Skip to main content
Glama

Hunter v4 — AI-Driven Pentest Agent

Claude is the brain, MCP tools are the hands.

CI License: MIT Python 3.10+ MCP Compatible

English | 中文


中文

Hunter 是一个 AI 驱动的渗透测试框架,作为 MCP server 运行在 Claude Code 中。它提供 45 个 MCP 工具 + 漏洞链引擎 + 知识图谱,让 Claude 能够自主执行侦察、分析、漏洞验证和利用。

核心理念

传统: Claude → 调脚本 → 等脚本跑完 → 读报告 → 给结论
           ↑ Claude 在这期间什么都没做

Hunter: Claude 思考 → 调工具 → 分析结果 → 链式推理 → 动态调整
              ↑ 每一步 Claude 都在思考
  • Claude 做决策,工具做执行 — 工具不判断"是否漏洞",只发送 payload 返回响应

  • 工具返回完整数据 — 1M 上下文允许保留完整响应,Claude 分析更准确

  • 知识图谱自动积累 — 每次工具调用自动更新,不需要手动记录

快速开始

1. 安装

git clone https://github.com/GeniusHu-tgty/hunter.git
cd hunter
pip install -e .

2. 配置 Claude Code

在项目根目录创建 .mcp.json

{
  "mcpServers": {
    "hunter": {
      "command": "python",
      "args": ["path/to/hunter/server.py"]
    }
  }
}

3. 启动 Demo 靶机(可选)

docker compose up -d
# DVWA: http://localhost:8080
# Juice Shop: http://localhost:3000

4. 开始渗透

对 Claude 说:

帮我渗透 localhost:8080 的 DVWA 靶机

Claude 会自动调用 Hunter 的 13 个工具完成渗透。

工具列表

工具

用途

典型场景

探测

probe

HTTP 万能探测器

所有 HTTP 操作入口

探测

port_scan

端口扫描

发现开放服务

探测

dns

DNS 查询

枚举 DNS 记录

探测

dir_enum

目录枚举

发现隐藏路径

探测

subdomain

子域名发现

扩大攻击面

分析

tech

技术栈识别

框架/语言/WAF/CMS

分析

js_analyze

JS 静态分析

端点/密钥/内部 URL

分析

src_read

读目标文件

LFI/目录遍历/源码泄露

验证

inject

注入测试

SQLi/XSS/SSTI/XXE

执行

shell

Shell 管理

反弹 shell/webshell

执行

exec

Python 代码执行

自定义 exploit

管理

session

会话/知识图谱

查询/持久化/报告

chains

漏洞链引擎

10 条预定义利用链

漏洞链引擎

内置 10 条预定义漏洞利用链(CVSS 7.5-9.8):

链名

CVSS

描述

sqli-data-leak

9.8

SQL 注入 → 数据泄露

ssrf-cloud-creds

9.0

SSRF → 云凭据泄露

upload-rce

9.8

文件上传 → RCE

cors-account-takeover

7.5

CORS → 账户接管

idor-data-leak

7.5

IDOR → 数据泄露

ssti-rce

9.8

SSTI → RCE

lfi-rce

9.0

LFI → 日志包含 → RCE

jwt-privilege-escalation

8.0

JWT → 权限提升

deser-rce

9.8

反序列化 → RCE

xxe-ssrf

7.5

XXE → SSRF

Payload 知识库

7 个类别的 YAML payload 文件:

  • SQL 注入(6 种技术 + WAF 绕过)

  • XSS(反射/存储/DOM + WAF 绕过)

  • SSRF(云元数据 + 协议走私 + 绕过)

  • SSTI(6 种模板引擎)

  • LFI(Linux/Windows/PHP wrapper)

  • XXE(文件读取/SSRF/盲注)

  • JWT(算法混淆/密钥爆破/KID 注入)

架构

┌──────────────────────────────────────────┐
│          Claude 大脑 (1M 上下文)          │
│                                          │
│  读完整源码 · 分析完整响应 · 理解业务逻辑   │
│  写自定义 exploit · 跨大量信息推理          │
│  动态调整策略 · 链式攻击                   │
└──────────────┬───────────────────────────┘
               │ tool_use (JSON in/out)
               ▼
┌──────────────────────────────────────────┐
│         Hunter MCP Server                │
│                                          │
│  ┌────────────────────────────────────┐  │
│  │         13 个核心工具               │  │
│  │                                    │  │
│  │  探测: probe · port_scan · dns     │  │
│  │        dir_enum · subdomain        │  │
│  │  分析: tech · js_analyze · src_read│  │
│  │  验证: inject                      │  │
│  │  执行: shell · exec                │  │
│  │  管理: session · chains            │  │
│  └────────────────────────────────────┘  │
│                                          │
│  ┌────────────────────────────────────┐  │
│  │  知识图谱 (JSON 文件持久化)         │  │
│  │  findings[] · attempts[] · shells[]│  │
│  └────────────────────────────────────┘  │
│                                          │
│  ┌────────────────────────────────────┐  │
│  │  漏洞链引擎 (10 条预定义链)         │  │
│  │  CVSS 7.5-9.8                     │  │
│  └────────────────────────────────────┘  │
└──────────────────────────────────────────┘

相关项目

  • Open-tgtylab — Agent 原生安全研究工具箱(150+ MCP 工具、知识库驱动分析)

License

MIT


Related MCP server: pentestMCP

English

Hunter is an AI-driven pentest framework that runs as an MCP server in Claude Code. It provides 45 MCP tools + vulnerability chain engine + knowledge graph, enabling Claude to autonomously perform reconnaissance, analysis, vulnerability validation, and exploitation.

