Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| DEBUG | No | Enable debug mode | false |
| BUGBOUNTY_MCP_HOST | No | Server host | 127.0.0.1 |
| BUGBOUNTY_MCP_PORT | No | Server port | 8888 |
Schema
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| nmap_scan | Execute an enhanced Nmap scan against a target with real-time logging. Args: target: The IP address or hostname to scan scan_type: Scan type (e.g., -sV for version detection, -sC for scripts) ports: Comma-separated list of ports or port ranges additional_args: Additional Nmap arguments Returns: Scan results with enhanced telemetry |
| nmap_advanced_scan | Execute advanced Nmap scan with comprehensive options for bug bounty hunting. Args: target: Target IP or hostname scan_type: Scan technique (-sS, -sT, -sU, etc.) ports: Port specification timing: Timing template (-T0 to -T5) scripts: NSE scripts to run os_detection: Enable OS detection service_detection: Enable service version detection aggressive: Enable aggressive scan mode stealth: Enable stealth scan options additional_args: Additional arguments Returns: Advanced scan results |
| rustscan_fast_scan | Execute RustScan for ultra-fast port scanning. Args: target: Target IP address or hostname ports: Custom port range (default: all ports) ulimit: File descriptor limit batch_size: Batch size for port scanning timeout: Socket timeout in milliseconds tries: Number of tries per port no_nmap: Skip nmap integration additional_args: Additional RustScan arguments Returns: Fast port scan results |
| masscan_high_speed | Execute Masscan for high-speed port scanning. Args: target: Target IP address or CIDR range ports: Port range to scan rate: Packet transmission rate banners: Enable banner grabbing exclude_file: File containing IPs to exclude include_file: File containing IPs to include output_format: Output format (list, xml, json) additional_args: Additional Masscan arguments Returns: High-speed scan results |
| amass_scan | Execute Amass for subdomain enumeration with enhanced logging. Args: domain: Target domain for enumeration mode: Amass mode (enum, intel, viz) additional_args: Additional Amass arguments Returns: Subdomain enumeration results |
| subfinder_scan | Execute Subfinder for passive subdomain enumeration with enhanced logging. Args: domain: Target domain silent: Run in silent mode all_sources: Use all sources additional_args: Additional Subfinder arguments Returns: Passive subdomain enumeration results |
| httpx_probe | Execute HTTPx for HTTP probing with enhanced logging. Args: targets: Target URLs or IPs target_file: File containing targets ports: Ports to probe methods: HTTP methods to use status_code: Filter by status code content_length: Show content length output_file: Output file path additional_args: Additional HTTPx arguments Returns: HTTP probing results |
| nuclei_scan | Execute Nuclei vulnerability scanner with enhanced logging and comprehensive parameter support. |
| gobuster_scan | Execute Gobuster to find directories, DNS subdomains, or virtual hosts with enhanced logging. Args: url: Target URL or domain mode: Scan mode (dir, dns, vhost, fuzz) wordlist: Wordlist file path extensions: File extensions to search for threads: Number of threads timeout: Request timeout user_agent: Custom User-Agent cookies: Cookies to include additional_args: Additional Gobuster arguments Returns: Directory and subdomain discovery results |
| dirb_scan | Execute DIRB directory scanner with enhanced logging. Args: url: Target URL wordlist: Wordlist file path extensions: File extensions to test recursive: Enable recursive scanning ignore_case: Ignore case sensitivity interactive: Interactive mode additional_args: Additional DIRB arguments Returns: Directory scanning results |
| feroxbuster_scan | Execute Feroxbuster for fast recursive directory scanning. Args: url: Target URL wordlist: Wordlist file path threads: Number of concurrent threads depth: Maximum recursion depth extensions: File extensions to search for filter_codes: HTTP status codes to filter out timeout: Request timeout in seconds additional_args: Additional Feroxbuster arguments Returns: Recursive directory discovery results |
| wfuzz_scan | Execute Wfuzz for web application fuzzing. Args: url: Target URL with FUZZ keyword wordlist: Wordlist file path fuzz_parameter: Parameter to fuzz (default: FUZZ) hide_codes: HTTP status codes to hide threads: Number of concurrent threads follow_redirects: Follow HTTP redirects additional_args: Additional Wfuzz arguments Returns: Web application fuzzing results |
| dirsearch_scan | Execute Dirsearch for advanced directory and file discovery with enhanced logging. |
| katana_crawl | Execute Katana for next-generation crawling and spidering with enhanced logging. |
| gau_discovery | Execute Gau (Get All URLs) for URL discovery from multiple sources with enhanced logging. |
| waybackurls_discovery | Execute Waybackurls for historical URL discovery with enhanced logging. |
| arjun_parameter_discovery | Execute Arjun for HTTP parameter discovery with enhanced logging. |
