playbooks
Learn Rules MCPs Modes
AI Image Editor
Log in

Hydra Penetration Testing Toolkit MCP server

Unifies multiple penetration testing tools including Nmap, SQLMap, and others for network scanning, vulnerability assessment, and security reconnaissance through a containerized Python interface.
Back to servers
Provider
HappyHackingSpace
Release date
Apr 23, 2025
Language
Python
Stats
3 stars
View on GitHub

HydraΜCP is a lightweight, extensible cybersecurity toolkit that connects AI assistants to security tools through the Model Context Protocol (MCP), enabling AI-assisted security research, scanning, and analysis. It provides a seamless way to integrate various security tools with AI assistants like Claude or GitHub Copilot.

Installation

To install HydraΜCP, follow these steps to build the Docker image:

git clone https://github.com/happyhackingspace/mcp-hydra.git
cd mcp-hydra
docker build -t hydramcp .

Configuration

For Claude Desktop

Edit your claude_desktop_config.json file to include the HydraΜCP server:

{
  "mcpServers": {
    "HydraMCP": {
      "command": "docker",
      "args": ["run", "--rm", "-i","--name","hydramcp", "hydramcp"]
    }
  }
}

For GitHub Copilot in VSCode

Create an MCP configuration file:

mkdir -p .vscode
cd .vscode
touch mcp.json

Add the following configuration to mcp.json:

{
    "servers": {
        "HydraMCP": {
            "command": "docker",
            "args": [
                "run",
                "--rm",
                "-i",
                "--net=host",
                "--privileged",
                "--name",
                "hydramcp",
                "hydramcp"
            ]
        }
    }
}

Using HydraΜCP Tools

HydraΜCP provides access to various security tools. Here are example prompts to use with your AI assistant:

Sublist3r (Domain Enumeration)

Use Sublist3rScanner to find all subdomains for example.com and save results to the "recon" folder.

DNSRecon (DNS Reconnaissance)

Run a DNS reconnaissance scan on example.com using DNSReconScanner with standard scan type.

Holehe (Email Registration Checker)

Use HoleheScanner to check if the email address [email protected] is registered on various websites.

Nmap (Network Scanner)

Scan 192.168.1.1 with NmapScanner to check for open ports in the range 1-1000.

OCR (Optical Character Recognition)

Use OcrScanner to extract text from the screenshot at /path/to/image.png.

Sqlmap (SQL Injection Scanner)

Run SqlmapScanner on http://testphp.vulnweb.com/listproducts.php?cat=1 to check for SQL injection vulnerabilities.

WPScan (WordPress Security Scanner)

Use WPScanScanner to scan the WordPress site at https://example.com for vulnerabilities.

Zmap (Internet Scanner)

Scan the subnet 192.168.1.0/24 for systems with port 80 open using ZmapScanner with 1M bandwidth.

Available Tools

HydraΜCP currently includes the following implemented tools:

  • Sublist3r - Domain enumeration tool
  • DNSRecon - DNS Reconnaissance tool
  • Holehe - Email registration checker
  • Nmap - Network scanner
  • OCR - Optical Character Recognition
  • Sqlmap - SQL injection scanner
  • WPScan - WordPress security scanner
  • Zmap - Internet scanner

How to add this MCP server to Cursor

There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.

If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.

Adding an MCP server to Cursor globally

To add a global MCP server go to Cursor Settings > MCP and click "Add new global MCP server".

When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:

{
    "mcpServers": {
        "cursor-rules-mcp": {
            "command": "npx",
            "args": [
                "-y",
                "cursor-rules-mcp"
            ]
        }
    }
}

Adding an MCP server to a project

To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.

How to use the MCP server

Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.

The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.

You can also explictly ask the agent to use the tool by mentioning the tool name and describing what the function does.

Want to 10x your AI skills?

Get a free account and learn to code + market your apps using AI (with or without vibes!).

Nah, maybe later