Security Tools Bridge MCP server

Bridges popular security tools (Nmap, Masscan, SQLMap, FFUF) with external systems for network scanning, port discovery, SQL injection testing, and web fuzzing operations
Back to servers
Provider
Cyprox
Release date
Apr 04, 2025
Language
TypeScript
Stats
37 stars

The MCP for Security Tools server provides a standardized interface to access various security testing tools through the Model Context Protocol. This implementation allows AI assistants and other systems to easily interact with popular security tools using a consistent API.

Installation

Prerequisites

Before installing the MCP server, ensure you have:

  • Node.js installed
  • The security tools you want to use (FFUF, SQLmap, Masscan, etc.) installed on your system

Setup

To set up the MCP server:

  1. Clone the repository:

    git clone https://github.com/username/mcp-security-tools.git
    cd mcp-security-tools
    
  2. Install dependencies:

    npm install
    
  3. Build the project:

    npm run build
    

Tool Configurations

FFUF MCP Server

The FFUF MCP server wraps the FFUF fuzzing tool for web application fuzzing.

Setup and Usage

Run the FFUF MCP server:

ffuf-mcp <path-to-ffuf-binary>

Claude configuration:

"ffuf": {
  "command": "node",
  "args": [
    "/path/to/build/index.js",
    "ffuf"
  ]
}

Parameters

  • url: Target URL to fuzz
  • ffuf_args: Array of additional FFUF arguments

SQLmap MCP Server

The SQLmap MCP server provides SQL injection testing capabilities through MCP.

Setup and Usage

Run the SQLmap MCP server:

sqlmap-mcp <path-to-sqlmap-binary>

Claude configuration:

"sqlmap": {
  "command": "node",
  "args": [
    "/path/to/build/index.js",
    "sqlmap"
  ]
}

Parameters

  • url: Target URL to test for SQL injection
  • sqlmap_args: Array of additional SQLmap arguments

Masscan MCP Server

The Masscan MCP server wraps the Masscan port scanning tool.

Setup and Usage

Run the Masscan MCP server:

masscan-mcp <path-to-masscan-binary>

Claude configuration:

"masscan": {
  "command": "node",
  "args": [
    "/path/to/build/index.js",
    "masscan"
  ]
}

Parameters

  • target: Target IP to scan
  • port: Port numbers to target
  • masscan_args: Array of additional Masscan arguments

Nmap MCP Server

The Nmap MCP server provides port scanning capabilities through MCP.

Setup and Usage

Run the Nmap MCP server:

nmap-mcp <path-to-nmap-binary>

Claude configuration:

"nmap": {
  "command": "node",
  "args": [
    "/path/to/build/index.js",
    "nmap"
  ]
}

Parameters

  • target: Target IP to scan
  • nmap_args: Array of additional Nmap arguments

MobSF MCP Server

The MobSF MCP server wraps Mobile Security Framework for analyzing mobile applications.

Setup and Usage

Run the MobSF MCP server:

mobsf-mcp <base_url> <api_key>

Claude configuration:

"mobsf": {
  "command": "node",
  "args": [
    "/path/to/build/index.js",
    "http://127.0.0.1:8000",
    "<api key>"
  ]
}

Parameters

  • base_url: The MobSF server URL (e.g., http://localhost:8000)
  • api_key: Your MobSF API key

Nuclei MCP Server

The Nuclei MCP server wraps the Nuclei vulnerability scanner.

Setup and Usage

Run the Nuclei MCP server:

nuclei-mcp <path-to-nuclei-binary>

Claude configuration:

"nuclei": {
  "command": "node",
  "args": [
    "/path/to/build/index.js",
    "</usr/local/go/bin/nuclei>"
  ]
}

Parameters

  • url: The target URL to scan (required)
  • tags: Comma-separated list of template tags to filter which checks to run (optional)

SSLscan MCP Server

The SSLscan MCP server provides SSL/TLS scanning capabilities.

Setup and Usage

Run the SSLscan MCP server:

sslscan-mcp <path-to-sslscan-binary>

Claude configuration:

"sslscan": {
  "command": "node",
  "args": [
    "/path/to/build/index.js",
    "<sslscan>"
  ]
}

Parameters

  • target: The target URL to scan (required)
  • sslscan_args: Array of additional SSLscan arguments

HTTP Headers Security MCP Server

This server analyzes HTTP response headers against OWASP security standards.

Setup and Usage

Run the HTTP Headers Security MCP server:

http-headers-security-mcp

Claude configuration:

"http_header_analyze": {
  "command": "node",
  "args": [
    "/path/to/build/index.js"
  ]
}

Parameters

  • target: The target URL to analyze HTTP headers (required)

Waybackurls MCP Server

This server retrieves historical URLs from the Wayback Machine.

Setup and Usage

Run the Waybackurls MCP server:

waybackurls-mcp <path-to-waybackurls-binary>

Claude configuration:

"waybackurls": {
  "command": "node",
  "args": [
    "/path/to/build/index.js",
    "waybackurls"
  ]
}

Parameters

  • target: The domain to retrieve historical URLs for (required)
  • noSub: Boolean flag to control whether subdomains should be included (default: false)

Alterx MCP Server

The Alterx MCP server provides pattern-based wordlist generation for subdomain discovery.

Setup and Usage

Run the Alterx MCP server:

alterx-mcp <path-to-alterx-binary>

Claude configuration:

"alterx": {
  "command": "node",
  "args": [
    "/path/to/build/index.js",
    "alterx"
  ]
}

Parameters

  • domain: The target domain or subdomains to use as a base for creating permutations (required)
  • pattern: The pattern template to use for generating wordlist variations (required)
  • outputFilePath: Path where the generated wordlist should be saved (optional)

How to add this MCP server to Cursor

There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.

If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.

Adding an MCP server to Cursor globally

To add a global MCP server go to Cursor Settings > MCP and click "Add new global MCP server".

When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:

{
    "mcpServers": {
        "cursor-rules-mcp": {
            "command": "npx",
            "args": [
                "-y",
                "cursor-rules-mcp"
            ]
        }
    }
}

Adding an MCP server to a project

To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.

How to use the MCP server

Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.

The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.

You can also explictly ask the agent to use the tool by mentioning the tool name and describing what the function does.

Want to 10x your AI skills?

Get a free account and learn to code + market your apps using AI (with or without vibes!).

Nah, maybe later