{"id":49157009,"url":"https://github.com/FuzzingLabs/secpipe","last_synced_at":"2026-05-08T17:01:10.143Z","repository":{"id":317367829,"uuid":"1057126987","full_name":"FuzzingLabs/secpipe","owner":"FuzzingLabs","description":"MCP server for AI-driven security pipelines","archived":false,"fork":false,"pushed_at":"2026-04-03T12:40:50.000Z","size":121705,"stargazers_count":781,"open_issues_count":2,"forks_count":92,"subscribers_count":2,"default_branch":"master","last_synced_at":"2026-04-03T16:35:48.489Z","etag":null,"topics":["agent","ai","appsec","automation","dast","devsecops","fuzzing","offensive-security","sast","security","security-tools","vulnerabilities","workflow","workflow-automation"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/FuzzingLabs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":"ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-15T10:04:25.000Z","updated_at":"2026-04-03T14:14:57.000Z","dependencies_parsed_at":null,"dependency_job_id":"c8669292-19df-4b9c-a59a-f0ebae4d4703","html_url":"https://github.com/FuzzingLabs/secpipe","commit_stats":null,"previous_names":["fuzzinglabs/fuzzforge_ai","fuzzinglabs/secpipe"],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/FuzzingLabs/secpipe","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FuzzingLabs%2Fsecpipe","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FuzzingLabs%2Fsecpipe/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FuzzingLabs%2Fsecpipe/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FuzzingLabs%2Fsecpipe/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/FuzzingLabs","download_url":"https://codeload.github.com/FuzzingLabs/secpipe/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FuzzingLabs%2Fsecpipe/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32789370,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-08T08:22:46.396Z","status":"ssl_error","status_checked_at":"2026-05-08T08:22:45.650Z","response_time":54,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent","ai","appsec","automation","dast","devsecops","fuzzing","offensive-security","sast","security","security-tools","vulnerabilities","workflow","workflow-automation"],"created_at":"2026-04-22T10:00:23.578Z","updated_at":"2026-05-08T17:01:10.121Z","avatar_url":"https://github.com/FuzzingLabs.png","language":"Python","funding_links":[],"categories":["AI Agent Frameworks"],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003eSecPipe\u003c/h1\u003e\n\u003ch3 align=\"center\"\u003eAI-Powered Security Research Orchestration via MCP\u003c/h3\u003e\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://discord.gg/8XEX33UUwZ\"\u003e\u003cimg src=\"https://img.shields.io/discord/1420767905255133267?logo=discord\u0026label=Discord\" alt=\"Discord\"\u003e\u003c/a\u003e\n \u003ca href=\"LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/license-BSL%201.1-blue\" alt=\"License: BSL 1.1\"\u003e\u003c/a\u003e\n \u003ca href=\"https://www.python.org/downloads/\"\u003e\u003cimg src=\"https://img.shields.io/badge/python-3.12%2B-blue\" alt=\"Python 3.12+\"/\u003e\u003c/a\u003e\n \u003ca href=\"https://modelcontextprotocol.io\"\u003e\u003cimg src=\"https://img.shields.io/badge/MCP-compatible-green\" alt=\"MCP Compatible\"/\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003cstrong\u003eLet AI agents orchestrate your security research workflows locally\u003c/strong\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003csub\u003e\n \u003ca href=\"#-overview\"\u003e\u003cb\u003eOverview\u003c/b\u003e\u003c/a\u003e •\n \u003ca href=\"#-features\"\u003e\u003cb\u003eFeatures\u003c/b\u003e\u003c/a\u003e •\n \u003ca href=\"#-mcp-security-hub\"\u003e\u003cb\u003eSecurity Hub\u003c/b\u003e\u003c/a\u003e •\n \u003ca href=\"#-installation\"\u003e\u003cb\u003eInstallation\u003c/b\u003e\u003c/a\u003e •\n \u003ca href=\"USAGE.md\"\u003e\u003cb\u003eUsage Guide\u003c/b\u003e\u003c/a\u003e •\n \u003ca href=\"#-contributing\"\u003e\u003cb\u003eContributing\u003c/b\u003e\u003c/a\u003e\n \u003c/sub\u003e\n\u003c/p\u003e\n\n---\n\n\u003e 🚧 **SecPipe AI is under active development.** Expect breaking changes and new features!\n\n---\n\n## 🚀 Overview\n\n**SecPipe AI** is an open-source MCP server that enables AI agents (GitHub Copilot, Claude, etc.) to orchestrate security research workflows through the **Model Context Protocol (MCP)**.\n\nSecPipe connects your AI assistant to **MCP tool hubs** — collections of containerized security tools that the agent can discover, chain, and execute autonomously. Instead of manually running security tools, describe what you want and let your AI assistant handle it.\n\n### The Core: Hub Architecture\n\nSecPipe acts as a **meta-MCP server** — a single MCP endpoint that gives your AI agent access to tools from multiple MCP hub servers. Each hub server is a containerized security tool (Binwalk, YARA, Radare2, Nmap, etc.) that the agent can discover at runtime.\n\n- **🔍 Discovery**: The agent lists available hub servers and discovers their tools\n- **🤖 AI-Native**: Hub tools provide agent context — usage tips, workflow guidance, and domain knowledge\n- **🔗 Composable**: Chain tools from different hubs into automated pipelines\n- **📦 Extensible**: Add your own MCP servers to the hub registry\n\n### 🎬 Use Case: Firmware Vulnerability Research\n\n\u003e **Scenario**: Analyze a firmware image to find security vulnerabilities — fully automated by an AI agent.\n\n```\nUser: \"Search for vulnerabilities in firmware.bin\"\n\nAgent → Binwalk: Extract filesystem from firmware image\nAgent → YARA: Scan extracted files for vulnerability patterns\nAgent → Radare2: Trace dangerous function calls in prioritized binaries\nAgent → Report: 8 vulnerabilities found (2 critical, 4 high, 2 medium)\n```\n\n### 🎬 Use Case: Rust Fuzzing Pipeline\n\n\u003e **Scenario**: Fuzz a Rust crate to discover vulnerabilities using AI-assisted harness generation and parallel fuzzing.\n\n```\nUser: \"Fuzz the blurhash crate for vulnerabilities\"\n\nAgent → Rust Analyzer: Identify fuzzable functions and attack surface\nAgent → Harness Gen: Generate and validate fuzzing harnesses\nAgent → Cargo Fuzzer: Run parallel coverage-guided fuzzing sessions\nAgent → Crash Analysis: Deduplicate and triage discovered crashes\n```\n\n---\n\n## ⭐ Support the Project\n\nIf you find SecPipe useful, please **star the repo** to support development! 🚀\n\n\u003ca href=\"https://github.com/FuzzingLabs/secpipe_ai/stargazers\"\u003e\n \u003cimg src=\"https://img.shields.io/github/stars/FuzzingLabs/secpipe_ai?style=social\" alt=\"GitHub Stars\"\u003e\n\u003c/a\u003e\n\n---\n\n## ✨ Features\n\n| Feature | Description |\n|---------|-------------|\n| 🤖 **AI-Native** | Built for MCP — works with GitHub Copilot, Claude, and any MCP-compatible agent |\n| 🔌 **Hub System** | Connect to MCP tool hubs — each hub brings dozens of containerized security tools |\n| 🔍 **Tool Discovery** | Agents discover available tools at runtime with built-in usage guidance |\n| 🔗 **Pipelines** | Chain tools from different hubs into automated multi-step workflows |\n| 🔄 **Persistent Sessions** | Long-running tools (Radare2, fuzzers) with stateful container sessions |\n| 🏠 **Local First** | All execution happens on your machine — no cloud required |\n| 🔒 **Sandboxed** | Every tool runs in an isolated container via Docker or Podman |\n\n---\n\n## 🏗️ Architecture\n\n```\n┌─────────────────────────────────────────────────────────────────┐\n│ AI Agent (Copilot/Claude) │\n└───────────────────────────┬─────────────────────────────────────┘\n │ MCP Protocol (stdio)\n ▼\n┌─────────────────────────────────────────────────────────────────┐\n│ SecPipe MCP Server │\n│ │\n│ Projects Hub Discovery Hub Execution │\n│ ┌──────────────┐ ┌──────────────────┐ ┌───────────────────┐ │\n│ │init_project │ │list_hub_servers │ │execute_hub_tool │ │\n│ │set_assets │ │discover_hub_tools│ │start_hub_server │ │\n│ │list_results │ │get_tool_schema │ │stop_hub_server │ │\n│ └──────────────┘ └──────────────────┘ └───────────────────┘ │\n└───────────────────────────┬─────────────────────────────────────┘\n │ Docker/Podman\n ▼\n┌─────────────────────────────────────────────────────────────────┐\n│ MCP Hub Servers │\n│ │\n│ ┌───────────┐ ┌───────────┐ ┌───────────┐ ┌───────────┐ │\n│ │ Binwalk │ │ YARA │ │ Radare2 │ │ Nmap │ │\n│ │ 6 tools │ │ 5 tools │ │ 32 tools │ │ 8 tools │ │\n│ └───────────┘ └───────────┘ └───────────┘ └───────────┘ │\n│ ┌───────────┐ ┌───────────┐ ┌───────────┐ ┌───────────┐ │\n│ │ Nuclei │ │ SQLMap │ │ Trivy │ │ ... │ │\n│ │ 7 tools │ │ 8 tools │ │ 7 tools │ │ 36 hubs │ │\n│ └───────────┘ └───────────┘ └───────────┘ └───────────┘ │\n└─────────────────────────────────────────────────────────────────┘\n```\n\n---\n\n## 🔧 MCP Security Hub\n\nSecPipe ships with built-in support for the **[MCP Security Hub](https://github.com/FuzzingLabs/mcp-security-hub)** — a collection of 36 production-ready, Dockerized MCP servers covering offensive security:\n\n| Category | Servers | Examples |\n|----------|---------|----------|\n| 🔍 **Reconnaissance** | 8 | Nmap, Masscan, Shodan, WhatWeb |\n| 🌐 **Web Security** | 6 | Nuclei, SQLMap, ffuf, Nikto |\n| 🔬 **Binary Analysis** | 6 | Radare2, Binwalk, YARA, Capa, Ghidra |\n| ⛓️ **Blockchain** | 3 | Medusa, Solazy, DAML Viewer |\n| ☁️ **Cloud Security** | 3 | Trivy, Prowler, RoadRecon |\n| 💻 **Code Security** | 1 | Semgrep |\n| 🔑 **Secrets Detection** | 1 | Gitleaks |\n| 💥 **Exploitation** | 1 | SearchSploit |\n| 🎯 **Fuzzing** | 2 | Boofuzz, Dharma |\n| 🕵️ **OSINT** | 2 | Maigret, DNSTwist |\n| 🛡️ **Threat Intel** | 2 | VirusTotal, AlienVault OTX |\n| 🏰 **Active Directory** | 1 | BloodHound |\n\n\u003e 185+ individual tools accessible through a single MCP connection.\n\nThe hub is open source and can be extended with your own MCP servers. See the [mcp-security-hub repository](https://github.com/FuzzingLabs/mcp-security-hub) for details.\n\n---\n\n## 📦 Installation\n\n### Prerequisites\n\n- **Python 3.12+**\n- **[uv](https://docs.astral.sh/uv/)** package manager\n- **Docker** ([Install Docker](https://docs.docker.com/get-docker/)) or Podman\n\n### Quick Install\n\n```bash\n# Clone the repository\ngit clone https://github.com/FuzzingLabs/secpipe_ai.git\ncd secpipe_ai\n\n# Install dependencies\nuv sync\n```\n\n### Link the Security Hub\n\n```bash\n# Clone the MCP Security Hub\ngit clone https://github.com/FuzzingLabs/mcp-security-hub.git ~/.secpipe/hubs/mcp-security-hub\n\n# Build the Docker images for the hub tools\n./scripts/build-hub-images.sh\n```\n\nOr use the terminal UI (`uv run secpipe ui`) to link hubs interactively.\n\n### Configure MCP for Your AI Agent\n\n```bash\n# For GitHub Copilot\nuv run secpipe mcp install copilot\n\n# For Claude Code (CLI)\nuv run secpipe mcp install claude-code\n\n# For Claude Desktop (standalone app)\nuv run secpipe mcp install claude-desktop\n\n# Verify installation\nuv run secpipe mcp status\n```\n\n**Restart your editor** and your AI agent will have access to SecPipe tools!\n\n---\n\n## 🧑‍💻 Usage\n\nOnce installed, just talk to your AI agent:\n\n```\n\"What security tools are available?\"\n\"Scan this firmware image for vulnerabilities\"\n\"Analyze this binary with radare2\"\n\"Run nuclei against https://example.com\"\n```\n\nThe agent will use SecPipe to discover the right hub tools, chain them into a pipeline, and return results — all without you touching a terminal.\n\nSee the [Usage Guide](USAGE.md) for detailed setup and advanced workflows.\n\n---\n\n## 📁 Project Structure\n\n```\nsecpipe_ai/\n├── secpipe-mcp/ # MCP server — the core of SecPipe\n├── secpipe-cli/ # Command-line interface \u0026 terminal UI\n├── secpipe-common/ # Shared abstractions (containers, storage)\n├── secpipe-runner/ # Container execution engine (Docker/Podman)\n├── secpipe-tests/ # Integration tests\n├── mcp-security-hub/ # Default hub: 36 offensive security MCP servers\n└── scripts/ # Hub image build scripts\n```\n\n---\n\n## 🤝 Contributing\n\nWe welcome contributions from the community!\n\n- 🐛 Report bugs via [GitHub Issues](../../issues)\n- 💡 Suggest features or improvements\n- 🔧 Submit pull requests\n- 🔌 Add new MCP servers to the [Security Hub](https://github.com/FuzzingLabs/mcp-security-hub)\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.\n\n---\n\n## 📄 License\n\nBSL 1.1 - See [LICENSE](LICENSE) for details.\n\n---\n\n\u003cp align=\"center\"\u003e\n \u003cstrong\u003eMaintained by \u003ca href=\"https://fuzzinglabs.com\"\u003eFuzzingLabs\u003c/a\u003e\u003c/strong\u003e\n \u003cbr\u003e\n\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FFuzzingLabs%2Fsecpipe","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FFuzzingLabs%2Fsecpipe","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FFuzzingLabs%2Fsecpipe/lists"}