h1-brain MCP — 사용 사례, 설치 & 라이브 데모

왜 쓰나요

핵심 기능

hack(handle) generates one-shot attack briefings with scope, patterns, and vectors
Dual databases: personal bounty history + 3,600+ public disclosures
Search your own rewarded reports, program scopes, and attachments
Search across publicly disclosed HackerOne reports for vulnerability patterns
Real-time scope fetching from HackerOne API

라이브 데모

실제 사용 모습

h1-brain.replay ▶ 준비됨

0/0

설치

클라이언트 선택

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "h1-brain": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/PatrikFehrenbach/h1-brain"
      ]
    }
  }
}

Claude Desktop → Settings → Developer → Edit Config 열기. 저장 후 앱 재시작.

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "h1-brain": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/PatrikFehrenbach/h1-brain"
      ]
    }
  }
}

Cursor는 Claude Desktop과 동일한 mcpServers 스키마 사용. 프로젝트 설정이 전역보다 우선.

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "h1-brain": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/PatrikFehrenbach/h1-brain"
      ]
    }
  }
}

Cline 사이드바의 MCP Servers 아이콘 클릭 후 "Edit Configuration" 선택.

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "h1-brain": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/PatrikFehrenbach/h1-brain"
      ]
    }
  }
}

Claude Desktop과 같은 형식. Windsurf 재시작 후 적용.

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "h1-brain",
      "command": "TODO",
      "args": [
        "See README: https://github.com/PatrikFehrenbach/h1-brain"
      ]
    }
  ]
}

Continue는 맵이 아닌 서버 오브젝트 배열 사용.

~/.config/zed/settings.json

{
  "context_servers": {
    "h1-brain": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/PatrikFehrenbach/h1-brain"
        ]
      }
    }
  }
}

context_servers에 추가. 저장 시 Zed가 핫 리로드.

claude mcp add h1-brain -- TODO 'See README: https://github.com/PatrikFehrenbach/h1-brain'

한 줄 명령. claude mcp list로 확인, claude mcp remove로 제거.

사용 사례

실전 활용법: h1-brain

Generate an attack briefing for an authorized bug bounty program

👤 Bug bounty hunters working on authorized HackerOne programs ⏱ ~15 min intermediate

언제 쓸까: You're starting work on a new bug bounty target and want a strategic overview.

사전 조건

HackerOne API token — Generate at hackerone.com/settings/api_token
h1-brain installed and databases populated — Clone, install, run fetch_rewarded_reports to populate personal DB

흐름

Generate the briefing

hack('target-company') — Generate a full attack briefing for this program.✓ 복사됨

→ Comprehensive briefing with scope, known weakness patterns, untouched assets, and suggested attack vectors
Cross-reference with disclosures

Search disclosed reports for this company. What vulnerability types have been found before?✓ 복사됨

→ List of disclosed vulnerabilities with types and bounty amounts

결과: A strategic attack plan based on historical data and current scope.

함정

Stale scope data — The tool fetches fresh scope from HackerOne API, but verify on the program page

Analyze your bug bounty track record to find your strengths

👤 Bug bounty hunters optimizing their approach ⏱ ~20 min beginner

언제 쓸까: You want to understand which vulnerability types and programs earn you the most bounties.

사전 조건

Personal database populated — Run fetch_rewarded_reports to sync your history

흐름

Review your history

Search my rewarded reports. Group them by vulnerability type and show the total bounty per type.✓ 복사됨

→ Breakdown of earnings by vulnerability category
Identify patterns

Which programs am I most successful on? What do they have in common?✓ 복사됨

→ Pattern analysis across your most rewarded programs

결과: Insight into your strengths to focus future hunting efforts.

함정

Old reports may not reflect current program scope — Re-fetch program scopes to get current assets

조합

다른 MCP와 조합해 10배 효율

h1-brain + filesystem

Save attack briefings and reports to organized files for each program

Generate an attack briefing for target-company and save it as ~/bounty/target-company/briefing.md.✓ 복사됨

도구

이 MCP가 노출하는 것

도구	입력	언제 호출	비용
hack	handle: str	Generate a comprehensive attack briefing for a HackerOne program	Multiple API calls
search_reports	query?: str	Search your personal rewarded reports	0 (local DB)
search_disclosed_reports	query?: str	Search across 3,600+ public disclosures	0 (local DB)
search_programs	query?: str	Search bug bounty programs	0 (local DB)
fetch_rewarded_reports	none	Sync your HackerOne rewarded reports to local DB	Multiple API calls

비용 및 제한

운영 비용

API 쿼터: HackerOne API rate limits apply during sync and scope fetching
호출당 토큰: 500–3000 tokens per briefing
금액: Free — HackerOne API access is free with your account
팁: Populate the local databases once, then queries are free and instant. Re-sync periodically.

보안

권한, 시크릿, 파급범위

최소 스코프: HackerOne API token with read access

자격 증명 저장: API token in environment variable or Claude Desktop config

데이터 외부 송신: API calls to HackerOne during sync and scope fetching. Local DB queries have no network calls.

⚠ This tool is designed for authorized security research, CTF competitions, and defensive analysis only. Do not use it against systems you don't own or have written authorization to test.
Only target programs that are active on HackerOne and within their defined scope.
Your HackerOne API token grants access to your account data. Keep it secure.

문제 해결

자주 발생하는 오류와 해결

Empty personal database

Run fetch_rewarded_reports first to populate your local database from HackerOne.

확인: Check that h1_data.db file exists and has data

HackerOne API authentication failed

Verify your API token is valid and hasn't expired. Generate a new one at hackerone.com/settings/api_token.

확인: curl -H 'Authorization: ...' https://api.hackerone.com/v1/me

hack() returns empty briefing

The program handle may be incorrect. Search for the exact handle on HackerOne's directory.

확인: search_programs to find the correct handle

대안

h1-brain 다른 것과 비교

대안	언제 쓰나	단점/장점
hexstrike-ai	You need active security scanning tools rather than HackerOne-specific intelligence	Broader tool coverage but no HackerOne integration or report history

h1-brain

왜 쓰나요

핵심 기능

라이브 데모

실제 사용 모습

설치

클라이언트 선택

사용 사례

실전 활용법: h1-brain

Generate an attack briefing for an authorized bug bounty program

사전 조건

흐름

함정

Analyze your bug bounty track record to find your strengths

사전 조건

흐름

함정

조합

다른 MCP와 조합해 10배 효율

도구

이 MCP가 노출하는 것

비용 및 제한

운영 비용

보안

권한, 시크릿, 파급범위

문제 해결

자주 발생하는 오류와 해결

대안

h1-brain 다른 것과 비교

더 보기

리소스