Autonomous pentest engine · demonstrated impact only

The context to find the next vulnerability.

Point Hunters at a web app, an API, a repo, or a binary — it maps the surface, plans an attack, and proves impact. And browse the security context of the open-source projects your stack depends on: every known bug, next to the code that fixed it.

12
Vulnerabilities reported
70
Targets assessed
2
Confirmed / rewarded
10
False positives

Open-source security context

Known vulnerabilities across widely-used projects — each with the actual fix diff. Indexing 20 projects and 2,196 advisories.

Browse all projects

Security research & disclosures

Vulnerabilities our engine and team have found, reported, and helped fix. Undisclosed items stay redacted until the fix ships — class, affected versions, and status only.

Mobile & baseband — binary reverse-engineering
12 findings

One engine, every surface

Web & API pentests

Maps the app, captures traffic through a native proxy, and hunts demonstrable impact — not header noise.

Code & dependency audits

SAST, secret sweeps, and reachable source→sink analysis over a repo or a decompiled bundle.

Binary & APK RE

Ghidra-driven decompilation, reachability-first triage, and Android component analysis.

For your agents

Query it from your own tools

The security-context is a Model Context Protocol server and a plain REST API — point an MCP client (Claude, Cursor, your own agent) at it, or curl it directly.

MCP server

Streamable HTTP. Tools: list_projects, search_projects, get_project, get_vulnerability (with fix diff).

{
  "mcpServers": {
    "hunters-security-context": {
      "url": "https://<your-host>/api/v1/security-context/mcp"
    }
  }
}
REST API

Public, JSON, no key. The same processed shape the site renders.

GET /api/v1/security-context/projects
GET /api/v1/security-context/projects/django/django
GET /api/v1/security-context/vuln/{id}?diffs=true

Put it to work on your surface.

Start a scan in minutes — no fixed iteration cap, chat with the agent as it runs, and get demonstrated-impact findings.

Start a pentest