Best HackerOne MCP Servers
HackerOne is the leading hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited.
Why this server?
Provides tools for interacting with the HackerOne API to manage vulnerability reports, bug bounty programs, and earnings, including capabilities to submit findings, respond to triage, and analyze hunting patterns.
FlicenseAqualityDmaintenanceProvides read-only access to HackerOne reports, program scopes, and bounty earnings through the HackerOne API. It enables users to analyze hunting patterns, check asset eligibility, and retrieve report details or triage conversations via natural language.Last updated939Why this server?
Provides read-only tools to interact with a HackerOne researcher account, including listing programs, scopes, reports, earnings, searching disclosed reports, and drafting bug reports.
FlicenseAqualityBmaintenanceA local, read-only MCP server that connects your HackerOne researcher account to Claude Desktop and Claude Code, helping you find targets, analyze program scopes, review reports and earnings, and draft bug reports.Last updated17Why this server?
Allows AI agents to search, analyze, and build on past bug bounty work, including personal reports, program scopes, and public disclosed reports from HackerOne.
Why this server?
Supports security testing and reconnaissance for bug bounty programs, including subdomain enumeration, vulnerability scanning, and report generation for authorized assessments.
Alicense-qualityDmaintenanceProfessional security testing server with 50+ integrated tools for web application vulnerability scanning, reconnaissance, fuzzing, and API testing. Enables comprehensive bug bounty hunting workflows including subdomain enumeration, XSS/SQLi detection, and automated security assessments.Last updatedMITWhy this server?
Provides tools for interacting with HackerOne's API, enabling users to list and retrieve reports, list programs, and get program scopes and details.
Alicense-qualityCmaintenanceEnables MCP clients like Claude and Codex to interact with HackerOne's API to list and get reports, programs, and scopes.Last updated271MITWhy this server?
Manage bug bounty reports and vulnerability disclosures via HackerOne API.
Alicense-quality-maintenanceA Model Context Protocol server for orchestrating red team security assessments, enabling LLMs to manage agents, targets, operations, and findings aligned with MITRE ATT&CK framework.Last updatedMITWhy this server?
Integrates with HackerOne to fetch and search personal and public bug bounty reports, programs, and scopes, enabling AI-assisted vulnerability analysis and attack briefing generation.
Alicense-qualityFmaintenanceConnects AI assistants to HackerOne to pull bug bounty history, program scopes, and report details into a local SQLite database, exposing tools for searching, analyzing, and generating attack briefings using both personal and public disclosed reports.Last updated311MITWhy this server?
Loads HackerOne program scope from local H1-Scope-Watcher snapshots to enforce scope boundaries during recon activities.
Flicense-qualityCmaintenanceA local Python MCP server for safe, human-led bug bounty recon, providing lightweight helpers for scope checks, headers, robots.txt, sitemap.xml, JavaScript URL collection, endpoint extraction, URL deduplication, evidence notes, and manual test planning.Last updatedWhy this server?
Allows scanning of HackerOne program scope targets using Nuclei, with automatic scope gating based on HackerOne scope snapshots.
Flicense-qualityCmaintenanceA scoped Nuclei MCP server that only scans targets from HackerOne scope snapshots, enforcing exact, wildcard, and fuzzy matches before running scans.Last updated