Issues

Found a bug? Have a feature request? Please open an issue on GitHub.

šŸ“§ Contact

Made with ā¤ļø for the bug bounty community

This server cannot be installed

-
security - not tested
A
license - permissive license
-
quality - not tested

How are these scores calculated?

Related Resources

New MCP Servers

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/telmon95/VulneraMCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server