Skip to main content
Glama
deenesjakoruzh

HydraΜCP

by HappyHackingSpace
GitHub
Python
MIT License
8
OverviewInspectNewEndpointsSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

HydraΜCP — The Model Context Protocol (MCP) Pentesting Toolkit

⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠿⠿⠿⠿⠿⢿⣿⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠿⣿⣿⠟⠙⠻⠿⠋⠙⠻⠷⠄⠀⠀⠀⠀⠀⠀⢸⣿ ⣿⣿⣿⣿⣿⣿⠿⢿⠿⠋⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢠⣾⣿⣿⣿ ⣿⣿⣿⣿⣿⡿⠀⠀⠀⠀⠀⢀⣀⣤⣴⣶⣾⣿⣿⣿⣿⣿⣇⡀⠀⠈⠻⠿⣿⣿ ⣿⣿⣿⠉⠉⠀⠀⠀⠀⣠⣶⣿⣿⣿⣿⣿⣿⣿⣿⢿⣿⣿⣿⣿⣿⣷⣶⣶⣿⣿ ⣿⠿⠟⠀⠀⠀⢀⣠⣾⣿⡿⠻⠿⠟⠙⠿⠟⠻⣿⡆⠈⠻⣿⣿⣿⣿⣿⣿⣿⣿ ⣿⠀⠀⠀⠀⢀⣾⠏⠈⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠁⠀⠀⠈⠻⣿⣿⣿⣿⣿⣿ ⣿⠀⠀⠀⠀⠈⠁⠀⠀⠀⠀⣠⣤⣶⣶⣶⣶⣦⡄⠀⠀⠀⠀⠀⠈⠻⣿⣿⣿⣿ ⣿⠀⠀⠀⠀⠀⠀⠀⠀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣦⡀⠀⣾⣿⣿⣆⣤⣾⣿⣿⣿ ⣿⠀h⠀⠀⠀⠀⠀⠀⠘⠛⠛⠻⣿⣿⣿⣿⣿⣿⣿⣿⣦⠈⣻⣿⣿⣿⣿⣿⣿⣿ ⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠉⢻⣿⣿⡿⠿⠿⠿⢿⣿⣿⣿⣿⣿⣿⣿⣿ ⣿⠀⠀⠀⠀⢀⣠⣤⣤⣤⣄⣀⠀⠀⠈⠛⠹⣿⠷⣄⠀⠀⠀⠀⠉⠉⠉⣹⣿⣿ ⣿⠀⠀⢀⣾⣿⣿⣿⣿⣿⣿⣿⣷⣤⣀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣴⣶⣶⣿⣿⣿ ⣿⠀⢀⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣶⣶⣶⣶⣆⡀⠀⠈⠻⠿⣿⣿⣿ ⣿⣤⣼⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣶⣶⣿⣿⣿

A lightweight, extensible cybersecurity toolkit that connects AI assistants to security tools through the Model Context Protocol (MCP), enabling AI-assisted security research, scanning, and analysis.

Demo - Sqlmap

Nmap

nmap

Sqlmap

sqlmap

Holehe

holehe

Ocr2Text

ocr2text

Sherlock

Sherlock

Installation

Build te Docker image

git clone https://github.com/happyhackingspace/mcp-hydra.git cd mcp-hydra docker build -t hydramcp .

Usage

Edit your claude_desktop_config.json

{ "mcpServers": { "hydramcp": { "command": "docker", "args": ["run", "--rm", "-i","--name","hydramcp", "hydramcp"] } } }

Or Copilot in vscode

mkdir -p .vscode cd .vscode touch mcp.json ```json { "servers": { "hydramcp": { "command": "docker", "args": [ "run", "--rm", "-i", "--net=host", "--privileged", "--name", "hydramcp", "hydramcp" ] } } }

You can use the following prompts to test the tools:

Sublist3r > Use Sublist3rScanner to find all subdomains for example.com and save results to the "recon" folder. -- DNSRecon > Run a DNS reconnaissance scan on example.com using DNSReconScanner with standard scan type. -- Holehe > Use HoleheScanner to check if the email address user@example.com is registered on various websites. -- Nmap > Scan 192.168.1.1 with NmapScanner to check for open ports in the range 1-1000. -- Ocr2Text > Use OcrScanner to extract text from the screenshot at /path/to/image.png. -- Sqlmap > Run SqlmapScanner on http://testphp.vulnweb.com/listproducts.php?cat=1 to check for SQL injection vulnerabilities. -- WPScan > Use WPScanScanner to scan the WordPress site at https://example.com for vulnerabilities. -- Zmap > Scan the subnet 192.168.1.0/24 for systems with port 80 open using ZmapScanner with 1M bandwidth.

