Penetration Testing MCP connectors
Security, SEO and AI-visibility scanner for web apps · free scans and focused checks via MCP.
55 tools, 7 Resources, Sigma rules, email SPF/DMARC, MITRE, CVE/KEV, risk_score. No key.
ZEN SecDB MCP server for CVE intelligence, CVSS/EPSS scoring, advisories, SSVC, and package audits.
Query OSV.dev for package vulnerabilities and batch-audit dependency lists via MCP.
Free no-account URL security scan: 0-100 Launch Readiness score for any live site in ~15 seconds.
Post-quantum cryptography (PQC) vulnerability scanner. Detects ECDSA, RSA, AES-128 and other quantum-vulnerable algorithms in GitHub/GitLab/Bitbucket repos and Ethereum smart contracts. Returns risk score 0-100, CBOM (CycloneDX 1.6), and migration paths to NIST FIPS 203/204/205. Free tier: 10 scans/day, no key required.
Security research: MCP registries verify identity, not tool behavior. See gtfo.dev.
Scan the open TCP ports of your own public IP. Fast (32) or deep (65535). No key, no signup.
Find known subdomains of a domain. Passive data; may include historic entries. List or count.
Compliance & security scan for your app: secrets, exposed files, headers, privacy, AI-disclosure.
Security tools for AI agents: scan MCP servers, validate HDP delegation chains, audit releases.
Scan configs, files, or text for leaked secrets and obvious misconfigurations. Nothing stored.
Find the right security-disclosure contact for any internet asset (domain, IP, package, repo, app).
Offline methodology engine for authorized penetration testing, CTF, and security research.
Query 90 days of honeypot probe data: IP reputation, scanners, CVE probing, TLS/SSH fingerprints.
Linux kernel CVE analyzer: upload a .config, get a CycloneDX VEX report of affecting CVEs.
Scans remote MCP servers for protocol, security, and TLS issues; exposes scan tools via MCP.
Scan any website or MCP server for agent-trust-readiness; returns a signed, verifiable scorecard.