vmihalis/hacker-bob
70 stars · Last commit 2026-06-08
Claude Code bug bounty agent. Install in current workspace: npx -y hacker-bob-cc@latest install "$PWD" then restart Claude and run /bob-hunt target.com
README preview
<p align="center"> <img src="docs/hacker-bob.png" alt="Hacker Bob" width="320" /> </p> <h1 align="center">Hacker Bob</h1> <p align="center"><i>A local MCP workflow framework for authorized bug bounty research.</i></p> <p align="center"> <a href="https://github.com/vmihalis/hacker-bob/actions/workflows/ci.yml"><img alt="CI" src="https://github.com/vmihalis/hacker-bob/actions/workflows/ci.yml/badge.svg" /></a> <a href="https://www.npmjs.com/package/hacker-bob"><img alt="hacker-bob on npm" src="https://img.shields.io/npm/v/hacker-bob?label=hacker-bob" /></a> <a href="https://www.npmjs.com/package/hacker-bob-cc"><img alt="hacker-bob-cc on npm" src="https://img.shields.io/npm/v/hacker-bob-cc?label=hacker-bob-cc" /></a> <a href="https://www.npmjs.com/package/hacker-bob-codex"><img alt="hacker-bob-codex on npm" src="https://img.shields.io/npm/v/hacker-bob-codex?label=hacker-bob-codex" /></a> <a href="https://www.npmjs.com/package/hacker-bob-kimi"><img alt="hacker-bob-kimi on npm" src="https://img.shields.io/npm/v/hacker-bob-kimi?label=hacker-bob-kimi" /></a> <a href="LICENSE"><img alt="Apache-2.0 license" src="https://img.shields.io/github/license/vmihalis/hacker-bob" /></a> <a href="https://securityscorecards.dev/viewer/?uri=github.com/vmihalis/hacker-bob"><img alt="OpenSSF Scorecard" src="https://api.securityscorecards.dev/projects/github.com/vmihalis/hacker-bob/badge" /></a> </p> Hacker Bob installs a local MCP runtime into a project directory and connects it to Claude Code, Codex, Kimi CLI, or another MCP-capable host. The runtime coordinates surface mapping, authentication setup, parallel surface testing, finding verification, grading, reporting, and local evidence handling.