Security Tools Bridge MCP server

Bridges popular security tools (Nmap, Masscan, SQLMap, FFUF) with external systems for network scanning, port discovery, SQL injection testing, and web fuzzing operations
Back to servers
Setup instructions
Provider
Cyprox
Release date
Apr 04, 2025
Language
TypeScript
Stats
304 stars

MCP for Security is a collection of server implementations for various security testing tools, all accessible through a standardized Model Context Protocol (MCP) interface. These servers allow you to use popular security tools through a unified approach, making security testing more consistent and accessible.

Installation Options

Using Docker (Recommended)

The simplest way to use MCP servers is through the provided Docker image:

docker pull cyprox/mcp-for-security

This image can be used directly or through any MCP client with Docker support, such as the Cyprox platform.

Manual Installation

If you prefer manual installation, you can use the provided setup script:

./start.sh

Note that each MCP server may have different dependencies. Always refer to the specific tool's documentation for detailed setup instructions.

Available Security Tools

Reconnaissance Tools

Subdomain Discovery

Alterx

Pattern-based wordlist generator for subdomain discovery.

docker run cyprox/mcp-for-security alterx-mcp --domain example.com --pattern "{{word}}.{{domain}}" --wordlist /path/to/wordlist.txt

Amass

Advanced subdomain enumeration with both passive and active capabilities.

docker run cyprox/mcp-for-security amass-mcp --domain example.com --passive

Assetfinder

Fast passive subdomain discovery.

docker run cyprox/mcp-for-security assetfinder-mcp --domain example.com

Cero

Certificate-based subdomain enumeration using TLS handshakes.

docker run cyprox/mcp-for-security cero-mcp --domain example.com

Certificate Search (crt.sh)

Queries SSL certificate transparency logs for subdomains.

docker run cyprox/mcp-for-security crtsh-mcp --domain example.com

Shuffledns

High-speed DNS brute-forcing tool.

docker run cyprox/mcp-for-security shuffledns-mcp --domain example.com --wordlist /path/to/wordlist.txt --resolvers /path/to/resolvers.txt

Web Application Testing

Arjun

Discovers hidden HTTP parameters in web applications.

docker run cyprox/mcp-for-security arjun-mcp --url https://example.com/path --method GET

FFUF

Web content fuzzing to discover hidden files and directories.

docker run cyprox/mcp-for-security ffuf-mcp --url https://example.com/FUZZ --wordlist /path/to/wordlist.txt

HTTP Headers Security

Analyzes HTTP response headers against OWASP security standards.

docker run cyprox/mcp-for-security http-headers-security-mcp --url https://example.com

Httpx

Fast HTTP probing tool for validating and analyzing discovered hosts.

docker run cyprox/mcp-for-security httpx-mcp --urls https://example.com,https://subdomain.example.com

Katana

Flexible web crawler with JavaScript parsing capabilities.

docker run cyprox/mcp-for-security katana-mcp --url https://example.com --depth 3 --js-crawl

Smuggler

Detects HTTP Request Smuggling vulnerabilities.

docker run cyprox/mcp-for-security smuggler-mcp --url https://example.com

SQLmap

Advanced SQL injection detection and exploitation.

docker run cyprox/mcp-for-security sqlmap-mcp --url "https://example.com/page.php?id=1" --level 3 --risk 2

Waybackurls

Retrieves historical URLs from the Wayback Machine.

docker run cyprox/mcp-for-security waybackurls-mcp --domain example.com

WPScan

WordPress vulnerability scanner for themes, plugins, and misconfigurations.

docker run cyprox/mcp-for-security wpscan-mcp --url https://example-wordpress-site.com

Network Security Tools

Masscan

Fast port scanner for network discovery.

docker run cyprox/mcp-for-security masscan-mcp --target 192.168.1.0/24 --ports 1-1000

Nmap

Comprehensive network scanning for service discovery and vulnerability detection.

docker run cyprox/mcp-for-security nmap-mcp --target example.com --ports 1-1000 --service-detection

SSLScan

Analyzes SSL/TLS configurations for security issues.

docker run cyprox/mcp-for-security sslscan-mcp --target example.com

Specialized Tools

MobSF

Mobile security testing framework for Android, iOS, and Windows applications.

docker run cyprox/mcp-for-security mobsf-mcp --file /path/to/mobile-app.apk

Nuclei

Template-based vulnerability scanner with extensive security checks.

docker run cyprox/mcp-for-security nuclei-mcp --target https://example.com --templates cves

Scout Suite

Cloud security auditing tool for assessing service configurations.

docker run cyprox/mcp-for-security scoutsuite-mcp --provider aws --profile default

Usage Tips

  • Combine multiple tools for comprehensive security assessments
  • Process outputs from one tool to feed into another
  • For complex scans, consider using the Cyprox platform to orchestrate multiple tools
  • Review each tool's specific documentation for advanced configuration options

Performance Considerations

  • Use appropriate rate limiting to avoid overwhelming target systems
  • Consider the target's infrastructure when running intensive scans
  • For large-scale scans, ensure adequate resources are allocated to Docker containers

How to install this MCP server

For Claude Code

To add this MCP server to Claude Code, run this command in your terminal:

claude mcp add-json "security-tools-bridge" '{"command":"npx","args":["-y","@cyproxio/mcp-for-security"]}'

See the official Claude Code MCP documentation for more details.

For Cursor

There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.

If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.

Adding an MCP server to Cursor globally

To add a global MCP server go to Cursor Settings > Tools & Integrations and click "New MCP Server".

When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:

{
    "mcpServers": {
        "security-tools-bridge": {
            "command": "npx",
            "args": [
                "-y",
                "@cyproxio/mcp-for-security"
            ]
        }
    }
}

Adding an MCP server to a project

To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.

How to use the MCP server

Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.

The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.

You can also explicitly ask the agent to use the tool by mentioning the tool name and describing what the function does.

For Claude Desktop

To add this MCP server to Claude Desktop:

1. Find your configuration file:

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%\Claude\claude_desktop_config.json
  • Linux: ~/.config/Claude/claude_desktop_config.json

2. Add this to your configuration file:

{
    "mcpServers": {
        "security-tools-bridge": {
            "command": "npx",
            "args": [
                "-y",
                "@cyproxio/mcp-for-security"
            ]
        }
    }
}

3. Restart Claude Desktop for the changes to take effect

Want to 10x your AI skills?

Get a free account and learn to code + market your apps using AI (with or without vibes!).

Nah, maybe later