Security Tools Bridge MCP server

Bridges popular security tools (Nmap, Masscan, SQLMap, FFUF) with external systems for network scanning, port discovery, SQL injection testing, and web fuzzing operations
Back to servers
Provider
Cyprox
Release date
Apr 04, 2025
Language
TypeScript
Stats
144 stars

The Model Context Protocol (MCP) server provides a standardized interface for various security testing tools, making them easier to use and integrate into your security workflows. This collection includes tools for subdomain discovery, vulnerability scanning, network reconnaissance, and more.

Installation

To use the MCP servers for security tools, you'll need to install each tool separately according to your needs. Below are general installation instructions that apply to most tools in the collection.

Prerequisites

  • Node.js (latest LTS version recommended)
  • Docker (for containerized tools)
  • Required dependencies for specific security tools

General Installation Steps

  1. Clone the repository:

    git clone https://github.com/your-org/mcp-security-tools.git
    cd mcp-security-tools
    
  2. Navigate to the specific tool directory:

    cd tool-name-mcp
    
  3. Install dependencies:

    npm install
    
  4. Build the MCP server:

    npm run build
    
  5. Start the server:

    npm start
    

Available Tools and Usage

Below are brief descriptions and usage examples for some of the key security tools available through MCP:

Amass

Advanced subdomain enumeration and reconnaissance tool.

# Start the Amass MCP server
cd amass-mcp
npm start

# Example usage
curl -X POST http://localhost:3000/run -H "Content-Type: application/json" -d '{"domain": "example.com", "passive": true}'

Alterx

Pattern-based wordlist generator for subdomain discovery.

# Start the Alterx MCP server
cd alterx-mcp
npm start

# Example usage
curl -X POST http://localhost:3000/run -H "Content-Type: application/json" -d '{"domain": "example.com", "pattern": "{domain}-{0001-9999}"}'

FFUF

Web content fuzzing tool for discovering hidden files and directories.

# Start the FFUF MCP server
cd ffuf-mcp
npm start

# Example usage
curl -X POST http://localhost:3000/run -H "Content-Type: application/json" -d '{"url": "https://example.com/FUZZ", "wordlist": "/path/to/wordlist.txt"}'

Nmap

Comprehensive network scanning tool.

# Start the Nmap MCP server
cd nmap-mcp
npm start

# Example usage
curl -X POST http://localhost:3000/run -H "Content-Type: application/json" -d '{"target": "example.com", "options": "-sV -p 1-1000"}'

Nuclei

Template-based vulnerability scanner.

# Start the Nuclei MCP server
cd nuclei-mcp
npm start

# Example usage
curl -X POST http://localhost:3000/run -H "Content-Type: application/json" -d '{"target": "https://example.com", "templates": "cves"}'

Common Parameters

Most MCP servers for security tools support these common parameters:

  • target/domain: The target domain or URL to scan
  • output: Output file path for saving results
  • verbose: Enable verbose logging (true/false)
  • timeout: Timeout in seconds for the operation

Advanced Configuration

Running Multiple Tools in Sequence

You can create a script to run multiple MCP servers and chain them together:

#!/bin/bash

# Start all MCP servers
cd amass-mcp && npm start &
cd ../nmap-mcp && npm start &
cd ../nuclei-mcp && npm start &

# Wait for servers to start
sleep 5

# Run subdomain enumeration
curl -X POST http://localhost:3000/run -H "Content-Type: application/json" -d '{"domain": "example.com"}' > subdomains.json

# Run port scanning on discovered subdomains
curl -X POST http://localhost:3001/run -H "Content-Type: application/json" -d @subdomains.json > ports.json

# Run vulnerability scanning
curl -X POST http://localhost:3002/run -H "Content-Type: application/json" -d @ports.json > vulnerabilities.json

Using Docker Containers

Most MCP servers can be containerized for easier deployment:

# Build a Docker image
cd tool-name-mcp
docker build -t tool-name-mcp .

# Run the container
docker run -p 3000:3000 tool-name-mcp

Troubleshooting

If you encounter issues with any MCP server:

  1. Check if the underlying tool is properly installed
  2. Verify that the server is running on the expected port
  3. Check logs for error messages:
    npm start | tee server.log
    
  4. Ensure your request payload matches the expected format

How to add this MCP server to Cursor

There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.

If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.

Adding an MCP server to Cursor globally

To add a global MCP server go to Cursor Settings > MCP and click "Add new global MCP server".

When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:

{
    "mcpServers": {
        "cursor-rules-mcp": {
            "command": "npx",
            "args": [
                "-y",
                "cursor-rules-mcp"
            ]
        }
    }
}

Adding an MCP server to a project

To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.

How to use the MCP server

Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.

The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.

You can also explictly ask the agent to use the tool by mentioning the tool name and describing what the function does.

Want to 10x your AI skills?

Get a free account and learn to code + market your apps using AI (with or without vibes!).

Nah, maybe later