Bug Bounty MCP Server

40 tools. 38 can modify or destroy data without limits.

38 write tools that can modify data. Rate limits recommended.

Last updated:

38 can modify or destroy data
2 read-only
40 tools total

Community server · catalogue entry verified 29/06/2026

How to control Bug Bounty MCP Server ↓

What Bug Bounty MCP Server exposes to your agents

Read (2) Write / Execute (38) Destructive / Financial (0)
High Risk

The most dangerous Bug Bounty MCP Server tools

38 of Bug Bounty MCP Server's 40 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Bug Bounty MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and Bug Bounty MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Cap read operations
{
  "analyze_target": {
    "limits": [
      {
        "counter": "analyze_target_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Bug Bounty MCP Server — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON BUG BOUNTY →

Instant setup, no code required.

All 40 Bug Bounty MCP Server tools

EXECUTE 38 tools
Execute amass_scan Execute Amass for subdomain enumeration with enhanced logging. Execute arjun_parameter_discovery Execute Arjun for HTTP parameter discovery with enhanced logging. Execute bugbounty_business_logic_workflow Create business logic testing workflow for bug bounty hunting. Execute bugbounty_comprehensive_assessment bugbounty_comprehensive_assessment Execute bugbounty_file_upload_testing Create file upload vulnerability testing workflow. Execute bugbounty_osint_workflow Create OSINT gathering workflow for bug bounty hunting. Execute bugbounty_reconnaissance_workflow Create comprehensive reconnaissance workflow for bug bounty hunting. Execute bugbounty_vulnerability_hunting Create vulnerability-hunting workflow by impact and bounty. Execute create_attack_chain Create intelligent attack chain based on target profile. Execute dalfox_xss_scan Run Dalfox for advanced XSS scanning with enhanced logging. Execute dirb_scan dirb_scan Execute dirsearch_scan Run Dirsearch for advanced directory and file discovery with logging. Execute dnsenum_scan dnsenum_scan Execute feroxbuster_scan feroxbuster_scan Execute ffuf_scan Execute FFuf for web fuzzing with enhanced logging. Execute fierce_scan fierce_scan Execute gau_discovery Run Gau to discover URLs from multiple sources with logging. Execute gobuster_scan gobuster_scan Execute hakrawler_crawl hakrawler_crawl Execute httpx_probe httpx_probe Execute jaeles_vulnerability_scan Execute Jaeles for advanced vulnerability scanning with custom signatures. Execute katana_crawl Run Katana for next-generation crawling and spidering with logging. Execute masscan_high_speed masscan_high_speed Execute nikto_scan nikto_scan Execute nmap_advanced_scan nmap_advanced_scan Execute nmap_scan nmap_scan Execute nuclei_scan Run Nuclei scanner with enhanced logging and rich parameters. Execute paramspider_mining Run ParamSpider to mine parameters from archives with logging. Execute rustscan_fast_scan rustscan_fast_scan Execute select_tools AI-powered tool selection based on target profile. Execute smart_scan Run AI-driven smart scan with parallel execution. Execute sqlmap_scan Execute SQLMap for SQL injection testing with enhanced logging. Execute subfinder_scan subfinder_scan Execute wafw00f_scan wafw00f_scan Execute waybackurls_discovery Execute Waybackurls for historical URL discovery with enhanced logging. Execute wfuzz_scan wfuzz_scan Execute wpscan_analyze wpscan_analyze Execute x8_parameter_discovery x8_parameter_discovery

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Bug Bounty MCP Server

Is the Bug Bounty MCP Server MCP server safe to use without restrictions? +

The Bug Bounty MCP Server server is primarily read-only with 2 read tools. While it cannot modify data, an agent in a retry loop can make thousands of API calls per minute, exhausting rate limits and running up costs. Rate limiting is still recommended.

How many tools does the Bug Bounty MCP Server MCP server expose? +

40 tools across 3 categories: Execute, Read, Write. 2 are read-only. 38 can modify, create, or delete data.

How do I enforce a policy on Bug Bounty MCP Server? +

Register the Bug Bounty MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Bug Bounty MCP Server tool call.

Deterministic rules across all 40 Bug Bounty MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

40 Bug Bounty MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.