Pentesting Cyber MCP
50 MCP Servers for Security Tools
Standardized protocol interface for pentesting and bug bounty automation
What is MCP?
Model Context Protocol (MCP) is an open protocol that standardizes how applications expose tools and capabilities. This repository provides MCP server implementations for 50 popular security tools.
Each MCP server:
- Wraps a security tool with a standardized interface
- Exposes tool functionality through MCP protocol
- Can be used with any MCP-compatible client
- Runs as a standalone process
Available MCP Servers
Reconnaissance (15)
| MCP Server | Tool | Description |
|---|---|---|
amass | Amass | Attack surface mapping & subdomain enumeration |
alterx | Alterx | Subdomain wordlist generator |
assetfinder | Assetfinder | Asset discovery |
cero | Cero | Certificate-based subdomain discovery |
crtsh | crt.sh | Certificate transparency logs |
dnsx | dnsx | DNS toolkit |
httpx | httpx | HTTP probing |
katana | Katana | Web crawler |
gowitness | GoWitness | Screenshot utility |
masscan | Masscan | Port scanner |
shuffledns | ShuffleDNS | DNS bruteforcer |
subfinder | Subfinder | Subdomain enumeration |
uncover | Uncover | Shodan/Censys/Fofa search |
waybackurls | Waybackurls | Wayback Machine URLs |
notify | Notify | Notification streaming |
Vulnerability Scanning (11)
| MCP Server | Tool | Description |
|---|---|---|
nuclei | Nuclei | Template-based scanner |
nmap | Nmap | Network scanner |
sqlmap | SQLmap | SQL injection |
ffuf | FFUF | Web fuzzer |
arjun | Arjun | Parameter discovery |
smuggler | Smuggler | Request smuggling |
wpscan | WPScan | WordPress scanner |
nessus | Nessus | Vulnerability scanner |
dalfox | Dalfox | XSS scanner |
zap | OWASP ZAP | Web app scanner |
burpsuite | Burp Suite | Web security testing |
Exploitation & Password (3)
| MCP Server | Tool | Description |
|---|---|---|
metasploit | Metasploit | Exploitation framework |
hydra | THC-Hydra | Password brute force |
hashcat | Hashcat | Password cracking |
Cloud Security (4)
| MCP Server | Tool | Description |
|---|---|---|
prowler | Prowler | AWS/Azure/GCP security |
scoutsuite | ScoutSuite | Cloud auditing |
trivy | Trivy | Container/IaC scanner |
checkov | Checkov | IaC security |
Kubernetes Security (3)
| MCP Server | Tool | Description |
|---|---|---|
kube-hunter | kube-hunter | K8s penetration testing |
kubeaudit | kubeaudit | K8s security audit |
kube-bench | kube-bench | CIS benchmark |
Threat Intelligence (3)
| MCP Server | Tool | Description |
|---|---|---|
shodan | Shodan | Internet search engine |
virustotal | VirusTotal | Malware analysis |
bloodhound | BloodHound | AD attack paths |
Code Security (2)
| MCP Server | Tool | Description |
|---|---|---|
semgrep | Semgrep | Static analysis |
gitleaks | Gitleaks | Secret detection |
Network & AD (2)
| MCP Server | Tool | Description |
|---|---|---|
crackmapexec | CrackMapExec | AD/SMB toolkit |
ghidra | Ghidra | Reverse engineering |
Specialized (7)
| MCP Server | Tool | Description |
|---|---|---|
acunetix | Acunetix | Web vulnerability scanner |
mobsf | MobSF | Mobile security |
sslscan | SSLScan | SSL/TLS testing |
http-headers | Custom | Security headers |
commix | Commix | Command injection |
nextjs-scanner | Custom | Next.js CVE scanner |
unified | All-in-one | Single server for all tools |
Installation
Prerequisites
- Node.js 18+
- The underlying security tool installed
- Any MCP-compatible client
Install Individual Server
# Clone the repository
git clone https://github.com/hackersatyamrastogi/pentesting-cyber-mcp.git
cd pentesting-cyber-mcp
# Install dependencies
pnpm install
# Build all servers
pnpm build
# Or build specific server
cd servers/nmap && pnpm build
Run MCP Server
# Run nmap MCP server
node servers/nmap/build/index.js /usr/bin/nmap
# Run nuclei MCP server
node servers/nuclei/build/index.js /usr/bin/nuclei
# Run metasploit MCP server
node servers/metasploit/build/index.js msfconsole
Configuration
MCP Client Configuration
Add to your MCP client config:
{
"mcpServers": {
"nmap": {
"command": "node",
"args": ["path/to/servers/nmap/build/index.js", "/usr/bin/nmap"]
},
"nuclei": {
"command": "node",
"args": ["path/to/servers/nuclei/build/index.js", "nuclei"]
},
"sqlmap": {
"command": "node",
"args": ["path/to/servers/sqlmap/build/index.js", "sqlmap"]
},
"metasploit": {
"command": "node",
"args": ["path/to/servers/metasploit/build/index.js", "msfconsole"]
}
}
}
Unified Server (All Tools)
Use the unified server to access all 50 tools through a single MCP connection:
{
"mcpServers": {
"security-tools": {
"command": "node",
"args": ["path/to/servers/unified/build/index.js"]
}
}
}
Project Structure
pentesting-cyber-mcp/
āāā servers/
ā āāā nmap/
ā ā āāā src/index.ts
ā ā āāā package.json
ā ā āāā README.md
ā āāā nuclei/
ā āāā sqlmap/
ā āāā metasploit/
ā āāā hydra/
ā āāā hashcat/
ā āāā ... (50 servers)
ā āāā unified/
āāā scripts/
ā āāā generate-config.sh
āāā package.json
āāā README.md
Usage Example
Each MCP server exposes tools that can be called through the MCP protocol:
// Example: nmap MCP server exposes these tools
- nmap-scan // Run port scan
- nmap-service-scan // Service detection
- nmap-vuln-scan // Vulnerability scripts
// Example: nuclei MCP server
- do-nuclei // Run template scan
- get-nuclei-tags // List available tags
// Example: metasploit MCP server
- msf-search // Search modules
- msf-exploit-check // Check vulnerability
- msfvenom-generate // Generate payload
Security Notice
ā ļø For authorized testing only
- Obtain proper authorization before scanning
- Some tools require root/admin privileges
- Follow responsible disclosure practices
- Secure your API keys
See SECURITY.md for details.
Contributing
Contributions welcome! See CONTRIBUTING.md.
Add a new MCP server:
mkdir servers/my-tool
cd servers/my-tool
# Create src/index.ts, package.json, README.md
License
MIT License - see LICENSE
Author
Satyam Rastogi - @hackersatyamrastogi
Pentesting Cyber MCP
50 Security Tools ā¢ One Protocol
