Share
## https://sploitus.com/exploit?id=D55B959E-9FBD-58C1-B76A-FB17FC6EB32F
# Cyber MCPs - Security Tools for AI

[](LICENSE)
[](https://www.typescriptlang.org/)
[](https://github.com/modelcontextprotocol/sdk)
[](https://github.com/hackersatyamrastogi/Cyber_MCPs)
**A collection of Model Context Protocol (MCP) servers for security tools**
*Enabling AI-powered security assessments through standardized tool integration*
[Installation](#installation) | [Available Servers](#available-servers) | [Usage](#usage) | [Security](#-security-warning) | [Contributing](#contributing)
---
## โ ๏ธ SECURITY WARNING
### ๐จ READ BEFORE USING
**These MCP servers wrap powerful security tools that can:**
- Execute system commands on your machine
- Scan networks and systems (potentially illegally without authorization)
- Expose your IP address to targets
- Require elevated privileges (root/admin)
**CRITICAL SECURITY RISKS:**
1. **Command Injection** - User inputs flow to shell commands
2. **Privilege Escalation** - Some tools need root access
3. **Legal Liability** - Unauthorized scanning is illegal
4. **Data Exposure** - Scan results may leak through AI systems
๐ **Read the full [SECURITY.md](SECURITY.md) before deploying**
---
## Overview
This monorepo contains **38 MCP servers** that wrap popular security tools, making them accessible to AI assistants like Claude through the [Model Context Protocol](https://modelcontextprotocol.io/).
Each server is:
- **Standalone** - Can be installed and used independently
- **Type-safe** - Written in TypeScript with full type definitions
- **Well-documented** - Includes usage examples and Claude Desktop configuration
- **Production-ready** - Published on npm with semantic versioning
## Available Servers
### Reconnaissance Tools (12)
| Package | Tool | Description |
|---------|------|-------------|
| [`@mcp-security/amass`](./servers/amass) | [Amass](https://github.com/owasp-amass/amass) | Subdomain enumeration and attack surface mapping |
| [`@mcp-security/alterx`](./servers/alterx) | [Alterx](https://github.com/projectdiscovery/alterx) | Fast subdomain wordlist generator |
| [`@mcp-security/assetfinder`](./servers/assetfinder) | [Assetfinder](https://github.com/tomnomnom/assetfinder) | Asset discovery from various sources |
| [`@mcp-security/cero`](./servers/cero) | [Cero](https://github.com/glebarez/cero) | Certificate-based subdomain discovery |
| [`@mcp-security/crtsh`](./servers/crtsh) | [crt.sh](https://crt.sh) | Certificate transparency log search |
| [`@mcp-security/shuffledns`](./servers/shuffledns) | [ShuffleDNS](https://github.com/projectdiscovery/shuffledns) | High-speed DNS resolver and bruteforcer |
| [`@mcp-security/httpx`](./servers/httpx) | [httpx](https://github.com/projectdiscovery/httpx) | Fast HTTP probing and analysis |
| [`@mcp-security/katana`](./servers/katana) | [Katana](https://github.com/projectdiscovery/katana) | Next-gen web crawling framework |
| [`@mcp-security/gowitness`](./servers/gowitness) | [GoWitness](https://github.com/sensepost/gowitness) | Website screenshot utility |
| [`@mcp-security/waybackurls`](./servers/waybackurls) | [Waybackurls](https://github.com/tomnomnom/waybackurls) | Fetch URLs from Wayback Machine |
| [`@mcp-security/masscan`](./servers/masscan) | [Masscan](https://github.com/robertdavidgraham/masscan) | High-speed port scanner |
| [`@mcp-security/subfinder`](./servers/subfinder) | [Subfinder](https://github.com/projectdiscovery/subfinder) | Fast passive subdomain enumeration |
