inti-brain
Provides tools to sync and search Intigriti bug bounty programs, pull scopes and rules of engagement, and generate attack briefings.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@inti-brainGet attack briefing for the acme program"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
inti-brain
An MCP server that connects your AI assistant (Claude Code / Desktop, or any
MCP client) to Intigriti. It pulls the programs you can access, their
scopes (domains) and rules of engagement into a local SQLite database, then
exposes tools to search programs, pull scope, and generate an actionable attack
briefing via hack(handle).
It's the Intigriti equivalent of h1-brain.
Authorized testing only. Use this against programs you are permitted to test, and follow each program's scope and rules of engagement.
What it does
Syncs every Intigriti program you can access (handle, name, bounty range, status, industry).
Pulls each program's scope broken down by bounty tier, plus the rules of engagement — including the required request header (e.g.
X-Intigriti-Username: {you}), safe-harbour status, and whether automated tooling is allowed.hack(handle)returns a full briefing: bounty-eligible assets first, no-bounty assets, an explicit out-of-scope section, the required header, the ROE, and (optionally) weakness-pattern hits from a disclosed-report KB.
Related MCP server: Intigriti MCP Server
Requirements
Python 3.10+
An Intigriti Researcher API personal access token (generate at https://app.intigriti.com/researcher/personal-access-tokens).
Setup
git clone https://github.com/<you>/inti-brain.git
cd inti-brain
python3 -m venv venv
./venv/bin/pip install -r requirements.txt
cp .intienv.example .intienv # then edit .intienv with your token.intienv:
INTI_USERNAME=your_intigriti_username
INTI_API_TOKEN=your_researcher_api_tokenConnect to Claude Code
claude mcp add inti-brain \
-e INTI_USERNAME=your_username \
-e INTI_API_TOKEN=your_token \
-- /absolute/path/to/inti-brain/venv/bin/python \
/absolute/path/to/inti-brain/server.pyFor Claude Desktop, add an equivalent mcpServers entry pointing at
venv/bin/python server.py with the two env vars.
First run
fetch_programs— sync every program you can access.sync_all_scopes(bounty_only=True)— optional bulk scope pull for paying programs.hack(handle)— full attack briefing for one program (auto-pulls fresh scope).
Tools
Tool | Description |
| Sync all accessible programs into the DB |
| Fetch one program's domains + ROE |
| Bulk scope sync (one API call each — heavy) |
| Search synced programs |
| Search scope entries |
| Full program detail incl. ROE + scope (auto-syncs) |
| Attack briefing: scope by bounty tier, required header, safe-harbour/tooling flags, out-of-scope section, ROE, KB hits |
| Full-text pattern-KB search (needs optional KB, below) |
| Full write-up from the pattern KB (needs optional KB) |
Optional: weakness-pattern KB
The two *_disclosed_report* tools and the "Pattern KB hits" section of
hack() read an optional SQLite corpus of public disclosed bug-bounty reports.
Drop a disclosed_reports.db into this folder (the schema from
h1-brain works as-is), or point
DISCLOSED_DB_FILE at one. If absent, those tools degrade gracefully and the
rest of the server works normally.
API
Base:
https://api.intigriti.com/external/researcher/v1Auth:
Authorization: Bearer <researcher-api-token>Programs:
GET /programs?limit=&offset=(offset pagination)Program detail / scope:
GET /programs/{programId}
Notes
inti_data.db,.intienv, anddisclosed_reports.dbare git-ignored — your token and local data never get committed.Always send the program's required header on in-scope requests, or you risk being flagged / out of scope.
License
MIT
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Srj0210/inti-brain'
If you have feedback or need assistance with the MCP directory API, please join our Discord server