FuzzingLabs
mcp-security-hub
Python

A growing collection of MCP servers bringing offensive security tools to AI assistants. Nmap, Ghidra, Nuclei, SQLMap, Hashcat and more.

Last updated Jul 9, 2026
717
Stars
93
Forks
7
Issues
+15
Stars/day
Attention Score
89
Language breakdown
No language data available.
โ–ธ Files click to expand
README

Offensive Security MCP Servers

Build Status Security Scan License: MIT MCP Protocol

Production-ready, Dockerized MCP (Model Context Protocol) servers for offensive security tools. Enable AI assistants like Claude to perform security assessments, vulnerability scanning, and binary analysis.

38 MCPs 300+ Tools Docker Ready

Features

  • 38 MCP Servers covering reconnaissance, web security, binary analysis, blockchain security, cloud security, code security, secrets detection, threat intelligence, OSINT, Active Directory, fuzzing, and more
  • 300+ Security Tools accessible via natural language through Claude or other MCP clients
  • Production Hardened - Non-root containers, minimal images, Trivy-scanned
  • Docker Compose orchestration for multi-tool workflows
  • CI/CD Ready with GitHub Actions for automated builds and security scanning

Quick Start

# Clone the repository
git clone https://github.com/FuzzingLabs/mcp-security-hub
cd mcp-security-hub

Build all MCP servers

docker-compose build

Start specific servers

docker-compose up nmap-mcp nuclei-mcp -d

Verify health

docker-compose ps

Configure Claude Desktop / Claude Code

Important: You must build the images first with docker-compose build before using them.

Copy the example config to your Claude Desktop configuration:

macOS: ~/Library/Application Support/Claude/claudedesktopconfig.json

Windows: %APPDATA%\Claude\claudedesktopconfig.json

{
  "mcpServers": {
    "nmap": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "--cap-add=NET_RAW", "nmap-mcp:latest"]
    },
    "nuclei": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "nuclei-mcp:latest"]
    },
    "gitleaks": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "-v", "/path/to/repos:/app/target:ro", "gitleaks-mcp:latest"]
    },
    "radare2": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "-v", "/path/to/binaries:/samples:ro", "radare2-mcp:latest"]
    }
  }
}

For project-level config, copy .mcp.json to your project root. See examples/ for full configuration templates with all MCPs and volume mount patterns.

Available MCP Servers

Reconnaissance (8 servers)

| Server | Tools | Description | |--------|-------|-------------| | nmap-mcp | 8 | Port scanning, service detection, OS fingerprinting, NSE scripts | | shodan-mcp | - | Wrapper for official Shodan MCP | | pd-tools-mcp | - | Wrapper for ProjectDiscovery tools (subfinder, httpx, katana) | | whatweb-mcp | 5 | Web technology fingerprinting and CMS detection | | masscan-mcp | 6 | High-speed port scanning for large networks | | zoomeye-mcp | - | Wrapper for ZoomEye MCP - Cyberspace search engine | | networksdb-mcp | 4 | IP/ASN/DNS lookups via NetworksDB | | externalattacker-mcp | 6 | Attack surface mapping with ExternalAttacker |

Web Security (6 servers)

| Server | Tools | Description | |--------|-------|-------------| | nuclei-mcp | 7 | Template-based vulnerability scanning with 8000+ templates | | sqlmap-mcp | 8 | SQL injection detection and exploitation | | nikto-mcp | - | Wrapper for Nikto MCP web server scanner | | ffuf-mcp | 9 | Web fuzzing for directories, files, parameters, and virtual hosts | | waybackurls-mcp | 3 | Fetch historical URLs from Wayback Machine for reconnaissance | | burp-mcp | - | Wrapper for official Burp Suite MCP |

Binary Analysis (6 servers)

| Server | Tools | Description | |--------|-------|-------------| | radare2-mcp | 32 | Wrapper for official radare2-mcp - disassembly, decompilation | | binwalk-mcp | 6 | Firmware analysis, signature scanning, extraction | | yara-mcp | 7 | Pattern matching for malware classification | | capa-mcp | 5 | Capability detection in executables | | ghidra-mcp | - | Wrapper for pyghidra-mcp - Headless AI-powered reverse engineering | | ida-mcp | - | Wrapper for ida-pro-mcp - IDA Pro integration |

Blockchain Security (3 servers)

| Server | Tools | Description | |--------|-------|-------------| | daml-viewer-mcp | 1 | DAML access-control table generation and run tracking | | medusa-mcp | 4 | High-performance smart contract fuzzer for Solidity | | solazy-mcp | 8 | Solana sBPF static analysis and reverse engineering |

Cloud Security (3 servers)

| Server | Tools | Description | |--------|-------|-------------| | trivy-mcp | 7 | Container, filesystem, and IaC vulnerability scanning | | prowler-mcp | 6 | AWS/Azure/GCP security auditing and compliance | | roadrecon-mcp | 6 | Azure AD enumeration via RoadRecon |

