{"id":43039008,"url":"https://github.com/FuzzingLabs/mcp-security-hub","last_synced_at":"2026-02-08T23:00:27.037Z","repository":{"id":335112702,"uuid":"1129086590","full_name":"FuzzingLabs/mcp-security-hub","owner":"FuzzingLabs","description":"A growing collection of MCP servers bringing offensive security tools to AI assistants. Nmap, Ghidra, Nuclei, SQLMap, Hashcat and more.","archived":false,"fork":false,"pushed_at":"2026-01-28T20:23:06.000Z","size":205,"stargazers_count":157,"open_issues_count":1,"forks_count":27,"subscribers_count":2,"default_branch":"master","last_synced_at":"2026-01-29T06:23:17.712Z","etag":null,"topics":["ai","claude","cybersecurity","docker","ghidra","mcp","mcp-server","nmap","nuclei","offensive-security","osint","pentesting","security","vulnerability-scanner"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/FuzzingLabs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-06T15:31:00.000Z","updated_at":"2026-01-29T06:12:01.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/FuzzingLabs/mcp-security-hub","commit_stats":null,"previous_names":["fuzzinglabs/mcp-security-hub"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/FuzzingLabs/mcp-security-hub","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FuzzingLabs%2Fmcp-security-hub","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FuzzingLabs%2Fmcp-security-hub/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FuzzingLabs%2Fmcp-security-hub/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FuzzingLabs%2Fmcp-security-hub/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/FuzzingLabs","download_url":"https://codeload.github.com/FuzzingLabs/mcp-security-hub/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FuzzingLabs%2Fmcp-security-hub/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29248487,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-08T22:49:53.206Z","status":"ssl_error","status_checked_at":"2026-02-08T22:49:51.384Z","response_time":57,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","claude","cybersecurity","docker","ghidra","mcp","mcp-server","nmap","nuclei","offensive-security","osint","pentesting","security","vulnerability-scanner"],"created_at":"2026-01-31T09:00:33.926Z","updated_at":"2026-02-08T23:00:27.030Z","avatar_url":"https://github.com/FuzzingLabs.png","language":"Python","funding_links":[],"categories":["Python","Servers","Attack Techniques \u0026 Red Teaming","⚔️ Weaponization \u0026 Exploitation"],"sub_categories":["Security","AI-Assisted Offensive Security"],"readme":"# Offensive Security MCP Servers\n\n[![Build Status](https://github.com/FuzzingLabs/mcp-security-hub/actions/workflows/build.yml/badge.svg)](https://github.com/FuzzingLabs/mcp-security-hub/actions/workflows/build.yml)\n[![Security Scan](https://github.com/FuzzingLabs/mcp-security-hub/actions/workflows/security-scan.yml/badge.svg)](https://github.com/FuzzingLabs/mcp-security-hub/actions/workflows/security-scan.yml)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n[![MCP Protocol](https://img.shields.io/badge/MCP-Protocol-blue.svg)](https://modelcontextprotocol.io/)\n\nProduction-ready, Dockerized MCP (Model Context Protocol) servers for offensive security tools. Enable AI assistants like Claude to perform security assessments, vulnerability scanning, and binary analysis.