mcp-bug-bounty-server
The MCP Bug Bounty Server is a unified platform for managing bug bounty tools, providing a standardized API and JSON output. It supports tool integration, execution management, and security workflow automation, enhancing the efficiency of bug bounty operations.
MCP Bug Bounty Server
A comprehensive Managed Command Platform (MCP) for bug bounty command line tools with standardized JSON output.
Overview
The MCP Bug Bounty Server provides a unified API gateway for executing, managing, and collecting results from popular bug bounty command line tools. It transforms diverse tool outputs into a standardized format, enabling seamless integration into security workflows and platforms.
Features
- Unified API Gateway: Single interface for executing multiple command line tools
- Standardized Results: Consistent JSON output format across all integrated tools
- Tool Registry System: Plugin architecture for easy integration of new tools
- Command Execution Engine: Efficient management of tool execution with parameterization
- Output Processing: Transformation of tool-specific outputs into MCP schema
- Workflow Automation: Chain tools together in configurable sequences
- Result Analysis: Severity scoring, prioritization, and correlation of findings
Supported Tools
Reconnaissance Tools
- Amass - DNS enumeration and subdomain discovery
- Subfinder - Passive subdomain discovery
- Hakrawler - Web crawler for URL discovery
- Gau (Get All URLs) - URL discovery from various sources
- Katana - Web crawling and spidering framework
Scanning Tools
- Nuclei - Template-based vulnerability scanner
- Nmap - Network port scanner
- Masscan - Fast port scanner
- Httpx - HTTP request toolkit
Content Discovery Tools
- FFUF - Fast web fuzzer
- Gobuster - Directory, file, and DNS enumeration
- Jaeles - Automated web application testing
Getting Started
Prerequisites
- Python 3.8+
- Docker (for containerized deployment)
- Command line tools (can be installed via included scripts)
Installation
# Clone the repository
git clone https://github.com/DvaitaTech/mcp-bug-bounty-server.git
cd mcp-bug-bounty-server
# Create virtual environment
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
# Install dependencies
pip install -r requirements.txt
# Install required command line tools
./scripts/install_tools.sh # On Windows: scripts\install_tools.bat
Configuration
Edit the config.yaml file to configure:
- API settings
- Database connection
- Tool paths and parameters
- Authentication settings
Running the Server
# Start the server
python -m mcp_server.main
# Or using Docker
docker-compose up -d
API Documentation
Once the server is running, API documentation is available at:
- Swagger UI:
http://localhost:8000/docs - ReDoc:
http://localhost:8000/redoc
Project Structure
mcp-bug-bounty-server/
├── mcp_server/ # Main server package
│ ├── api/ # API endpoints
│ ├── core/ # Core server functionality
│ ├── models/ # Data models and schemas
│ ├── tools/ # Tool adapters and registry
│ ├── execution/ # Command execution engine
│ ├── processing/ # Output processing pipelines
│ └── main.py # Application entry point
├── scripts/ # Utility scripts
├── tests/ # Test suite
├── docs/ # Documentation
├── docker/ # Docker-related files
├── config.yaml # Configuration file
├── requirements.txt # Python dependencies
└── docker-compose.yml # Docker Compose configuration
Development
Setting Up Development Environment
# Install development dependencies
pip install -r requirements-dev.txt
# Run tests
pytest
# Check code style
flake8
black .
Contributing
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
License
This project is licensed under the MIT License - see the LICENSE file for details.
Acknowledgements
- All the incredible open-source bug bounty tools this project builds upon
- The bug bounty community for their continuous innovations