MCP Bug Bounty Server

A comprehensive Managed Command Platform (MCP) for bug bounty command line tools with standardized JSON output.

Overview

The MCP Bug Bounty Server provides a unified API gateway for executing, managing, and collecting results from popular bug bounty command line tools. It transforms diverse tool outputs into a standardized format, enabling seamless integration into security workflows and platforms.

Features

• Unified API Gateway: Single interface for executing multiple command line tools
• Standardized Results: Consistent JSON output format across all integrated tools
• Tool Registry System: Plugin architecture for easy integration of new tools
• Command Execution Engine: Efficient management of tool execution with parameterization
• Output Processing: Transformation of tool-specific outputs into MCP schema
• Workflow Automation: Chain tools together in configurable sequences
• Result Analysis: Severity scoring, prioritization, and correlation of findings

Supported Tools

Reconnaissance Tools

• Amass - DNS enumeration and subdomain discovery
• Subfinder - Passive subdomain discovery
• Hakrawler - Web crawler for URL discovery
• Gau (Get All URLs) - URL discovery from various sources
• Katana - Web crawling and spidering framework

Scanning Tools

• Nuclei - Template-based vulnerability scanner
• Nmap - Network port scanner
• Masscan - Fast port scanner
• Httpx - HTTP request toolkit

Content Discovery Tools

• FFUF - Fast web fuzzer
• Gobuster - Directory, file, and DNS enumeration
• Jaeles - Automated web application testing

Getting Started

Prerequisites

• Python 3.8+
• Docker (for containerized deployment)
• Command line tools (can be installed via included scripts)

Installation

# Clone the repository
git clone https://github.com/DvaitaTech/mcp-bug-bounty-server.git
cd mcp-bug-bounty-server

# Create virtual environment
python -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate

# Install dependencies
pip install -r requirements.txt

# Install required command line tools
./scripts/install_tools.sh  # On Windows: scripts\install_tools.bat

Configuration

Edit the config.yaml file to configure:

• API settings
• Database connection
• Tool paths and parameters
• Authentication settings

Running the Server

# Start the server
python -m mcp_server.main

# Or using Docker
docker-compose up -d

API Documentation

Once the server is running, API documentation is available at:

• Swagger UI: http://localhost:8000/docs
• ReDoc: http://localhost:8000/redoc

Project Structure

mcp-bug-bounty-server/
├── mcp_server/              # Main server package
│   ├── api/                 # API endpoints
│   ├── core/                # Core server functionality
│   ├── models/              # Data models and schemas
│   ├── tools/               # Tool adapters and registry
│   ├── execution/           # Command execution engine
│   ├── processing/          # Output processing pipelines
│   └── main.py              # Application entry point
├── scripts/                 # Utility scripts
├── tests/                   # Test suite
├── docs/                    # Documentation
├── docker/                  # Docker-related files
├── config.yaml              # Configuration file
├── requirements.txt         # Python dependencies
└── docker-compose.yml       # Docker Compose configuration

Development

Setting Up Development Environment

# Install development dependencies
pip install -r requirements-dev.txt

# Run tests
pytest

# Check code style
flake8
black .

Contributing

1. Fork the repository
2. Create your feature branch (git checkout -b feature/amazing-feature)
3. Commit your changes (git commit -m 'Add some amazing feature')
4. Push to the branch (git push origin feature/amazing-feature)
5. Open a Pull Request

License

This project is licensed under the MIT License - see the LICENSE file for details.

Acknowledgements

• All the incredible open-source bug bounty tools this project builds upon
• The bug bounty community for their continuous innovations