home / mcp / security toolkit mcp server

Security Toolkit MCP Server

Provides cryptography, decoding, exploitation, information gathering, and CVE/port tools via MCP for learning and security testing.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs

{
  "mcpServers": {
    "ani07-05-ctf-mcp": {
      "command": "python",
      "args": [
        "/absolute/path/to/server.py"
      ]
    }
  }
}

You have a security-focused MCP server that brings cryptography, encoding, information gathering, and exploitation tools directly into your AI assistant workflow. It helps beginners learn security concepts while solving CTF challenges and testing systems in a safe, guided environment by exposing practical tools through natural language prompts.

How to use

Configure your MCP client to connect to the security toolkit server, then ask your AI assistant to perform tasks using the available tools. You can request hash identification, string decoding, XOR bruteforce, frequency analysis, JWT decoding, reverse shell payload generation, SQL injection payloads, CVE lookups, and port/service identifications. Workflows can be chained so that the output of one tool informs the next step, and the assistant will explain results in beginner-friendly terms.

How to install

# Step 1: Set up the project directory
# Clone or download the security MCP server package

# Step 2: Install Python dependencies
pip install mcp requests

# Note: Ensure you have Python 3.8 or higher installed
```

```bash
# Step 3: Configure your MCP client to connect to the server
# This example shows how the server is referenced by an MCP client configuration
# You would replace the path with the actual absolute path to server.py on your system
```

```json
{
  "mcpServers": {
    "security_toolkit": {
      "command": "python",
      "args": ["/absolute/path/to/server.py"]
    }
  }
}

Additional sections

Configuration and usage notes are provided to help you run the server smoothly. If you encounter issues, verify Python is in your system PATH, the absolute path to server.py is correct, and dependencies are installed with pip install mcp requests. Restart your MCP client after changes and check for any error messages in the console.

Tools and usage examples

Once connected, you can ask for results in plain language. Examples include identifying a hash type, decoding strings, or looking up CVEs. See the tool references for the full set of capabilities.

Available tools

hash_identifier

Identifies hash types such as MD5, SHA-1, SHA-256, SHA-512, bcrypt, and NTLM to aid challenges and password research.

decode_string

Decodes multiple formats including Base64, Hex, URL, ROT13, and Binary strings for steganography and crypto challenges.

xor_bruteforce

Cracks XOR-encrypted data with single or multi-byte keys to reveal hidden plaintext.

frequency_analysis

Analyzes substitution ciphers using letter frequency to suggest likely mappings.

jwt_decode

Decodes and inspects JSON Web Tokens to reveal header, payload, and claims.

reverse_shell_generator

Generates reverse shell payloads for Bash, Python, PHP, Perl, Ruby, and Netcat for post-exploitation exercises.

sqli_payloads

Provides SQL injection payload templates, including basic, union-based, blind, error-based, and time-based variants.

cve_lookup

Fetches vulnerability details from a vulnerability database to research CVEs and affected software.

port_service_lookup

Identifies common services associated with specific ports for reconnaissance.