The MCP for Security Tools server provides a standardized interface to access various security testing tools through the Model Context Protocol. This implementation allows AI assistants and other systems to easily interact with popular security tools using a consistent API.
Before installing the MCP server, ensure you have:
To set up the MCP server:
Clone the repository:
git clone https://github.com/username/mcp-security-tools.git
cd mcp-security-tools
Install dependencies:
npm install
Build the project:
npm run build
The FFUF MCP server wraps the FFUF fuzzing tool for web application fuzzing.
Run the FFUF MCP server:
ffuf-mcp <path-to-ffuf-binary>
Claude configuration:
"ffuf": {
"command": "node",
"args": [
"/path/to/build/index.js",
"ffuf"
]
}
url: Target URL to fuzzffuf_args: Array of additional FFUF argumentsThe SQLmap MCP server provides SQL injection testing capabilities through MCP.
Run the SQLmap MCP server:
sqlmap-mcp <path-to-sqlmap-binary>
Claude configuration:
"sqlmap": {
"command": "node",
"args": [
"/path/to/build/index.js",
"sqlmap"
]
}
url: Target URL to test for SQL injectionsqlmap_args: Array of additional SQLmap argumentsThe Masscan MCP server wraps the Masscan port scanning tool.
Run the Masscan MCP server:
masscan-mcp <path-to-masscan-binary>
Claude configuration:
"masscan": {
"command": "node",
"args": [
"/path/to/build/index.js",
"masscan"
]
}
target: Target IP to scanport: Port numbers to targetmasscan_args: Array of additional Masscan argumentsThe Nmap MCP server provides port scanning capabilities through MCP.
Run the Nmap MCP server:
nmap-mcp <path-to-nmap-binary>
Claude configuration:
"nmap": {
"command": "node",
"args": [
"/path/to/build/index.js",
"nmap"
]
}
target: Target IP to scannmap_args: Array of additional Nmap argumentsThe MobSF MCP server wraps Mobile Security Framework for analyzing mobile applications.
Run the MobSF MCP server:
mobsf-mcp <base_url> <api_key>
Claude configuration:
"mobsf": {
"command": "node",
"args": [
"/path/to/build/index.js",
"http://127.0.0.1:8000",
"<api key>"
]
}
base_url: The MobSF server URL (e.g., http://localhost:8000)api_key: Your MobSF API keyThe Nuclei MCP server wraps the Nuclei vulnerability scanner.
Run the Nuclei MCP server:
nuclei-mcp <path-to-nuclei-binary>
Claude configuration:
"nuclei": {
"command": "node",
"args": [
"/path/to/build/index.js",
"</usr/local/go/bin/nuclei>"
]
}
url: The target URL to scan (required)tags: Comma-separated list of template tags to filter which checks to run (optional)The SSLscan MCP server provides SSL/TLS scanning capabilities.
Run the SSLscan MCP server:
sslscan-mcp <path-to-sslscan-binary>
Claude configuration:
"sslscan": {
"command": "node",
"args": [
"/path/to/build/index.js",
"<sslscan>"
]
}
target: The target URL to scan (required)sslscan_args: Array of additional SSLscan argumentsThis server analyzes HTTP response headers against OWASP security standards.
Run the HTTP Headers Security MCP server:
http-headers-security-mcp
Claude configuration:
"http_header_analyze": {
"command": "node",
"args": [
"/path/to/build/index.js"
]
}
target: The target URL to analyze HTTP headers (required)This server retrieves historical URLs from the Wayback Machine.
Run the Waybackurls MCP server:
waybackurls-mcp <path-to-waybackurls-binary>
Claude configuration:
"waybackurls": {
"command": "node",
"args": [
"/path/to/build/index.js",
"waybackurls"
]
}
target: The domain to retrieve historical URLs for (required)noSub: Boolean flag to control whether subdomains should be included (default: false)The Alterx MCP server provides pattern-based wordlist generation for subdomain discovery.
Run the Alterx MCP server:
alterx-mcp <path-to-alterx-binary>
Claude configuration:
"alterx": {
"command": "node",
"args": [
"/path/to/build/index.js",
"alterx"
]
}
domain: The target domain or subdomains to use as a base for creating permutations (required)pattern: The pattern template to use for generating wordlist variations (required)outputFilePath: Path where the generated wordlist should be saved (optional)There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.
If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.
To add a global MCP server go to Cursor Settings > MCP and click "Add new global MCP server".
When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:
{
"mcpServers": {
"cursor-rules-mcp": {
"command": "npx",
"args": [
"-y",
"cursor-rules-mcp"
]
}
}
}
To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.
Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.
The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.
You can also explictly ask the agent to use the tool by mentioning the tool name and describing what the function does.