### Vulnerability Assessment (11)
| Package | Tool | Description |
|---------|------|-------------|
| [`@mcp-security/nuclei`](./servers/nuclei) | [Nuclei](https://github.com/projectdiscovery/nuclei) | Template-based vulnerability scanner |
| [`@mcp-security/nmap`](./servers/nmap) | [Nmap](https://nmap.org) | Network discovery and security auditing |
| [`@mcp-security/sqlmap`](./servers/sqlmap) | [SQLmap](https://sqlmap.org) | SQL injection detection and exploitation |
| [`@mcp-security/ffuf`](./servers/ffuf) | [FFUF](https://github.com/ffuf/ffuf) | Fast web fuzzer |
| [`@mcp-security/arjun`](./servers/arjun) | [Arjun](https://github.com/s0md3v/Arjun) | HTTP parameter discovery |
| [`@mcp-security/smuggler`](./servers/smuggler) | [Smuggler](https://github.com/defparam/smuggler) | HTTP request smuggling detector |
| [`@mcp-security/wpscan`](./servers/wpscan) | [WPScan](https://wpscan.com) | WordPress security scanner |
| [`@mcp-security/nessus`](./servers/nessus) | [Nessus](https://www.tenable.com/products/nessus) | Vulnerability scanner integration |
| [`@mcp-security/dalfox`](./servers/dalfox) | [Dalfox](https://github.com/hahwul/dalfox) | XSS vulnerability scanner |
| [`@mcp-security/zap`](./servers/zap) | [OWASP ZAP](https://www.zaproxy.org/) | Web application security scanner |
| [`@mcp-security/burpsuite`](./servers/burpsuite) | [Burp Suite](https://portswigger.net/burp) | Web security testing platform |
### Threat Intelligence & OSINT (3)
| Package | Tool | Description |
|---------|------|-------------|
| [`@mcp-security/shodan`](./servers/shodan) | [Shodan](https://www.shodan.io/) | Internet-connected device search engine |
| [`@mcp-security/virustotal`](./servers/virustotal) | [VirusTotal](https://www.virustotal.com/) | Malware and URL threat analysis |
| [`@mcp-security/bloodhound`](./servers/bloodhound) | [BloodHound](https://github.com/BloodHoundAD/BloodHound) | Active Directory attack path analysis |
### Cloud & Infrastructure Security (4)
| Package | Tool | Description |
|---------|------|-------------|
| [`@mcp-security/scoutsuite`](./servers/scoutsuite) | [ScoutSuite](https://github.com/nccgroup/ScoutSuite) | Cloud security auditing (AWS/Azure/GCP) |
| [`@mcp-security/prowler`](./servers/prowler) | [Prowler](https://github.com/prowler-cloud/prowler) | AWS/Azure/GCP security assessment |
| [`@mcp-security/trivy`](./servers/trivy) | [Trivy](https://github.com/aquasecurity/trivy) | Container and IaC vulnerability scanner |
| [`@mcp-security/checkov`](./servers/checkov) | [Checkov](https://github.com/bridgecrewio/checkov) | Infrastructure as Code security scanner |
### Code & Secret Security (2)
| Package | Tool | Description |
|---------|------|-------------|
| [`@mcp-security/semgrep`](./servers/semgrep) | [Semgrep](https://semgrep.dev/) | Static analysis for security vulnerabilities |
| [`@mcp-security/gitleaks`](./servers/gitleaks) | [Gitleaks](https://github.com/gitleaks/gitleaks) | Secret detection in git repositories |
### Network & AD Security (2)
| Package | Tool | Description |
|---------|------|-------------|
| [`@mcp-security/crackmapexec`](./servers/crackmapexec) | [CrackMapExec](https://github.com/byt3bl33d3r/CrackMapExec) | Network/AD penetration testing toolkit |
| [`@mcp-security/ghidra`](./servers/ghidra) | [Ghidra](https://ghidra-sre.org/) | NSA reverse engineering framework |
### Specialized Tools (4)
| Package | Tool | Description |
|---------|------|-------------|
| [`@mcp-security/mobsf`](./servers/mobsf) | [MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) | Mobile app security analysis |
