Skip to main content
Glama
deenesjakoruzh

HydraΜCP

by HappyHackingSpace
GitHub
Python
MIT License
7
OverviewInspectNewSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

HydraΜCP — The Model Context Protocol (MCP) Pentesting Toolkit

⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠿⠿⠿⠿⠿⢿⣿⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠿⣿⣿⠟⠙⠻⠿⠋⠙⠻⠷⠄⠀⠀⠀⠀⠀⠀⢸⣿ ⣿⣿⣿⣿⣿⣿⠿⢿⠿⠋⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢠⣾⣿⣿⣿ ⣿⣿⣿⣿⣿⡿⠀⠀⠀⠀⠀⢀⣀⣤⣴⣶⣾⣿⣿⣿⣿⣿⣇⡀⠀⠈⠻⠿⣿⣿ ⣿⣿⣿⠉⠉⠀⠀⠀⠀⣠⣶⣿⣿⣿⣿⣿⣿⣿⣿⢿⣿⣿⣿⣿⣿⣷⣶⣶⣿⣿ ⣿⠿⠟⠀⠀⠀⢀⣠⣾⣿⡿⠻⠿⠟⠙⠿⠟⠻⣿⡆⠈⠻⣿⣿⣿⣿⣿⣿⣿⣿ ⣿⠀⠀⠀⠀⢀⣾⠏⠈⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠁⠀⠀⠈⠻⣿⣿⣿⣿⣿⣿ ⣿⠀⠀⠀⠀⠈⠁⠀⠀⠀⠀⣠⣤⣶⣶⣶⣶⣦⡄⠀⠀⠀⠀⠀⠈⠻⣿⣿⣿⣿ ⣿⠀⠀⠀⠀⠀⠀⠀⠀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣦⡀⠀⣾⣿⣿⣆⣤⣾⣿⣿⣿ ⣿⠀h⠀⠀⠀⠀⠀⠀⠘⠛⠛⠻⣿⣿⣿⣿⣿⣿⣿⣿⣦⠈⣻⣿⣿⣿⣿⣿⣿⣿ ⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠉⢻⣿⣿⡿⠿⠿⠿⢿⣿⣿⣿⣿⣿⣿⣿⣿ ⣿⠀⠀⠀⠀⢀⣠⣤⣤⣤⣄⣀⠀⠀⠈⠛⠹⣿⠷⣄⠀⠀⠀⠀⠉⠉⠉⣹⣿⣿ ⣿⠀⠀⢀⣾⣿⣿⣿⣿⣿⣿⣿⣷⣤⣀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣴⣶⣶⣿⣿⣿ ⣿⠀⢀⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣶⣶⣶⣶⣆⡀⠀⠈⠻⠿⣿⣿⣿ ⣿⣤⣼⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣶⣶⣿⣿⣿

A lightweight, extensible cybersecurity toolkit that connects AI assistants to security tools through the Model Context Protocol (MCP), enabling AI-assisted security research, scanning, and analysis.

Demo - Sqlmap

Nmap

nmap

Sqlmap

sqlmap

Holehe

holehe

Ocr2Text

ocr2text

Sherlock

Sherlock

Installation

Build te Docker image

git clone https://github.com/happyhackingspace/mcp-hydra.git cd mcp-hydra docker build -t hydramcp .

Usage

Edit your claude_desktop_config.json

{ "mcpServers": { "hydramcp": { "command": "docker", "args": ["run", "--rm", "-i","--name","hydramcp", "hydramcp"] } } }

Or Copilot in vscode

mkdir -p .vscode cd .vscode touch mcp.json ```json { "servers": { "hydramcp": { "command": "docker", "args": [ "run", "--rm", "-i", "--net=host", "--privileged", "--name", "hydramcp", "hydramcp" ] } } }

You can use the following prompts to test the tools:

Sublist3r > Use Sublist3rScanner to find all subdomains for example.com and save results to the "recon" folder. -- DNSRecon > Run a DNS reconnaissance scan on example.com using DNSReconScanner with standard scan type. -- Holehe > Use HoleheScanner to check if the email address user@example.com is registered on various websites. -- Nmap > Scan 192.168.1.1 with NmapScanner to check for open ports in the range 1-1000. -- Ocr2Text > Use OcrScanner to extract text from the screenshot at /path/to/image.png. -- Sqlmap > Run SqlmapScanner on http://testphp.vulnweb.com/listproducts.php?cat=1 to check for SQL injection vulnerabilities. -- WPScan > Use WPScanScanner to scan the WordPress site at https://example.com for vulnerabilities. -- Zmap > Scan the subnet 192.168.1.0/24 for systems with port 80 open using ZmapScanner with 1M bandwidth.

