🎯 Bug Bounty Hunter MCP

Professional Bug Bounty Hunter MCP Server with 50+ integrated security tools for comprehensive web application security testing and bug bounty hunting.

🚀 Features

🔍 Reconnaissance (15 tools)

Subdomain Enumeration: subfinder, amass, assetfinder, DNS bruteforce
Port Scanning: nmap, masscan, naabu integration
HTTP Probing: httpx with technology detection
DNS Enumeration: Comprehensive DNS record queries
Technology Detection: CMS, frameworks, servers
Wayback Machine: Archive URL discovery
Certificate Transparency: Subdomain discovery via CT logs

🕷️ Web Crawling & Spidering (3 tools)

Web Crawler: Deep crawling with endpoint extraction
JavaScript Analysis: Extract endpoints and secrets from JS files
Parameter Discovery: Find hidden parameters

🔐 Vulnerability Scanning (8 tools)

Nuclei: Template-based vulnerability scanning
XSS Scanner: Reflected, stored, and DOM-based XSS
SQL Injection: Automated SQLi detection with sqlmap
SSRF Scanner: Server-Side Request Forgery testing
CORS Misconfiguration: CORS security testing

🧪 Fuzzing & Brute-Force (4 tools)

Directory Fuzzing: ffuf/gobuster integration
Parameter Fuzzing: Hidden parameter discovery
Subdomain Bruteforce: DNS-based subdomain enumeration
VHost Fuzzing: Virtual host discovery

📡 API Testing (4 tools)

API Discovery: Automatic endpoint detection
Swagger/OpenAPI Parser: Documentation analysis
GraphQL Testing: Introspection and mutation testing
Rate Limit Testing: API rate limiting analysis

💉 Injection Attacks (5 tools)

Command Injection: OS command injection testing
XXE Injection: XML External Entity testing
SSTI Scanner: Server-Side Template Injection
LDAP Injection: LDAP injection testing
NoSQL Injection: MongoDB, CouchDB injection testing

🔓 Access Control (3 tools)

IDOR Scanner: Insecure Direct Object Reference testing
Path Traversal: Directory traversal testing
LFI/RFI Scanner: File inclusion vulnerability testing

🔑 Authentication & Session (3 tools)

JWT Analyzer: JWT token security analysis
Session Analysis: Session management testing
OAuth Tester: OAuth implementation testing

☁️ Cloud Security (3 tools)

S3 Bucket Scanner: AWS S3 security testing
Subdomain Takeover: Takeover vulnerability detection
Cloud Metadata: AWS/Azure/GCP metadata testing

📝 Content Discovery (3 tools)

Sensitive Files: Backup and config file discovery
Git Exposure: .git directory enumeration
Robots/Sitemap: robots.txt and sitemap.xml analysis

🌐 SSL/TLS (2 tools)

SSL/TLS Scanner: Comprehensive SSL/TLS testing
Certificate Transparency: CT log queries

🔧 Automation & Workflows (3 tools)

Full Reconnaissance: Complete recon workflow
Web Vulnerability Scan: Automated web app scanning
API Security Test: Comprehensive API testing

📊 Reporting (2 tools)

Report Generation: Professional bug bounty reports (Markdown, HTML, JSON, PDF)
Tool Validation: Check installed security tools

📊 Total Tools: 50+ MCP Tools

🛠️ Installation

Prerequisites

Python 3.10 or higher
Kali Linux, ParrotOS, or similar security-focused OS (recommended)

Quick Install

# Clone the repository
git clone https://github.com/yourusername/bugbounty-hunter-mcp.git
cd bugbounty-hunter-mcp

# Create virtual environment
python3 -m venv bb_venv
source bb_venv/bin/activate

# Install the package
pip install -e .

Install External Tools (Optional but Recommended)

# Subdomain enumeration
go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
go install -v github.com/owasp-amass/amass/v4/...@master
go install -v github.com/tomnomnom/assetfinder@latest

# HTTP probing
go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest

# Port scanning
go install -v github.com/projectdiscovery/naabu/v2/cmd/naabu@latest

# Web crawling
go install -v github.com/jaeles-project/gospider@latest
go install -v github.com/projectdiscovery/katana/cmd/katana@latest

# Fuzzing
go install -v github.com/ffuf/ffuf/v2@latest
go install -v github.com/OJ/gobuster/v3@latest

# Nuclei
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
nuclei -update-templates

# XSS
go install -v github.com/hahwul/dalfox/v2@latest

# SQLMap (usually pre-installed on Kali)
sudo apt install sqlmap

# Parameter discovery
go install -v github.com/s0md3v/Arjun@latest

# JWT
pip install jwt_tool

# Git dumper
pip install git-dumper

🚀 Quick Start

1. Basic Setup

# Activate virtual environment
source bb_venv/bin/activate

# Copy example config
cp .env.example .env
cp config.example.json config.json

# Edit configuration
nano .env

2. Start MCP Server

python bug_bounty_mcp.py

3. Use with Rovo Dev

Add to ~/.rovodev/mcp.json:

{
  "mcpServers": {
    "bugbounty": {
      "type": "stdio",
      "command": "/path/to/bugbounty-hunter-mcp/bb_venv/bin/python",
      "args": ["/path/to/bugbounty-hunter-mcp/bug_bounty_mcp.py"],
      "env": {
        "PYTHONUNBUFFERED": "1"
      }
    }
  }
}

💡 Usage Examples

Example 1: Full Reconnaissance

# Ask Rovo Dev:
"Run full reconnaissance on example.com"

# This will execute:
full_reconnaissance(
    domain="example.com",
    deep_scan=False
)

Example 2: Subdomain Enumeration

# Ask Rovo Dev:
"Enumerate subdomains for bugcrowd.com using all tools"

# This will execute:
subdomain_enumeration(
    domain="bugcrowd.com",
    tools=["subfinder", "amass", "assetfinder"],
    passive_only=False
)

