High-risk tools in Bug Bounty MCP Server
38 of the 40 tools in Bug Bounty MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
amass_scanExecuteExecute Amass for subdomain enumeration with enhanced logging.
-
arjun_parameter_discoveryExecuteExecute Arjun for HTTP parameter discovery with enhanced logging.
-
bugbounty_business_logic_workflowExecuteCreate business logic testing workflow for bug bounty hunting.
-
bugbounty_comprehensive_assessmentExecutebugbounty_comprehensive_assessment
-
bugbounty_file_upload_testingExecuteCreate file upload vulnerability testing workflow.
-
bugbounty_osint_workflowExecuteCreate OSINT gathering workflow for bug bounty hunting.
-
bugbounty_reconnaissance_workflowExecuteCreate comprehensive reconnaissance workflow for bug bounty hunting.
-
bugbounty_vulnerability_huntingExecuteCreate vulnerability-hunting workflow by impact and bounty.
-
create_attack_chainExecuteCreate intelligent attack chain based on target profile.
-
dalfox_xss_scanExecuteRun Dalfox for advanced XSS scanning with enhanced logging.
-
dirb_scanExecutedirb_scan
-
dirsearch_scanExecuteRun Dirsearch for advanced directory and file discovery with logging.
-
dnsenum_scanExecutednsenum_scan
-
feroxbuster_scanExecuteferoxbuster_scan
-
ffuf_scanExecuteExecute FFuf for web fuzzing with enhanced logging.
-
fierce_scanExecutefierce_scan
-
gau_discoveryExecuteRun Gau to discover URLs from multiple sources with logging.
-
gobuster_scanExecutegobuster_scan
-
hakrawler_crawlExecutehakrawler_crawl
-
httpx_probeExecutehttpx_probe
-
jaeles_vulnerability_scanExecuteExecute Jaeles for advanced vulnerability scanning with custom signatures.
-
katana_crawlExecuteRun Katana for next-generation crawling and spidering with logging.
-
masscan_high_speedExecutemasscan_high_speed
-
nikto_scanExecutenikto_scan
-
nmap_advanced_scanExecutenmap_advanced_scan
-
nmap_scanExecutenmap_scan
-
nuclei_scanExecuteRun Nuclei scanner with enhanced logging and rich parameters.
-
paramspider_miningExecuteRun ParamSpider to mine parameters from archives with logging.
-
rustscan_fast_scanExecuterustscan_fast_scan
-
select_toolsExecuteAI-powered tool selection based on target profile.
-
smart_scanExecuteRun AI-driven smart scan with parallel execution.
-
sqlmap_scanExecuteExecute SQLMap for SQL injection testing with enhanced logging.
-
subfinder_scanExecutesubfinder_scan
-
wafw00f_scanExecutewafw00f_scan
-
waybackurls_discoveryExecuteExecute Waybackurls for historical URL discovery with enhanced logging.
-
wfuzz_scanExecutewfuzz_scan
-
wpscan_analyzeExecutewpscan_analyze
-
x8_parameter_discoveryExecutex8_parameter_discovery
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.