Bug Bounty Assistant MCP
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Bug Bounty Assistant MCPrecon example.com for subdomains and security headers"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
π§ͺ Bug Bounty Assistant MCP
An MCP (Model Context Protocol) server that gives an LLM a toolkit of passive and low-impact active reconnaissance tools for authorized bug bounty and security assessment work. The LLM decides which tools to call based on the target and context, then synthesizes findings into a structured report.
β οΈ Authorized use only. This tool is intended strictly for testing assets you own or have explicit written authorization to test (e.g. a program listed on HackerOne/Bugcrowd/Intigriti with the target in scope). Running these tools against systems without permission may violate laws such as the CFAA (US), Computer Misuse Act (UK), or equivalent legislation elsewhere. Always check the program's scope and rules of engagement before scanning.
Features
The server currently exposes the following tools to the calling LLM:
Tool | Description |
| Resolves A/AAAA/MX/TXT/NS/CNAME/SOA records for a domain |
| Enumerates subdomains via certificate transparency logs (crt.sh), passive DNS sources, and optional wordlist brute force |
| Audits HTTP response headers (CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, etc.) |
| Inspects cookies for |
| Checks TLS/SSL certificate validity, chain, protocol versions, and cipher suites |
| Fetches and parses |
| Fetches and parses |
| Fingerprints frameworks, CMS, JS libraries, and server software (Wappalyzer-style detection) |
| Crawls linked resources and JS files for endpoints, API routes, and parameters worth manual review |
| Captures a visual snapshot of a page for quick triage of many hosts |
| Aggregates all tool outputs into a structured Markdown/JSON recon report |
Suggested additional tools (roadmap)
These extend the recon surface while staying passive/low-impact:
Tool | Description |
| WHOIS/RDAP data β registrar, creation date, org, nameservers |
| Tests for permissive/misconfigured CORS policies (reflected origin, wildcard + credentials) |
| Passive checks for common open-redirect parameter patterns |
| Pulls historical URLs from the Wayback Machine / |
| Searches GitHub for leaked secrets, API keys, or internal references tied to the target domain/org |
| Downloads and greps JS bundles for hardcoded API keys, tokens, internal hostnames |
| Flags dangling CNAMEs pointing to unclaimed cloud resources (S3, Heroku, GitHub Pages, etc.) |
| Uses Shodan/Censys APIs (not direct scanning) to see already-indexed open ports/services |
| Decodes and analyzes JWTs found in requests for weak algorithms ( |
| Sends a small number of requests to see if basic rate limiting exists (low volume, non-disruptive) |
| Validates SPF/DKIM/DMARC records for the domain |
| Computes favicon hash ( |
| Optional, opt-in, rate-limited content discovery against a small curated wordlist |
| Tests if GraphQL introspection is exposed on discovered API endpoints |
| Combines |
| Compares current recon results to a previous run and highlights what changed (new subdomains, new headers, cert renewal, etc.) |
Related MCP server: Bug Bounty MCP Server
Architecture
βββββββββββββββ MCP (stdio/HTTP) ββββββββββββββββββββββββ
β LLM Host β βββββββββββββββββββββββββββββββΆβ Bug Bounty MCP β
β (Claude, etc)β ββββββββββββββββββββββββββββββββ Server β
βββββββββββββββ tool calls/results ββββββββββββ¬ββββββββββββ
β
βββββββββββββββββββββββΌββββββββββββββββββββββ
βΌ βΌ βΌ
DNS / crt.sh HTTP(S) client Headless browser
resolvers (headers, ssl, (screenshot,
robots, sitemap) JS rendering)Transport: stdio (default) or Streamable HTTP, per the MCP spec
Language: TypeScript (Node.js β₯ 18)
HTTP client:
undici/axiosHeadless browser:
playwright(fortake_screenshot, JS-renderedfind_interesting_endpoints)DNS: Node's built-in
dns/promises, plus crt.sh queries for subdomain enumerationReport output: Markdown by default, optional JSON
Project structure
bug-bounty-mcp/
βββ src/
β βββ index.ts # MCP server entrypoint, tool registration
β βββ tools/
