Hunter
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@HunterPerform a full pentest on http://example.com"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Hunter v4 — AI-Driven Pentest Agent
Claude is the brain, MCP tools are the hands.
中文
Hunter 是一个 AI 驱动的渗透测试框架,作为 MCP server 运行在 Claude Code 中。它提供 45 个 MCP 工具 + 漏洞链引擎 + 知识图谱,让 Claude 能够自主执行侦察、分析、漏洞验证和利用。
核心理念
传统: Claude → 调脚本 → 等脚本跑完 → 读报告 → 给结论
↑ Claude 在这期间什么都没做
Hunter: Claude 思考 → 调工具 → 分析结果 → 链式推理 → 动态调整
↑ 每一步 Claude 都在思考Claude 做决策,工具做执行 — 工具不判断"是否漏洞",只发送 payload 返回响应
工具返回完整数据 — 1M 上下文允许保留完整响应,Claude 分析更准确
知识图谱自动积累 — 每次工具调用自动更新,不需要手动记录
快速开始
1. 安装
git clone https://github.com/GeniusHu-tgty/hunter.git
cd hunter
pip install -e .2. 配置 Claude Code
在项目根目录创建 .mcp.json:
{
"mcpServers": {
"hunter": {
"command": "python",
"args": ["path/to/hunter/server.py"]
}
}
}3. 启动 Demo 靶机(可选)
docker compose up -d
# DVWA: http://localhost:8080
# Juice Shop: http://localhost:30004. 开始渗透
对 Claude 说:
帮我渗透 localhost:8080 的 DVWA 靶机Claude 会自动调用 Hunter 的 13 个工具完成渗透。
工具列表
层 | 工具 | 用途 | 典型场景 |
探测 |
| HTTP 万能探测器 | 所有 HTTP 操作入口 |
探测 |
| 端口扫描 | 发现开放服务 |
探测 |
| DNS 查询 | 枚举 DNS 记录 |
探测 |
| 目录枚举 | 发现隐藏路径 |
探测 |
| 子域名发现 | 扩大攻击面 |
分析 |
| 技术栈识别 | 框架/语言/WAF/CMS |
分析 |
| JS 静态分析 | 端点/密钥/内部 URL |
分析 |
| 读目标文件 | LFI/目录遍历/源码泄露 |
验证 |
| 注入测试 | SQLi/XSS/SSTI/XXE |
执行 |
| Shell 管理 | 反弹 shell/webshell |
执行 |
| Python 代码执行 | 自定义 exploit |
管理 |
| 会话/知识图谱 | 查询/持久化/报告 |
链 |
| 漏洞链引擎 | 10 条预定义利用链 |
漏洞链引擎
内置 10 条预定义漏洞利用链(CVSS 7.5-9.8):
链名 | CVSS | 描述 |
sqli-data-leak | 9.8 | SQL 注入 → 数据泄露 |
ssrf-cloud-creds | 9.0 | SSRF → 云凭据泄露 |
upload-rce | 9.8 | 文件上传 → RCE |
cors-account-takeover | 7.5 | CORS → 账户接管 |
idor-data-leak | 7.5 | IDOR → 数据泄露 |
ssti-rce | 9.8 | SSTI → RCE |
lfi-rce | 9.0 | LFI → 日志包含 → RCE |
jwt-privilege-escalation | 8.0 | JWT → 权限提升 |
deser-rce | 9.8 | 反序列化 → RCE |
xxe-ssrf | 7.5 | XXE → SSRF |
Payload 知识库
7 个类别的 YAML payload 文件:
SQL 注入(6 种技术 + WAF 绕过)
XSS(反射/存储/DOM + WAF 绕过)
SSRF(云元数据 + 协议走私 + 绕过)
SSTI(6 种模板引擎)
LFI(Linux/Windows/PHP wrapper)
XXE(文件读取/SSRF/盲注)
JWT(算法混淆/密钥爆破/KID 注入)
架构
┌──────────────────────────────────────────┐
│ Claude 大脑 (1M 上下文) │
│ │
│ 读完整源码 · 分析完整响应 · 理解业务逻辑 │
│ 写自定义 exploit · 跨大量信息推理 │
│ 动态调整策略 · 链式攻击 │
└──────────────┬───────────────────────────┘
│ tool_use (JSON in/out)
▼
┌──────────────────────────────────────────┐
│ Hunter MCP Server │
│ │
│ ┌────────────────────────────────────┐ │
│ │ 13 个核心工具 │ │
│ │ │ │
│ │ 探测: probe · port_scan · dns │ │
│ │ dir_enum · subdomain │ │
│ │ 分析: tech · js_analyze · src_read│ │
│ │ 验证: inject │ │
│ │ 执行: shell · exec │ │
│ │ 管理: session · chains │ │
│ └────────────────────────────────────┘ │
│ │
│ ┌────────────────────────────────────┐ │
│ │ 知识图谱 (JSON 文件持久化) │ │
│ │ findings[] · attempts[] · shells[]│ │
│ └────────────────────────────────────┘ │
│ │
│ ┌────────────────────────────────────┐ │
│ │ 漏洞链引擎 (10 条预定义链) │ │
│ │ CVSS 7.5-9.8 │ │
│ └────────────────────────────────────┘ │
└──────────────────────────────────────────┘相关项目
Open-tgtylab — Agent 原生安全研究工具箱(150+ MCP 工具、知识库驱动分析)
License
MIT
Related MCP server: pentestMCP
English
Hunter is an AI-driven pentest framework that runs as an MCP server in Claude Code. It provides 45 MCP tools + vulnerability chain engine + knowledge graph, enabling Claude to autonomously perform reconnaissance, analysis, vulnerability validation, and exploitation.
