Security Tools Bridge MCP server

Bridges popular security tools (Nmap, Masscan, SQLMap, FFUF) with external systems for network scanning, port discovery, SQL injection testing, and web fuzzing operations
Back to servers
Setup instructions
Provider
Cyprox
Release date
Apr 04, 2025
Language
TypeScript
Stats
276 stars

MCP for Security is a collection of server implementations that make various security testing tools accessible through a standardized interface called Model Context Protocol (MCP). This enables seamless integration of security tools into automated workflows and platforms while providing a consistent way to interact with different security tools.

Installation Options

Docker Installation

The simplest way to use MCP servers is through Docker:

docker pull cyprox/mcp-for-security

You can then run any of the MCP servers using Docker. This approach is recommended as it eliminates dependency conflicts and ensures consistent execution environments.

Manual Installation

If you prefer a manual installation, you can use the provided setup script:

# Clone the repository
git clone https://github.com/cyproxio/mcp-for-security.git
cd mcp-for-security

# Run the setup script
./start.sh

Note that each tool may have specific dependencies. For best results, refer to the documentation for the specific MCP server you want to use.

Available Security Tools

MCP for Security provides standardized interfaces for numerous security tools across different categories:

Reconnaissance Tools

Alterx MCP

A pattern-based wordlist generator for subdomain discovery.

docker run cyprox/mcp-for-security alterx-mcp

Amass MCP

An advanced subdomain enumeration tool with both passive and active capabilities.

docker run cyprox/mcp-for-security amass-mcp

Assetfinder MCP

A passive subdomain discovery tool that finds domains related to the target.

docker run cyprox/mcp-for-security assetfinder-mcp

Certificate Search (crt.sh) MCP

Discovers subdomains by querying SSL certificate transparency logs.

docker run cyprox/mcp-for-security crtsh-mcp

Web Scanning Tools

FFUF MCP

A web content fuzzing tool for discovering hidden files and directories.

docker run cyprox/mcp-for-security ffuf-mcp

HTTP Headers Security MCP

Analyzes HTTP security headers against OWASP standards.

docker run cyprox/mcp-for-security http-headers-security-mcp

Katana MCP

A fast web crawler with JavaScript parsing and hybrid crawling support.

docker run cyprox/mcp-for-security katana-mcp

Network Scanning Tools

Masscan MCP

A fast port scanner for large-scale network discovery.

docker run cyprox/mcp-for-security masscan-mcp

Nmap MCP

A comprehensive network scanning tool for service and vulnerability discovery.

docker run cyprox/mcp-for-security nmap-mcp

Vulnerability Scanning Tools

Nuclei MCP

A template-based vulnerability scanner with an extensive library of security checks.

docker run cyprox/mcp-for-security nuclei-mcp

SQLmap MCP

An advanced SQL injection detection and exploitation tool.

docker run cyprox/mcp-for-security sqlmap-mcp

Mobile Security Tools

MobSF MCP

A mobile security framework for analyzing mobile applications.

docker run cyprox/mcp-for-security mobsf-mcp

Using MCP Servers

Each MCP server follows a standardized interface pattern. Here's a general example of how to use an MCP server:

// Example of using an MCP client to interact with an MCP server
const client = new MCPClient("http://localhost:8080");

// Configure the scan parameters
const params = {
  target: "example.com",
  // Tool-specific parameters here
};

// Start the scan
const result = await client.scan(params);
console.log(result);

Tool-Specific Usage Examples

Using Nmap MCP

const scanResult = await client.scan({
  target: "192.168.1.1",
  ports: "1-1000",
  arguments: "-sV -sC"
});

Using SQLmap MCP

const scanResult = await client.scan({
  url: "https://vulnerable-website.com/page.php?id=1",
  level: 3,
  risk: 2,
  techniques: "BEUSTQ"
});

Using Nuclei MCP

const scanResult = await client.scan({
  target: "https://example.com",
  templates: "cves,vulnerabilities",
  severity: "critical,high"
});

Advanced Configuration

Many MCP servers support additional configuration options for fine-tuning the scan behavior:

Rate Limiting

const scanResult = await client.scan({
  target: "example.com",
  rate: 100  // Requests per second
});

Output Formatting

const scanResult = await client.scan({
  target: "example.com",
  outputFormat: "json"  // Output format (json, xml, etc.)
});

Authentication

const scanResult = await client.scan({
  target: "https://secure-site.com",
  username: "user",
  password: "pass"
});

Best Practices

  1. Always start with passive reconnaissance tools before moving to active scanning
  2. Use rate limiting for intensive scans to avoid overloading target systems
  3. Configure appropriate timeouts for long-running scans
  4. Consider running scans in sequence rather than parallel for better resource management

Each tool provides specific capabilities and parameters. For detailed documentation on each tool, refer to the individual tool's documentation linked in the project repository.

How to install this MCP server

For Claude Code

To add this MCP server to Claude Code, run this command in your terminal:

claude mcp add-json "security-tools-bridge" '{"command":"npx","args":["-y","@cyproxio/mcp-for-security"]}'

See the official Claude Code MCP documentation for more details.

For Cursor

There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.

If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.

Adding an MCP server to Cursor globally

To add a global MCP server go to Cursor Settings > Tools & Integrations and click "New MCP Server".

When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:

{
    "mcpServers": {
        "security-tools-bridge": {
            "command": "npx",
            "args": [
                "-y",
                "@cyproxio/mcp-for-security"
            ]
        }
    }
}

Adding an MCP server to a project

To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.

How to use the MCP server

Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.

The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.

You can also explicitly ask the agent to use the tool by mentioning the tool name and describing what the function does.

For Claude Desktop

To add this MCP server to Claude Desktop:

1. Find your configuration file:

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%\Claude\claude_desktop_config.json
  • Linux: ~/.config/Claude/claude_desktop_config.json

2. Add this to your configuration file:

{
    "mcpServers": {
        "security-tools-bridge": {
            "command": "npx",
            "args": [
                "-y",
                "@cyproxio/mcp-for-security"
            ]
        }
    }
}

3. Restart Claude Desktop for the changes to take effect

Want to 10x your AI skills?

Get a free account and learn to code + market your apps using AI (with or without vibes!).

Nah, maybe later