MCP server for ASMHunter — drive bug-bounty recon, monitoring, triage and reporting from an AI agent.
Project description
asmhunter-mcp
Local stdio MCP server for ASMHunter — drive your bug-bounty recon, monitoring, triage and reporting from an AI agent (Claude Code, Claude Desktop, Cursor, …).
What it is honestly good at: automating the ~80% grind — discovering fresh scope, spinning up targets, running recon + automated scans, reading back the attack surface and findings, organizing a hunt, and drafting reports. It puts you first on newly-added scope and never lets you miss a change. It does not find the high-value manual bugs for you (IDOR, business logic, auth bypass) — that's still your job; this tool buys you the time to do it.
Tools (34)
Intel — search_programs, get_program, recommend_programs, get_watchlist, get_scope_changes
Scanner (the ASMHunter edge) — list_targets, create_target, list_workflows, trigger_scan (pro+, confirm gate), get_scan_status, get_findings, list_assets
Hunt sessions — create_session, list_sessions, get_session, update_session, delete_session
Entries — add_lead, add_finding, add_tested, add_note, bulk_add_entries, list_entries, update_entry, delete_entry, promote_entry
Reports — draft_report, list_reports, update_report, delete_report
Stats & attribution — get_my_stats, get_value_receipt, list_wins, add_win
Requirements
- Python 3.12+
- An ASMHunter pro+ account (Personal Access Tokens and the scanner tools are pro-gated)
- A Personal Access Token — mint one at asmhunter.app → Settings → API Tokens (
asm_live_…)
Install
uv tool install asmhunter-mcp
# or: pip install asmhunter-mcp
Connect from Claude Code
Add via the CLI:
claude mcp add asmhunter \
--env ASMHUNTER_TOKEN=asm_live_YOUR_TOKEN_HERE \
-- uvx asmhunter-mcp
Or add to your MCP config (~/.claude/claude_desktop_config.json or Claude Code MCP settings):
{
"mcpServers": {
"asmhunter": {
"command": "uvx",
"args": ["asmhunter-mcp"],
"env": {
"ASMHUNTER_TOKEN": "asm_live_YOUR_TOKEN_HERE"
}
}
}
}
ASMHUNTER_API_URL defaults to https://asmhunter.app — only set it to override
(e.g. a self-hosted or staging instance).
Environment variables
| Variable | Description | Default |
|---|---|---|
ASMHUNTER_TOKEN |
Personal Access Token (asm_live_…) |
required |
ASMHUNTER_API_URL |
API base URL | https://asmhunter.app |
Drive a hunt — example prompt
Once connected, in Claude Code just ask for the loop in plain language:
"Show me programs with recent scope changes. Pick one with genuinely fresh scope, add its new domain as a target, list the available scan workflows and run a recon + subdomain-enum scan (confirm it). When it finishes, summarize the newly-discovered assets and any findings by severity, flag which ones are worth manual testing, and draft a report skeleton for the most promising one."
Claude will chain get_scope_changes → create_target → list_workflows → trigger_scan(confirm=true) → get_scan_status → list_assets / get_findings → add_lead / draft_report. You then do the creative manual testing on the surface
it prioritized. Ongoing, keep targets under continuous monitoring and let the
alerts (Telegram/email) tell you when something changed.
Run directly
ASMHUNTER_TOKEN=asm_live_... asmhunter-mcp
Architecture
client.py— httpx-only async client, no fastmcp dependency (unit-testable standalone; rejects path-traversal in interpolated ids)server.py— FastMCP tool wrappers (thin, no business logic; tiers/quota/RLS enforced server-side)__main__.py— entrypoint (mcp.run())
All tier enforcement, quota checks, and RLS live in the orchestrator — the MCP
layer is a pure passthrough except for trigger_scan's local confirm gate.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file asmhunter_mcp-0.1.1.tar.gz.
File metadata
- Download URL: asmhunter_mcp-0.1.1.tar.gz
- Upload date:
- Size: 85.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
933b0eb1e103e75898845c89bbd12ebeb0ce9ab31d67d5f20c3014b089ef59ce
|
|
| MD5 |
e1ea0c0a227e08c5a449fb17a368ad93
|
|
| BLAKE2b-256 |
e290e63fc04630946e2030e13c2d06d25b8ee6d9ac2067f5bb14ecd28b1d704e
|
File details
Details for the file asmhunter_mcp-0.1.1-py3-none-any.whl.
File metadata
- Download URL: asmhunter_mcp-0.1.1-py3-none-any.whl
- Upload date:
- Size: 9.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3dfa6800c833ec8d1d2213be09928dd886f7750fd88f937107e6bc480475e4d9
|
|
| MD5 |
eb15017313722003ab65810b81192fc2
|
|
| BLAKE2b-256 |
8fceb1c2ec64e732f22fa9878aac46d2a369cb72b031a0d8956fb111abf155ab
|