bugbounty
Comprehensive MCP server for bug bounty hunting and web application penetration testing
claude mcp add --transport stdio gokulapap-bugbounty-mcp-server docker run -d --name bugbounty-mcp-server -v $(pwd)/output:/app/output -v $(pwd)/data:/app/data -v $(pwd)/.env:/app/.env:ro -e SHODAN_API_KEY=placeholder -e VIRUSTOTAL_API_KEY=placeholder -e GITHUB_TOKEN=placeholder -e LOG_LEVEL=INFO bugbounty-mcp:latest \ --env LOG_LEVEL="INFO" \ --env GITHUB_TOKEN="GitHub token (optional)" \ --env SHODAN_API_KEY="Your Shodan API key (optional)" \ --env VIRUSTOTAL_API_KEY="Your VirusTotal API key (optional)"
How to use
BugBounty MCP Server provides an integrated suite of security testing tools accessible via an MCP workflow. When run with Docker, it launches a containerized environment containing 20+ security tools organized across reconnaissance, scanning, vulnerability assessment, web application, network security, OSINT, exploitation, and reporting capabilities. You can interact with the server through natural language prompts that map to specific toolchains (e.g., subdomain enumeration, port scanning, SQLi/XSS tests, API security checks, and vulnerability reporting). The server aggregates results, generates executive summaries, and supports data export for reporting. To get started, deploy the Docker image, configure API keys if needed, and open the MCP interface to begin a guided security assessment on your target domain or IP.
How to install
Prerequisites:
- Docker
- Git
- Optional: Docker Compose (for docker-compose-based workflows)
Native installation steps (alternative to Docker):
- Clone the repository
git clone https://github.com/gokulapap/bugbounty-mcp-server.git
cd bugbounty-mcp-server
- Install Python dependencies (if running locally without Docker)
# recommended: use a virtualenv
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
- Run the server (example for native Python run, if provided in repo)
# adjust according to actual entrypoint in repo
python -m bugbounty_mcp_server
- Docker-based deployment (recommended):
# Build the image (if not pulled from registry)
# docker build -t bugbounty-mcp:latest .
# Run the container (example, see README for exact paths and envs)
docker run -d \
--name bugbounty-mcp-server \
-v $(pwd)/output:/app/output \
-v $(pwd)/data:/app/data \
-v $(pwd)/.env:/app/.env:ro \
-e SHODAN_API_KEY="your_shodan_key" \
-e VIRUSTOTAL_API_KEY="your_vt_key" \
-e GITHUB_TOKEN="your_github_token" \
-e LOG_LEVEL="INFO" \
bugbounty-mcp:latest
- Verify installation by checking logs
docker logs -f bugbounty-mcp-server
Additional notes
Tips:
- Prepare an .env file with API keys and configuration before starting the container to enable optional integrations (Shodan, VirusTotal, GitHub scans).
- The Docker setup mounts output and data directories to your host for persistent results.
- If you hit permissions or network issues, ensure Docker has the necessary privileges and the host can reach required external services.
- For troubleshooting, view container logs with docker logs -f bugbounty-mcp-server and inspect the mounted volumes for results.
- If you need to scale or customize tools, consider running in docker-compose mode as shown in the README and adjust environment variables accordingly.
Related MCP Servers
mcp-vegalite
MCP server from isaacwasserman/mcp-vegalite-server
github-chat
A Model Context Protocol (MCP) for analyzing and querying GitHub repositories using the GitHub Chat API.
nautex
MCP server for guiding Coding Agents via end-to-end requirements to implementation plan pipeline
pagerduty
PagerDuty's official local MCP (Model Context Protocol) server which provides tools to interact with your PagerDuty account directly from your MCP-enabled client.
futu-stock
mcp server for futuniuniu stock
mcp -boilerplate
Boilerplate using one of the 'better' ways to build MCP Servers. Written using FastMCP
