MCP for Security is a collection of server implementations for various security testing tools, all accessible through a standardized Model Context Protocol (MCP) interface. These servers allow you to use popular security tools through a unified approach, making security testing more consistent and accessible.
The simplest way to use MCP servers is through the provided Docker image:
docker pull cyprox/mcp-for-security
This image can be used directly or through any MCP client with Docker support, such as the Cyprox platform.
If you prefer manual installation, you can use the provided setup script:
./start.sh
Note that each MCP server may have different dependencies. Always refer to the specific tool's documentation for detailed setup instructions.
Pattern-based wordlist generator for subdomain discovery.
docker run cyprox/mcp-for-security alterx-mcp --domain example.com --pattern "{{word}}.{{domain}}" --wordlist /path/to/wordlist.txt
Advanced subdomain enumeration with both passive and active capabilities.
docker run cyprox/mcp-for-security amass-mcp --domain example.com --passive
Fast passive subdomain discovery.
docker run cyprox/mcp-for-security assetfinder-mcp --domain example.com
Certificate-based subdomain enumeration using TLS handshakes.
docker run cyprox/mcp-for-security cero-mcp --domain example.com
Queries SSL certificate transparency logs for subdomains.
docker run cyprox/mcp-for-security crtsh-mcp --domain example.com
High-speed DNS brute-forcing tool.
docker run cyprox/mcp-for-security shuffledns-mcp --domain example.com --wordlist /path/to/wordlist.txt --resolvers /path/to/resolvers.txt
Discovers hidden HTTP parameters in web applications.
docker run cyprox/mcp-for-security arjun-mcp --url https://example.com/path --method GET
Web content fuzzing to discover hidden files and directories.
docker run cyprox/mcp-for-security ffuf-mcp --url https://example.com/FUZZ --wordlist /path/to/wordlist.txt
Analyzes HTTP response headers against OWASP security standards.
docker run cyprox/mcp-for-security http-headers-security-mcp --url https://example.com
Fast HTTP probing tool for validating and analyzing discovered hosts.
docker run cyprox/mcp-for-security httpx-mcp --urls https://example.com,https://subdomain.example.com
Flexible web crawler with JavaScript parsing capabilities.
docker run cyprox/mcp-for-security katana-mcp --url https://example.com --depth 3 --js-crawl
Detects HTTP Request Smuggling vulnerabilities.
docker run cyprox/mcp-for-security smuggler-mcp --url https://example.com
Advanced SQL injection detection and exploitation.
docker run cyprox/mcp-for-security sqlmap-mcp --url "https://example.com/page.php?id=1" --level 3 --risk 2
Retrieves historical URLs from the Wayback Machine.
docker run cyprox/mcp-for-security waybackurls-mcp --domain example.com
WordPress vulnerability scanner for themes, plugins, and misconfigurations.
docker run cyprox/mcp-for-security wpscan-mcp --url https://example-wordpress-site.com
Fast port scanner for network discovery.
docker run cyprox/mcp-for-security masscan-mcp --target 192.168.1.0/24 --ports 1-1000
Comprehensive network scanning for service discovery and vulnerability detection.
docker run cyprox/mcp-for-security nmap-mcp --target example.com --ports 1-1000 --service-detection
Analyzes SSL/TLS configurations for security issues.
docker run cyprox/mcp-for-security sslscan-mcp --target example.com
Mobile security testing framework for Android, iOS, and Windows applications.
docker run cyprox/mcp-for-security mobsf-mcp --file /path/to/mobile-app.apk
Template-based vulnerability scanner with extensive security checks.
docker run cyprox/mcp-for-security nuclei-mcp --target https://example.com --templates cves
Cloud security auditing tool for assessing service configurations.
docker run cyprox/mcp-for-security scoutsuite-mcp --provider aws --profile default
To add this MCP server to Claude Code, run this command in your terminal:
claude mcp add-json "security-tools-bridge" '{"command":"npx","args":["-y","@cyproxio/mcp-for-security"]}'
See the official Claude Code MCP documentation for more details.
There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json
file so that it is available in all of your projects.
If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json
file.
To add a global MCP server go to Cursor Settings > Tools & Integrations and click "New MCP Server".
When you click that button the ~/.cursor/mcp.json
file will be opened and you can add your server like this:
{
"mcpServers": {
"security-tools-bridge": {
"command": "npx",
"args": [
"-y",
"@cyproxio/mcp-for-security"
]
}
}
}
To add an MCP server to a project you can create a new .cursor/mcp.json
file or add it to the existing one. This will look exactly the same as the global MCP server example above.
Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.
The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.
You can also explicitly ask the agent to use the tool by mentioning the tool name and describing what the function does.
To add this MCP server to Claude Desktop:
1. Find your configuration file:
~/Library/Application Support/Claude/claude_desktop_config.json
%APPDATA%\Claude\claude_desktop_config.json
~/.config/Claude/claude_desktop_config.json
2. Add this to your configuration file:
{
"mcpServers": {
"security-tools-bridge": {
"command": "npx",
"args": [
"-y",
"@cyproxio/mcp-for-security"
]
}
}
}
3. Restart Claude Desktop for the changes to take effect