Changelog

Implemented Tools

  • Sublist3r - Domain enumeration tool
  • DNSRecon - DNS Reconnaissance tool
  • Holehe - Email registration checker
  • Nmap - Network scanner
  • OCR - Optical Character Recognition
  • Sqlmap - SQL injection scanner
  • WPScan - WordPress security scanner
  • Zmap - Internet scanner

Planned Tools

  • gobuster
  • TheHarvester
  • GitRecon
  • Phone carrier lookup
  • Netcraft
  • Cloudunflare (claudflare bypass)
  • Censys
  • Programmable search engine
  • Wayback Machine
  • Shodan
  • Wappalyzer
  • Hunter.io
  • Nuclei
  • Amass
  • GitSecrets - @awslabs/git-secrets or @trufflesecurity/trufflehog
  • Depixelization - https://github.com/spipm/Depixelization_poc
  • ExifTool
  • Sudomy https://github.com/screetsec/Sudomy

Contributing

If you want to contribute to this project, please follow these steps:

  1. Fork the repository.
  2. Create a new branch (git checkout -b feature-branch).
  3. Make your changes and commit them (git commit -m 'Add some feature').
  4. Push to the branch (git push origin feature-branch).

Disclaimer

This project is for educational purposes only. Use it at your own risk. The author is not responsible for any damages or legal issues that may arise from the use of this software.

This server cannot be installed

-
security - not tested
A
license - permissive license
-
quality - not tested

How are these scores calculated?

hybrid server

The server is able to function both locally and remotely, depending on the configuration or use case.

A lightweight, extensible cybersecurity toolkit that connects AI assistants to security tools through the Model Context Protocol (MCP), enabling AI-assisted security research, scanning, and analysis.

  1. Demo - Sqlmap
    1. Nmap
    2. Sqlmap
    3. Holehe
    4. Ocr2Text
    5. Sherlock
  2. Installation
    1. Usage
  3. You can use the following prompts to test the tools:
    1. Changelog
      1. Implemented Tools
      2. Planned Tools
    2. Contributing
      1. Disclaimer

        Related MCP Servers

        • Container-MCP

          54rt1n
          -
          security
          A
          license
          -
          quality
          A secure, container-based implementation of the Model Context Protocol (MCP) that provides sandboxed environments for AI systems to safely execute code, run commands, access files, and perform web operations.
          Last updated -
          12
          Apache 2.0
          • Linux

        • Createve.AI Nexus

          spgoodman
          -
          security
          A
          license
          -
          quality
          An open-source implementation of the Model Context Protocol (MCP) that bridges AI agents with enterprise systems, enabling secure access to real-world data and capabilities.
          Last updated -
          2
          Apache 2.0

        • CoreMCP

          fruzly
          -
          security
          F
          license
          -
          quality
          A lightweight orchestration hub for managing local Model Context Protocol (MCP) tools in a unified way, allowing users to build, manage, and call their AI tools from IDEs, terminal, and custom assistants.
          Last updated -

        • Google Research MCP

          mixelpixx
          -
          security
          A
          license
          -
          quality
          Model Context Protocol (MCP) server that provides AI assistants with advanced web research capabilities, including Google search integration, intelligent content extraction, and multi-source synthesis.
          Last updated -
          12
          4
          MIT License

        View all related MCP servers

        New MCP Servers

        MCP directory API

        We provide all the information about MCP servers via our MCP API.

        curl -X GET 'https://glama.ai/api/mcp/v1/servers/HappyHackingSpace/mcp-hydra'

        If you have feedback or need assistance with the MCP directory API, please join our Discord server