Secrets Detection (1 server)

| Server | Tools | Description | |--------|-------|-------------| | gitleaks-mcp | 5 | Find secrets and credentials in git repos and files |

Exploitation (1 server)

| Server | Tools | Description | |--------|-------|-------------| | searchsploit-mcp | 5 | Exploit-DB search and retrieval |

Fuzzing (2 servers)

| Server | Tools | Description | |--------|-------|-------------| | boofuzz-mcp | 4 | Network protocol fuzzing using Boofuzz | | dharma-mcp | 2 | Grammar-based test case generation |

OSINT (2 servers)

| Server | Tools | Description | |--------|-------|-------------| | maigret-mcp | - | Wrapper for mcp-maigret - Username OSINT across 2500+ sites | | dnstwist-mcp | - | Wrapper for mcp-dnstwist - Typosquatting/phishing detection |

Threat Intelligence (2 servers)

| Server | Tools | Description | |--------|-------|-------------| | virustotal-mcp | - | Wrapper for mcp-virustotal - Malware analysis and threat intel | | otx-mcp | - | Wrapper for OTX MCP - AlienVault Open Threat Exchange |

Active Directory (1 server)

| Server | Tools | Description | |--------|-------|-------------| | bloodhound-mcp | 75+ | Wrapper for BloodHound-MCP-AI - AD attack path analysis |

Password Cracking (1 server)

| Server | Tools | Description | |--------|-------|-------------| | hashcat-mcp | - | Wrapper for hashcat-mcp - Natural language hash cracking |

Code Security (1 server)

| Server | Tools | Description | |--------|-------|-------------| | semgrep-mcp | 7 | Wrapper for Semgrep MCP - Static code analysis with 5000+ rules |

Meta (1 server)

| Server | Tools | Description | |--------|-------|-------------| | mcp-scan | - | Wrapper for mcp-scan - Scan MCP servers for vulnerabilities |

Usage Examples

Network Reconnaissance

You: "Scan 192.168.1.0/24 for web servers and identify technologies"

Claude: I'll perform a network scan and technology fingerprinting. [Uses nmap-mcp to scan ports 80,443,8080] [Uses whatweb-mcp to fingerprint discovered hosts]

Found 12 web servers:

  • 192.168.1.10: Apache 2.4.52, WordPress 6.4
  • 192.168.1.15: nginx 1.24, React application
...

Vulnerability Assessment

You: "Check example.com for common vulnerabilities"

Claude: I'll run a vulnerability scan using nuclei templates. [Uses nuclei-mcp with cves, exposures, and misconfigurations templates]

Found 3 issues:

  • HIGH: CVE-2024-1234 - Outdated jQuery version
  • MEDIUM: Exposed .git directory
  • INFO: Missing security headers

Binary Analysis

You: "Analyze this firmware image for security issues"

Claude: I'll extract and analyze the firmware. [Uses binwalk-mcp to extract filesystem] [Uses yara-mcp to scan for malware patterns] [Uses capa-mcp to identify capabilities]

Analysis complete:

  • Extracted 847 files from SquashFS filesystem
  • Found hardcoded credentials in /etc/shadow
  • Identified network backdoor capability

Security Hardening

All containers implement defense-in-depth:

| Control | Implementation | |---------|----------------| | Non-root execution | Runs as mcpuser (UID 1000) | | Minimal images | Alpine/Debian slim base images | | Dropped capabilities | capdrop: ALL, selective capadd | | No privilege escalation | security_opt: no-new-privileges:true | | Read-only mounts | Sample directories mounted read-only | | Resource limits | CPU and memory constraints | | Health checks | Built-in container health monitoring | | Vulnerability scanning | Trivy scans in CI/CD pipeline |

