HackerOne MCP
Provides tools for interacting with HackerOne's Hacker API, enabling listing programs, pulling scope, reading and submitting reports, browsing Hacktivity, and checking balance.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@HackerOne MCPlist my HackerOne programs"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
HackerOne MCP
An MCP server that connects Claude to the HackerOne Hacker API. List your programs, pull structured scope, read and submit reports, browse Hacktivity, and check your balance — all from inside Claude Code.
Tools
Tool | What it does |
| Verify credentials work (run this first) |
| List programs you can access |
| Full details for one program by handle |
| Structured scope (in-scope assets), filter by bounty/submission |
| Accepted weakness (CWE) types |
| Out-of-scope categories |
| Search a keyword across ALL your programs' scopes |
| Reports you've submitted |
| One report by ID (activities, bounties, state) |
| Submit a new vulnerability report |
| Query publicly disclosed reports for intel |
| Money |
| Raw passthrough for any other endpoint |
Related MCP server: MCP Intigriti Server
Setup
1. Get an API token
Go to https://hackerone.com/settings/api_token/edit, create a token, and note both the identifier (username) and the token value.
2. Install deps
cd ~/projects/hackerone-mcp
uv venv .venv
uv pip install --python .venv/bin/python -r requirements.txt3. Add credentials
cp .env.example .env
# edit .env and fill in HACKERONE_API_USERNAME + HACKERONE_API_TOKENThe server auto-loads .env from this folder — nothing else to configure.
4. Test
.venv/bin/python -c "import hackerone_mcp as h; print(h.test_connection())"5. Register with Claude Code
claude mcp add hackerone -- ~/projects/hackerone-mcp/.venv/bin/python ~/projects/hackerone-mcp/hackerone_mcp.pyThen in Claude: "list my HackerOne programs" or "pull the scope for program X".
To register only for the current project instead, add --scope project.
Manual config (any MCP client)
{
"mcpServers": {
"hackerone": {
"command": "/home/kali/projects/hackerone-mcp/.venv/bin/python",
"args": ["/home/kali/projects/hackerone-mcp/hackerone_mcp.py"]
}
}
}Credentials come from .env, or set HACKERONE_API_USERNAME /
HACKERONE_API_TOKEN in the env block of the config.
Notes
Base URL:
https://api.hackerone.com/v1, HTTP Basic auth.submit_reportcreates a real report — review details before calling..envis gitignored; never commit your token.
This server cannot be installed
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/abdugafforov-bobur/hackerone-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server