The Model Context Protocol (MCP) server provides a standardized interface for various security testing tools, making them easier to use and integrate into your security workflows. This collection includes tools for subdomain discovery, vulnerability scanning, network reconnaissance, and more.
To use the MCP servers for security tools, you'll need to install each tool separately according to your needs. Below are general installation instructions that apply to most tools in the collection.
Clone the repository:
git clone https://github.com/your-org/mcp-security-tools.git
cd mcp-security-tools
Navigate to the specific tool directory:
cd tool-name-mcp
Install dependencies:
npm install
Build the MCP server:
npm run build
Start the server:
npm start
Below are brief descriptions and usage examples for some of the key security tools available through MCP:
Advanced subdomain enumeration and reconnaissance tool.
# Start the Amass MCP server
cd amass-mcp
npm start
# Example usage
curl -X POST http://localhost:3000/run -H "Content-Type: application/json" -d '{"domain": "example.com", "passive": true}'
Pattern-based wordlist generator for subdomain discovery.
# Start the Alterx MCP server
cd alterx-mcp
npm start
# Example usage
curl -X POST http://localhost:3000/run -H "Content-Type: application/json" -d '{"domain": "example.com", "pattern": "{domain}-{0001-9999}"}'
Web content fuzzing tool for discovering hidden files and directories.
# Start the FFUF MCP server
cd ffuf-mcp
npm start
# Example usage
curl -X POST http://localhost:3000/run -H "Content-Type: application/json" -d '{"url": "https://example.com/FUZZ", "wordlist": "/path/to/wordlist.txt"}'
Comprehensive network scanning tool.
# Start the Nmap MCP server
cd nmap-mcp
npm start
# Example usage
curl -X POST http://localhost:3000/run -H "Content-Type: application/json" -d '{"target": "example.com", "options": "-sV -p 1-1000"}'
Template-based vulnerability scanner.
# Start the Nuclei MCP server
cd nuclei-mcp
npm start
# Example usage
curl -X POST http://localhost:3000/run -H "Content-Type: application/json" -d '{"target": "https://example.com", "templates": "cves"}'
Most MCP servers for security tools support these common parameters:
You can create a script to run multiple MCP servers and chain them together:
#!/bin/bash
# Start all MCP servers
cd amass-mcp && npm start &
cd ../nmap-mcp && npm start &
cd ../nuclei-mcp && npm start &
# Wait for servers to start
sleep 5
# Run subdomain enumeration
curl -X POST http://localhost:3000/run -H "Content-Type: application/json" -d '{"domain": "example.com"}' > subdomains.json
# Run port scanning on discovered subdomains
curl -X POST http://localhost:3001/run -H "Content-Type: application/json" -d @subdomains.json > ports.json
# Run vulnerability scanning
curl -X POST http://localhost:3002/run -H "Content-Type: application/json" -d @ports.json > vulnerabilities.json
Most MCP servers can be containerized for easier deployment:
# Build a Docker image
cd tool-name-mcp
docker build -t tool-name-mcp .
# Run the container
docker run -p 3000:3000 tool-name-mcp
If you encounter issues with any MCP server:
npm start | tee server.log
There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json
file so that it is available in all of your projects.
If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json
file.
To add a global MCP server go to Cursor Settings > MCP and click "Add new global MCP server".
When you click that button the ~/.cursor/mcp.json
file will be opened and you can add your server like this:
{
"mcpServers": {
"cursor-rules-mcp": {
"command": "npx",
"args": [
"-y",
"cursor-rules-mcp"
]
}
}
}
To add an MCP server to a project you can create a new .cursor/mcp.json
file or add it to the existing one. This will look exactly the same as the global MCP server example above.
Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.
The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.
You can also explictly ask the agent to use the tool by mentioning the tool name and describing what the function does.