Skip to main content
Glama
telmon95

VulneraMCP

by telmon95
OverviewSchemaRelated ServersScoreDiscussions
TypeScript
Hybrid

VulneraMCP

An AI-Powered Bug Bounty Hunting Platform - Comprehensive Model Context Protocol (MCP) server for security testing, vulnerability research, and bug bounty hunting.

License: MIT TypeScript Node.js

VulneraMCP integrates with industry-standard security tools (ZAP, Caido, Burp Suite) and provides AI-powered automation for reconnaissance, JavaScript analysis, security testing, and vulnerability detection. All findings are automatically stored in PostgreSQL for analysis and reporting.

🌟 Features

πŸ” Reconnaissance Tools

  • Subdomain Discovery: Subfinder, Amass integration

  • Live Host Detection: HTTPx for checking active endpoints

  • DNS Resolution: DNS record enumeration (A, AAAA, CNAME, MX, TXT)

  • Full Recon Workflow: Automated multi-tool reconnaissance

πŸ” Security Testing

  • XSS Testing: Automated cross-site scripting detection

  • SQL Injection: SQLi vulnerability testing with sqlmap fallback

  • IDOR Detection: Insecure Direct Object Reference testing

  • CSP Analysis: Content Security Policy misconfiguration detection

  • Auth Bypass: Authentication bypass attempt testing

  • CSRF Testing: Cross-Site Request Forgery detection with advanced techniques

πŸ“œ JavaScript Analysis

  • JS Download: Download and analyze JavaScript files

  • Code Beautification: Format and beautify minified JS

  • Endpoint Extraction: Find API endpoints and URLs in JS

  • Secret Detection: Heuristic API key and token extraction

  • Full Analysis: Combined download, beautify, and analyze workflow

πŸ•·οΈ Integration

  • Spider Scans: Automated web crawling

  • Active Scanning: Vulnerability scanning

  • Proxy Integration: Process requests through ZAP proxy

  • Alert Management: Retrieve and analyze security alerts

  • Context Management: Define scanning contexts

πŸ’Ύ Database Integration

  • PostgreSQL: Store findings, test results, and scores

  • Redis: Working memory and caching (optional)

  • Finding Management: Save and retrieve bug findings

  • Test Result Storage: Track all security tests with statistics

πŸ–ΌοΈ Rendering Tools

  • Screenshots: Capture webpage screenshots with Puppeteer

  • DOM Extraction: Extract and analyze page structure

  • Form Extraction: Find and analyze web forms

  • JavaScript Execution: Execute JS in page context

πŸ€– AI Training & Pattern Matching

  • Training Data Import: Import from HTB, PortSwigger labs

  • Pattern Matching: Learn from successful exploits

  • Writeup Analysis: Extract patterns from bug bounty writeups

  • CSRF Patterns: Pre-loaded CSRF exploitation patterns

πŸ“Š Web Dashboard

  • Real-time Statistics: View test results and findings

  • Finding Management: Browse and analyze discovered vulnerabilities

  • Visual Analytics: Track testing progress and success rates

πŸš€ Quick Start

Prerequisites

  • Node.js 20+ and npm

  • PostgreSQL 18+ (or Docker)

  • Redis (optional, for caching)

  • ZAP (optional, for active scanning)

  • Caido (optional, for traffic analysis)

Installation

# Clone the repository
git clone https://github.com/telmonmaluleka/VulneraMCP.git
cd VulneraMCP

# Install dependencies
npm install

# Build the project
npm run build

Configuration

  1. Copy environment template:

    cp mcp.json.example mcp.json

  2. Configure your environment variables:

    • Set up PostgreSQL connection details

    • Configure Caido API token (if using)

    • Set ZAP API URL (default: http://localhost:8081)

  3. Initialize the database:

    node init-db.js

Running the Server

# Start the MCP server
npm start

# Start the dashboard (in another terminal)
npm run dashboard

# Access dashboard at http://localhost:3000

Docker Setup

# Start all services with Docker Compose
docker-compose up -d

# Or use the startup script
./start-services.sh

πŸ“– Usage

Via MCP Client (Cursor, Claude Desktop, etc.)

