H1 Brain
MCP server that connects AI assistants to HackerOne for bug bounty hunting
What is H1 Brain?
H1 Brain is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to mcp server that connects ai assistants to hackerone for bug bounty hunting
MCP server that connects AI assistants to HackerOne for bug bounty hunting
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- MCP server that connects AI assistants to HackerOne for bug
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx h1-brainConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use H1 Brain
H1 Brain is an MCP server that connects AI assistants directly to the HackerOne bug bounty platform, enabling researchers to query program scopes, search their own vulnerability reports, retrieve public disclosures, and generate comprehensive hacking session briefings in a single call. It authenticates via the HackerOne REST API using your account credentials and surfaces a rich set of tools covering personal reports, program discovery, scope enumeration, and community intelligence from over 3,600 public disclosures.
Prerequisites
- Python 3.9 or higher with pip and venv available
- A HackerOne account with API access enabled
- A HackerOne API token (generate at hackerone.com/settings/api_token/edit)
- Git to clone the repository
- An MCP client such as Claude Desktop or Claude Code CLI
Clone the repository
Clone h1-brain from GitHub. The server is not yet on PyPI so a manual install is required.
git clone https://github.com/PatrikFehrenbach/h1-brain.git
cd h1-brainCreate a virtual environment and install dependencies
Isolate the dependencies in a virtual environment to avoid conflicts with system packages.
python -m venv venv
source venv/bin/activate
pip install -r requirements.txtObtain your HackerOne API credentials
Log into HackerOne, navigate to Settings > API Token, and generate a new token. Note your username and the token value — both are required.
Add h1-brain to Claude Desktop config
Edit your Claude Desktop config file and point it at the Python binary inside the venv together with server.py. Pass your credentials as environment variables.
Alternatively, register with Claude Code CLI
Use the claude mcp add command to register the server and inject credentials without editing JSON by hand.
claude mcp add h1-brain \
-e H1_USERNAME=your_hackerone_username \
-e H1_API_TOKEN=your_api_token \
-- /path/to/h1-brain/venv/bin/python /path/to/h1-brain/server.pySync your data and start a hacking session
Use fetch_rewarded_reports and fetch_programs to pull your data, then call hack(handle) with a program handle to get a full briefing with scope, past findings, and attack vectors.
H1 Brain Examples
Client configuration
Claude Desktop config block for h1-brain, referencing the venv Python binary and server.py.
{
"mcpServers": {
"h1-brain": {
"command": "/path/to/h1-brain/venv/bin/python",
"args": ["/path/to/h1-brain/server.py"],
"env": {
"H1_USERNAME": "your_hackerone_username",
"H1_API_TOKEN": "your_api_token"
}
}
}
}Prompts to try
Leverage h1-brain tools to accelerate bug bounty research.
- "Generate a full hacking session briefing for the program with handle 'security'."
- "Search my personal reports for critical SQL injection findings."
- "List all in-scope assets for the Acme Corp program."
- "Search public HackerOne disclosures for SSRF vulnerabilities in Node.js apps."
- "Show me a summary of which programs I've earned the most bounties from."Troubleshooting H1 Brain
Authentication error: 401 Unauthorized when connecting to HackerOne
Double-check H1_USERNAME and H1_API_TOKEN. The username must match your HackerOne account handle exactly (not your email). Regenerate the API token at hackerone.com/settings/api_token/edit if unsure.
Server fails to start: ModuleNotFoundError
Ensure you activated the virtual environment before installing requirements (`source venv/bin/activate`). Verify the venv Python binary path in your config matches the actual location (`which python` inside the active venv).
hack() returns empty scope or no past findings
Run fetch_programs and fetch_rewarded_reports first to sync your data locally. The hack() briefing draws from synced data and will be limited if you haven't imported your reports yet.
Frequently Asked Questions about H1 Brain
What is H1 Brain?
H1 Brain is a Model Context Protocol (MCP) server that mcp server that connects ai assistants to hackerone for bug bounty hunting It connects AI assistants to external tools and data sources through a standardized interface.
How do I install H1 Brain?
Follow the installation instructions on the H1 Brain GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with H1 Brain?
H1 Brain works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is H1 Brain free to use?
Yes, H1 Brain is open source and available under the MIT license. You can use it freely in both personal and commercial projects.
H1 Brain Alternatives — Similar Security Servers
Looking for alternatives to H1 Brain? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up H1 Brain in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use H1 Brain?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.