Bug Bounty Server
FreeNot checkedProvides Claude Code with access to a comprehensive bug bounty knowledge base including techniques, payloads, wordlists, and real-world reports through 14 tools
About
Provides Claude Code with access to a comprehensive bug bounty knowledge base including techniques, payloads, wordlists, and real-world reports through 14 tools for searching, retrieving payloads, and assessing report quality.
README
An MCP (Model Context Protocol) server that gives Claude Code access to a comprehensive bug bounty hunting knowledge base. Includes techniques, payloads, wordlists, real-world reports, and structured methodology.
Quick Start
# Install dependencies
npm install
# Clone knowledge base repos (PayloadsAllTheThings, HackTricks, HackTricks-Cloud, SecLists, DEFCON32 workshop)
npm run clone-repos
# Build
npm run build
# Run (stdio mode, default)
npm start
Add to Claude Code
Add to your Claude Code MCP config (~/.claude/settings.json or project .claude/settings.json):
{
"mcpServers": {
"bug-bounty-knowledge": {
"command": "node",
"args": ["/path/to/rs0n-bug-bounty-mcp-server/dist/index.js"]
}
}
}
The server uses stdio transport (no port needed), so there are no port conflicts with other MCP servers.
Tools (14)
| Tool | Description |
|---|---|
search_techniques |
Full-text search across all knowledge sources |
get_payloads |
Payloads for 25 vulnerability categories |
get_methodology |
Testing methodology by target type |
get_rs0n_methodology |
rs0n's DEFCON32 methodology (Recon/Injection/Logic/Cloud) |
get_bounty_reports |
Real-world accepted and rejected reports |
assess_report_quality |
Evaluate if a finding will be accepted |
get_cloud_security |
AWS/Azure/GCP/K8s attack techniques |
get_waf_bypass |
WAF bypass techniques by vuln type |
browse_knowledge_base |
Navigate the knowledge base |
read_knowledge_file |
Read specific KB files |
list_wordlists |
Browse SecLists categories |
get_wordlist |
Retrieve a specific wordlist |
search_wordlists |
Find wordlists by keyword |
get_recommended_wordlist |
Get the best wordlist for a task |
Knowledge Base Sources
- PayloadsAllTheThings - Payload lists and bypass techniques
- HackTricks - Comprehensive pentesting wiki
- HackTricks-Cloud - Cloud security testing
- SecLists - Wordlists for fuzzing, brute-forcing, and enumeration
- DEFCON32 Workshop - rs0n's battle-tested methodology
- 778+ curated bug bounty reports (accepted) with detailed writeups
- Rejected report patterns - What NOT to submit
Updating Knowledge Base
# Pull latest from all repos
npm run clone-repos
Install Bug Bounty Server in Claude Desktop, Claude Code & Cursor
unyly install bug-bounty-mcp-serverInstalls into Claude Desktop, Claude Code, Cursor & VS Code — handles npx, uvx and build-from-source repos for you.
First time? Get the CLI: curl -fsSL https://unyly.org/install | sh
Or configure manually
Run in your terminal:
claude mcp add bug-bounty-mcp-server -- npx -y github:R-s0n/rs0n-bug-bounty-mcp-serverFAQ
Is Bug Bounty Server MCP free?
Yes, Bug Bounty Server MCP is free — one-click install via Unyly at no cost.
Does Bug Bounty Server need an API key?
No, Bug Bounty Server runs without API keys or environment variables.
Is Bug Bounty Server hosted or self-hosted?
Self-hosted: the server runs locally on your machine via the install command above.
How do I install Bug Bounty Server in Claude Desktop, Claude Code or Cursor?
Open Bug Bounty Server on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.
Related MCPs
GitHub
PRs, issues, code search, CI status
by GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
by mcpdotdirectCompare Bug Bounty Server with
Not sure what to pick?
Find your stack in 60 seconds
Author?
Embed badge for your README
Browse similar
All development MCPs