Project Structure

mcp-security-hub/
โ”œโ”€โ”€ reconnaissance/
โ”‚   โ”œโ”€โ”€ nmap-mcp/           # Port scanning
โ”‚   โ”œโ”€โ”€ shodan-mcp/         # Internet device search (wrapper)
โ”‚   โ”œโ”€โ”€ pd-tools-mcp/       # ProjectDiscovery tools (wrapper)
โ”‚   โ”œโ”€โ”€ whatweb-mcp/        # Web fingerprinting
โ”‚   โ”œโ”€โ”€ masscan-mcp/        # High-speed scanning
โ”‚   โ”œโ”€โ”€ zoomeye-mcp/        # Cyberspace search (wrapper)
โ”‚   โ”œโ”€โ”€ networksdb-mcp/     # IP/ASN/DNS lookups
โ”‚   โ””โ”€โ”€ externalattacker-mcp/ # Attack surface mapping
โ”œโ”€โ”€ web-security/
โ”‚   โ”œโ”€โ”€ nuclei-mcp/         # Vulnerability scanning
โ”‚   โ”œโ”€โ”€ sqlmap-mcp/         # SQL injection
โ”‚   โ”œโ”€โ”€ nikto-mcp/          # Web server scanning (wrapper)
โ”‚   โ”œโ”€โ”€ ffuf-mcp/           # Web fuzzing
โ”‚   โ””โ”€โ”€ burp-mcp/           # Burp Suite (wrapper)
โ”œโ”€โ”€ binary-analysis/
โ”‚   โ”œโ”€โ”€ radare2-mcp/        # Reverse engineering (wrapper)
โ”‚   โ”œโ”€โ”€ binwalk-mcp/        # Firmware analysis
โ”‚   โ”œโ”€โ”€ yara-mcp/           # Malware detection
โ”‚   โ”œโ”€โ”€ capa-mcp/           # Capability detection
โ”‚   โ”œโ”€โ”€ ghidra-mcp/         # Ghidra RE - pyghidra-mcp (headless)
โ”‚   โ””โ”€โ”€ ida-mcp/            # IDA Pro (wrapper)
โ”œโ”€โ”€ blockchain/
โ”‚   โ”œโ”€โ”€ daml-viewer-mcp/    # DAML access-control analysis
โ”‚   โ”œโ”€โ”€ medusa-mcp/         # Smart contract fuzzing
โ”‚   โ””โ”€โ”€ solazy-mcp/         # Solana analysis
โ”œโ”€โ”€ cloud-security/
โ”‚   โ”œโ”€โ”€ trivy-mcp/          # Container scanning (wrapper)
โ”‚   โ”œโ”€โ”€ prowler-mcp/        # Cloud auditing
โ”‚   โ””โ”€โ”€ roadrecon-mcp/      # Azure AD enumeration
โ”œโ”€โ”€ code-security/
โ”‚   โ””โ”€โ”€ semgrep-mcp/        # Static code analysis (wrapper)
โ”œโ”€โ”€ secrets/
โ”‚   โ””โ”€โ”€ gitleaks-mcp/       # Secrets detection
โ”œโ”€โ”€ exploitation/
โ”‚   โ””โ”€โ”€ searchsploit-mcp/   # Exploit database
โ”œโ”€โ”€ fuzzing/
โ”‚   โ”œโ”€โ”€ boofuzz-mcp/        # Network protocol fuzzing using Boofuzz
โ”‚   โ””โ”€โ”€ dharma-mcp/         # Grammar-based test case generation
โ”œโ”€โ”€ osint/
โ”‚   โ”œโ”€โ”€ maigret-mcp/        # Username OSINT (wrapper)
โ”‚   โ””โ”€โ”€ dnstwist-mcp/       # Typosquatting detection (wrapper)
โ”œโ”€โ”€ threat-intel/
โ”‚   โ”œโ”€โ”€ virustotal-mcp/     # Malware analysis (wrapper)
โ”‚   โ””โ”€โ”€ otx-mcp/            # AlienVault OTX (wrapper)
โ”œโ”€โ”€ active-directory/
โ”‚   โ””โ”€โ”€ bloodhound-mcp/     # AD attack paths (wrapper)
โ”œโ”€โ”€ password-cracking/
โ”‚   โ””โ”€โ”€ hashcat-mcp/        # Hash cracking (wrapper)
โ”œโ”€โ”€ meta/
โ”‚   โ””โ”€โ”€ mcp-scan/           # MCP security scanning
โ”œโ”€โ”€ scripts/
โ”‚   โ”œโ”€โ”€ setup.sh            # Quick setup
โ”‚   โ””โ”€โ”€ healthcheck.sh      # Health verification
โ”œโ”€โ”€ tests/
โ”‚   โ””โ”€โ”€ testmcpservers.py # Unit tests
โ”œโ”€โ”€ docker-compose.yml      # Orchestration
โ””โ”€โ”€ .github/workflows/      # CI/CD

Testing

# Run unit tests
pytest tests/ -v

Build and test all Docker images

./scripts/test_builds.sh

Test MCP protocol (after building)

echo '{"jsonrpc":"2.0","id":1,"method":"tools/list"}' | \ docker run -i --rm nmap-mcp:latest

Legal & Compliance

These tools are for authorized security testing only.

Before using:

  • Obtain written authorization from the target owner
  • Define scope - targets, timeline, allowed activities
  • Maintain audit logs of all operations
  • Follow responsible disclosure for any findings
Unauthorized access to computer systems is illegal. Users are responsible for compliance with applicable laws.

Contributing

Contributions welcome! To add a new MCP server:

  • Use Dockerfile.template as your starting point
  • Follow security hardening practices (non-root, minimal image)
  • Include health checks and comprehensive README
  • Ensure Trivy scan passes (no HIGH/CRITICAL vulnerabilities)
  • Add tests to tests/testmcpservers.py

Acknowledgments

License

MIT License - See LICENSE


Maintained by FuzzingLabs
Making AI-powered security testing accessible

๐Ÿ”— More in this category

ยฉ 2026 GitRepoTrend ยท FuzzingLabs/mcp-security-hub ยท Updated daily from GitHub