mcp-security-hub

Name: mcp-security-hub
Author: FuzzingLabs

Verified

A growing collection of MCP servers bringing offensive security tools to AI assistants. Nmap, Ghidra, Nuclei, SQLMap, Hashcat and more.

558stars

75forks

Python

Added 1/29/2026

View on GitHub Download ZIP

AI Agentsaiclaudecybersecuritydockerghidra

Installation

# Add to your Claude Code skills
git clone https://github.com/FuzzingLabs/mcp-security-hub

Getting Started

Guides for using ai agents skills like mcp-security-hub.

Caveman: Cut Claude Token Use by 65%
How agent-side prompt compression works, when to use it, and when not to.
What is an AI Skills Marketplace?
Definitions, how marketplaces work, and how to choose between them in 2026.
Getting Started with AI Skills

Security ReportVerified

Last scanned: 5/13/2026

{
  "issues": [],
  "status": "PASSED",
  "scannedAt": "2026-05-13T06:49:34.037Z",
  "semgrepRan": false,
  "npmAuditRan": true,
  "pipAuditRan": true
}

README.md

Agentic AI for Beginners

Build your first AI agent from scratch - tool use, ReAct pattern, memory, deployment

41 minBeginner

Comments (0)

to leave a comment.

No comments yet. Be the first to share your thoughts!

Related Skills

ECC

by affaan-m

The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.

194,955

sonarqube-mcp-server storybloq

Offensive Security MCP Servers

Production-ready, Dockerized MCP (Model Context Protocol) servers for offensive security tools. Enable AI assistants like Claude to perform security assessments, vulnerability scanning, and binary analysis.

Features

38 MCP Servers covering reconnaissance, web security, binary analysis, blockchain security, cloud security, code security, secrets detection, threat intelligence, OSINT, Active Directory, fuzzing, and more
300+ Security Tools accessible via natural language through Claude or other MCP clients
Production Hardened - Non-root containers, minimal images, Trivy-scanned
Docker Compose orchestration for multi-tool workflows
CI/CD Ready with GitHub Actions for automated builds and security scanning

Quick Start

# Clone the repository
git clone https://github.com/FuzzingLabs/mcp-security-hub
cd mcp-security-hub

# Build all MCP servers
docker-compose build

# Start specific servers
docker-compose up nmap-mcp nuclei-mcp -d

# Verify health
docker-compose ps

Configure Claude Desktop / Claude Code

Important: You must build the images first with docker-compose build before using them.

Copy the example config to your Claude Desktop configuration:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json

Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "nmap": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "--cap-add=NET_RAW", "nmap-mcp:latest"]
    },
    "nuclei": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "nuclei-mcp:latest"]
    },
    "gitleaks": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "-v", "/path/to/repos:/app/target:ro", "gitleaks-mcp:latest"]
    },
    "radare2": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "-v", "/path/to/binaries:/samples:ro", "radare2-mcp:latest"]
    }
  }
}

For project-level config, copy .mcp.json to your project root. See examples/ for full configuration templates with all MCPs and volume mount patterns.

Available MCP Servers

Reconnaissance (8 servers)

| Server | Tools | Description | |--------|-------|-------------| | nmap-mcp | 8 | Port scanning, service detection, OS fingerprinting, NSE scripts | | shodan-mcp | - | Wrapper for official Shodan MCP | | pd-tools-mcp | - | Wrapper for ProjectDiscovery tools (subfinder, httpx, katana) | | whatweb-mcp | 5 | Web technology fingerprinting and CMS detection | | masscan-mcp | 6 | High-speed port scanning for large networks | | zoomeye-mcp | - | Wrapper for ZoomEye MCP - Cyberspace search engine | | networksdb-mcp | 4 | IP/ASN/DNS lookups via NetworksDB | | externalattacker-mcp | 6 | Attack surface mapping with ExternalAttacker |

Web Security (6 servers)

| Server | Tools | Description | |--------|-------|-------------| | nuclei-mcp | 7 | Template-based vulnerability scanning with 8000+ templates | | sqlmap-mcp | 8 | SQL injection detection and exploitation | | nikto-mcp | - | Wrapper for Nikto MCP web server scanner | | ffuf-mcp | 9 | Web fuzzing for directories, files, parameters, and virtual hosts | | waybackurls-mcp | 3 | Fetch historical URLs from Wayback Machine for reconnaissance | | burp-mcp | - | Wrapper for official Burp Suite MCP |

