h1-brain: Teaching Claude Your Entire Bug Bounty History
Hook
What if your AI coding assistant could analyze every vulnerability you’ve ever found, cross-reference it with 3,600 bounty-awarded public reports, and tell you exactly where to hunt on your next target?
Context
Bug bounty hunters face a goldfish problem: you might remember last week’s XSS, but what about the IDOR you found six months ago on a similar tech stack? Or the authentication bypass on another program’s API endpoint? Human memory is lossy, and the HackerOne web interface isn’t built for pattern recognition across your entire vulnerability history.
h1-brain solves this by building a queryable knowledge base from two sources: your personal bug bounty history pulled via the HackerOne API, and a pre-built database of 3,600+ publicly disclosed bounty-awarded reports from the community. It exposes this data through the Model Context Protocol (MCP), making it accessible to AI assistants like Claude. The result is an AI that knows every weakness you’ve exploited, every bounty you’ve earned, and every publicly disclosed vulnerability pattern—then uses that context to generate attack briefings that tell you exactly where to focus your testing efforts.
Technical Insight
h1-brain is an MCP server written in Python that maintains two SQLite databases. The personal database (h1_data.db) syncs your HackerOne reports, programs, and scope definitions through API calls. The community database (disclosed_reports.db) ships pre-populated with 3,600+ public reports and requires no setup. Both databases are exposed through MCP tools that Claude can invoke during conversations.
The architecture separates data acquisition from analysis. Initial setup requires two manual sync operations—fetch_rewarded_reports pulls your bounty-awarded reports with full vulnerability write-ups, and fetch_programs pulls all accessible programs. These are one-time operations (though you can re-run them to sync new reports). Once populated, all queries hit SQLite directly.
The primary feature is the hack(handle) meta-tool, which orchestrates multiple data sources in a single call. The flow:
- API call fetches fresh program scope (in-scope/out-of-scope assets, severity caps)
- SQLite queries your rewarded reports for this specific program
- SQLite analyzes weakness patterns across ALL your reports
- Logic layer identifies bounty-eligible assets you’ve never tested
- SQLite pulls public disclosed reports for this program
- Analysis finds weaknesses that paid bounties elsewhere but haven’t been found here
- Output returns a structured attack briefing with agent instructions
The briefing structure is designed to put the AI in “offensive mode.” It doesn’t just dump data—it provides actionable intelligence formatted as instructions. For example, the “Untouched Scope” section explicitly lists bounty-eligible domains or API endpoints where you have zero findings, paired with “Suggested Attack Vectors” that cross-reference weakness types (IDOR, XSS, authentication bypass) rewarded on other programs but not yet exploited on this target.
The MCP integration is straightforward. You configure Claude Desktop or Claude Code with the server path and environment variables for your HackerOne credentials:
{
"mcpServers": {
"h1-brain": {
"command": "/path/to/h1-brain/venv/bin/python",
"args": ["/path/to/h1-brain/server.py"],
"env": {
"H1_USERNAME": "your_hackerone_username",
"H1_API_TOKEN": "your_api_token"
}
}
}
}Once connected, Claude gains access to all tools and you can directly invoke them. You can say “hack acme-corp” and the AI fetches scope, analyzes your history, pulls public disclosures, and generates a multi-section briefing.
Beyond hack(), the server exposes granular tools for surgical queries. search_reports(query, program, weakness, severity, limit) lets you filter your personal database by any combination of parameters—for instance, “show me all CRITICAL severity IDORs I found on financial services programs.” get_report(report_id) returns the full vulnerability write-up, including your original description and any attachments. These tools enable both broad pattern recognition and deep-dive analysis on specific findings.
The pre-built public reports database is a major advantage. You get immediate access to 3,600+ real-world vulnerability disclosures without needing to scrape HackerOne’s Hacktivity feed or wait for API rate limits. Each record includes the weakness type (CWE classification), severity, bounty amount, and the program where it was found. This creates a feedback loop where the AI can identify weakness types that have been rewarded on similar programs but haven’t been found on your current target yet.
Gotcha
h1-brain’s utility scales directly with your bug bounty history. If you’re new to HackerOne or have limited rewarded reports, the personal database will be sparse and the pattern recognition won’t have enough data points to be meaningful. The tool assumes you already have substantial context—it amplifies existing knowledge rather than teaching you to hack from scratch.
The public reports database is static and included in the Git repository. While 3,600+ reports provide strong baseline intelligence, the database doesn’t auto-update. New disclosed vulnerabilities require manual updates to the dataset, meaning you might miss recent attack trends or emerging vulnerability classes. If a novel exploitation technique pays bounties across multiple programs next month, h1-brain won’t know about it until the database is refreshed.
Platform lock-in is absolute. The tool only integrates with HackerOne—if you hunt on Bugcrowd, Synack, Intigriti, or private programs hosted elsewhere, that data is invisible to h1-brain. You can’t build a unified view of your vulnerability research across platforms, which limits the tool’s value for researchers who diversify their hunting grounds. There’s also no way to manually import reports from other sources into the SQLite schema, so your cross-platform patterns remain siloed.
Verdict
Use h1-brain if you’re an active HackerOne researcher with a substantial history of rewarded reports who hunts across multiple programs and wants AI-driven intelligence to identify untapped attack surfaces. It’s particularly powerful when you’re triaging new programs—instead of manually reviewing scope and guessing where to start, you get a data-driven briefing that highlights weakness patterns from your history and public disclosures. The tool shines when you have enough personal data to make correlation analysis meaningful and you work primarily within the HackerOne ecosystem. Skip it if you’re new to bug bounties (limited personal data to analyze), hunt primarily on non-HackerOne platforms (no integration available), or prefer pure manual reconnaissance without AI intermediation. Also skip if you expect real-time updates to public vulnerability intelligence—the static database means you’ll be working with a fixed snapshot of disclosed reports that ships with the repository.