β β βββ dns.ts
β β βββ subdomains.ts
β β βββ headers.ts
β β βββ cookies.ts
β β βββ ssl.ts
β β βββ robots.ts
β β βββ sitemap.ts
β β βββ technologies.ts
β β βββ endpoints.ts
β β βββ screenshot.ts
β β βββ report.ts
β βββ lib/
β β βββ http-client.ts # shared fetch wrapper, timeouts, retries
β β βββ rate-limiter.ts # global politeness/rate-limit control
β β βββ scope-guard.ts # validates target is in an allow-listed scope
β β βββ logger.ts
β βββ types.ts
βββ tests/
βββ .env.example
βββ package.json
βββ tsconfig.json
βββ README.mdInstallation
Prerequisites
Node.js β₯ 18
npm or pnpm
(Optional) Playwright browsers for screenshots:
npx playwright install chromium
Setup
git clone https://github.com/<your-username>/bug-bounty-mcp.git
cd bug-bounty-mcp
npm install
cp .env.example .env
npm run buildRun the server
npm start
# or in dev mode with hot reload
npm run devRegister with an MCP host (e.g. Claude Desktop / Claude Code)
Add to your MCP config (claude_desktop_config.json or equivalent):
{
"mcpServers": {
"bug-bounty-assistant": {
"command": "node",
"args": ["/absolute/path/to/bug-bounty-mcp/dist/index.js"]
}
}
}Configuration
Set these in .env:
# Comma-separated list of domains this server is allowed to scan.
# scope-guard.ts refuses to run tools against anything not listed here.
ALLOWED_SCOPE=example.com,*.example.com
# Requests per second ceiling applied globally (politeness)
MAX_REQUESTS_PER_SECOND=2
# Timeout (ms) for outbound HTTP requests
HTTP_TIMEOUT_MS=10000
# Optional API keys for enrichment tools
SHODAN_API_KEY=
CENSYS_API_ID=
CENSYS_API_SECRET=
GITHUB_TOKEN=Scope guard: every tool call passes the target through scope-guard.ts, which checks it against ALLOWED_SCOPE and refuses to run if the target isn't explicitly listed. This is the main safety rail β update it per-engagement before you start testing.
Example usage
User: "Analyze example.com for bug bounty recon."
The LLM will typically:
Call
get_dns_recordsandfind_subdomainsto map infrastructureCall
check_security_headers,analyze_cookies, andssl_scanon discovered hostsCall
discover_robots/discover_sitemapfor structure hintsCall
detect_technologiesto fingerprint the stackCall
find_interesting_endpointsto surface API routes worth manual reviewCall
take_screenshotfor visual triage across many hostsCall
generate_reportto produce a single Markdown summary with findings, severity notes, and suggested next manual steps
Sample report output:
# Recon Report β example.com
Generated: 2026-07-10
## DNS
- A: 93.184.216.34
- MX: none found
- NS: a.iana-servers.net, b.iana-servers.net
## Subdomains (4 found)
- www.example.com
- dev.example.com β exposed, no auth wall detected
- api.example.com
- mail.example.com
## Security Headers β www.example.com
- CSP: β missing
- HSTS: β
present (max-age=63072000)
- X-Frame-Options: β missing
## Recommendations
- Investigate dev.example.com β appears to be a non-production environment reachable externally
- Add CSP and X-Frame-Options headers on the main siteRoadmap
Add
wayback_urls,github_dork_search,check_cname_takeoverAdd per-tool caching to avoid re-hitting the same host repeatedly in one session
Add a
diff_scantool to compare against a prior reportSupport authenticated scans (session cookie/header injection) for logged-in recon
Add Slack/Discord webhook output for
generate_reportDocker image for one-command deployment
Contributing
Fork the repo and create a feature branch
Add or update tools under
src/tools/Add tests under
tests/Run
npm run lint && npm testbefore opening a PR
Legal
This project performs reconnaissance only β no exploitation, no automated attack payloads, no denial-of-service behavior. It is the user's sole responsibility to:
Confirm the target is in scope for a bug bounty program or that they have explicit authorization to test it
Comply with the program's rules of engagement (rate limits, prohibited techniques, disclosure process)
Comply with local law
The maintainers accept no liability for misuse.
License
MIT
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/rohitprasad-code/recon-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server