list_programs
Retrieve bug bounty programs accessible on HackerOne to identify eligible targets for security testing.
Instructions
List bug bounty programs you have access to on HackerOne.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| page_size | No | Number of programs to return (default 50) |
Implementation Reference
- src/h1client.ts:232-246 (handler)The implementation of the `listPrograms` function which fetches data from the HackerOne API.
export async function listPrograms(pageSize = 50) { const data = await h1Fetch("/hackers/programs", { "page[size]": String(pageSize), }); return data.data.map((p: any) => ({ id: p.id, handle: p.attributes.handle, name: p.attributes.name, offers_bounties: p.attributes.offers_bounties, state: p.attributes.state, started_accepting_at: p.attributes.started_accepting_at, submission_state: p.attributes.submission_state, })); } - src/index.ts:176-200 (registration)The MCP tool registration for `list_programs`, including input schema (using zod) and the handler logic that calls the `listPrograms` helper function.
server.tool( "list_programs", "List bug bounty programs you have access to on HackerOne.", { page_size: z .number() .min(1) .max(100) .optional() .describe("Number of programs to return (default 50)"), }, async ({ page_size }) => { try { const programs = await listPrograms(page_size); return { content: [ { type: "text" as const, text: JSON.stringify(programs, null, 2), }, ], }; } catch (err: any) { return { content: [{ type: "text" as const, text: `Error: ${err.message}` }],