Hunter

Hunter

AI-driven penetration testing MCP server that equips Claude with 13 tools for automated reconnaissance, analysis, vulnerability validation, and exploitation.

Category
访问服务器

README

Hunter v7 - AI-Driven Penetration Testing Framework

Overview

Hunter is an AI-driven penetration testing framework that combines automated tools with intelligent analysis. Claude is the brain, and the tools are the hands.

Tool Inventory

Go-based Tools (28 tools)

Tool Purpose Version
nuclei Vulnerability scanner v3.8.0
subfinder Subdomain discovery Latest
naabu Port scanner Latest
httpx HTTP toolkit Latest
katana Web crawler Latest
gau URL fetcher Latest
uncover Host discovery Latest
tlsx TLS toolkit Latest
cdncheck CDN detection Latest
mapcidr CIDR toolkit Latest
ffuf Web fuzzer v2.1.0
gobuster Directory brute-forcer Latest
dnsx DNS toolkit Latest
dalfox XSS scanner Latest
notify Notification tool Latest
amass Attack surface mapping Latest
waybackurls Wayback URL fetcher Latest
assetfinder Asset discovery Latest
httprobe HTTP prober Latest
unfurl URL parser Latest
meg Request sender Latest
anew Line appender Latest
qsreplace Query string replacer Latest
subjack Subdomain takeover Latest
hakrevdns Reverse DNS Latest
hakrawler Web crawler Latest
getjs JS file discovery Latest
subjs JS file discovery Latest

Python Tools (8 tools)

Tool Purpose
sqlmap SQL injection
wafw00f WAF detection
dirsearch Directory scanner
whatweb Web technology identifier
wpscan WordPress scanner
droopescan CMS scanner
hashid Hash identifier
arjun Hidden parameter discovery

System Tools (3 tools)

Tool Purpose Version
nmap Network scanner 7.80
nikto Web server scanner Latest
curl HTTP client Latest

Special Tools (4 tools)

Tool Purpose
impacket Network protocols library
jwt_tool JWT testing
perl Scripting runtime
Python 3.14 Scripting runtime

Wordlists

Location: C:\Tools\wordlists\

File Size Description
common.txt 367 B Common web paths
big.txt 162.5 KB Large web paths
raft-small-directories.txt 159.4 KB Small directory list
raft-small-files.txt 144.9 KB Small file list
raft-medium-directories.txt 244.6 KB Medium directory list
raft-medium-files.txt 219.1 KB Medium file list
raft-large-directories.txt 529.3 KB Large directory list
raft-large-files.txt 482 KB Large file list
quickhits.txt 39.2 KB Quick hits
logins.txt 1.1 KB Login paths
wordpress.txt 57.6 KB WordPress paths
api-endpoints.txt 4.3 KB API endpoints
subdomains-top1million-5000.txt 29.4 KB Top 5K subdomains
subdomains-top1million-110000.txt 1.3 MB Top 110K subdomains
dns-Jhaddix.txt 25.3 MB DNS wordlist
usernames.txt 112 B Common usernames

Quick Scan Scripts

Reconnaissance

.\quick_recon.ps1 -Target example.com

Vulnerability Scanning

.\quick_vuln.ps1 -Target https://example.com

Web Application Testing

.\quick_web.ps1 -Target https://example.com

Core Scanner

python hunter_core.py recon example.com
python hunter_core.py vuln https://example.com
python hunter_core.py web https://example.com

MCP Server

from mcp_server import get_hunter

hunter = get_hunter()

# Subdomain enumeration
result = hunter.subfinder_enum("example.com")

# Vulnerability scanning
result = hunter.nuclei_scan("https://example.com", severity="critical,high")

# Port scanning
result = hunter.naabu_scan("example.com", "top-1000")

# XSS testing
result = hunter.dalfox_xss("https://example.com/?id=1")

# SQL injection
result = hunter.sqlmap_test("https://example.com/?id=1", level=3, risk=2)

Environment Variables

$env:GOPROXY = "https://goproxy.cn,direct"
$env:all_proxy = "http://127.0.0.1:7890"

Directory Structure

hunter/
├── SKILL.md                 # Skill definition
├── TOOLS.md                 # Tools inventory
├── README.md                # This file
└── core/
    ├── hunter_core.py       # Core scanner
    ├── mcp_server.py        # MCP integration
    ├── tools_config.ps1     # Tools configuration
    └── scripts/
        ├── quick_recon.ps1  # Quick reconnaissance
        ├── quick_vuln.ps1   # Quick vulnerability scan
        └── quick_web.ps1    # Quick web scan

Usage Examples

Full Reconnaissance

# 1. Subdomain enumeration
subfinder -d example.com -o subdomains.txt

# 2. DNS resolution
cat subdomains.txt | dnsx -o resolved.txt

# 3. HTTP probing
cat resolved.txt | httpx -o live.txt

# 4. Port scanning
cat live.txt | naabu -top-ports 1000 -o ports.txt

# 5. URL discovery
gau example.com > urls.txt
katana -u https://example.com -d 3 -jc >> urls.txt

# 6. Vulnerability scanning
nuclei -l live.txt -severity critical,high,medium

Web Application Testing

# 1. Technology detection
httpx -u https://example.com -tech-detect

# 2. Directory enumeration
gobuster dir -u https://example.com -w C:\Tools\wordlists\common.txt

# 3. XSS testing
dalfox url "https://example.com/?id=1"

# 4. SQL injection
sqlmap -u "https://example.com/?id=1" --batch --level=3

# 5. Parameter discovery
arjun -u https://example.com

Network Scanning

# 1. Port scanning
nmap -sV -sC -oA scan example.com

# 2. Service enumeration
nmap -sV -p 80,443,8080 example.com

# 3. Vulnerability scanning
nmap --script vuln example.com

Tool Installation

Go Tools

$env:GOPROXY = "https://goproxy.cn,direct"
go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
go install github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
# ... etc

Python Tools

pip install sqlmap wafw00f dirsearch whatweb wpscan droopescan hashid arjun

System Tools

winget install Nmap.Nmap
# nikto - git clone https://github.com/sullo/nikto.git

Contributing

  1. Add new tools to the inventory
  2. Update TOOLS.md
  3. Create wrapper scripts in core/scripts/
  4. Update MCP server integration

License

For authorized penetration testing only. Always obtain proper authorization before testing.

Disclaimer

本项目仅用于教育和授权安全研究目的。用户必须确保在合法授权范围内操作。使用本项目产生的任何后果由用户自行承担。

See DISCLAIMER.md for the full disclaimer.

Burp Evidence Workflow

  1. Export your request, response, screenshots, and any JSON notes from Burp into one folder.
  2. Use core.burp_adapter.suggest_hunter_prefix(target, vuln_slug) to get a Hunter-friendly prefix.
  3. Use core.burp_import.import_burp_evidence(source_dir, target, vuln_slug, destination_dir) to copy and rename the files into Hunter's evidence directory.
  4. Let Hunter pick them up automatically in the final report appendix.

One-click Burp import

.\core\scripts\quick_burp_import.ps1 -SourceDir "C:\BurpExports\gnnu" -Target "https://jwgl.gnnu.edu.cn" -VulnSlug "idor"

This copies Burp-exported request/response/screenshots/evidence files into Hunter's evidence directory using Hunter-friendly naming.

Related Projects

  • Open-tgtylab — 安全研究工作台,集成逆向工程、CTF、移动安全、Web安全于一体

推荐服务器

Baidu Map

Baidu Map

百度地图核心API现已全面兼容MCP协议,是国内首家兼容MCP协议的地图服务商。

官方
精选
JavaScript
Playwright MCP Server

Playwright MCP Server

一个模型上下文协议服务器,它使大型语言模型能够通过结构化的可访问性快照与网页进行交互,而无需视觉模型或屏幕截图。

官方
精选
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

一个由人工智能驱动的工具,可以从自然语言描述生成现代化的用户界面组件,并与流行的集成开发环境(IDE)集成,从而简化用户界面开发流程。

官方
精选
本地
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

通过模型上下文协议启用与 Audiense Insights 账户的交互,从而促进营销洞察和受众数据的提取和分析,包括人口统计信息、行为和影响者互动。

官方
精选
本地
TypeScript
VeyraX

VeyraX

一个单一的 MCP 工具,连接你所有喜爱的工具:Gmail、日历以及其他 40 多个工具。

官方
精选
本地
graphlit-mcp-server

graphlit-mcp-server

模型上下文协议 (MCP) 服务器实现了 MCP 客户端与 Graphlit 服务之间的集成。 除了网络爬取之外,还可以将任何内容(从 Slack 到 Gmail 再到播客订阅源)导入到 Graphlit 项目中,然后从 MCP 客户端检索相关内容。

官方
精选
TypeScript
Kagi MCP Server

Kagi MCP Server

一个 MCP 服务器,集成了 Kagi 搜索功能和 Claude AI,使 Claude 能够在回答需要最新信息的问题时执行实时网络搜索。

官方
精选
Python
e2b-mcp-server

e2b-mcp-server

使用 MCP 通过 e2b 运行代码。

官方
精选
Neon MCP Server

Neon MCP Server

用于与 Neon 管理 API 和数据库交互的 MCP 服务器

官方
精选
Exa MCP Server

Exa MCP Server

模型上下文协议(MCP)服务器允许像 Claude 这样的 AI 助手使用 Exa AI 搜索 API 进行网络搜索。这种设置允许 AI 模型以安全和受控的方式获取实时的网络信息。

官方
精选