TS

mcp-for-security

by cyproxio/mcp-for-security

2 views

MCP for Security: A collection of Model Context Protocol servers for popular security tools like SQLMap, FFUF, NMAP, Masscan and more. Integrate security testing and penetration testing into AI workflows.

automationpythonSecurity & Privacy

MCP for Security Tools

This repository contains Model Context Protocol (MCP) server implementations for various security testing tools, making them accessible through a standardized interface.

Available Tools

ToolDescriptionDetailed Documentation
AmassAdvanced subdomain enumeration and reconnaissance toolAmass MCP Documentation
AlterxPattern-based wordlist generator for subdomain discoveryAlterx MCP Documentation
ArjunRun Arjun to discover hidden HTTP parametersArjun MCP Documentation
AssetfinderPassive subdomain discovery tool based on Tomnomnom’s AssetfinderAssetfinder MCP Documentation
Certificate Search (crt.sh)Subdomain discovery tool using SSL certificate logsCertificate Search MCP Documentation
FFUFWeb content fuzzing tool for discovering hidden files and directoriesFFUF MCP Documentation
HTTP Headers SecurityAnalyzer for HTTP security headers against OWASP standardsHTTP Headers MCP Documentation
httpxFast and multi-purpose HTTP toolkit for port scanning.httpx MCP Documentation
KatanaFast and flexible web crawler with JS parsing and hybrid crawling supportKatana MCP Documentation
MasscanFast port scanner for large-scale network discoveryMasscan MCP Documentation
MobSFMobile security framework for analyzing mobile applicationsMobSF MCP Documentation
NmapComprehensive network scanning tool for service and vulnerability discoveryNmap MCP Documentation
NucleiVulnerability scanner using custom templatesNuclei MCP Documentation
Scout SuiteCloud security auditing tool for assessing configurations across multiple servicesScout Suite MCP Documentation
SSLScanSSL/TLS configuration analyzer for security assessmentSSLScan MCP Documentation
shufflednsHigh-speed and customizable DNS brute-forcing and resolution toolshuffledns MCP Documentation
SmugglerAdvanced tool for detecting HTTP Request Smuggling vulnerabilitiesSmuggler MCP Documentation
SQLmapAdvanced SQL injection detection and exploitation toolSQLmap MCP Documentation
WaybackurlsTool for retrieving historical URLs from the Wayback MachineWaybackurls MCP Documentation
WPScanWordPress vulnerability scanner for detecting plugins, themes, and configuration issuesWPScan MCP Documentation

Quick Reference

Alterx MCP

Generates custom wordlists for subdomain discovery using pattern-based permutations.

Amass MCP

Advanced reconnaissance tool for subdomain enumeration and intelligence gathering with both passive and active modes.

arjun MCP

Discovers hidden HTTP parameters on web applications by scanning URLs, supporting custom wordlists, multiple methods, and adjustable scanning speeds.

Assetfinder MCP

Discovers subdomains related to a given domain using passive enumeration techniques. Integrates Tomnomnom’s Assetfinder into the MCP ecosystem for fast and reliable reconnaissance.

Certificate Search (crt.sh) MCP

Discovers subdomains by querying SSL certificate transparency logs without active scanning.

FFUF MCP Server

URL-based fuzzing tool with support for all FFUF command line arguments.

HTTP Headers Security MCP

Analyzes HTTP response headers against OWASP security standards with recommendations.

httpx MCP

Performs high-speed probing of discovered subdomains to validate alive hosts, fetch response details, and enrich reconnaissance data without heavy scanning.

Katana MCP

Performs fast and customizable web crawling to discover endpoints, scripts, and hidden paths. Supports JavaScript parsing, depth control, and hybrid crawling with headless browsers to enrich reconnaissance and automation workflows.

Masscan MCP Server

Fast port scanning tool for target-based port discovery across networks.

MobSF MCP Server

Mobile application security testing framework for Android, iOS, and Windows applications.

Nmap MCP Server

Full-featured network scanner with detailed service fingerprinting and vulnerability detection.

Nuclei MCP Server

Template-based vulnerability scanner with an extensive library of security checks.

Scout Suite MCP Server

Performs a multi-service cloud security audit by analyzing cloud configurations and highlighting potential misconfigurations and risks based on best practices.

shuffledns MCP

High-speed DNS brute-forcing and mass subdomain resolution tool to quickly discover valid subdomains using custom resolvers and wordlists.

smuggler MCP

HTTP Request Smuggling detection tool that identifies desynchronization vulnerabilities between front-end and back-end servers.

SQLmap MCP Server

SQL injection testing tool with comprehensive capabilities for vulnerability discovery.

SSLScan MCP Server

SSL/TLS configuration analyzer for identifying weak ciphers and security misconfigurations.

Waybackurls MCP

Retrieves historical URLs from the Wayback Machine to discover forgotten endpoints.

WPScan MCP

WordPress vulnerability scanner for detecting outdated plugins, themes, and common misconfigurations.

TO-DO Tools

  • cero
  • commix
  • Corsy
  • CrackMapExec
  • crlfuzz
  • dalfox
  • dnsrecon
  • feroxbuster
  • gau
  • getJS
  • github-endpoints
  • github-subdomains
  • gobuster
  • gospider
  • gowitness
  • hakrawler
  • kiterunner
  • medusa
  • naabu
  • ParamSpider
  • puredns
  • s3scanner
  • tlsx
  • wafw00f
  • webscreenshot
  • wpscan
  • ...

Development

The project uses TypeScript and the Model Context Protocol SDK. To contribute:

  1. Fork the repository
  2. Create a feature branch
  3. Make your changes
  4. Submit a pull request

Installation

For installation instructions for each tool, please refer to the individual documentation linked in the table above.

Usage

Each tool has specific parameters and usage instructions. For detailed information, see the documentation for the specific tool you want to use.

License

Install

No configuration available
For more configuration details, refer to the content on the left

Related

Related projects feature coming soon

Will recommend related projects based on sub-categories