bbot-mcp

marlinkcyber/bbot-mcp

3.3

If you are the rightful owner of bbot-mcp and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

A Model Context Protocol (MCP) server for running BBOT security scans, providing tools to manage and execute scans through the MCP interface.

Tools
8
Resources
0
Prompts
0

BBOT MCP Server

A Model Context Protocol (MCP) server for running BBOT security scans. This server provides tools to manage and execute bbot scans through the MCP interface.

Features

  • Module Management: List and explore available bbot modules
  • Preset Management: List and use predefined scan configurations
  • Scan Execution: Start and manage long-running bbot scans
  • Real-time Monitoring: Check scan status and retrieve results
  • Wait & Progress Tracking: Wait for scan completion with timeout and progress reporting
  • Concurrent Scans: Support for multiple simultaneous scans
  • Dependency Management: Comprehensive sudo prevention and no-deps functionality

Installation

From PyPI (Recommended)

pip install bbot-mcp

From Source

git clone https://github.com/marlinkcyber/bbot-mcp.git
cd bbot-mcp
pip install -e .

Using uvx (Run without installing)

uvx bbot-mcp

Install dependencies

It is recommended to install all BBOT dependencies before invoking BBOT MCP server:

bbot --install-all-deps

Usage

Running the MCP Server

After installation, the server can be started using the bbot-mcp command:

bbot-mcp

Or directly with Python:

python -m bbot_mcp.server

Available Tools

The MCP server provides 8 tools for comprehensive bbot scan management:

1. list_bbot_modules()

Lists all available bbot modules categorized by type (scan, output, internal).

2. list_bbot_presets()

Lists all available bbot presets for quick scan configuration.

3. start_bbot_scan(targets, modules="", presets="", flags="", no_deps=True)

Starts a new bbot scan with the specified parameters.

Parameters:

  • targets: Comma-separated list of targets (domains, IPs, URLs)
  • modules: Optional comma-separated list of modules to use
  • presets: Optional comma-separated list of presets to apply
  • flags: Optional comma-separated list of flags
  • no_deps: Disable dependency installation to prevent sudo prompts (default: True)

Example:

start_bbot_scan("example.com,google.com", "httpx,nmap", "web-basic", "safe", True)

Important: The no_deps=True parameter prevents bbot from attempting to install missing dependencies, which would cause sudo password prompts that hang the MCP server.

4. get_scan_status(scan_id)

Retrieves the current status of a specific scan.

5. get_scan_results(scan_id, limit=100)

Retrieves results from a completed or running scan.

Parameters:

  • scan_id: The unique identifier of the scan
  • limit: Maximum number of results to return (default: 100)
6. list_active_scans()

Lists all currently active scans with their basic information.

7. wait_for_scan_completion(scan_id, timeout=300, poll_interval=5, include_progress=True)

Waits for a scan to complete with timeout and progress reporting.

Parameters:

  • scan_id: The ID of the scan to wait for
  • timeout: Maximum time to wait in seconds (default: 300 = 5 minutes)
  • poll_interval: How often to check scan status in seconds (default: 5)
  • include_progress: Whether to include progress updates in the response (default: True)

Returns:

  • Success response with completion details, elapsed time, and progress updates
  • Timeout response if scan doesn't complete within the specified time
  • Error response for invalid scan IDs or other issues

Example:

# Wait for scan to complete with custom timeout
result = wait_for_scan_completion("scan-123", timeout=600, poll_interval=10)
8. get_dependency_info()

Provides information about bbot's dependency management system and how the MCP server handles dependencies.

MCP config example:

{
  "mcpServers": {
    "bbot": {
      "command": "uvx",
      "args": ["--refresh","bbot-mcp"]
    }
  }
}

Scan Management

Scan Lifecycle

  1. Starting: Scan is being initialized
  2. Running: Scan is actively executing
  3. Completed: Scan finished successfully
  4. Error: Scan encountered an error

Long-running Scans

Scans run in separate threads to avoid blocking the MCP server. You can:

  • Start multiple scans concurrently
  • Check status while scans are running
  • Retrieve partial results from ongoing scans

Development

Testing

Run the test suite to verify functionality:

# Run all tests
pytest

# Run specific test categories
python tests/test_server.py
python tests/simple_test.py
python tests/test_imports.py

# Test the binary command
bbot-mcp --help

Project Structure

bbot-mcp/
ā”œā”€ā”€ bbot_mcp/              # Main package
ā”‚   ā”œā”€ā”€ __init__.py        # Package initialization
ā”‚   ā””ā”€ā”€ server.py          # MCP server implementation
ā”œā”€ā”€ tests/                 # Test suite
ā”œā”€ā”€ pyproject.toml         # Package configuration
ā”œā”€ā”€ README.md             # This file
ā””ā”€ā”€ requirements.txt      # Development dependencies

Example MCP Client Usage

# Connect to the MCP server and use the tools
client = MCPClient("bbot-scanner")

# List available modules
modules = client.call_tool("list_bbot_modules")

# Start a scan
scan_result = client.call_tool("start_bbot_scan", {
    "targets": "example.com",
    "presets": "web-basic"
})

# Check scan status
status = client.call_tool("get_scan_status", {
    "scan_id": scan_result["scan_id"]
})

# Wait for scan to complete
completion = client.call_tool("wait_for_scan_completion", {
    "scan_id": scan_result["scan_id"],
    "timeout": 300
})

# Get results when complete
results = client.call_tool("get_scan_results", {
    "scan_id": scan_result["scan_id"],
    "limit": 50
})

Security Considerations

  • This tool is designed for authorized security testing only
  • Always ensure you have permission to scan target systems
  • Be aware that bbot scans can be resource-intensive and may take significant time
  • Some modules may be considered intrusive - use the --allow-deadly equivalent flags carefully

Dependency Management

The MCP server includes comprehensive dependency management to prevent sudo password prompts:

Automatic Protection Measures

  • Default Behavior: no_deps=True - Dependencies are disabled by default
  • Environment Variables: Multiple layers of sudo prevention (SUDO_ASKPASS, DEBIAN_FRONTEND, etc.)
  • Stdin Redirection: Blocks all interactive input to prevent hanging
  • Module Exclusions: Problematic modules (sslcert, trufflehog) are automatically excluded
  • Force Configuration: Modules run even if dependencies fail

Key Features

  • Comprehensive Sudo Prevention: Multiple environment variables and configurations prevent any sudo prompts
  • Graceful Degradation: Scans continue even when some modules can't load dependencies
  • Pre-installation Support: Install dependencies manually if needed: pip install <module-deps>
  • macOS Compatibility: Special handling for Homebrew vs APT package manager conflicts

Excluded Modules

You can exclude problematic modules by setting following environment variable:

export BBOT_EXCLUDE_MODULES="trufflehog,sslcert"

Example exclude mentioned modules if you have any dependency issues (i.e. on Mac OS X):

  • sslcert: APT dependency incompatible with macOS Homebrew
  • trufflehog: Dependency installation conflicts

Override Option: Set no_deps=False only if you're certain no sudo prompts will occur

For more information about bbot itself, visit: https://github.com/blacklanternsecurity/bbot