Changelog

Implemented Tools

  • Sublist3r - Domain enumeration tool
  • DNSRecon - DNS Reconnaissance tool
  • Holehe - Email registration checker
  • Nmap - Network scanner
  • OCR - Optical Character Recognition
  • Sqlmap - SQL injection scanner
  • WPScan - WordPress security scanner
  • Zmap - Internet scanner

Planned Tools

  • gobuster
  • TheHarvester
  • GitRecon
  • Phone carrier lookup
  • Netcraft
  • Cloudunflare (claudflare bypass)
  • Censys
  • Programmable search engine
  • Wayback Machine
  • Shodan
  • Wappalyzer
  • Hunter.io
  • Nuclei
  • Amass
  • GitSecrets - @awslabs/git-secrets or @trufflesecurity/trufflehog
  • Depixelization - https://github.com/spipm/Depixelization_poc
  • ExifTool
  • Sudomy https://github.com/screetsec/Sudomy

Contributing

If you want to contribute to this project, please follow these steps:

  1. Fork the repository.
  2. Create a new branch (git checkout -b feature-branch).
  3. Make your changes and commit them (git commit -m 'Add some feature').
  4. Push to the branch (git push origin feature-branch).

Disclaimer

This project is for educational purposes only. Use it at your own risk. The author is not responsible for any damages or legal issues that may arise from the use of this software.

This server cannot be installed

-
security - not tested
A
license - permissive license
-
quality - not tested

How are these scores calculated?

hybrid server

The server is able to function both locally and remotely, depending on the configuration or use case.

A lightweight, extensible cybersecurity toolkit that connects AI assistants to security tools through the Model Context Protocol (MCP), enabling AI-assisted security research, scanning, and analysis.

  1. Demo - Sqlmap
    1. Nmap
    2. Sqlmap
    3. Holehe
    4. Ocr2Text
    5. Sherlock
  2. Installation
    1. Usage
  3. Changelog
    1. Implemented Tools
    2. Planned Tools
  4. Contributing
    1. Disclaimer

      Related MCP Servers

      • Container-MCP

        54rt1n
        -
        security
        A
        license
        -
        quality
        A secure, container-based implementation of the Model Context Protocol (MCP) that provides sandboxed environments for AI systems to safely execute code, run commands, access files, and perform web operations.
        Last updated -
        9
        Python
        Apache 2.0
        • Linux

      • ExploitDB MCP Server

        Cyreslab-AI
        -
        security
        A
        license
        -
        quality
        A Model Context Protocol server that enables AI assistants to search and retrieve information about security exploits and vulnerabilities from the Exploit Database, enhancing cybersecurity research capabilities.
        Last updated -
        4
        TypeScript
        MIT License
        • Linux
        • Apple

      • MCP Toolkit

        zxfgds
        -
        security
        F
        license
        -
        quality
        A comprehensive Model Context Protocol server implementation that enables AI assistants to interact with file systems, databases, GitHub repositories, web resources, and system tools while maintaining security and control.
        Last updated -
        16
        TypeScript

      • MCP Starter

        instructa
        A
        security
        A
        license
        A
        quality
        A foundation for building custom local Model Context Protocol (MCP) servers that provide tools accessible to AI assistants like Cursor or Claude Desktop.
        Last updated -
        1
        9
        TypeScript
        MIT License

      View all related MCP servers

      New MCP Servers

      MCP directory API

      We provide all the information about MCP servers via our MCP API.

      curl -X GET 'https://glama.ai/api/mcp/v1/servers/HappyHackingSpace/mcp-hydra'

      If you have feedback or need assistance with the MCP directory API, please join our Discord server