Penetration Testing
Tools and frameworks for security testing, vulnerability scanning, and penetration testing. Enables security professionals to identify and exploit security weaknesses in applications and networks.
MCP ServersBrowse all →
AlicenseAqualityFmaintenanceEnables AI assistants to perform vulnerability scanning using Grype, supporting scans of directories, container images, and packages via the Model Context Protocol.Last updated299Apache 2.0
Polygraphofficial
AlicenseAqualityCmaintenanceOpen behavioral litmus for MCP servers — grades A–F across tool-output injection, egress, sensitive-data, and adversarial-input, with reproducible, content-addressed evidence. Tools: run_litmus, verify_attestation.Last updated1241306Apache 2.0- AlicenseAqualityBmaintenanceEnables interaction with NowSecure Platform for listing applications, retrieving remediation findings, and generating remediation PDFs via REST and GraphQL APIs.Last updated25132MIT
- AlicenseAqualityDmaintenanceA Model Context Protocol (MCP) server for the Ghost Security API, providing secure access to security findings and repository data through standardized tools.Last updated71573MIT

@konsulto/mcpofficial
AlicenseAqualityBmaintenanceMCP server that enables Claude Code to drive the Konsulto cybersecurity audit platform from the CLI, including reading and writing findings, managing evidence, and handling scope and assets.Last updated19301MIT- AlicenseAqualityBmaintenanceEnables structured HTTP request creation and local file ingestion for LLM integration with Burp Suite, reducing malformed requests and token costs.Last updated2206MIT
- AlicenseAqualityAmaintenanceDomain security reconnaissance for AI agents — 13 tools (DNS+DNSSEC, SSL/TLS, HTTP security headers, SPF/DKIM/DMARC email auth, port scan, ASN, RDAP/WHOIS) plus a one-shot security_scan returning a 0–100 Health Score (A–F). Free, no API key.Last updated6131521MIT

MCP Hub Securityofficial
AlicenseAqualityBmaintenanceSecurity gate that scans MCP servers and Claude Code Skills for vulnerabilities before execution.Last updated72MIT
operant-mcpofficial
AlicenseAqualityCmaintenanceA comprehensive security testing MCP server providing 51 tools for penetration testing, network forensics, memory analysis, and vulnerability assessment. It enables automated security audits and technical investigations across web applications, cloud environments, and network captures.Last updated5115313MIT- AlicenseBqualityCmaintenanceConnects Claude Code to a Latent Defense deployment to map GitHub repositories into an infrastructure graph, discover attack paths using the JEPA energy model, and triage findings from the terminal.Last updated85Apache 2.0

agentminds-mcpofficial
AlicenseAqualityBmaintenanceMCP server for AgentMinds collective intelligence platform, enabling AI agents to scan websites for security/SEO/performance issues, pull personalized recommendations, and share findings across the network.Last updated732MIT
Symbiotic MCP Serverofficial
AlicenseAqualityDmaintenanceEnables security analysis of code and infrastructure files via MCP, using Symbiotic CLI for scanning vulnerabilities.Last updated4MIT- AlicenseBqualityDmaintenanceEnables integration with Beagle Security API for managing security testing projects, applications, domain verification, and automated penetration tests. Provides 18 tools for creating, monitoring, and retrieving results from security assessments.Last updated171MIT
- AlicenseBqualityCmaintenanceMCP server wrapping GDB and GEF for dynamic analysis, enabling interactive debugging and memory inspection via GDB/MI protocol.Last updated141MIT
- AlicenseAqualityCmaintenanceSecurity scanning for AI coding tools (Claude Code, Cursor, Windsurf) including secrets detection, MCP config vulnerabilities, agent instruction checks, threat modeling, prompt injection testing, pre-commit security checks, and dependency vulnerability scanning.Last updated71511MIT
- AlicenseAqualityDmaintenanceEnables out-of-band interaction testing by integrating ProjectDiscovery's interactsh service as an MCP server. Allows AI agents to create callback domains, send probes, and capture DNS/HTTP interactions for security testing and verification workflows.Last updated4132MIT
- AlicenseBqualityFmaintenanceA security testing tool that enables automated vulnerability detection including XSS and SQL injection, along with comprehensive browser interaction capabilities for web application penetration testing.Last updated1225222MIT
- AlicenseAqualityCmaintenanceMCP server that wraps the Frida dynamic instrumentation toolkit, allowing users to attach to processes, hook functions, enumerate modules and exports, and manage scripts through natural language.Last updated101MIT
- AlicenseAqualityDmaintenanceA comprehensive HTTP client MCP server for security testing, API testing, and web automation that provides full-featured HTTP tools with detailed logging capabilities.Last updated89MIT
- AlicenseBqualityBmaintenanceAutomated security red-team for any MCP server that scans manifests against OWASP LLM Top 10 and MCP-specific risks, returning a 0-100 hardening score and HMAC-signed report.Last updated7MIT
- AlicenseAqualityBmaintenanceAgent-native "safe to ship?" security gate for AI-generated code. Uses real parsers and inter-rocedural taint analysis (JS/TS, Python, Go) to flag the classes AI coding agents get wrong — secrets, SQL injection, SS, SSRF, path traversal, command injection, weak JWT/CORS — and ranks findings by confidence. Exposes a scan tool over MCP.Last updated1212MIT
- AlicenseAqualityAmaintenanceBawbel MCP Server lets any agent scan MCP servers and skill files for security vulnerabilities mid-conversation. Seven tools covering server-card scanning, conformance scoring, rug pull detection, and AVE threat intelligence queries. Powered by the AVE standard with OWASP MCP Top 10 mapping on every finding. Free, Apache 2.0, no API key required.Last updated101Apache 2.0
- AlicenseBqualityBmaintenanceEnables security professionals to query and analyze Active Directory attack paths from BloodHound Community Edition data using natural language through Claude Desktop's Model Context Protocol interface.Last updated79113GPL 3.0
- AlicenseAqualityAmaintenanceOWASP Agentic - MCP server providing AI-powered tools and automation by MEOK AI LabsLast updated5MIT
- AlicenseAqualityBmaintenanceA real security scanning MCP server for medical information systems, supporting port scanning, vulnerability detection, medical system identification, and compliance report generation.Last updated141MIT

