Configure Claude Desktop / Claude Code

Important: You must build the images first with docker-compose build before using them.

Copy the example config to your Claude Desktop configuration:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json

Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "nmap": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "--cap-add=NET_RAW", "nmap-mcp:latest"]
    },
    "nuclei": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "nuclei-mcp:latest"]
    },
    "gitleaks": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "-v", "/path/to/repos:/app/target:ro", "gitleaks-mcp:latest"]
    },
    "radare2": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "-v", "/path/to/binaries:/samples:ro", "radare2-mcp:latest"]
    }
  }
}

For project-level config, copy .mcp.json to your project root. See examples/ for full configuration templates with all MCPs and volume mount patterns.

Available MCP Servers

Reconnaissance (8 servers)

| Server | Tools | Description | |--------|-------|-------------| | nmap-mcp | 8 | Port scanning, service detection, OS fingerprinting, NSE scripts | | shodan-mcp | - | Wrapper for official Shodan MCP | | pd-tools-mcp | - | Wrapper for ProjectDiscovery tools (subfinder, httpx, katana) | | whatweb-mcp | 5 | Web technology fingerprinting and CMS detection | | masscan-mcp | 6 | High-speed port scanning for large networks | | zoomeye-mcp | - | Wrapper for ZoomEye MCP - Cyberspace search engine | | networksdb-mcp | 4 | IP/ASN/DNS lookups via NetworksDB | | externalattacker-mcp | 6 | Attack surface mapping with ExternalAttacker |

Web Security (6 servers)

| Server | Tools | Description | |--------|-------|-------------| | nuclei-mcp | 7 | Template-based vulnerability scanning with 8000+ templates | | sqlmap-mcp | 8 | SQL injection detection and exploitation | | nikto-mcp | - | Wrapper for Nikto MCP web server scanner | | ffuf-mcp | 9 | Web fuzzing for directories, files, parameters, and virtual hosts | | waybackurls-mcp | 3 | Fetch historical URLs from Wayback Machine for reconnaissance | | burp-mcp | - | Wrapper for official Burp Suite MCP |

Binary Analysis (6 servers)

| Server | Tools | Description | |--------|-------|-------------| | radare2-mcp | 32 | Wrapper for official radare2-mcp - disassembly, decompilation | | binwalk-mcp | 6 | Firmware analysis, signature scanning, extraction | | yara-mcp | 7 | Pattern matching for malware classification | | capa-mcp | 5 | Capability detection in executables | | ghidra-mcp | - | Wrapper for pyghidra-mcp - Headless AI-powered reverse engineering | | ida-mcp | - | Wrapper for ida-pro-mcp - IDA Pro integration |

Blockchain Security (3 servers)

| Server | Tools | Description | |--------|-------|-------------| | daml-viewer-mcp | 1 | DAML access-control table generation and run tracking | | medusa-mcp | 4 | High-performance smart contract fuzzer for Solidity | | solazy-mcp | 8 | Solana sBPF static analysis and reverse engineering |

Cloud Security (3 servers)

| Server | Tools | Description | |--------|-------|-------------| | trivy-mcp | 7 | Container, filesystem, and IaC vulnerability scanning | | prowler-mcp | 6 | AWS/Azure/GCP security auditing and compliance | | roadrecon-mcp | 6 | Azure AD enumeration via RoadRecon |

Secrets Detection (1 server)

| Server | Tools | Description | |--------|-------|-------------| | gitleaks-mcp | 5 | Find secrets and credentials in git repos and files |

Exploitation (1 server)

| Server | Tools | Description | |--------|-------|-------------| | searchsploit-mcp | 5 | Exploit-DB search and retrieval |

Fuzzing (2 servers)

| Server | Tools | Description | |--------|-------|-------------| | boofuzz-mcp | 4 | Network protocol fuzzing using Boofuzz | | dharma-mcp | 2 | Grammar-based test case generation |

OSINT (2 servers)

| Server | Tools | Description | |--------|-------|-------------| | maigret-mcp | - | Wrapper for mcp-maigret - Username OSINT across 2500+ sites | | dnstwist-mcp | - | Wrapper for mcp-dnstwist - Typosquatting/phishing detection |

Threat Intelligence (2 servers)

| Server | Tools | Description | |--------|-------|-------------| | virustotal-mcp | - | Wrapper for mcp-virustotal - Malware analysis and threat intel | | otx-mcp | - | Wrapper for OTX MCP - AlienVault Open Threat Exchange |

Active Directory (1 server)

| Server | Tools | Description | |--------|-------|-------------| | bloodhound-mcp | 75+ | Wrapper for BloodHound-MCP-AI - AD attack path analysis |

Password Cracking (1 server)

| Server | Tools | Description | |--------|-------|-------------| | hashcat-mcp | - | Wrapper for hashcat-mcp - Natural language hash cracking |

Code Security (1 server)

| Server | Tools | Description | |--------|-------|-------------| | semgrep-mcp | 7 | Wrapper for Semgrep MCP - Static code analysis with 5000+ rules |

Meta (1 server)

| Server | Tools | Description | |--------|-------|-------------| | mcp-scan | - | Wrapper for mcp-scan - Scan MCP servers for vulnerabilities |

Usage Examples

Network Reconnaissance

You: "Scan 192.168.1.0/24 for web servers and identify technologies"

Claude: I'll perform a network scan and technology fingerprinting.
[Uses nmap-mcp to scan ports 80,443,8080]
[Uses whatweb-mcp to fingerprint discovered hosts]

Found 12 web servers:
- 192.168.1.10: Apache 2.4.52, WordPress 6.4
- 192.168.1.15: nginx 1.24, React application
...

Vulnerability Assessment

You: "Check example.com for common vulnerabilities"

Claude: I'll run a vulnerability scan using nuclei templates.
[Uses nuclei-mcp with cves, exposures, and misconfigurations templates]

Found 3 issues:
- HIGH: CVE-2024-1234 - Outdated jQuery version
- MEDIUM: Exposed .git directory
- INFO: Missing security headers

Binary Analysis

You: "Analyze this firmware image for security i