Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| REDIS_HOST | No | Redis host for caching (optional) | localhost |
| REDIS_PORT | No | Redis port for caching (optional) | 6379 |
| POSTGRES_DB | Yes | PostgreSQL database name | bugbounty |
| ZAP_API_URL | No | OWASP ZAP API URL | http://localhost:8081 |
| POSTGRES_HOST | Yes | PostgreSQL database host | localhost |
| POSTGRES_PORT | Yes | PostgreSQL database port | 5433 |
| POSTGRES_USER | Yes | PostgreSQL database user | postgres |
| CAIDO_API_TOKEN | No | Caido API token for traffic analysis integration | |
| POSTGRES_PASSWORD | Yes | PostgreSQL database password |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| recon.subfinder | Run subfinder to discover subdomains for a domain |
| recon.httpx | Run httpx to check which hosts are live and get status codes |
| recon.amass | Run amass for passive/active subdomain enumeration |
| recon.dns | Resolve DNS records for a domain or subdomain |
| recon.full | Run full reconnaissance workflow: subfinder -> httpx -> amass |
| js.download | Download JavaScript file from URL |
| js.beautify | Beautify and format JavaScript source code |
| js.find_endpoints | Extract API endpoints, URLs, and paths from JavaScript code |
| js.extract_secrets | Heuristically extract potential API keys, tokens, and secrets from JS |
| js.analyze | Download, beautify, and analyze a JavaScript file - extract endpoints and secrets |
| security.test_xss | Test for XSS vulnerabilities (non-destructive payloads) |
| security.test_sqli | Test for SQL injection vulnerabilities |
| security.test_idor | Test for IDOR (Insecure Direct Object Reference) vulnerabilities |
| security.test_csp | Test Content Security Policy configuration |
| security.test_auth_bypass | Test for authentication bypass vulnerabilities |
| security.test_csrf | Test for CSRF vulnerabilities using advanced techniques |
| render.screenshot | Take a screenshot of a webpage |
| render.extract_dom | Extract and return the DOM structure of a webpage |
| render.extract_forms | Extract all forms from a webpage |
| render.execute_js | Execute JavaScript in the context of a webpage |
| db.save_finding | Save a bug finding to the database |
| db.get_findings | Retrieve bug findings from the database |
| db.get_test_results | Retrieve test results with success/failure and scores |
| db.get_statistics | Get statistics about test results |
| db.init | Initialize database tables (run once on first setup) |
| training.import | Import training data from HTB or PortSwigger labs |
| training.get | Retrieve training data for learning patterns |
| training.match | Match current test against learned patterns |
| training.stats | Get statistics about test results and training data |
| training.import_portswigger | Import training data from PortSwigger Academy lab solution |
| training.import_htb | Import training data from HackTheBox challenge |
| training.import_all | Import all pre-loaded training data from Intigriti, PortSwigger, and other sources |
| training.extract_from_writeup | Extract training patterns from bug bounty writeup text |
| training.get_csrf_patterns | Get all CSRF exploitation patterns from training data |
| zap.health_check | Check if ZAP is running and accessible |
| zap.start_spider | Start a spider (crawler) scan on a target URL |
| zap.get_spider_status | Get the status of a spider scan |
| zap.start_active_scan | Start an active vulnerability scan on a target URL |
| zap.get_active_scan_status | Get the status of an active scan |
| zap.get_alerts | Get all security alerts from ZAP |
| zap.get_alerts_summary | Get summary of alerts by risk level |
| zap.send_request | Send a custom HTTP request through ZAP proxy |
| zap.proxy_process | Process a request through the MCP proxy layer (enhances with AI intelligence) |
| zap.get_sites | Get list of discovered sites from ZAP |
| zap.get_urls | Get list of discovered URLs from ZAP |
| zap.create_context | Create a scanning context in ZAP |
| zap.include_in_context | Include a URL pattern in a context |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |