h1-brain
MCP server that connects AI assistants to HackerOne for bug bounty hunting
138stars
16forks
Python
Added 3/15/2026
AI Agentsaibug-bountybug-bounty-toolsclaudehackeronehackingmcpmcp-serverpentestingsecurity
Installation
# Add to your Claude Code skills
git clone https://github.com/PatrikFehrenbach/h1-brainh1-brain
An MCP server that connects your AI assistant to HackerOne. It pulls your bug bounty history, program scopes, and report details into a local SQLite database, then exposes tools that let any MCP-compatible client (Claude Desktop, Claude Code, etc.) search, analyze, and build on your past work.
It also ships with a pre-built database of 3,600+ publicly disclosed bounty-awarded reports from the HackerOne community — full vulnerability write-ups, weakness types, and bounty amounts. The AI uses both your personal data and public knowledge to generate attack briefings.
The primary tool, hack(handle), generates a full hacking session briefing in a single call: fresh scope from the API, your past findings, public disclosures for that program, weakness patterns, untouched assets, and suggested attack vectors — all formatted as actionable instructions that put the AI in offensive mode.
How It Works
For a full walkthrough, check out the three-part Bug Bounty Goldfish series:
- Teaching Claude Everything You've Hacked — Why I built h1-brain and how to set it up
- What h1-brain Actually Does — Every tool explained, from search to the
hack()briefing - Running h1-brain Against a Real Target — A start-to-finish walkthrough on an actual program
graph LR
A["Claude Desktop / Code"] -->|MCP Protocol| B["h1-brain server"]
B -->|API calls| C["HackerOne API"]
B -->|reads / writes| D["Your Reports DB"]
B -->|reads| E["Public Reports DB"]
C -->|reports, programs, scopes| B
D -->|your history + analysis| A
E -->|community knowledge| A
style A fill:#ff5c5c,stroke:#ff5c5c,color:#fff
style B fill:#1a1d27,stroke:#ff5c5c,color:#fff
style C fill:#1a1d27,stroke:#555,color:#fff
style D fill:#1a1d27,stroke:#555,color:#fff
style E fill:#1a1d27,stroke:#555,color:#fff
flowchart TD
A["hack(handle)"] --> B["Fetch fresh scope from HackerOne API"]
B --> C["Pull your reports on this program from SQLite"]
C --> D["Analyze weakness patterns across ALL programs"]
D --> E["Identify untouched bounty-eligible assets"]
E --> F["Cross-reference public disclosed reports for this program"]
F --> G["Generate attack briefing with agent instructions"]
style A fill:#ff5c5c,stroke:#ff5c5c,color:#fff
style G fill:#ff5c5c,stroke:#ff5c5c,color:#fff
style B fill:#1a1d27,stroke:#555,color:#fff
style C fill:#1a1d27,stroke:#555,color:#fff
style D fill:#1a1d27,stroke:#555,color:#fff
style E fill:#1a1d27,stroke:#555,color:#fff
style F fill:#1a1d27,stroke:#555,color:#fff
Requirements
- Python 3.10+
- A HackerOne API token ([generate one here](https://hackerone.co...
Comments (0)
to leave a comment.
No comments yet. Be the first to share your thoughts!
Related Skills
Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.
179,165
55,789
TypeScript
MCP Serversaiapis
An open-source AI agent that brings the power of Gemini directly into your terminal.
97,754
12,257
TypeScript
AI Agentsaiai-agents
The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
76,097
9,506
JavaScript
AI Agentsai-agentsanthropic
Context7 Platform -- Up-to-date code documentation for LLMs and AI code editors
49,063
2,314
TypeScript
MCP Serversllmmcp
⭐AI-driven public opinion & trend monitor with multi-platform aggregation, RSS, and smart alerts.🎯 告别信息过载,你的 AI 舆情监控助手与热点筛选工具!聚合多平台热点 + RSS 订阅,支持关键词精准筛选。AI 智能筛选新闻 + AI 翻译 + AI 分析简报直推手机,也支持接入 MCP 架构,赋能 AI 自然语言对话分析、情感洞察与趋势预测等。支持 Docker ,数据本地/云端自持。集成微信/飞书/钉钉/Telegram/邮件/ntfy/bark/slack 等渠道智能推送。
48,947
22,642
Python
MCP Serversaibark
A curated list of awesome Claude Skills, resources, and tools for customizing Claude AI workflows
44,141
4,446
Python
AI Agentsagent-skillsai-agents