BugcrowdMCP
A high-performance Model Context Protocol server that provides secure, tool-based access to the Bugcrowd API, allowing for natural language interaction with bug bounty programs through various AI agent platforms.
Tools
get_organizations
List all organizations accessible to the authenticated user.
get_programs
List all bug bounty programs available to the authenticated user.
get_monetary_rewards
List all monetary rewards for bug bounty submissions.
get_monetary_reward
Get detailed information about a specific monetary reward.
get_organization
Get detailed information about a specific organization by ID.
get_program
Get detailed information about a specific bug bounty program.
get_submissions
List all bug submissions/vulnerability reports accessible to the user.
get_submission
Get detailed information about a specific vulnerability submission.
create_submission
Create a new bug submission/vulnerability report.
get_reports
List all reports (alternative endpoint to submissions with different data structure).
update_submission
Update an existing vulnerability submission.
get_report
Get detailed information about a specific report.
get_customer_assets
List all customer assets that are in scope for security testing.
get_customer_asset
Get detailed information about a specific customer asset.
delete_organization_member
Delete a member from an organization.
get_users
List all users in the organization or program scope.
get_user
Get detailed information about a specific user.
create_access_invitation
Create a new access invitation.
create_claim_ticket
Create a new claim ticket.
create_comment
Create a new comment on a submission.
create_monetary_reward
Create a new monetary reward for a submission.
create_team
Create a new team within an organization.
create_team_role
Create a new role for a team.
delete_access_invitation
Delete an access invitation.
delete_organization_program_role
Delete a program role from an organization.
delete_team
Delete a team.
delete_team_role
Delete a role from a team.
get_access_invitations
List all access invitations.
get_authentication_logs
List all authentication logs.
get_authorization_logs
List all authorization logs.
get_disclosure_requests
List all disclosure requests.
get_engagement
Get detailed information about a specific engagement.
get_engagements
List all engagements.
delete_team_member
Delete a member from a team.
get_organization_member
Get detailed information about a specific organization member.
get_organization_members
List all members of an organization.
get_organization_program_roles
List all program roles for an organization.
get_submission_activities
List all activities for a submission.
get_submission_comments
List all comments for a submission.
get_targets
List all targets.
get_team
Get detailed information about a specific team.
get_team_member
Get detailed information about a specific team member.
get_team_members
List all members of a team.
get_teams
List all teams in an organization.
update_monetary_reward
Update an existing monetary reward.
update_organization_member_role
Update the role of an organization member.
help
Get detailed help and documentation for Bugcrowd MCP tools.
server_health
Check the health status of the MCP server and API connectivity.
README
BugcrowdMCP: Server & Agents for the Bugcrowd API
A high-performance MCP (Model Context Protocol) server that provides secure, tool-based access to the Bugcrowd API, allowing for natural language interaction through various AI agent platforms.
Features
- Broad API Coverage: Provides tools for interacting with Organizations, Programs, Submissions, Assets, and more.
- Multi-Agent Support: Includes ready-to-use agents for OpenAI, Anthropic (Claude), Google (Gemini), and FastMCP.
- Extensible & Customizable: Easily switch between AI providers, configure different models, and integrate with platform-specific CLIs.
- Secure: Uses environment variables for API credentials and performs input validation.
- Dynamic Help: Includes a
help()tool that provides real-time documentation for all available tools.
Quick Start
This guide will get you up and running with the default agent (openai).
1. Prerequisites
- Python 3.10+
uvfor package installation.
2. Installation
Clone the repository, create a virtual environment, and install dependencies.
git clone https://github.com/unstrike/Bugcrowd_MCP_Server.git
cd Bugcrowd_MCP_Server
# Create and activate virtual environment
uv venv
source .venv/bin/activate
# Install dependencies
uv sync
3. Configuration
Export your Bugcrowd and OpenAI API credentials as environment variables.
export BUGCROWD_API_USERNAME="your-username"
export BUGCROWD_API_PASSWORD="your-password"
export OPENAI_API_KEY="your-openai-api-key"
4. Run the Agent
Start the interactive agent.
uv run python -m bugcrowd_agents.agent_orchestrator
You can now interact with the Bugcrowd API using natural language.
Example Prompts:
- "Show me available bug bounty programs"
- "What are the 5 most recent vulnerability submissions?"
- "Use the help tool to see all available commands"
Advanced Usage
Switching Agents
The true power of this server lies in its flexibility. You can easily switch between supported AI platforms by setting the AGENT_PLATFORM environment variable.
- Supported platforms:
openai(default),claude,gemini,fastmcp.
Remember to set the appropriate API key for the agent you choose.