| paramspider_mining | Execute ParamSpider for parameter mining from web archives with enhanced logging. |
| x8_parameter_discovery | Execute x8 for hidden parameter discovery with enhanced logging. |
| sqlmap_scan | Execute SQLMap for SQL injection testing with enhanced logging. |
| dalfox_xss_scan | Execute Dalfox for advanced XSS vulnerability scanning with enhanced logging. |
| ffuf_scan | Execute FFuf for web fuzzing with enhanced logging. |
| nikto_scan | Execute Nikto web server vulnerability scanner. Args: target: Target hostname or IP address port: Port number to scan ssl: Use SSL/HTTPS plugins: Nikto plugins to run output_format: Output format (txt, xml, csv) evasion: Evasion techniques to use additional_args: Additional Nikto arguments Returns: Web server vulnerability scan results |
| wafw00f_scan | Execute wafw00f to identify Web Application Firewall (WAF) protection. Args: target: Target URL findall: Find all possible WAFs proxy: Proxy server to use headers: Custom HTTP headers output_file: Output file path additional_args: Additional wafw00f arguments Returns: WAF detection results |
| wpscan_analyze | Execute WPScan for WordPress vulnerability analysis. Args: url: WordPress site URL enumerate: Enumeration options (ap=all plugins, at=all themes, etc.) update: Update WPScan database random_user_agent: Use random User-Agent api_token: WPVulnDB API token threads: Number of threads additional_args: Additional WPScan arguments Returns: WordPress vulnerability analysis results |
| fierce_scan | Execute Fierce for DNS reconnaissance and subdomain discovery. Args: domain: Target domain dns_server: DNS server to use wordlist: Custom wordlist for subdomain brute force threads: Number of threads delay: Delay between requests wide: Wide scan (more comprehensive) additional_args: Additional Fierce arguments Returns: DNS reconnaissance results |
| dnsenum_scan | Execute dnsenum for DNS enumeration and subdomain discovery. Args: domain: Target domain dns_server: DNS server to use wordlist: Wordlist for brute force threads: Number of threads delay: Delay between requests reverse: Enable reverse DNS lookup additional_args: Additional dnsenum arguments Returns: DNS enumeration results |
| hakrawler_crawl | Execute hakrawler for fast web crawling and endpoint discovery. Args: url: Target URL to crawl depth: Crawling depth forms: Extract form endpoints robots: Parse robots.txt sitemap: Parse sitemap wayback: Include Wayback Machine URLs insecure: Skip TLS verification additional_args: Additional hakrawler arguments Returns: Web crawling and endpoint discovery results |
| jaeles_vulnerability_scan | Execute Jaeles for advanced vulnerability scanning with custom signatures. |
| bugbounty_reconnaissance_workflow | Create comprehensive reconnaissance workflow for bug bounty hunting. |
| bugbounty_vulnerability_hunting | Create vulnerability hunting workflow prioritized by impact and bounty potential. |
| bugbounty_business_logic_workflow | Create business logic testing workflow for bug bounty hunting. Args: domain: Target domain program_type: Type of program (web, api, mobile, iot) Returns: Business logic testing workflow |
| bugbounty_osint_workflow | Create OSINT gathering workflow for bug bounty hunting. Args: domain: Target domain Returns: OSINT gathering workflow |
| bugbounty_file_upload_testing | Create file upload vulnerability testing workflow. Args: target_url: Target URL for file upload testing Returns: File upload testing workflow with test files |
| bugbounty_comprehensive_assessment | Create comprehensive bug bounty assessment combining all workflows. Args: domain: Target domain scope: Comma-separated list of in-scope domains/IPs priority_vulns: Comma-separated list of priority vulnerability types include_osint: Include OSINT gathering include_business_logic: Include business logic testing Returns: Comprehensive bug bounty assessment workflow |
| analyze_target | Analyze target and create comprehensive profile using AI. Args: target: Target domain, IP, or URL to analyze Returns: Comprehensive target profile with AI analysis |
| select_tools | AI-powered tool selection based on target profile. Args: target: Target domain, IP, or URL objective: Scan objective (comprehensive, fast, stealth, targeted) Returns: Optimized tool selection with recommendations |
| optimize_parameters | Optimize tool parameters using AI based on target profile. Args: target: Target domain, IP, or URL tool: Tool name to optimize parameters for context: Additional context or constraints Returns: Optimized parameters and configuration |
| create_attack_chain | Create intelligent attack chain based on target profile. Args: target: Target domain, IP, or URL objective: Attack objective (comprehensive, fast, stealth, targeted) Returns: Intelligent attack chain with sequenced tools |
| smart_scan | Execute intelligent scan using AI-driven tool selection with parallel execution. Args: target: Target domain, IP, or URL objective: Scan objective (comprehensive, fast, stealth, targeted) Returns: Smart scan results with AI-optimized execution |