Core Philosophy

Traditional: Claude → call script → wait → read report → give conclusion
                  ↑ Claude does nothing during this time

Hunter: Claude thinks → call tools → analyze results → chain reasoning → dynamic adjustment
                   ↑ Claude thinks at every step
  • Claude decides, tools execute — Tools don't judge "is this a vuln?", they just send payloads and return responses

  • Tools return complete data — 1M context window allows full response retention

  • Knowledge graph auto-accumulates — Every tool call updates it automatically

Quick Start

1. Install

git clone https://github.com/GeniusHu-tgty/hunter.git
cd hunter
pip install -e .

2. Configure Claude Code

Create .mcp.json in your project root:

{
  "mcpServers": {
    "hunter": {
      "command": "python",
      "args": ["path/to/hunter/server.py"]
    }
  }
}

3. Start Demo Target (Optional)

docker compose up -d
# DVWA: http://localhost:8080
# Juice Shop: http://localhost:3000

4. Start Pentesting

Tell Claude:

Pentest the DVWA target at localhost:8080

Claude will automatically use Hunter's 13 tools to complete the pentest.

Tools

Layer

Tool

Purpose

Typical Use

Recon

probe

HTTP universal probe

All HTTP operations

Recon

port_scan

Port scanner

Discover open services

Recon

dns

DNS resolver

Enumerate DNS records

Recon

dir_enum

Directory enumerator

Find hidden paths

Recon

subdomain

Subdomain discovery

Expand attack surface

Analysis

tech

Technology fingerprinting

Framework/language/WAF/CMS

Analysis

js_analyze

JS static analysis

Endpoints/secrets/internal URLs

Analysis

src_read

Read target files

LFI/traversal/source disclosure

Validation

inject

Injection testing

SQLi/XSS/SSTI/XXE

Execution

shell

Shell management

Reverse shell/webshell

Execution

exec

Python code execution

Custom exploits

Management

session

Session/knowledge graph

Query/persist/report

Chain

chains

Vulnerability chain engine

10 predefined chains

Vulnerability Chains

10 predefined exploitation chains (CVSS 7.5-9.8):

Chain

CVSS

Description

sqli-data-leak

9.8

SQL Injection → Data Leak

ssrf-cloud-creds

9.0

SSRF → Cloud Credentials

upload-rce

9.8

File Upload → RCE

cors-account-takeover

7.5

CORS → Account Takeover

idor-data-leak

7.5

IDOR → Data Leak

ssti-rce

9.8

SSTI → RCE

lfi-rce

9.0

LFI → Log Inclusion → RCE

jwt-privilege-escalation

8.0

JWT → Privilege Escalation

deser-rce

9.8

Deserialization → RCE

xxe-ssrf

7.5

XXE → SSRF

Payload Knowledge Base

7 categories of YAML payload files:

  • SQL Injection (6 techniques + WAF bypass)

  • XSS (reflected/stored/DOM + WAF bypass)

  • SSRF (cloud metadata + protocol smuggling + bypass)

  • SSTI (6 template engines)

  • LFI (Linux/Windows/PHP wrappers)

  • XXE (file read/SSRF/blind)

  • JWT (algorithm confusion/brute force/KID injection)

Architecture

┌──────────────────────────────────────────┐
│          Claude Brain (1M Context)       │
│                                          │
│  Read full source · Analyze full response │
│  Write custom exploits · Cross-reference │
│  Dynamic strategy · Chain attacks        │
└──────────────┬───────────────────────────┘
               │ tool_use (JSON in/out)
               ▼
┌──────────────────────────────────────────┐
│         Hunter MCP Server                │
│                                          │
│  ┌────────────────────────────────────┐  │
│  │         13 Core Tools              │  │
│  │                                    │  │
│  │  Recon: probe · port_scan · dns    │  │
│  │         dir_enum · subdomain       │  │
│  │  Analysis: tech · js_analyze · src │  │
│  │  Validation: inject                │  │
│  │  Execution: shell · exec           │  │
│  │  Management: session · chains      │  │
│  └────────────────────────────────────┘  │
│                                          │
│  ┌────────────────────────────────────┐  │
│  │  Knowledge Graph (JSON persist)    │  │
│  │  findings[] · attempts[] · shells[]│  │
│  └────────────────────────────────────┘  │
│                                          │
│  ┌────────────────────────────────────┐  │
│  │  Chain Engine (10 predefined)      │  │
│  │  CVSS 7.5-9.8                     │  │
│  └────────────────────────────────────┘  │
└──────────────────────────────────────────┘
  • Open-tgtylab — Agent-native security research toolkit (150+ MCP tools, knowledge-base-driven analysis)

License

MIT

A
license - permissive license
-
quality - not tested
C
maintenance

Maintenance

Maintainers
Response time
Release cycle
Releases (12mo)
Commit activity

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/GeniusHu-tgty/Hunter'

If you have feedback or need assistance with the MCP directory API, please join our Discord server