playbooks
Learn Cursor Rules Windsurf Rules MCPs Modes
Log in

Security Tools Bridge MCP server

Bridges popular security tools (Nmap, Masscan, SQLMap, FFUF) with external systems for network scanning, port discovery, SQL injection testing, and web fuzzing operations
Back to servers
Setup instructions
Provider
Cyprox
Release date
Apr 04, 2025
Language
TypeScript
Stats
395 stars
View on GitHub

The MCP for Security server provides standardized interfaces for various security testing tools through the Model Context Protocol. This integration makes security tools accessible through a consistent API, enabling seamless automation of security testing workflows.

Installation

Docker Method

The recommended way to install and use the MCP server is through Docker:

docker pull cyprox/mcp-for-security

This image can be used directly from any MCP client with Docker support, including the Cyprox platform.

Manual Installation

Since each MCP server has different dependencies, a general setup script is provided:

./start.sh

It's recommended to check the specific tool's documentation for any additional installation requirements.

Available Security Tools

The MCP server provides access to multiple security tools through a standardized interface:

Reconnaissance Tools

  • Assetfinder: Passive subdomain discovery
  • Amass: Advanced subdomain enumeration with passive and active modes
  • Alterx: Pattern-based wordlist generator for subdomain discovery
  • Certificate Search (crt.sh): Subdomain discovery using SSL certificate logs
  • Cero: Certificate-based subdomain enumeration
  • shuffledns: High-speed DNS brute-forcing and resolution
  • Waybackurls: Historical URL retrieval from the Wayback Machine

Web Application Testing

  • Arjun: Hidden HTTP parameter discovery
  • FFUF: Web content fuzzing for finding hidden files and directories
  • Gowitness: Web screenshot and reconnaissance tool
  • HTTP Headers Security: Security header analysis against OWASP standards
  • httpx: Fast HTTP toolkit for port scanning
  • Katana: Flexible web crawler with JS parsing
  • Nuclei: Template-based vulnerability scanner
  • SQLmap: SQL injection detection and exploitation
  • Smuggler: HTTP Request Smuggling vulnerability detection

Network Testing

  • Masscan: Fast port scanner for large-scale network discovery
  • Nmap: Comprehensive network scanning tool

Cloud & Application Security

  • MobSF: Mobile security framework for app analysis
  • Scout Suite: Cloud security auditing tool
  • SSLScan: SSL/TLS configuration analyzer
  • WPScan: WordPress vulnerability scanner

Using the MCP Server

Basic Usage Pattern

All tools follow a similar pattern when used through the MCP server:

  1. Select the specific tool
  2. Configure tool-specific parameters
  3. Execute the scan
  4. Retrieve and analyze results

Example: Running a Basic Subdomain Scan with Amass

# Using an MCP client to run Amass through the MCP server
mcp-client run amass-mcp --domain example.com --mode passive

Example: Web Content Discovery with FFUF

# Using an MCP client to run FFUF through the MCP server
mcp-client run ffuf-mcp --url https://example.com --wordlist common.txt

Example: Network Scanning with Nmap

# Using an MCP client to run Nmap through the MCP server
mcp-client run nmap-mcp --target 192.168.1.1 --ports 1-1000

Tool-Specific Usage

Each tool has specific parameters and capabilities. For detailed usage instructions, refer to the individual tool documentation through the MCP server's help command:

mcp-client help [tool-name]

For example:

mcp-client help nuclei-mcp

This will display the available parameters and options for the specified tool.

How to install this MCP server

For Claude Code

To add this MCP server to Claude Code, run this command in your terminal:

claude mcp add-json "security-tools-bridge" '{"command":"npx","args":["-y","@cyproxio/mcp-for-security"]}'

See the official Claude Code MCP documentation for more details.

For Cursor

There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.

If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.

Adding an MCP server to Cursor globally

To add a global MCP server go to Cursor Settings > Tools & Integrations and click "New MCP Server".

When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:

{
    "mcpServers": {
        "security-tools-bridge": {
            "command": "npx",
            "args": [
                "-y",
                "@cyproxio/mcp-for-security"
            ]
        }
    }
}

Adding an MCP server to a project

To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.

How to use the MCP server

Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.

The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.

You can also explicitly ask the agent to use the tool by mentioning the tool name and describing what the function does.

For Claude Desktop

To add this MCP server to Claude Desktop:

1. Find your configuration file:

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%\Claude\claude_desktop_config.json
  • Linux: ~/.config/Claude/claude_desktop_config.json

2. Add this to your configuration file:

{
    "mcpServers": {
        "security-tools-bridge": {
            "command": "npx",
            "args": [
                "-y",
                "@cyproxio/mcp-for-security"
            ]
        }
    }
}

3. Restart Claude Desktop for the changes to take effect

Want to 10x your AI skills?

Get a free account and learn to code + market your apps using AI (with or without vibes!).

Nah, maybe later