Example: Running the Gemini Agent
# 1. Set the API key for Google
export GOOGLE_AI_API_KEY="your-gemini-api-key"
# 2. Run the orchestrator with the AGENT_PLATFORM variable
AGENT_PLATFORM=gemini uv run python -m bugcrowd_agents.agent_orchestrator
Example: Running the Claude Agent
export ANTHROPIC_API_KEY="your-claude-api-key"
AGENT_PLATFORM=claude uv run python -m bugcrowd_agents.agent_orchestrator
Using the FastMCP Agent
The fastmcp agent is a versatile client that can use different LLM backends. Configure it by setting the FASTMCP_PROVIDER environment variable.
- Supported providers:
anthropic(default),google,openai.
Example: Running FastMCP with the Google (Gemini) Backend
# 1. Set the API key for the desired backend
export GOOGLE_AI_API_KEY="your-gemini-api-key"
# 2. Set the platform and provider, then run
AGENT_PLATFORM=fastmcp FASTMCP_PROVIDER=google uv run python -m bugcrowd_agents.agent_orchestrator
Customizing Agent Models
You can override the default models for each agent by setting environment variables:
- Claude:
CLAUDE_MAIN_MODEL,CLAUDE_SUMMARY_MODEL - Gemini:
GEMINI_MAIN_MODEL,GEMINI_SUMMARY_MODEL - OpenAI:
OPENAI_MODEL
Available Tools
The server provides the following tools. For detailed parameter information, run the agent and use the help() tool (e.g., help('get_submission')).
| Category | Tool | Description |
|---|---|---|
| Organizations | get_organizations |
List all accessible organizations |
get_organization |
Get specific organization details | |
| Programs | get_programs |
List bug bounty programs |
get_program |
Get specific program details | |
| Submissions | get_submissions |
List vulnerability submissions |
get_submission |
Get specific submission details | |
create_submission |
Create a new vulnerability report | |
update_submission |
Update an existing submission | |
create_comment |
Add a comment to a submission | |
| Teams | get_teams |
List all teams in an organization |
create_team |
Create a new team | |
delete_team |
Delete a team | |
| Rewards | get_monetary_rewards |
List bounty rewards |
create_monetary_reward |
Create a new monetary reward | |
update_monetary_reward |
Update an existing monetary reward | |
| Users | get_users |
List users in an organization |
get_user |
Get specific user details | |
| Health | server_health |
Check server and API connectivity |
| Help | help |
Get detailed help for any tool |
Direct Integration
For integration with platform-specific CLIs (bypassing the included agent handlers), use the provided configuration templates.
- For OpenAI (
codex): Usedocs/config.toml. - For Gemini, Claude, etc.: Use
docs/config.json.
Instructions:
- Copy the appropriate template file to your tool's configuration directory (e.g.,
~/.codex/config.toml). - In the copied file, update the
cwdvariable to the absolute path of theBugcrowd_MCP_Serverproject directory.
Documentation
- API Reference: A static reference for all tool and endpoint details.
- Architecture Diagram: An overview of the system architecture.
- Bugcrowd REST API: The official API documentation that this server is built upon.
For more detailed information on MCP server configuration, refer to the official documentation for your platform:
- OpenAI: Codex MCP Server Configuration
- Google Gemini: Configure MCP Servers
- Anthropic Claude: MCP for Claude
- FastMCP: JSON Configuration and Running a Server
推荐服务器
Baidu Map
百度地图核心API现已全面兼容MCP协议,是国内首家兼容MCP协议的地图服务商。
Playwright MCP Server
一个模型上下文协议服务器,它使大型语言模型能够通过结构化的可访问性快照与网页进行交互,而无需视觉模型或屏幕截图。
Magic Component Platform (MCP)
一个由人工智能驱动的工具,可以从自然语言描述生成现代化的用户界面组件,并与流行的集成开发环境(IDE)集成,从而简化用户界面开发流程。
Audiense Insights MCP Server
通过模型上下文协议启用与 Audiense Insights 账户的交互,从而促进营销洞察和受众数据的提取和分析,包括人口统计信息、行为和影响者互动。
VeyraX
一个单一的 MCP 工具,连接你所有喜爱的工具:Gmail、日历以及其他 40 多个工具。
graphlit-mcp-server
模型上下文协议 (MCP) 服务器实现了 MCP 客户端与 Graphlit 服务之间的集成。 除了网络爬取之外,还可以将任何内容(从 Slack 到 Gmail 再到播客订阅源)导入到 Graphlit 项目中,然后从 MCP 客户端检索相关内容。
Kagi MCP Server
一个 MCP 服务器,集成了 Kagi 搜索功能和 Claude AI,使 Claude 能够在回答需要最新信息的问题时执行实时网络搜索。
e2b-mcp-server
使用 MCP 通过 e2b 运行代码。
Neon MCP Server
用于与 Neon 管理 API 和数据库交互的 MCP 服务器
Exa MCP Server
模型上下文协议(MCP)服务器允许像 Claude 这样的 AI 助手使用 Exa AI 搜索 API 进行网络搜索。这种设置允许 AI 模型以安全和受控的方式获取实时的网络信息。