VulneraMCP

VulneraMCP

AI-powered bug bounty hunting platform that integrates security tools (OWASP ZAP, Caido, Burp Suite) for automated reconnaissance, vulnerability testing, JavaScript analysis, and finding management with PostgreSQL storage.

Category
Visit Server

README

VulneraMCP

An AI-Powered Bug Bounty Hunting Platform - Comprehensive Model Context Protocol (MCP) server for security testing, vulnerability research, and bug bounty hunting.

License: MIT TypeScript Node.js

VulneraMCP integrates with industry-standard security tools (ZAP, Caido, Burp Suite) and provides AI-powered automation for reconnaissance, JavaScript analysis, security testing, and vulnerability detection. All findings are automatically stored in PostgreSQL for analysis and reporting.

🌟 Features

🔍 Reconnaissance Tools

  • Subdomain Discovery: Subfinder, Amass integration
  • Live Host Detection: HTTPx for checking active endpoints
  • DNS Resolution: DNS record enumeration (A, AAAA, CNAME, MX, TXT)
  • Full Recon Workflow: Automated multi-tool reconnaissance

🔐 Security Testing

  • XSS Testing: Automated cross-site scripting detection
  • SQL Injection: SQLi vulnerability testing with sqlmap fallback
  • IDOR Detection: Insecure Direct Object Reference testing
  • CSP Analysis: Content Security Policy misconfiguration detection
  • Auth Bypass: Authentication bypass attempt testing
  • CSRF Testing: Cross-Site Request Forgery detection with advanced techniques

📜 JavaScript Analysis

  • JS Download: Download and analyze JavaScript files
  • Code Beautification: Format and beautify minified JS
  • Endpoint Extraction: Find API endpoints and URLs in JS
  • Secret Detection: Heuristic API key and token extraction
  • Full Analysis: Combined download, beautify, and analyze workflow

🕷️ Integration

  • Spider Scans: Automated web crawling
  • Active Scanning: Vulnerability scanning
  • Proxy Integration: Process requests through ZAP proxy
  • Alert Management: Retrieve and analyze security alerts
  • Context Management: Define scanning contexts

💾 Database Integration

  • PostgreSQL: Store findings, test results, and scores
  • Redis: Working memory and caching (optional)
  • Finding Management: Save and retrieve bug findings
  • Test Result Storage: Track all security tests with statistics

🖼️ Rendering Tools

  • Screenshots: Capture webpage screenshots with Puppeteer
  • DOM Extraction: Extract and analyze page structure
  • Form Extraction: Find and analyze web forms
  • JavaScript Execution: Execute JS in page context

🤖 AI Training & Pattern Matching

  • Training Data Import: Import from HTB, PortSwigger labs
  • Pattern Matching: Learn from successful exploits
  • Writeup Analysis: Extract patterns from bug bounty writeups
  • CSRF Patterns: Pre-loaded CSRF exploitation patterns

📊 Web Dashboard

  • Real-time Statistics: View test results and findings
  • Finding Management: Browse and analyze discovered vulnerabilities
  • Visual Analytics: Track testing progress and success rates

🚀 Quick Start

Prerequisites

  • Node.js 20+ and npm
  • PostgreSQL 18+ (or Docker)
  • Redis (optional, for caching)
  • ZAP (optional, for active scanning)
  • Caido (optional, for traffic analysis)

Installation

# Clone the repository
git clone https://github.com/telmonmaluleka/VulneraMCP.git
cd VulneraMCP

# Install dependencies
npm install

# Build the project
npm run build

Configuration

  1. Copy environment template:

    cp mcp.json.example mcp.json

  2. Configure your environment variables:

    • Set up PostgreSQL connection details
    • Configure Caido API token (if using)
    • Set ZAP API URL (default: http://localhost:8081)

  3. Initialize the database:

    node init-db.js

Running the Server

# Start the MCP server
npm start

# Start the dashboard (in another terminal)
npm run dashboard

# Access dashboard at http://localhost:3000

Docker Setup

# Start all services with Docker Compose
docker-compose up -d

# Or use the startup script
./start-services.sh

📖 Usage

Via MCP Client (Cursor, Claude Desktop, etc.)

