Bug Bounty MCP Server
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": true
} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| search_techniquesA | Search the entire bug bounty knowledge base for techniques, payloads, and methodologies. Use this to find information about specific vulnerability types, attack techniques, bypass methods, or security testing approaches. |
| get_payloadsA | Get payloads and attack vectors for a specific vulnerability category. Returns relevant payload lists, bypass techniques, and exploitation methods from PayloadsAllTheThings and HackTricks. |
| read_knowledge_fileA | Read a specific file from the bug bounty knowledge base. Use this after searching to read the full content of a relevant file. |
| browse_knowledge_baseA | Browse the directory structure of the bug bounty knowledge base. Use this to discover what topics and categories are available. |
| get_bounty_reportsA | Get real-world bug bounty reports, both accepted and rejected. Use accepted reports for methodology and impact examples. Use rejected reports to understand what NOT to submit. |
| assess_report_qualityA | Evaluate whether a potential bug bounty finding is likely to be accepted or rejected, based on historical patterns of accepted and rejected reports. Provide vulnerability details to get an assessment. |
| get_methodologyA | Get structured bug bounty testing methodology and checklists. Returns step-by-step approaches for testing specific vulnerability types or general web application testing. |
| get_rs0n_methodologyA | Get rs0n's (Harrison Richardson) battle-tested bug bounty methodology from the DEFCON 32 Bug Bounty Village workshop. This is the PRIMARY methodology that should guide all testing. Covers four pillars: Recon, Injection, Logic, and Cloud. |
| get_cloud_securityB | Get cloud-specific security testing information for AWS, Azure, GCP, and other cloud platforms. |
| get_waf_bypassB | Get WAF (Web Application Firewall) bypass techniques for specific vulnerability types. |
| list_wordlistsA | Browse available SecLists wordlists by category. Returns directory listings of available wordlists for directory brute-forcing, subdomain enumeration, fuzzing, password testing, and more. |
| get_wordlistA | Get the contents of a specific SecLists wordlist file. Use this to retrieve wordlists for directory brute-forcing, fuzzing, subdomain enumeration, or other testing tasks. |
| search_wordlistsA | Search for wordlists across SecLists by filename or keyword. Use this to find the right wordlist for a specific testing task. |
| get_recommended_wordlistB | Get a recommended wordlist for a specific testing task. Returns the best SecLists wordlist based on common bug bounty use cases. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/R-s0n/rs0n-bug-bounty-mcp-server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server