Core Philosophy
Traditional: Claude → call script → wait → read report → give conclusion
↑ Claude does nothing during this time
Hunter: Claude thinks → call tools → analyze results → chain reasoning → dynamic adjustment
↑ Claude thinks at every stepClaude decides, tools execute — Tools don't judge "is this a vuln?", they just send payloads and return responses
Tools return complete data — 1M context window allows full response retention
Knowledge graph auto-accumulates — Every tool call updates it automatically
Quick Start
1. Install
git clone https://github.com/GeniusHu-tgty/hunter.git
cd hunter
pip install -e .2. Configure Claude Code
Create .mcp.json in your project root:
{
"mcpServers": {
"hunter": {
"command": "python",
"args": ["path/to/hunter/server.py"]
}
}
}3. Start Demo Target (Optional)
docker compose up -d
# DVWA: http://localhost:8080
# Juice Shop: http://localhost:30004. Start Pentesting
Tell Claude:
Pentest the DVWA target at localhost:8080Claude will automatically use Hunter's 13 tools to complete the pentest.
Tools
Layer | Tool | Purpose | Typical Use |
Recon |
| HTTP universal probe | All HTTP operations |
Recon |
| Port scanner | Discover open services |
Recon |
| DNS resolver | Enumerate DNS records |
Recon |
| Directory enumerator | Find hidden paths |
Recon |
| Subdomain discovery | Expand attack surface |
Analysis |
| Technology fingerprinting | Framework/language/WAF/CMS |
Analysis |
| JS static analysis | Endpoints/secrets/internal URLs |
Analysis |
| Read target files | LFI/traversal/source disclosure |
Validation |
| Injection testing | SQLi/XSS/SSTI/XXE |
Execution |
| Shell management | Reverse shell/webshell |
Execution |
| Python code execution | Custom exploits |
Management |
| Session/knowledge graph | Query/persist/report |
Chain |
| Vulnerability chain engine | 10 predefined chains |
Vulnerability Chains
10 predefined exploitation chains (CVSS 7.5-9.8):
Chain | CVSS | Description |
sqli-data-leak | 9.8 | SQL Injection → Data Leak |
ssrf-cloud-creds | 9.0 | SSRF → Cloud Credentials |
upload-rce | 9.8 | File Upload → RCE |
cors-account-takeover | 7.5 | CORS → Account Takeover |
idor-data-leak | 7.5 | IDOR → Data Leak |
ssti-rce | 9.8 | SSTI → RCE |
lfi-rce | 9.0 | LFI → Log Inclusion → RCE |
jwt-privilege-escalation | 8.0 | JWT → Privilege Escalation |
deser-rce | 9.8 | Deserialization → RCE |
xxe-ssrf | 7.5 | XXE → SSRF |
Payload Knowledge Base
7 categories of YAML payload files:
SQL Injection (6 techniques + WAF bypass)
XSS (reflected/stored/DOM + WAF bypass)
SSRF (cloud metadata + protocol smuggling + bypass)
SSTI (6 template engines)
LFI (Linux/Windows/PHP wrappers)
XXE (file read/SSRF/blind)
JWT (algorithm confusion/brute force/KID injection)
Architecture
┌──────────────────────────────────────────┐
│ Claude Brain (1M Context) │
│ │
│ Read full source · Analyze full response │
│ Write custom exploits · Cross-reference │
│ Dynamic strategy · Chain attacks │
└──────────────┬───────────────────────────┘
│ tool_use (JSON in/out)
▼
┌──────────────────────────────────────────┐
│ Hunter MCP Server │
│ │
│ ┌────────────────────────────────────┐ │
│ │ 13 Core Tools │ │
│ │ │ │
│ │ Recon: probe · port_scan · dns │ │
│ │ dir_enum · subdomain │ │
│ │ Analysis: tech · js_analyze · src │ │
│ │ Validation: inject │ │
│ │ Execution: shell · exec │ │
│ │ Management: session · chains │ │
│ └────────────────────────────────────┘ │
│ │
│ ┌────────────────────────────────────┐ │
│ │ Knowledge Graph (JSON persist) │ │
│ │ findings[] · attempts[] · shells[]│ │
│ └────────────────────────────────────┘ │
│ │
│ ┌────────────────────────────────────┐ │
│ │ Chain Engine (10 predefined) │ │
│ │ CVSS 7.5-9.8 │ │
│ └────────────────────────────────────┘ │
└──────────────────────────────────────────┘Related Projects
Open-tgtylab — Agent-native security research toolkit (150+ MCP tools, knowledge-base-driven analysis)
License
MIT
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/GeniusHu-tgty/Hunter'
If you have feedback or need assistance with the MCP directory API, please join our Discord server