h1-brain MCP — Use Cases, Install & Live Demo

Why use it

Key features

hack(handle) generates one-shot attack briefings with scope, patterns, and vectors
Dual databases: personal bounty history + 3,600+ public disclosures
Search your own rewarded reports, program scopes, and attachments
Search across publicly disclosed HackerOne reports for vulnerability patterns
Real-time scope fetching from HackerOne API

Live Demo

What it looks like in practice

h1-brain.replay ▶ ready

0/0

Install

Pick your client

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "h1-brain": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/PatrikFehrenbach/h1-brain"
      ]
    }
  }
}

Open Claude Desktop → Settings → Developer → Edit Config. Restart after saving.

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "h1-brain": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/PatrikFehrenbach/h1-brain"
      ]
    }
  }
}

Cursor uses the same mcpServers schema as Claude Desktop. Project config wins over global.

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "h1-brain": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/PatrikFehrenbach/h1-brain"
      ]
    }
  }
}

Click the MCP Servers icon in the Cline sidebar, then "Edit Configuration".

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "h1-brain": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/PatrikFehrenbach/h1-brain"
      ]
    }
  }
}

Same shape as Claude Desktop. Restart Windsurf to pick up changes.

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "h1-brain",
      "command": "TODO",
      "args": [
        "See README: https://github.com/PatrikFehrenbach/h1-brain"
      ]
    }
  ]
}

Continue uses an array of server objects rather than a map.

~/.config/zed/settings.json

{
  "context_servers": {
    "h1-brain": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/PatrikFehrenbach/h1-brain"
        ]
      }
    }
  }
}

Add to context_servers. Zed hot-reloads on save.

claude mcp add h1-brain -- TODO 'See README: https://github.com/PatrikFehrenbach/h1-brain'

One-liner. Verify with claude mcp list. Remove with claude mcp remove.

Use Cases

Real-world ways to use h1-brain

Generate an attack briefing for an authorized bug bounty program

👤 Bug bounty hunters working on authorized HackerOne programs ⏱ ~15 min intermediate

When to use: You're starting work on a new bug bounty target and want a strategic overview.

Prerequisites

HackerOne API token — Generate at hackerone.com/settings/api_token
h1-brain installed and databases populated — Clone, install, run fetch_rewarded_reports to populate personal DB

Flow

Generate the briefing

hack('target-company') — Generate a full attack briefing for this program.✓ Copied

→ Comprehensive briefing with scope, known weakness patterns, untouched assets, and suggested attack vectors
Cross-reference with disclosures

Search disclosed reports for this company. What vulnerability types have been found before?✓ Copied

→ List of disclosed vulnerabilities with types and bounty amounts

Outcome: A strategic attack plan based on historical data and current scope.

Pitfalls

Stale scope data — The tool fetches fresh scope from HackerOne API, but verify on the program page

Analyze your bug bounty track record to find your strengths

👤 Bug bounty hunters optimizing their approach ⏱ ~20 min beginner

When to use: You want to understand which vulnerability types and programs earn you the most bounties.

Prerequisites

Personal database populated — Run fetch_rewarded_reports to sync your history

Flow

Review your history

Search my rewarded reports. Group them by vulnerability type and show the total bounty per type.✓ Copied

→ Breakdown of earnings by vulnerability category
Identify patterns

Which programs am I most successful on? What do they have in common?✓ Copied

→ Pattern analysis across your most rewarded programs

Outcome: Insight into your strengths to focus future hunting efforts.

Pitfalls

Old reports may not reflect current program scope — Re-fetch program scopes to get current assets

Combinations

Pair with other MCPs for X10 leverage

h1-brain + filesystem

Save attack briefings and reports to organized files for each program

Generate an attack briefing for target-company and save it as ~/bounty/target-company/briefing.md.✓ Copied

Tools

What this MCP exposes

Tool	Inputs	When to call	Cost
hack	handle: str	Generate a comprehensive attack briefing for a HackerOne program	Multiple API calls
search_reports	query?: str	Search your personal rewarded reports	0 (local DB)
search_disclosed_reports	query?: str	Search across 3,600+ public disclosures	0 (local DB)
search_programs	query?: str	Search bug bounty programs	0 (local DB)
fetch_rewarded_reports	none	Sync your HackerOne rewarded reports to local DB	Multiple API calls

Cost & Limits

What this costs to run

API quota: HackerOne API rate limits apply during sync and scope fetching
Tokens per call: 500–3000 tokens per briefing
Monetary: Free — HackerOne API access is free with your account
Tip: Populate the local databases once, then queries are free and instant. Re-sync periodically.

Security

Permissions, secrets, blast radius

Minimum scopes: HackerOne API token with read access

Credential storage: API token in environment variable or Claude Desktop config

Data egress: API calls to HackerOne during sync and scope fetching. Local DB queries have no network calls.

⚠ This tool is designed for authorized security research, CTF competitions, and defensive analysis only. Do not use it against systems you don't own or have written authorization to test.
Only target programs that are active on HackerOne and within their defined scope.
Your HackerOne API token grants access to your account data. Keep it secure.

Troubleshooting

Common errors and fixes

Empty personal database

Run fetch_rewarded_reports first to populate your local database from HackerOne.

Verify: Check that h1_data.db file exists and has data

HackerOne API authentication failed

Verify your API token is valid and hasn't expired. Generate a new one at hackerone.com/settings/api_token.

Verify: curl -H 'Authorization: ...' https://api.hackerone.com/v1/me

hack() returns empty briefing

The program handle may be incorrect. Search for the exact handle on HackerOne's directory.

Verify: search_programs to find the correct handle

Alternatives

h1-brain vs others

Alternative	When to use it instead	Tradeoff
hexstrike-ai	You need active security scanning tools rather than HackerOne-specific intelligence	Broader tool coverage but no HackerOne integration or report history

More

Resources

📖 Read the official README on GitHub

🐙 Browse open issues

🔍 Browse all 400+ MCP servers and Skills