Example 3: XSS Testing

# Ask Rovo Dev:
"Test https://example.com/search?q=test for XSS"

# This will execute:
xss_scanner(
    url="https://example.com/search?q=test",
    parameters=[],
    payload_type="all"
)

Example 4: API Security Testing

# Ask Rovo Dev:
"Test the API at https://api.example.com"

# This will execute:
api_security_test(
    api_url="https://api.example.com",
    documentation_url=""
)

Example 5: Nuclei Vulnerability Scan

# Ask Rovo Dev:
"Run nuclei scan on https://example.com for critical and high severity"

# This will execute:
nuclei_scan(
    target="https://example.com",
    templates=["all"],
    severity=["critical", "high"],
    rate_limit=150
)

📋 Tool Categories

Reconnaissance

subdomain_enumeration()
port_scan()
http_probe()
dns_enumeration()
technology_detection()
wayback_urls()
certificate_transparency()

Web Crawling

web_crawler()
javascript_analysis()
parameter_discovery()

Vulnerability Scanning

nuclei_scan()
xss_scanner()
sql_injection_scan()
ssrf_scanner()
cors_misconfiguration()

Fuzzing

directory_fuzzing()
parameter_fuzzing()
subdomain_bruteforce()
vhost_fuzzing()

API Testing

api_discovery()
swagger_parser()
graphql_testing()
api_rate_limit_test()

Injection Attacks

command_injection_test()
xxe_injection_test()
ssti_scanner()
ldap_injection_test()
nosql_injection_test()

Access Control

idor_scanner()
path_traversal_test()
lfi_rfi_scanner()

Authentication

jwt_analyzer()
session_analysis()
oauth_tester()

Cloud Security

s3_bucket_scanner()
subdomain_takeover_check()
cloud_metadata_test()

Content Discovery

sensitive_file_scanner()
git_exposure_scanner()
robots_sitemap_analyzer()

SSL/TLS

ssl_tls_scanner()
certificate_transparency()

Automation

full_reconnaissance()
web_vulnerability_scan()
api_security_test()
generate_report()
validate_tools()

🔧 Configuration

Environment Variables (.env)

# API Keys (optional)
VIRUSTOTAL_API_KEY=your_key
SHODAN_API_KEY=your_key
SECURITYTRAILS_API_KEY=your_key

# Callback URLs for OOB testing
CALLBACK_URL=https://your-server.com/callback
BURP_COLLABORATOR=your-collaborator.burpcollaborator.net

# Rate limiting
DEFAULT_RATE_LIMIT=150
THREADS=50

# Output
OUTPUT_DIR=./results
REPORT_FORMAT=markdown

# Security
DRY_RUN=false
VERBOSE=true

Configuration File (config.json)

{
  "recon": {
    "subdomain_tools": ["subfinder", "amass", "assetfinder"],
    "port_scan_tool": "naabu",
    "http_probe_tool": "httpx"
  },
  "fuzzing": {
    "wordlist_dir": "/usr/share/wordlists",
    "default_extensions": ["php", "html", "js", "txt"],
    "threads": 50
  },
  "vuln_scan": {
    "nuclei_templates": "/root/nuclei-templates",
    "severity_filter": ["critical", "high", "medium"]
  },
  "reporting": {
    "format": "markdown",
    "include_screenshots": true,
    "auto_submit": false
  }
}

📚 Documentation

🎯 Bug Bounty Workflow

Phase 1: Reconnaissance

subdomain_enumeration() - Find all subdomains
certificate_transparency() - Check CT logs
port_scan() - Scan for open ports
http_probe() - Identify live web services
technology_detection() - Detect technologies

Phase 2: Content Discovery

web_crawler() - Crawl the application
directory_fuzzing() - Find hidden directories
parameter_discovery() - Discover parameters
wayback_urls() - Check archived URLs
sensitive_file_scanner() - Find sensitive files

Phase 3: Vulnerability Scanning

nuclei_scan() - Run template-based scans
xss_scanner() - Test for XSS
sql_injection_scan() - Test for SQLi
ssrf_scanner() - Test for SSRF
cors_misconfiguration() - Check CORS

Phase 4: Deep Testing

api_discovery() - Find APIs
graphql_testing() - Test GraphQL
jwt_analyzer() - Analyze tokens
idor_scanner() - Test for IDOR
path_traversal_test() - Test file access

Phase 5: Reporting

generate_report() - Create professional report

🔒 Security & Ethics

⚠️ Important Notice

This tool is designed for:

Authorized bug bounty programs
Security assessments with permission
Educational purposes in controlled environments

DO NOT:

Use on systems without permission
Violate bug bounty program rules
Exceed authorized scope
Cause service disruption

Responsible Disclosure

Always follow responsible disclosure practices:

Report vulnerabilities through proper channels
Give vendors time to patch
Don't publicly disclose without permission
Follow bug bounty program rules

🤝 Contributing

Contributions are welcome! Please see CONTRIBUTING.md for guidelines.

Ways to Contribute

Add new security tools
Improve existing tools
Fix bugs
Add documentation
Share workflows
Report issues

📄 License

MIT License - see LICENSE file for details.

🙏 Acknowledgments

Built on top of amazing open-source security tools:

ProjectDiscovery (subfinder, httpx, nuclei, etc.)
OWASP (ZAP, Amass)
sqlmap team
ffuf, gobuster, and many more

📞 Support

Issues: GitHub Issues
Discussions: GitHub Discussions
Twitter: @yourusername

🎓 Learn More

Made with ❤️ for the bug bounty community

🎯 Happy Hunting! 🔐