Bug Bounty MCP Server
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Bug Bounty MCP Serverfind SQL injection testing methodology and payloads"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Bug Bounty MCP Server
An MCP (Model Context Protocol) server that gives Claude Code access to a comprehensive bug bounty hunting knowledge base. Includes techniques, payloads, wordlists, real-world reports, and structured methodology.
Quick Start
# Install dependencies
npm install
# Clone knowledge base repos (PayloadsAllTheThings, HackTricks, HackTricks-Cloud, SecLists, DEFCON32 workshop)
npm run clone-repos
# Build
npm run build
# Run (stdio mode, default)
npm startRelated MCP server: platform-adapter-mcp
Add to Claude Code
Add to your Claude Code MCP config (~/.claude/settings.json or project .claude/settings.json):
{
"mcpServers": {
"bug-bounty-knowledge": {
"command": "node",
"args": ["/path/to/rs0n-bug-bounty-mcp-server/dist/index.js"]
}
}
}The server uses stdio transport (no port needed), so there are no port conflicts with other MCP servers.
Tools (14)
Tool | Description |
| Full-text search across all knowledge sources |
| Payloads for 25 vulnerability categories |
| Testing methodology by target type |
| rs0n's DEFCON32 methodology (Recon/Injection/Logic/Cloud) |
| Real-world accepted and rejected reports |
| Evaluate if a finding will be accepted |
| AWS/Azure/GCP/K8s attack techniques |
| WAF bypass techniques by vuln type |
| Navigate the knowledge base |
| Read specific KB files |
| Browse SecLists categories |
| Retrieve a specific wordlist |
| Find wordlists by keyword |
| Get the best wordlist for a task |
Knowledge Base Sources
PayloadsAllTheThings - Payload lists and bypass techniques
HackTricks - Comprehensive pentesting wiki
HackTricks-Cloud - Cloud security testing
SecLists - Wordlists for fuzzing, brute-forcing, and enumeration
DEFCON32 Workshop - rs0n's battle-tested methodology
778+ curated bug bounty reports (accepted) with detailed writeups
Rejected report patterns - What NOT to submit
Updating Knowledge Base
# Pull latest from all repos
npm run clone-reposMaintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Appeared in Searches
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/R-s0n/rs0n-bug-bounty-mcp-server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server