Command Palette

Search for a command to run...

UnylyUnyly
Browse all

Bug Bounty Server

FreeNot checked

Provides Claude Code with access to a comprehensive bug bounty knowledge base including techniques, payloads, wordlists, and real-world reports through 14 tools

GitHubEmbed

About

Provides Claude Code with access to a comprehensive bug bounty knowledge base including techniques, payloads, wordlists, and real-world reports through 14 tools for searching, retrieving payloads, and assessing report quality.

README

An MCP (Model Context Protocol) server that gives Claude Code access to a comprehensive bug bounty hunting knowledge base. Includes techniques, payloads, wordlists, real-world reports, and structured methodology.

Quick Start

# Install dependencies
npm install

# Clone knowledge base repos (PayloadsAllTheThings, HackTricks, HackTricks-Cloud, SecLists, DEFCON32 workshop)
npm run clone-repos

# Build
npm run build

# Run (stdio mode, default)
npm start

Add to Claude Code

Add to your Claude Code MCP config (~/.claude/settings.json or project .claude/settings.json):

{
  "mcpServers": {
    "bug-bounty-knowledge": {
      "command": "node",
      "args": ["/path/to/rs0n-bug-bounty-mcp-server/dist/index.js"]
    }
  }
}

The server uses stdio transport (no port needed), so there are no port conflicts with other MCP servers.

Tools (14)

Tool Description
search_techniques Full-text search across all knowledge sources
get_payloads Payloads for 25 vulnerability categories
get_methodology Testing methodology by target type
get_rs0n_methodology rs0n's DEFCON32 methodology (Recon/Injection/Logic/Cloud)
get_bounty_reports Real-world accepted and rejected reports
assess_report_quality Evaluate if a finding will be accepted
get_cloud_security AWS/Azure/GCP/K8s attack techniques
get_waf_bypass WAF bypass techniques by vuln type
browse_knowledge_base Navigate the knowledge base
read_knowledge_file Read specific KB files
list_wordlists Browse SecLists categories
get_wordlist Retrieve a specific wordlist
search_wordlists Find wordlists by keyword
get_recommended_wordlist Get the best wordlist for a task

Knowledge Base Sources

  • PayloadsAllTheThings - Payload lists and bypass techniques
  • HackTricks - Comprehensive pentesting wiki
  • HackTricks-Cloud - Cloud security testing
  • SecLists - Wordlists for fuzzing, brute-forcing, and enumeration
  • DEFCON32 Workshop - rs0n's battle-tested methodology
  • 778+ curated bug bounty reports (accepted) with detailed writeups
  • Rejected report patterns - What NOT to submit

Updating Knowledge Base

# Pull latest from all repos
npm run clone-repos

from github.com/R-s0n/rs0n-bug-bounty-mcp-server

Install Bug Bounty Server in Claude Desktop, Claude Code & Cursor

Recommended · one command, every IDE
unyly install bug-bounty-mcp-server

Installs into Claude Desktop, Claude Code, Cursor & VS Code — handles npx, uvx and build-from-source repos for you.

First time? Get the CLI: curl -fsSL https://unyly.org/install | sh

Or configure manually

Run in your terminal:

claude mcp add bug-bounty-mcp-server -- npx -y github:R-s0n/rs0n-bug-bounty-mcp-server

FAQ

Is Bug Bounty Server MCP free?

Yes, Bug Bounty Server MCP is free — one-click install via Unyly at no cost.

Does Bug Bounty Server need an API key?

No, Bug Bounty Server runs without API keys or environment variables.

Is Bug Bounty Server hosted or self-hosted?

Self-hosted: the server runs locally on your machine via the install command above.

How do I install Bug Bounty Server in Claude Desktop, Claude Code or Cursor?

Open Bug Bounty Server on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.

Related MCPs

Compare Bug Bounty Server with

Not sure what to pick?

Find your stack in 60 seconds

Author?

Embed badge for your README

Browse similar

All development MCPs