Provides tools for decoding and inspecting JSON Web Tokens (JWT), including header, payload, and signature analysis for security testing and CTF challenges.
Generates Perl reverse shell payloads for penetration testing and CTF challenges, with configurable host and port parameters.
Generates PHP reverse shell payloads for web exploitation and CTF challenges, with configurable host and port parameters.
Generates Python reverse shell payloads for penetration testing and CTF challenges, with configurable host and port parameters.
Generates Ruby reverse shell payloads for penetration testing and CTF challenges, with configurable host and port parameters.
Security Toolkit MCP Server
A Model Context Protocol (MCP) server providing essential security and CTF tools directly through AI assistants. Perfect for beginners learning Capture The Flag challenges and security testing.
Overview
This MCP server integrates powerful security tools into your AI workflow, making it easier to solve CTF challenges without memorizing complex commands. It's designed for beginners who want to learn security concepts while having helpful tools at their fingertips.
Features
Cryptography & Encoding Tools
Hash Identification - Identify hash types (MD5, SHA-1, SHA-256, SHA-512, bcrypt, NTLM)
Multi-format Decoder - Decode Base64, Hex, URL, ROT13, and Binary strings
XOR Bruteforce - Crack XOR-encrypted data with single or multi-byte keys
Frequency Analysis - Analyze substitution ciphers using letter frequency
JWT Decoder - Decode and inspect JSON Web Tokens
Exploitation Tools
Reverse Shell Generator - Generate payloads for Bash, Python, PHP, Perl, Ruby, and Netcat
SQL Injection Payloads - Get SQLi payloads (basic, union, blind, error-based, time-based)
Information Gathering
CVE Lookup - Fetch vulnerability details from the National Vulnerability Database
Port Service Lookup - Identify common services running on specific ports
Prerequisites
Python 3.8 or higher
An MCP-compatible AI client (Claude Desktop, Cline, etc.)
Installation
Step 1: Setup
Step 2: Configure Your AI Client
For Claude Desktop
Add to your claude_desktop_config.json:
Windows: %APPDATA%\Claude\claude_desktop_config.json
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Linux: ~/.config/Claude/claude_desktop_config.json
For Cline (VS Code Extension)
Add to Cline MCP Settings:
Step 3: Restart Your AI Client
Restart Claude Desktop or reload VS Code to load the MCP server.
Usage Examples
Once configured, you can ask your AI assistant to use these tools naturally:
Hash Identification
Decoding Strings
XOR Bruteforce
Frequency Analysis
JWT Decoding
Reverse Shells
SQL Injection
CVE Lookup
Port Identification
Available Tools Reference
Tool | Description | CTF Use Cases |
| Identifies hash types | Web challenges, password cracking |
| Decodes various formats | Steganography, crypto challenges |
| Cracks XOR encryption | Crypto challenges |
| Analyzes cipher patterns | Classical crypto |
| Decodes JWT tokens | Web exploitation |
| Creates reverse shells | Post-exploitation, pwn |
| SQL injection templates | Web challenges |
| Fetches CVE details | Real-world vuln research |
| Identifies port services | Reconnaissance, enumeration |
Learning Resources for Beginners
Recommended CTF Platforms
PicoCTF - Beginner-friendly CTF platform with guided challenges
OverTheWire - Progressive wargames for learning security concepts
TryHackMe - Guided cybersecurity training with virtual labs
HackTheBox Academy - Structured learning paths for various security topics
Understanding the Tools
Hash Identification: Learn about different hash algorithms and their characteristics
Encoding vs Encryption: Understand the difference (encoding is reversible without a key)
XOR Cipher: A simple but common encryption method frequently used in CTFs
SQL Injection: One of the most common web vulnerabilities in real-world applications
Security and Legal Notice
Educational Use Only
This tool is designed for:
Learning cybersecurity concepts
Authorized CTF competitions
Legal penetration testing with explicit permission
Testing your own systems and networks
Prohibited Uses
Do NOT use this tool for:
Unauthorized access to systems
Illegal hacking activities
Testing systems without explicit permission
Any malicious purposes
Always obtain proper written authorization before testing any system you don't own.
Troubleshooting
MCP Server Not Loading
Verify Python is in your system PATH
Check that the absolute path to
server.pyis correctEnsure all dependencies are installed:
pip install mcp requestsReview the AI client logs for error messages
Confirm you're using Python 3.8 or higher
Tool Not Responding
Restart your AI client after making configuration changes
Verify the server is listed in your MCP settings
Check terminal/console output for error messages
Ensure no firewall is blocking the MCP connection
CVE Lookup Issues
The National Vulnerability Database API may have rate limits
Ensure you have an active internet connection
Verify the CVE ID format follows the pattern: CVE-YYYY-NNNNN
Some CVEs may not be available if recently published
Technical Details
Dependencies
mcp- Model Context Protocol frameworkrequests- HTTP library for CVE lookups
Architecture
The server uses FastMCP to expose security tools as callable functions through the MCP protocol. Each tool is implemented as a decorated function that returns JSON-formatted results.
Why Use MCP for Security Tools?
The Model Context Protocol integration provides several advantages:
Context Awareness - AI assistants maintain conversation context across multiple tool uses
Intelligent Chaining - Tools can be combined automatically (decode, then identify, then crack)
Natural Language Interface - No need to memorize command syntax or flags
Educational Explanations - AI can explain results in beginner-friendly terms
Adaptive Guidance - Suggestions for next steps based on tool outputs
This approach is particularly effective for learning security concepts while building practical skills.
Contributing
Contributions are welcome. When adding new tools or features:
Maintain clear, beginner-friendly documentation
Focus on educational value
Include usage examples
Add explanations for complex security concepts
Follow existing code style and patterns
License
This project is provided for educational purposes. Users are responsible for ensuring their use complies with applicable laws and regulations.
Best Practices for CTF Beginners
Start Simple - Begin with easier CTF challenges and gradually increase difficulty
Understand, Don't Just Use - Learn why tools work, not just how to use them
Document Your Process - Keep notes on what worked and what didn't
Read Write-ups - After solving (or attempting) challenges, read other solutions
Practice Regularly - Consistent practice is key to improving security skills
Join Communities - Engage with CTF communities on Discord, Reddit, or forums
Ask Questions - Use the AI assistant to explain concepts you don't understand
Getting Help
Ask your AI assistant to use these tools and explain the results in detail
Request step-by-step explanations of security concepts
Have the AI suggest alternative approaches when stuck on challenges
Use the AI to learn the theory behind each tool and technique
Remember: Ethical hacking requires permission. Always operate within legal boundaries and respect system owners' rights.