The server provides MCP tools that can be called through any MCP-compatible client:

Reconnaissance:

recon.subfinder domain: example.com
recon.httpx input: example.com,subdomain.example.com
recon.full domain: example.com

Security Testing:

security.test_xss url: https://example.com/search?q=<script>
security.test_sqli url: https://example.com/user?id=1
security.test_csrf url: https://example.com/profile/update

JavaScript Analysis:

js.analyze url: https://example.com/static/app.js
js.extract_secrets source: <javascript_code>

ZAP Integration:

zap.start_spider url: https://example.com
zap.start_active_scan url: https://example.com
zap.get_alerts baseURL: https://example.com

Caido Integration:

caido.query httpql: "req.host.cont:\"example.com\" AND req.path.cont:\"api\""
caido.agent_discover_endpoints host: example.com

Rate Limiting & Best Practices

When testing bug bounty programs, always respect rate limits:

// Example: 2 requests/second limit
const rateLimiter = require('./hunting/rate-limiter');
const limiter = rateLimiter(2); // 2 req/sec

await limiter();
// Make your request

🏗️ Project Structure

VulneraMCP/
├── src/
│   ├── integrations/    # External service integrations
│   │   ├── zap.ts       # OWASP ZAP integration
│   │   ├── caido.ts     # Caido integration
│   │   ├── postgres.ts  # PostgreSQL database
│   │   └── redis.ts     # Redis caching
│   ├── tools/           # MCP tools (recon, security, etc.)
│   ├── mcp/             # MCP server implementation
│   └── index.ts         # Main entry point
├── public/              # Dashboard frontend
├── hunting/             # Bug bounty hunting scripts
├── dist/                # Compiled TypeScript output
└── dashboard-server.js  # Dashboard API server

🔧 Configuration

MCP Server Configuration (mcp.json)

{
  "name": "vulneramcp",
  "command": "node",
  "args": ["dist/index.js"],
  "env": {
    "POSTGRES_HOST": "localhost",
    "POSTGRES_PORT": "5433",
    "POSTGRES_USER": "postgres",
    "POSTGRES_DB": "bugbounty"
  }
}

Environment Variables

# PostgreSQL
POSTGRES_HOST=localhost
POSTGRES_PORT=5433
POSTGRES_USER=postgres
POSTGRES_PASSWORD=your_password
POSTGRES_DB=bugbounty

# ZAP
ZAP_API_URL=http://localhost:8081

# Caido
CAIDO_API_TOKEN=your_token

# Redis (optional)
REDIS_HOST=localhost
REDIS_PORT=6379

📊 Dashboard

The web dashboard provides:

  • Statistics: Test results, success rates, vulnerability distribution
  • Findings: Detailed view of discovered vulnerabilities
  • Search & Filter: Find specific findings by target, type, severity

Access at: http://localhost:3000

🤝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

  1. Fork the repository
  2. Create your feature branch (git checkout -b feature/AmazingFeature)
  3. Commit your changes (git commit -m 'Add some AmazingFeature')
  4. Push to the branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request

📝 License

This project is licensed under the MIT License - see the LICENSE file for details.

⚠️ Disclaimer

This tool is for authorized security testing only. Always:

  • Get proper authorization before testing
  • Respect rate limits and terms of service
  • Follow responsible disclosure practices
  • Never use on systems you don't own or have explicit permission to test

🙏 Acknowledgments

  • ZAP for vulnerability scanning
  • The bug bounty community for inspiration and feedback

📚 Documentation

🐛 Issues

Found a bug? Have a feature request? Please open an issue on GitHub.

📧 Contact

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured