Offensive Security MCP Servers

Production-ready, Dockerized MCP (Model Context Protocol) servers for offensive security tools. Enable AI assistants like Claude to perform security assessments, vulnerability scanning, and binary analysis.

Features

• 38 MCP Servers covering reconnaissance, web security, binary analysis, blockchain security, cloud security, code security, secrets detection, threat intelligence, OSINT, Active Directory, fuzzing, and more
• 300+ Security Tools accessible via natural language through Claude or other MCP clients
• Production Hardened - Non-root containers, minimal images, Trivy-scanned
• Docker Compose orchestration for multi-tool workflows
• CI/CD Ready with GitHub Actions for automated builds and security scanning

Quick Start

# Clone the repository
git clone https://github.com/FuzzingLabs/mcp-security-hub
cd mcp-security-hub

# Build all MCP servers
docker-compose build

# Start specific servers
docker-compose up nmap-mcp nuclei-mcp -d

# Verify health
docker-compose ps

Configure Claude Desktop / Claude Code

Important: You must build the images first with docker-compose build before using them.

Copy the example config to your Claude Desktop configuration:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json

Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "nmap": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "--cap-add=NET_RAW", "nmap-mcp:latest"]
    },
    "nuclei": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "nuclei-mcp:latest"]
    },
    "gitleaks": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "-v", "/path/to/repos:/app/target:ro", "gitleaks-mcp:latest"]
    },
    "radare2": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "-v", "/path/to/binaries:/samples:ro", "radare2-mcp:latest"]
    }
  }
}

For project-level config, copy .mcp.json to your project root. See examples/ for full configuration templates with all MCPs and volume mount patterns.

Available MCP Servers

Reconnaissance (8 servers)

Web Security (6 servers)

Binary Analysis (6 servers)

Blockchain Security (3 servers)

Cloud Security (3 servers)

Secrets Detection (1 server)

Exploitation (1 server)

Fuzzing (2 servers)

OSINT (2 servers)

Threat Intelligence (2 servers)

Active Directory (1 server)

Password Cracking (1 server)

Code Security (1 server)

Meta (1 server)

Usage Examples

Network Reconnaissance

You: "Scan 192.168.1.0/24 for web servers and identify technologies"

Claude: I'll perform a network scan and technology fingerprinting.
[Uses nmap-mcp to scan ports 80,443,8080]
[Uses whatweb-mcp to fingerprint discovered hosts]

Found 12 web servers:
- 192.168.1.10: Apache 2.4.52, WordPress 6.4
- 192.168.1.15: nginx 1.24, React application
...

Vulnerability Assessment

You: "Check example.com for common vulnerabilities"

Claude: I'll run a vulnerability scan using nuclei templates.
[Uses nuclei-mcp with cves, exposures, and misconfigurations templates]

Found 3 issues:
- HIGH: CVE-2024-1234 - Outdated jQuery version
- MEDIUM: Exposed .git directory
- INFO: Missing security headers

Binary Analysis

You: "Analyze this firmware image for security issues"

Claude: I'll extract and analyze the firmware.
[Uses binwalk-mcp to extract filesystem]
[Uses yara-mcp to scan for malware patterns]
[Uses capa-mcp to identify capabilities]

Analysis complete:
- Extracted 847 files from SquashFS filesystem
- Found hardcoded credentials in /etc/shadow
- Identified network backdoor capability

Security Hardening

All containers implement defense-in-depth:

Project Structure

mcp-security-hub/
├── reconnaissance/
│   ├── nmap-mcp/           # Port scanning
│   ├── shodan-mcp/         # Internet device search (wrapper)
│   ├── pd-tools-mcp/       # ProjectDiscovery tools (wrapper)
│   ├── whatweb-mcp/        # Web fingerprinting
│   ├── masscan-mcp/        # High-speed scanning
│   ├── zoomeye-mcp/        # Cyberspace search (wrapper)
│   ├── networksdb-mcp/     # IP/ASN/DNS lookups
│   └── externalattacker-mcp/ # Attack surface mapping
├── web-security/
│   ├── nuclei-mcp/         # Vulnerability scanning
│   ├── sqlmap-mcp/         # SQL injection
│   ├── nikto-mcp/          # Web server scanning (wrapper)
│   ├── ffuf-mcp/           # Web fuzzing
│   └── burp-mcp/           # Burp Suite (wrapper)
├── binary-analysis/
│   ├── radare2-mcp/        # Reverse engineering (wrapper)
│   ├── binwalk-mcp/        # Firmware analysis
│   ├── yara-mcp/           # Malware detection
│   ├── capa-mcp/           # Capability detection
│   ├── ghidra-mcp/         # Ghidra RE - pyghidra-mcp (headless)
│   └── ida-mcp/            # IDA Pro (wrapper)
├── blockchain/
│   ├── daml-viewer-mcp/    # DAML access-control analysis
│   ├── medusa-mcp/         # Smart contract fuzzing
│   └── solazy-mcp/         # Solana analysis
├── cloud-security/
│   ├── trivy-mcp/          # Container scanning (wrapper)
│   ├── prowler-mcp/        # Cloud auditing
│   └── roadrecon-mcp/      # Azure AD enumeration
├── code-security/
│   └── semgrep-mcp/        # Static code analysis (wrapper)
├── secrets/
│   └── gitleaks-mcp/       # Secrets detection
├── exploitation/
│   └── searchsploit-mcp/   # Exploit database
├── fuzzing/
│   ├── boofuzz-mcp/        # Network protocol fuzzing using Boofuzz
│   └── dharma-mcp/         # Grammar-based test case generation
├── osint/
│   ├── maigret-mcp/        # Username OSINT (wrapper)
│   └── dnstwist-mcp/       # Typosquatting detection (wrapper)
├── threat-intel/
│   ├── virustotal-mcp/     # Malware analysis (wrapper)
│   └── otx-mcp/            # AlienVault OTX (wrapper)
├── active-directory/
│   └── bloodhound-mcp/     # AD attack paths (wrapper)
├── password-cracking/
│   └── hashcat-mcp/        # Hash cracking (wrapper)
├── meta/
│   └── mcp-scan/           # MCP security scanning
├── scripts/
│   ├── setup.sh            # Quick setup
│   └── healthcheck.sh      # Health verification
├── tests/
│   └── test_mcp_servers.py # Unit tests
├── docker-compose.yml      # Orchestration
└── .github/workflows/      # CI/CD

Testing

# Run unit tests
pytest tests/ -v

# Build and test all Docker images
./scripts/test_builds.sh

# Test MCP protocol (after building)
echo '{"jsonrpc":"2.0","id":1,"method":"tools/list"}' | \
  docker run -i --rm nmap-mcp:latest

Legal & Compliance

These tools are for authorized security testing only.

Before using:

1. Obtain written authorization from the target owner
2. Define scope - targets, timeline, allowed activities
3. Maintain audit logs of all operations
4. Follow responsible disclosure for any findings

Unauthorized access to computer systems is illegal. Users are responsible for compliance with applicable laws.

Contributing

Contributions welcome! To add a new MCP server:

1. Use Dockerfile.template as your starting point
2. Follow security hardening practices (non-root, minimal image)
3. Include health checks and comprehensive README
4. Ensure Trivy scan passes (no HIGH/CRITICAL vulnerabilities)
5. Add tests to tests/test_mcp_servers.py

Acknowledgments

• Model Context Protocol - Protocol specification
• awesome-mcp-security - MCP security catalog
• Upstream tool maintainers: nmap, nuclei, radare2, sqlmap, and all others

License

MIT License - See LICENSE