Security Scanner MCP Server
Comprehensive security scanning using Nuclei vulnerability scanner with cluster-wide capabilities.
Part of the Agentic System - a 24/7 autonomous AI framework with persistent memory.
Comprehensive security scanning integration using Nuclei vulnerability scanner with cluster-wide capabilities.
Features
- Single Target Scanning: Scan individual URLs or IPs with customizable severity and templates
- Network Scanning: Batch scan multiple targets or CIDR ranges
- Cluster Integration: Scan all nodes in the agentic cluster
- Template Management: List, filter, and update Nuclei templates
- Scan History: Retrieve and analyze previous scan results
- Scheduled Scans: Configure periodic security assessments
- Multiple Output Formats: JSON, JSONL, or Markdown reports
Installation
cd ${AGENTIC_SYSTEM_PATH:-/opt/agentic}/mcp-servers/security-scanner-mcp
source ${AGENTIC_SYSTEM_PATH:-/opt/agentic}/.venv/bin/activate
pip install -e .
MCP Configuration
Add to ~/.claude.json:
{
"mcpServers": {
"security-scanner": {
"command": "${AGENTIC_SYSTEM_PATH:-/opt/agentic}/.venv/bin/python",
"args": ["-m", "security_scanner.server"],
"env": {
"NUCLEI_BIN": "${HOME}/go/bin/nuclei",
"SCAN_RESULTS_DIR": "${AGENTIC_SYSTEM_PATH:-/opt/agentic}/security-scans"
}
}
}
}
Available Tools
scan_target
Scan a single target with Nuclei vulnerability scanner.
Parameters:
target(required): URL or IP addressseverity: Array of severity levels ["info", "low", "medium", "high", "critical"]templates: Specific template paths or tagsrate_limit: Requests per second (default: 150)timeout: Scan timeout in seconds (default: 300)output_format: "json", "jsonl", or "markdown"
Example:
{
"target": "https://example.com",
"severity": ["high", "critical"],
"rate_limit": 100
}
scan_network
Scan multiple targets from a list or CIDR range.
Parameters:
targets: Array of target URLs/IPstarget_file: Path to file with targets (one per line)severity: Severity filterparallel: Number of concurrent scans (default: 5)rate_limit: Requests per second per target
scan_cluster_nodes
Scan all nodes in the agentic cluster for vulnerabilities.
Parameters:
scan_type: "network", "web", "api", or "full"severity: Severity levels to check
list_templates
List available Nuclei templates by tag, severity, or author.
Parameters:
tag: Filter by tag (e.g., "cve", "exposure")severity: Filter by severity levelauthor: Filter by template author
update_templates
Update Nuclei templates to the latest version.
get_scan_results
Retrieve results from a previous scan by scan_id.
Parameters:
scan_id(required): Scan identifierlimit: Max results to return (default: 100)severity: Filter by severity levels
list_scans
List all previous security scans.
Parameters:
limit: Maximum number of scans to returntarget: Filter by target
schedule_periodic_scan
Schedule recurring security scans (requires agent runtime).
Parameters:
targets(required): List of targets to scaninterval_hours: Scan interval (default: 24)severity_threshold: Minimum severity to report (default: "medium")notify_on_new: Alert on new vulnerabilities (default: true)
Integration with Agentic System
Cluster-Wide Scanning
The security scanner automatically detects and scans all nodes in the agentic cluster. Cluster nodes are loaded from configuration:
- builder - Linux build node
- orchestrator - Coordination node
- coordinator - Multi-node coordinator
- files - File server
Autonomous Agent Integration
Combine with the autonomous security scanning agent for:
- Automated vulnerability assessment
- Continuous security monitoring
- Intelligent threat prioritization
- Automatic remediation recommendations
Enhanced Memory Integration
Scan results are stored in enhanced-memory for:
- Historical vulnerability tracking
- Pattern recognition across scans
- Causal relationship analysis
- Learning from remediation outcomes
Scan Results
Results are stored in ${AGENTIC_SYSTEM_PATH:-/opt/agentic}/security-scans/:
scan_YYYYMMDD_HHMMSS_ID.json- Scan findingsscan_YYYYMMDD_HHMMSS_ID_metadata.json- Scan metadata
Example Usage
Scan a single target
# Via Claude Code
scan_target({
"target": "192.0.2.196",
"severity": ["high", "critical"],
"templates": ["network", "exposure"]
})
Scan entire cluster
scan_cluster_nodes({
"scan_type": "full",
"severity": ["medium", "high", "critical"]
})
Review previous scans
list_scans({"limit": 10})
get_scan_results({"scan_id": "scan_20251118_110000_1234"})
Security Considerations
- Scans generate network traffic - coordinate with network admin
- Rate limiting prevents overwhelming targets
- Results may contain sensitive information - restrict access
- Authorized scanning only - verify permission before scanning external targets
Dependencies
- Nuclei v3.5.1+
- Python 3.10+
- asyncio
- aiofiles
- pydantic
References
- Nuclei - Main vulnerability scanner
- nuclei-mcp - Reference MCP implementation
- ExternalAttacker-MCP - Security testing MCP
License
MIT License - Part of the Mac Pro 5,1 Agentic System
Part of the MCP Ecosystem
This server integrates with other MCP servers for comprehensive AGI capabilities:
| Server | Purpose |
|---|---|
| enhanced-memory-mcp | 4-tier persistent memory with semantic search |
| agent-runtime-mcp | Persistent task queues and goal decomposition |
| agi-mcp | Full AGI orchestration with 21 tools |
| cluster-execution-mcp | Distributed task routing across nodes |
| node-chat-mcp | Inter-node AI communication |
| ember-mcp | Production-only policy enforcement |
See agentic-system-oss for the complete framework.