Sekrd Security Scannerofficial
FlicenseAqualityCmaintenanceEnables deep security auditing of web applications directly from AI IDEs including Cursor and Claude Code. Scans URLs for vulnerabilities, returns security scores with SHIP/BLOCK verdicts, and provides specific fix prompts for remediation.Last updated3- AlicenseBqualityBmaintenanceEnables cyber defenders to query ATT\&CK techniques, list tactics, map incidents to techniques, look up threat actor groups and mitigations, all via the MCP protocol.Last updated5MIT
- AlicenseAqualityBmaintenanceEnables AI assistants to perform reverse engineering and debugging of Windows executables through x64dbg, with tools for loading executables, controlling execution, analyzing memory and security, and generating reports.Last updated39883MIT
- AlicenseAqualityFmaintenanceA Model Context Protocol server that enables AI assistants to perform network packet analysis, capture, and security operations on a remote machine via Wireshark/tshark.Last updated101MIT
- AlicenseAqualityFmaintenanceEnables scanning projects for leaked secrets and security issues directly from Claude Code, detecting secret categories, dangerous code patterns, and git hygiene issues.Last updated21MIT
MCP ConnectorsBrowse all →
55 tools, 7 Resources, Sigma rules, email SPF/DMARC, MITRE, CVE/KEV, risk_score. No key.
Query OSV.dev for package vulnerabilities and batch-audit dependency lists via MCP.
Free no-account URL security scan: 0-100 Launch Readiness score for any live site in ~15 seconds.
Post-quantum cryptography (PQC) vulnerability scanner. Detects ECDSA, RSA, AES-128 and other quantum-vulnerable algorithms in GitHub/GitLab/Bitbucket repos and Ethereum smart contracts. Returns risk score 0-100, CBOM (CycloneDX 1.6), and migration paths to NIST FIPS 203/204/205. Free tier: 10 scans/day, no key required.
Security research: MCP registries verify identity, not tool behavior. See gtfo.dev.
Scan the open TCP ports of your own public IP. Fast (32) or deep (65535). No key, no signup.
Find known subdomains of a domain. Passive data; may include historic entries. List or count.
Compliance & security scan for your app: secrets, exposed files, headers, privacy, AI-disclosure.
IaC attack-path auditor: finds internet-to-crown-jewel chains in Terraform/CFN/K8s.
Security tools for AI agents: scan MCP servers, validate HDP delegation chains, audit releases.
Scan configs, files, or text for leaked secrets and obvious misconfigurations. Nothing stored.
Find the right security-disclosure contact for any internet asset (domain, IP, package, repo, app).
Offline methodology engine for authorized penetration testing, CTF, and security research.
Query 90 days of honeypot probe data: IP reputation, scanners, CVE probing, TLS/SSH fingerprints.
Linux kernel CVE analyzer: upload a .config, get a CycloneDX VEX report of affecting CVEs.
CVE search, vulnerability database, EPSS exploit prediction, KEV, IP reputation & threat feed.
Scans remote MCP servers for protocol, security, and TLS issues; exposes scan tools via MCP.