\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/MCPs-28-brightgreen\" alt=\"28 MCPs\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Tools-163+-orange\" alt=\"163+ Tools\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Docker-Ready-blue\" alt=\"Docker Ready\"/\u003e\n\u003c/p\u003e\n\n## Features\n\n- **28 MCP Servers** covering reconnaissance, web security, binary analysis, cloud security, secrets detection, threat intelligence, OSINT, Active Directory, and more\n- **163+ Security Tools** accessible via natural language through Claude or other MCP clients\n- **Production Hardened** - Non-root containers, minimal images, Trivy-scanned\n- **Docker Compose** orchestration for multi-tool workflows\n- **CI/CD Ready** with GitHub Actions for automated builds and security scanning\n\n## Quick Start\n\n```bash\n# Clone the repository\ngit clone https://github.com/FuzzingLabs/mcp-security-hub\ncd mcp-security-hub\n\n# Build all MCP servers\ndocker-compose build\n\n# Start specific servers\ndocker-compose up nmap-mcp nuclei-mcp -d\n\n# Verify health\ndocker-compose ps\n```\n\n### Configure Claude Desktop\n\n**Important:** You must build the images first with `docker-compose build` before using them.\n\nAdd to your Claude Desktop configuration:\n\n**macOS**: `~/Library/Application Support/Claude/claude_desktop_config.json`\n\n**Windows**: `%APPDATA%\\Claude\\claude_desktop_config.json`\n\n```json\n{\n  \"mcpServers\": {\n    \"nmap\": {\n      \"command\": \"docker\",\n      \"args\": [\"run\", \"-i\", \"--rm\", \"--cap-add=NET_RAW\", \"nmap-mcp:latest\"]\n    },\n    \"nuclei\": {\n      \"command\": \"docker\",\n      \"args\": [\"run\", \"-i\", \"--rm\", \"nuclei-mcp:latest\"]\n    },\n    \"radare2\": {\n      \"command\": \"docker\",\n      \"args\": [\"run\", \"-i\", \"--rm\", \"-v\", \"/path/to/binaries:/samples:ro\", \"radare2-mcp:latest\"]\n    }\n  }\n}\n```\n\n## Available MCP Servers\n\n### Reconnaissance (6 servers)\n\n| Server | Tools | Description |\n|--------|-------|-------------|\n| [nmap-mcp](./reconnaissance/nmap-mcp) | 8 | Port scanning, service detection, OS fingerprinting, NSE scripts |\n| [shodan-mcp](./reconnaissance/shodan-mcp) | - | Wrapper for [official Shodan MCP](https://github.com/BurtTheCoder/mcp-shodan) |\n| [pd-tools-mcp](./reconnaissance/pd-tools-mcp) | - | Wrapper for [ProjectDiscovery tools](https://github.com/intelligent-ears/pd-tools-mcp) (subfinder, httpx, katana) |\n| [whatweb-mcp](./reconnaissance/whatweb-mcp) | 5 | Web technology fingerprinting and CMS detection |\n| [masscan-mcp](./reconnaissance/masscan-mcp) | 6 | High-speed port scanning for large networks |\n| [zoomeye-mcp](./reconnaissance/zoomeye-mcp) | - | Wrapper for [ZoomEye MCP](https://github.com/zoomeye-ai/mcp_zoomeye) - Cyberspace search engine |\n\n### Web Security (6 servers)\n\n| Server | Tools | Description |\n|--------|-------|-------------|\n| [nuclei-mcp](./web-security/nuclei-mcp) | 7 | Template-based vulnerability scanning with 8000+ templates |\n| [sqlmap-mcp](./web-security/sqlmap-mcp) | 8 | SQL injection detection and exploitation |\n| [nikto-mcp](./web-security/nikto-mcp) | - | Wrapper for [Nikto MCP](https://github.com/weldpua2008/nikto-mcp) web server scanner |\n| [ffuf-mcp](./web-security/ffuf-mcp) | 9 | Web fuzzing for directories, files, parameters, and virtual hosts |\n| [waybackurls-mcp](./web-security/waybackurls-mcp) | 3 | Fetch historical URLs from Wayback Machine for reconnaissance |\n| [burp-mcp](./web-security/burp-mcp) | - | Wrapper for [official Burp Suite MCP](https://github.com/PortSwigger/mcp-server) |\n\n### Binary Analysis (6 servers)\n\n| Server | Tools | Description |\n|--------|-------|-------------|\n| [radare2-mcp](./binary-analysis/radare2-mcp) | 32 | Wrapper for [official radare2-mcp](https://github.com/radareorg/radare2-mcp) - disassembly, decompilation |\n| [binwalk-mcp](./binary-analysis/binwalk-mcp) | 6 | Firmware analysis, signature scanning, extraction |\n| [yara-mcp](./binary-analysis/yara-mcp) | 7 | Pattern matching for malware classification |\n| [capa-mcp](./binary-analysis/capa-mcp) | 5 | Capability detection in executables |\n| [ghidra-mcp](./binary-analysis/ghidra-mcp) | - | Wrapper for [pyghidra-mcp](https://github.com/clearbluejar/pyghidra-mcp) - Headless AI-powered reverse engineering |\n| [ida-mcp](./binary-analysis/ida-mcp) | - | Wrapper for [ida-pro-mcp](https://github.com/mrexodia/ida-pro-mcp) - IDA Pro integration |\n\n### Cloud Security (2 servers)\n\n| Server | Tools | Description |\n|--------|-------|-------------|\n| [trivy-mcp](./cloud-security/trivy-mcp) | 7 | Container, filesystem, and IaC vulnerability scanning |\n| [prowler-mcp](./cloud-security/prowler-mcp) | 6 | AWS/Azure/GCP security auditing and compliance |\n\n### Secrets Detection (1 server)\n\n| Server | Tools | Description |\n|--------|-------|-------------|\n| [gitleaks-mcp](./secrets/gitleaks-mcp) | 5 | Find secrets and credentials in git repos and files |\n\n### Exploitation (1 server)\n\n| Server | Tools | Description |\n|--------|-------|-------------|\n| [searchsploit-mcp](./exploitation/searchsploit-mcp) | 5 | Exploit-DB search and retrieval |\n\n### OSINT (2 servers)\n\n| Server | Tools | Description |\n|--------|-------|-------------|\n| [maigret-mcp](./osint/maigret-mcp) | - | Wrapper for [mcp-maigret](https://github.com/BurtTheCoder/mcp-maigret) - Username OSINT across 2500+ sites |\n| [dnstwist-mcp](./osint/dnstwist-mcp) | - | Wrapper for [mcp-dnstwist](https://github.com/BurtTheCoder/mcp-dnstwist) - Typosquatting/phishing detection |\n\n### Threat Intelligence (2 servers)\n\n| Server | Tools | Description |\n|--------|-------|-------------|\n| [virustotal-mcp](./threat-intel/virustotal-mcp) | - | Wrapper for [mcp-virustotal](https://github.com/BurtTheCoder/mcp-virustotal) - Malware analysis and threat intel |\n| [otx-mcp](./threat-intel/otx-mcp) | - | Wrapper for [OTX MCP](https://github.com/mrwadams/otx-mcp) - AlienVault Open Threat Exchange |\n\n### Active Directory (1 server)\n\n| Server | Tools | Description |\n|--------|-------|-------------|\n| [bloodhound-mcp](./active-directory/bloodhound-mcp) | 75+ | Wrapper for [BloodHound-MCP-AI](https://github.com/MorDavid/BloodHound-MCP-AI) - AD attack path analysis |\n\n### Password Cracking (1 server)\n\n| Server | Tools | Description |\n|--------|-------|-------------|\n| [hashcat-mcp](./password-cracking/hashcat-mcp) | - | Wrapper for [hashcat-mcp](https://github.com/MorDavid/hashcat-mcp) - Natural language hash cracking |\n\n## Usage Examples\n\n### Network Reconnaissance\n\n```\nYou: \"Scan 192.168.1.0/24 for web servers and identify technologies\"\n\nClaude: I'll perform a network scan and technology fingerprinting.\n[Uses nmap-mcp to scan ports 80,443,8080]\n[Uses whatweb-mcp to fingerprint discovered hosts]\n\nFound 12 web servers:\n- 192.168.1.10: Apache 2.4.52, WordPress 6.4\n- 192.168.1.15: nginx 1.24, React application\n...\n```\n\n### Vulnerability Assessment\n\n```\nYou: \"Check example.com for common vulnerabilities\"\n\nClaude: I'll run a vulnerability scan using nuclei templates.\n[Uses nuclei-mcp with cves, exposures, and misconfigurations templates]\n\nFound 3 issues:\n- HIGH: CVE-2024-1234 - Outdated jQuery version\n- MEDIUM: Exposed .git directory\n- INFO: Missing security headers\n```\n\n### Binary Analysis\n\n```\nYou: \"Analyze this firmware image for security issues\"\n\nClaude: I'll extract and analyze the firmware.\n[Uses binwalk-mcp to extract filesystem]\n[Uses yara-mcp to scan for malware patterns]\n[Uses capa-mcp to identify capabilities]\n\nAnalysis complete:\n- Extracted 847 files from SquashFS filesystem\n- Found hardcoded credentials in /etc/shadow\n- Identified network backdoor capability\n```\n\n## Security Hardening\n\nAll containers implement defense-in-depth:\n\n| Control | Implementation |\n|---------|----------------|\n| **Non-root execution** | Runs as `mcpuser` (UID 1000) |\n| **Minimal images** | Alpine/Debian slim base images |\n| **Dropped capabilities** | `cap_drop: ALL`, selective `cap_add` |\n| **No privilege escalation** | `security_opt: no-new-privileges:true` |\n| **Read-only mounts** | Sample directories mounted read-only |\n| **Resource limits** | CPU and memory constraints |\n| **Health checks** | Built-in container health monitoring |\n| **Vulnerability scanning** | Trivy scans in CI/CD pipeline |\n\n## Project Structure\n\n```\nmcp-security-hub/\n├── reconnaissance/\n│   ├── nmap-mcp/           # Port scanning\n│   ├── shodan-mcp/         # Internet device search (wrapper)\n│   ├── pd-tools-mcp/       # ProjectDiscovery tools (wrapper)\n│   ├── whatweb-mcp/        # Web fingerprinting\n│   ├── masscan-mcp/        # High-speed scanning\n│   └── zoomeye-mcp/        # Cyberspace search (wrapper)\n├── web-security/\n│   ├── nuclei-mcp/         # Vulnerability scanning\n│   ├── sqlmap-mcp/         # SQL injection\n│   ├── nikto-mcp/          # Web server scanning (wrapper)\n│   ├── ffuf-mcp/           # Web fuzzing\n│   └── burp-mcp/           # Burp Suite (wrapper)\n├── binary-analysis/\n│   ├── radare2-mcp/        # Reverse engineering (wrapper)\n│   ├── binwalk-mcp/        # Firmware analysis\n│   ├── yara-mcp/           # Malware detection\n│   ├── capa-mcp/           # Capability detection\n│   ├── ghidra-mcp/         # Ghidra RE - pyghidra-mcp (headless)\n│   └── ida-mcp/            # IDA Pro (wrapper)\n├── cloud-security/\n│   ├── trivy-mcp/          # Container scanning (wrapper)\n│   └── prowler-mcp/        # Cloud auditing\n├── secrets/\n│   └── gitleaks-mcp/       # Secrets detection\n├── exploitation/\n│   └── searchsploit-mcp/   # Exploit database\n├── osint/\n│   ├── maigret-mcp/        # Username OSINT (wrapper)\n│   └── dnstwist-mcp/       # Typosquatting detection (wrapper)\n├── threat-intel/\n│   ├── virustotal-mcp/     # Malware analysis (wrapper)\n│   └── otx-mcp/            # AlienVault OTX (wrapper)\n├── active-directory/\n│   └── bloodhound-mcp/     # AD attack paths (wrapper)\n├── password-cracking/\n│   └── hashcat-mcp/        # Hash cracking (wrapper)\n├── scripts/\n│   ├── setup.sh            # Quick setup\n│   └── healthcheck.sh      # Health verification\n├── tests/\n│   └── test_mcp_servers.py # Unit tests\n├── docker-compose.yml      # Orchestration\n└── .github/workflows/      # CI/CD\n```\n\n## Testing\n\n```bash\n# Run unit tests\npytest tests/ -v\n\n# Build and test all Docker images\n./scripts/test_builds.sh\n\n# Test MCP protocol (after building)\necho '{\"jsonrpc\":\"2.0\",\"id\":1,\"method\":\"tools/list\"}' | \\\n  docker run -i --rm nmap-mcp:latest\n```\n\n## Legal \u0026 Compliance\n\n**These tools are for authorized security testing only.**\n\nBefore using:\n\n1. **Obtain written authorization** from the target owner\n2. **Define scope** - targets, timeline, allowed activities\n3. **Maintain audit logs** of all operations\n4. **Follow responsible disclosure** for any findings\n\nUnauthorized access to computer systems is illegal. Users are responsible for compliance with applicable laws.\n\n## Contributing\n\nContributions welcome! To add a new MCP server:\n\n1. Use `Dockerfile.template` as your starting point\n2. Follow security hardening practices (non-root, minimal image)\n3. Include health checks and comprehensive README\n4. Ensure Trivy scan passes (no HIGH/CRITICAL vulnerabilities)\n5. Add tests to `tests/test_mcp_servers.py`\n\n## Acknowledgments\n\n- [Model Context Protocol](https://modelcontextprotocol.io/) - Protocol specification\n- [awesome-mcp-security](https://github.com/Puliczek/awesome-mcp-security) - MCP security catalog\n- Upstream tool maintainers: nmap, nuclei, radare2, sqlmap, and all others\n\n## License\n\nMIT License - See [LICENSE](./LICENSE)\n\n---\n\n\u003cp align=\"center\"\u003e\n  \u003cstrong\u003eMaintained by \u003ca href=\"https://fuzzinglabs.com\"\u003eFuzzingLabs\u003c/a\u003e\u003c/strong\u003e\n  \u003cbr\u003e\n  \u003csub\u003eMaking AI-powered security testing accessible\u003c/sub\u003e\n\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FFuzzingLabs%2Fmcp-security-hub","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FFuzzingLabs%2Fmcp-security-hub","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FFuzzingLabs%2Fmcp-security-hub/lists"}