Point Hunters at a web app, an API, a repo, or a binary — it maps the surface, plans an attack, and proves impact. And browse the security context of the open-source projects your stack depends on: every known bug, next to the code that fixed it.
Known vulnerabilities across widely-used projects — each with the actual fix diff. Indexing 20 projects and 2,196 advisories.
Vulnerabilities our engine and team have found, reported, and helped fix. Undisclosed items stay redacted until the fix ships — class, affected versions, and status only.
Maps the app, captures traffic through a native proxy, and hunts demonstrable impact — not header noise.
SAST, secret sweeps, and reachable source→sink analysis over a repo or a decompiled bundle.
Ghidra-driven decompilation, reachability-first triage, and Android component analysis.
The security-context is a Model Context Protocol server and a plain REST API — point an MCP client (Claude, Cursor, your own agent) at it, or curl it directly.
Streamable HTTP. Tools: list_projects, search_projects, get_project, get_vulnerability (with fix diff).
{
"mcpServers": {
"hunters-security-context": {
"url": "https://<your-host>/api/v1/security-context/mcp"
}
}
}Public, JSON, no key. The same processed shape the site renders.
GET /api/v1/security-context/projects
GET /api/v1/security-context/projects/django/django
GET /api/v1/security-context/vuln/{id}?diffs=trueStart a scan in minutes — no fixed iteration cap, chat with the agent as it runs, and get demonstrated-impact findings.
Start a pentest