| [`@mcp-security/sslscan`](./servers/sslscan) | [SSLScan](https://github.com/rbsec/sslscan) | SSL/TLS configuration testing |
| [`@mcp-security/http-headers`](./servers/http-headers) | Custom | Security headers analysis |
| [`@mcp-security/commix`](./servers/commix) | [Commix](https://github.com/commixproject/commix) | Command injection exploitation |
## Installation
### Prerequisites
- Node.js 18+
- The underlying security tool installed on your system
- Claude Desktop or any MCP-compatible client
### Quick Start
```bash
# Install a specific MCP server
npm install -g @mcp-security/nmap
# Or use npx directly
npx @mcp-security/nmap /usr/bin/nmap
```
### Claude Desktop Configuration
Add to your `claude_desktop_config.json`:
```json
{
"mcpServers": {
"nmap": {
"command": "npx",
"args": ["-y", "@mcp-security/nmap", "/usr/bin/nmap"]
},
"nuclei": {
"command": "npx",
"args": ["-y", "@mcp-security/nuclei", "/usr/bin/nuclei"]
},
"shodan": {
"command": "npx",
"args": ["-y", "@mcp-security/shodan", "YOUR_SHODAN_API_KEY"]
},
"semgrep": {
"command": "npx",
"args": ["-y", "@mcp-security/semgrep", "semgrep"]
},
"trivy": {
"command": "npx",
"args": ["-y", "@mcp-security/trivy", "trivy"]
},
"gitleaks": {
"command": "npx",
"args": ["-y", "@mcp-security/gitleaks", "gitleaks"]
}
}
}
```
## Usage
Once configured, you can interact with security tools through natural language:
```
User: Scan 192.168.1.1 for open ports
Claude: I'll run an Nmap scan on that target.
[Uses nmap MCP server]
Results:
- Port 22/tcp: open (SSH)
- Port 80/tcp: open (HTTP)
- Port 443/tcp: open (HTTPS)
```
```
User: Search Shodan for exposed MongoDB databases
Claude: I'll search Shodan for MongoDB instances.
[Uses shodan MCP server]
Found 15,432 results for MongoDB servers...
```
```
User: Scan my Terraform files for security issues
Claude: I'll run Checkov to analyze your IaC files.
[Uses checkov MCP server]
Found 12 security issues:
- 3 Critical: S3 bucket encryption disabled
- 5 High: Security group allows all traffic
- 4 Medium: Missing resource tags
```
## Development
### Setting Up the Monorepo
```bash
# Clone the repository
git clone https://github.com/hackersatyamrastogi/Cyber_MCPs.git
cd Cyber_MCPs
# Install dependencies
pnpm install
# Build all packages
pnpm build
# Run tests
pnpm test
```
### Creating a New MCP Server
```bash
# Use the generator script
./scripts/create-mcp-server.sh my-tool
# Or manually create the structure
mkdir servers/my-tool
cd servers/my-tool
npm init -y
```
## Security Considerations
> **IMPORTANT**: These tools are intended for authorized security testing only.
- Always obtain proper authorization before scanning networks or systems
- Some tools require root/administrator privileges
- Be aware of rate limiting and scan detection
- Follow responsible disclosure practices
- API keys (Shodan, VirusTotal, etc.) should be kept secure
## Contributing
We welcome contributions! Please see [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
### Ways to Contribute
- Add new MCP servers for security tools
- Improve existing server implementations
- Enhance documentation and examples
- Report bugs and suggest features
## License
This project is licensed under the MIT License - see [LICENSE](LICENSE) for details.
## Acknowledgments
- [Model Context Protocol](https://modelcontextprotocol.io/) by Anthropic
- All the amazing open-source security tools this project wraps
- The security research community
---
**MCP Security Tools**
*Making security tools accessible to AI*