Binary Analysis (6 servers)

| Server | Tools | Description | |--------|-------|-------------| | radare2-mcp | 32 | Wrapper for official radare2-mcp - disassembly, decompilation | | binwalk-mcp | 6 | Firmware analysis, signature scanning, extraction | | yara-mcp | 7 | Pattern matching for malware classification | | capa-mcp | 5 | Capability detection in executables | | ghidra-mcp | - | Wrapper for pyghidra-mcp - Headless AI-powered reverse engineering | | ida-mcp | - | Wrapper for ida-pro-mcp - IDA Pro integration |

Blockchain Security (3 servers)

| Server | Tools | Description | |--------|-------|-------------| | daml-viewer-mcp | 1 | DAML access-control table generation and run tracking | | medusa-mcp | 4 | High-performance smart contract fuzzer for Solidity | | solazy-mcp | 8 | Solana sBPF static analysis and reverse engineering |

Cloud Security (3 servers)

| Server | Tools | Description | |--------|-------|-------------| | trivy-mcp | 7 | Container, filesystem, and IaC vulnerability scanning | | prowler-mcp | 6 | AWS/Azure/GCP security auditing and compliance | | roadrecon-mcp | 6 | Azure AD enumeration via RoadRecon |

Secrets Detection (1 server)

| Server | Tools | Description | |--------|-------|-------------| | gitleaks-mcp | 5 | Find secrets and credentials in git repos and files |

Exploitation (1 server)

| Server | Tools | Description | |--------|-------|-------------| | searchsploit-mcp | 5 | Exploit-DB search and retrieval |

Fuzzing (2 servers)

| Server | Tools | Description | |--------|-------|-------------| | boofuzz-mcp | 4 | Network protocol fuzzing using Boofuzz | | dharma-mcp | 2 | Grammar-based test case generation |

OSINT (2 servers)

| Server | Tools | Description | |--------|-------|-------------| | maigret-mcp | - | Wrapper for mcp-maigret - Username OSINT across 2500+ sites | | dnstwist-mcp | - | Wrapper for mcp-dnstwist - Typosquatting/phishing detection |

Threat Intelligence (2 servers)

| Server | Tools | Description | |--------|-------|-------------| | virustotal-mcp | - | Wrapper for mcp-virustotal - Malware analysis and threat intel | | otx-mcp | - | Wrapper for OTX MCP - AlienVault Open Threat Exchange |

Active Directory (1 server)

| Server | Tools | Description | |--------|-------|-------------| | bloodhound-mcp | 75+ | Wrapper for BloodHound-MCP-AI - AD attack path analysis |

Password Cracking (1 server)

| Server | Tools | Description | |--------|-------|-------------| | hashcat-mcp | - | Wrapper for hashcat-mcp - Natural language hash cracking |

Code Security (1 server)

| Server | Tools | Description | |--------|-------|-------------| | semgrep-mcp | 7 | Wrapper for Semgrep MCP - Static code analysis with 5000+ rules |

Meta (1 server)

| Server | Tools | Description | |--------|-------|-------------| | mcp-scan | - | Wrapper for mcp-scan - Scan MCP servers for vulnerabilities |

Usage Examples

Network Reconnaissance

You: "Scan 192.168.1.0/24 for web servers and identify technologies"

Claude: I'll perform a network scan and technology fingerprinting.
[Uses nmap-mcp to scan ports 80,443,8080]
[Uses whatweb-mcp to fingerprint discovered hosts]

Found 12 web servers:
- 192.168.1.10: Apache 2.4.52, WordPress 6.4
- 192.168.1.15: nginx 1.24, React application
...

Vulnerability Assessment

You: "Check example.com for common vulnerabilities"

Claude: I'll run a vulnerability scan using nuclei templates.
[Uses nuclei-mcp with cves, exposures, and misconfigurations templates]

Found 3 issues:
- HIGH: CVE-2024-1234 - Outdated jQuery version
- MEDIUM: Exposed .git directory
- INFO: Missing security headers

Binary Analysis

You: "Analyze this firmware image for security i