The server provides MCP tools that can be called through any MCP-compatible client:

Reconnaissance:

recon.subfinder domain: example.com
recon.httpx input: example.com,subdomain.example.com
recon.full domain: example.com

Security Testing:

security.test_xss url: https://example.com/search?q=<script>
security.test_sqli url: https://example.com/user?id=1
security.test_csrf url: https://example.com/profile/update

JavaScript Analysis:

js.analyze url: https://example.com/static/app.js
js.extract_secrets source: <javascript_code>

ZAP Integration:

zap.start_spider url: https://example.com
zap.start_active_scan url: https://example.com
zap.get_alerts baseURL: https://example.com

Caido Integration:

caido.query httpql: "req.host.cont:\"example.com\" AND req.path.cont:\"api\""
caido.agent_discover_endpoints host: example.com

Rate Limiting & Best Practices

When testing bug bounty programs, always respect rate limits:

// Example: 2 requests/second limit
const rateLimiter = require('./hunting/rate-limiter');
const limiter = rateLimiter(2); // 2 req/sec

await limiter();
// Make your request

πŸ—οΈ Project Structure

VulneraMCP/
β”œβ”€β”€ src/
β”‚   β”œβ”€β”€ integrations/    # External service integrations
β”‚   β”‚   β”œβ”€β”€ zap.ts       # OWASP ZAP integration
β”‚   β”‚   β”œβ”€β”€ caido.ts     # Caido integration
β”‚   β”‚   β”œβ”€β”€ postgres.ts  # PostgreSQL database
β”‚   β”‚   └── redis.ts     # Redis caching
β”‚   β”œβ”€β”€ tools/           # MCP tools (recon, security, etc.)
β”‚   β”œβ”€β”€ mcp/             # MCP server implementation
β”‚   └── index.ts         # Main entry point
β”œβ”€β”€ public/              # Dashboard frontend
β”œβ”€β”€ hunting/             # Bug bounty hunting scripts
β”œβ”€β”€ dist/                # Compiled TypeScript output
└── dashboard-server.js  # Dashboard API server

πŸ”§ Configuration

MCP Server Configuration (mcp.json)

{
  "name": "vulneramcp",
  "command": "node",
  "args": ["dist/index.js"],
  "env": {
    "POSTGRES_HOST": "localhost",
    "POSTGRES_PORT": "5433",
    "POSTGRES_USER": "postgres",
    "POSTGRES_DB": "bugbounty"
  }
}

Environment Variables

# PostgreSQL
POSTGRES_HOST=localhost
POSTGRES_PORT=5433
POSTGRES_USER=postgres
POSTGRES_PASSWORD=your_password
POSTGRES_DB=bugbounty

# ZAP
ZAP_API_URL=http://localhost:8081

# Caido
CAIDO_API_TOKEN=your_token

# Redis (optional)
REDIS_HOST=localhost
REDIS_PORT=6379

πŸ“Š Dashboard

The web dashboard provides:

  • Statistics: Test results, success rates, vulnerability distribution

  • Findings: Detailed view of discovered vulnerabilities

  • Search & Filter: Find specific findings by target, type, severity

Access at: http://localhost:3000

🀝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

  1. Fork the repository

  2. Create your feature branch (git checkout -b feature/AmazingFeature)

  3. Commit your changes (git commit -m 'Add some AmazingFeature')

  4. Push to the branch (git push origin feature/AmazingFeature)

  5. Open a Pull Request

πŸ“ License

This project is licensed under the MIT License - see the LICENSE file for details.

⚠️ Disclaimer

This tool is for authorized security testing only. Always:

  • Get proper authorization before testing

  • Respect rate limits and terms of service

  • Follow responsible disclosure practices

  • Never use on systems you don't own or have explicit permission to test

πŸ™ Acknowledgments

  • ZAP for vulnerability scanning

  • The bug bounty community for inspiration and feedback

πŸ“š Documentation

πŸ› Issues

Found a bug? Have a feature request? Please open an issue on GitHub.

πŸ“§ Contact

Install Server
A
security – no known vulnerabilities
A
license - permissive license
A
quality - confirmed to work

How are these scores calculated?

Resources

Tools

View all tools

Appeared in Searches

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/telmon95/VulneraMCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server