h1-brain MCP — حالات الاستخدام, التثبيت & عرض مباشر

لماذا تستخدمه

الميزات الأساسية

hack(handle) generates one-shot attack briefings with scope, patterns, and vectors
Dual databases: personal bounty history + 3,600+ public disclosures
Search your own rewarded reports, program scopes, and attachments
Search across publicly disclosed HackerOne reports for vulnerability patterns
Real-time scope fetching from HackerOne API

عرض مباشر

كيف يبدو في الممارسة

h1-brain.replay ▶ جاهز

0/0

التثبيت

اختر العميل

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "h1-brain": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/PatrikFehrenbach/h1-brain"
      ]
    }
  }
}

افتح Claude Desktop → Settings → Developer → Edit Config. أعد التشغيل بعد الحفظ.

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "h1-brain": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/PatrikFehrenbach/h1-brain"
      ]
    }
  }
}

يستخدم Cursor نفس مخطط mcpServers مثل Claude Desktop. إعدادات المشروع أولى من الإعدادات العامة.

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "h1-brain": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/PatrikFehrenbach/h1-brain"
      ]
    }
  }
}

انقر على أيقونة MCP Servers في شريط Cline الجانبي، ثم "Edit Configuration".

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "h1-brain": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/PatrikFehrenbach/h1-brain"
      ]
    }
  }
}

نفس الصيغة مثل Claude Desktop. أعد تشغيل Windsurf لتطبيق التغييرات.

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "h1-brain",
      "command": "TODO",
      "args": [
        "See README: https://github.com/PatrikFehrenbach/h1-brain"
      ]
    }
  ]
}

يستخدم Continue مصفوفة من كائنات الخادم بدلاً من خريطة.

~/.config/zed/settings.json

{
  "context_servers": {
    "h1-brain": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/PatrikFehrenbach/h1-brain"
        ]
      }
    }
  }
}

أضف إلى context_servers. يعيد Zed التحميل تلقائيًا عند الحفظ.

claude mcp add h1-brain -- TODO 'See README: https://github.com/PatrikFehrenbach/h1-brain'

أمر من سطر واحد. تحقق باستخدام claude mcp list. احذف باستخدام claude mcp remove.

حالات الاستخدام

استخدامات عملية: h1-brain

Generate an attack briefing for an authorized bug bounty program

👤 Bug bounty hunters working on authorized HackerOne programs ⏱ ~15 min intermediate

متى تستخدمه: You're starting work on a new bug bounty target and want a strategic overview.

المتطلبات الأساسية

HackerOne API token — Generate at hackerone.com/settings/api_token
h1-brain installed and databases populated — Clone, install, run fetch_rewarded_reports to populate personal DB

الخطوات

Generate the briefing

hack('target-company') — Generate a full attack briefing for this program.✓ تم النسخ

→ Comprehensive briefing with scope, known weakness patterns, untouched assets, and suggested attack vectors
Cross-reference with disclosures

Search disclosed reports for this company. What vulnerability types have been found before?✓ تم النسخ

→ List of disclosed vulnerabilities with types and bounty amounts

النتيجة: A strategic attack plan based on historical data and current scope.

المزالق

Stale scope data — The tool fetches fresh scope from HackerOne API, but verify on the program page

Analyze your bug bounty track record to find your strengths

👤 Bug bounty hunters optimizing their approach ⏱ ~20 min beginner

متى تستخدمه: You want to understand which vulnerability types and programs earn you the most bounties.

المتطلبات الأساسية

Personal database populated — Run fetch_rewarded_reports to sync your history

الخطوات

Review your history

Search my rewarded reports. Group them by vulnerability type and show the total bounty per type.✓ تم النسخ

→ Breakdown of earnings by vulnerability category
Identify patterns

Which programs am I most successful on? What do they have in common?✓ تم النسخ

→ Pattern analysis across your most rewarded programs

النتيجة: Insight into your strengths to focus future hunting efforts.

المزالق

Old reports may not reflect current program scope — Re-fetch program scopes to get current assets

التركيبات

اجمعها مع خوادم MCP أخرى لتحقيق نتائج x10

h1-brain + filesystem

Save attack briefings and reports to organized files for each program

Generate an attack briefing for target-company and save it as ~/bounty/target-company/briefing.md.✓ تم النسخ

الأدوات

ما يوفره هذا الـ MCP

الأداة	المدخلات	متى تستدعيها	التكلفة
hack	handle: str	Generate a comprehensive attack briefing for a HackerOne program	Multiple API calls
search_reports	query?: str	Search your personal rewarded reports	0 (local DB)
search_disclosed_reports	query?: str	Search across 3,600+ public disclosures	0 (local DB)
search_programs	query?: str	Search bug bounty programs	0 (local DB)
fetch_rewarded_reports	none	Sync your HackerOne rewarded reports to local DB	Multiple API calls

التكلفة والحدود

تكلفة التشغيل

حصة API: HackerOne API rate limits apply during sync and scope fetching
الرموز لكل استدعاء: 500–3000 tokens per briefing
التكلفة المالية: Free — HackerOne API access is free with your account
نصيحة: Populate the local databases once, then queries are free and instant. Re-sync periodically.

الأمان

الصلاحيات والأسرار ونطاق الأثر

الحد الأدنى من الصلاحيات: HackerOne API token with read access

تخزين بيانات الاعتماد: API token in environment variable or Claude Desktop config

نقل البيانات الخارجي: API calls to HackerOne during sync and scope fetching. Local DB queries have no network calls.

⚠ This tool is designed for authorized security research, CTF competitions, and defensive analysis only. Do not use it against systems you don't own or have written authorization to test.
Only target programs that are active on HackerOne and within their defined scope.
Your HackerOne API token grants access to your account data. Keep it secure.

استكشاف الأخطاء

الأخطاء الشائعة وحلولها

Empty personal database

Run fetch_rewarded_reports first to populate your local database from HackerOne.

تحقق: Check that h1_data.db file exists and has data

HackerOne API authentication failed

Verify your API token is valid and hasn't expired. Generate a new one at hackerone.com/settings/api_token.

تحقق: curl -H 'Authorization: ...' https://api.hackerone.com/v1/me

hack() returns empty briefing

The program handle may be incorrect. Search for the exact handle on HackerOne's directory.

تحقق: search_programs to find the correct handle

البدائل

h1-brain مقابل البدائل

البديل	متى تستخدمها	المقايضة
hexstrike-ai	You need active security scanning tools rather than HackerOne-specific intelligence	Broader tool coverage but no HackerOne integration or report history

h1-brain

لماذا تستخدمه

الميزات الأساسية

عرض مباشر

كيف يبدو في الممارسة

التثبيت

اختر العميل

حالات الاستخدام

استخدامات عملية: h1-brain

Generate an attack briefing for an authorized bug bounty program

المتطلبات الأساسية

الخطوات

المزالق

Analyze your bug bounty track record to find your strengths

المتطلبات الأساسية

الخطوات

المزالق

التركيبات

اجمعها مع خوادم MCP أخرى لتحقيق نتائج x10

الأدوات

ما يوفره هذا الـ MCP

التكلفة والحدود

تكلفة التشغيل

الأمان

الصلاحيات والأسرار ونطاق الأثر

استكشاف الأخطاء

الأخطاء الشائعة وحلولها

البدائل

h1-brain مقابل البدائل

المزيد

الموارد