This repository contains Model Context Protocol (MCP) server implementations for various security testing tools, making them accessible through a standardized interface.
A server implementation that wraps the FFUF fuzzing tool, allowing it to be used through the MCP interface.
- URL-based fuzzing
- Support for all FFUF command line arguments
url: Target URL to fuzzffuf_args: Array of additional FFUF arguments
ffuf-mcp <ffuf binary> "ffuf": {
"command": "node",
"args": [
"/path/to/build/index.js",
"ffuf"
]
}A server implementation that wraps the SQLmap SQL injection testing tool, allowing it to be used through the MCP interface.
- URL-based SQL injection testing
- Support for all SQLmap command line arguments
- Error handling and status reporting
- Comprehensive SQL injection testing capabilities
url: Target URL to test for SQL injectionsqlmap_args: Array of additional SQLmap arguments
python3 sqlmap_mcp.py /you/path/sqlmap/sqlmap.py "sqlmap": {
"command": "python3",
"args": [
"/path/to/sqlmap_mcp.py",
"/you/path/sqlmap/sqlmap.py"
]
}A server implementation that wraps the Masscan tool, allowing it to be used through the MCP interface.
- Target based Port Scanning
- Support for all Masscan command line arguments
- Error handling and status reporting
target: Target ip to scanning portsport: Port nubmers to target ipmasscan_args: Array of additional masscan arguments
masscan-mcp <masscan> "masscan": {
"command": "node",
"args": [
"/path/to/build/index.js",
"masscan"
]
}A server implementation that wraps the nmap scanning tool, allowing it to be used through the MCP interface.
- Target based port scanning
- Support for all nmap command line arguments
target: Target ìp to fuzznmap_args: Array of additional nmap arguments
nmap-mcp <nmap binary> "nmap": {
"command": "node",
"args": [
"/path/to/build/index.js",
"nmap"
]
}A server implementation that wraps the Mobsf tool, allowing it to be used through the MCP interface.
- MobSF functionality exposed through MCP
- Simple configuration and setup
- Easy integration with other MCP-compatible tools and systems
- Standardized input/output handling
- Support for Android (APK), iOS (IPA), and Windows (APPX) mobile applications
base_url: The MobSF server URL (e.g.,http://localhost:8000)api_key: Your MobSF API key
mobsf-mcp <base_url> <api_key> "mobsf": {
"command": "node",
"args": [
"/path/to/build/index.js",
"http://127.0.0.1:8000",
"<api key>"
]
}A server implementation that wraps the nuclei tool, allowing it to be used through the MCP interface.
- Simple configuration and setup
- Easy integration with other MCP-compatible tools and systems
- Standardized input/output handling
- Access to Nuclei's extensive template library
url: The target URL to scan (required)tags: Comma-separated list of template tags to filter which checks to run (optional)
nuclei-mcp <nuclei> "nuclei": {
"command": "node",
"args": [
"/path/to/build/index.js",
"</usr/local/go/bin/nuclei>"
]
}A server implementation that wraps the sslscan tool, allowing it to be used through the MCP interface.
- Full SSLScan functionality exposed through MCP
- Simple configuration and setup
- Easy integration with other MCP-compatible tools and systems
- Standardized input/output handling
- Support for all SSLScan options and configurations
target: The target URL to scan (required)sslscan_args: Array of additional sslscan arguments
sslscan-mcp <sslscan> "sslscan": {
"command": "node",
"args": [
"/path/to/build/index.js",
"<sslscan>"
]
}A server implementation that wraps the http security headers , allowing it to be used through the MCP interface.
- Analysis of HTTP response headers against OWASP security standards
- Identification of security headers that should be removed
- Recommendations for missing security headers that should be added
- Simple configuration and setup
- Easy integration with other MCP-compatible tools and systems
- Standardized input/output handling
target: The target URL to analyze http headers (required)
http-headers-security-mcp "http_header_analyze": {
"command": "node",
"args": [
"/path/to/build/index.js"
]
}A server implementation that retrives the historical URLs from the Wayback Machine, allowing it to be used through the MCP interface.
- Integration with Waybackurls to fetch historical URLs from the Wayback Machine
- Option to include or exclude subdomains in the search
- Simple configuration and setup
- Easy integration with other MCP-compatible tools and systems
- Standardized input/output handling
target: The domain to retrieve historical URLs for (required)noSub: Boolean flag to control whether subdomains should be included (default: false)
waybackurls-mcp <waybackurls binary> "waybackurls": {
"command": "node",
"args": [
"/path/to/build/index.js",
"waybackurls"
]
}A server implementation that wraps the alterx tool, allowing it to be used through the MCP interface.
- Pattern-based wordlist generation for subdomain discovery
- Support for multiple permutation patterns and strategies
- Simple configuration and setup
- Easy integration with other MCP-compatible tools and systems
domain: The target domain or subdomains to use as a base for creating permutations (required)pattern: The pattern template to use for generating wordlist variations (required)outputFilePath: Path where the generated wordlist should be saved (optional)
alterx-mcp <alterx binary> "alterx": {
"command": "node",
"args": [
"/path/to/build/index.js",
"alterx"
]
}- amass
- massdns
- gowitness
- httpx
- ...
The project uses TypeScript and the Model Context Protocol SDK. To contribute:
- Fork the repository
- Create a feature branch
- Make your changes
- Submit a pull request