Skip to main content
Glama

HackerOne MCP

An MCP server that connects Claude to the HackerOne Hacker API. List your programs, pull structured scope, read and submit reports, browse Hacktivity, and check your balance — all from inside Claude Code.

Tools

Tool

What it does

test_connection

Verify credentials work (run this first)

list_programs

List programs you can access

get_program

Full details for one program by handle

get_program_scope

Structured scope (in-scope assets), filter by bounty/submission

get_program_weaknesses

Accepted weakness (CWE) types

get_scope_exclusions

Out-of-scope categories

search_scope

Search a keyword across ALL your programs' scopes

list_my_reports

Reports you've submitted

get_report

One report by ID (activities, bounties, state)

submit_report

Submit a new vulnerability report

hacktivity

Query publicly disclosed reports for intel

get_balance / get_earnings / get_payouts

Money

hackerone_api

Raw passthrough for any other endpoint

Related MCP server: MCP Intigriti Server

Setup

1. Get an API token

Go to https://hackerone.com/settings/api_token/edit, create a token, and note both the identifier (username) and the token value.

2. Install deps

cd ~/projects/hackerone-mcp
uv venv .venv
uv pip install --python .venv/bin/python -r requirements.txt

3. Add credentials

cp .env.example .env
# edit .env and fill in HACKERONE_API_USERNAME + HACKERONE_API_TOKEN

The server auto-loads .env from this folder — nothing else to configure.

4. Test

.venv/bin/python -c "import hackerone_mcp as h; print(h.test_connection())"

5. Register with Claude Code

claude mcp add hackerone -- ~/projects/hackerone-mcp/.venv/bin/python ~/projects/hackerone-mcp/hackerone_mcp.py

Then in Claude: "list my HackerOne programs" or "pull the scope for program X".

To register only for the current project instead, add --scope project.

Manual config (any MCP client)

{
  "mcpServers": {
    "hackerone": {
      "command": "/home/kali/projects/hackerone-mcp/.venv/bin/python",
      "args": ["/home/kali/projects/hackerone-mcp/hackerone_mcp.py"]
    }
  }
}

Credentials come from .env, or set HACKERONE_API_USERNAME / HACKERONE_API_TOKEN in the env block of the config.

Notes

  • Base URL: https://api.hackerone.com/v1, HTTP Basic auth.

  • submit_report creates a real report — review details before calling.

  • .env is gitignored; never commit your token.

F
license - not found
-
quality - not tested
C
maintenance

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/abdugafforov-bobur/hackerone-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server