Security Testing MCP Server

A Model Context Protocol (MCP) server that provides penetration testing tools for educational purposes using Kali Linux security tools.

Purpose

This MCP server provides a comprehensive interface for AI assistants to perform security testing using popular Kali Linux tools for educational and authorized testing purposes.

Features

Current Implementation

• nmap_scan - Network port scanning and service detection with multiple scan types

• nikto_scan - Web vulnerability scanning with plugin support

• sqlmap_test - SQL injection testing with advanced options

• wpscan_test - WordPress vulnerability scanning with API token support

• dirb_scan - Directory and file brute forcing with custom wordlists

• searchsploit_lookup - Exploit database searching with filters

• ping_sweep - Network discovery and connectivity testing

• custom_scan - Execute custom commands with whitelisted tools

Quick Start

1. Clone and Build:

   git clone https://github.com/avi686/security-mcp-server.git cd security-mcp-server docker build -t security-mcp-server .

2. Set up MCP Configuration:

   mkdir -p ~/.docker/mcp/catalogs

3. Create custom catalog (~/.docker/mcp/catalogs/custom.yaml):

   version: 2 name: custom displayName: Custom MCP Servers registry: security: description: "Comprehensive penetration testing tools for educational and authorized use" title: "Security Testing Tools" type: server dateAdded: "2025-09-24T00:00:00Z" image: security-mcp-server:latest ref: "" tools: - name: nmap_scan - name: nikto_scan - name: sqlmap_test - name: wpscan_test - name: dirb_scan - name: searchsploit_lookup - name: ping_sweep - name: custom_scan metadata: category: security tags: - penetration-testing - security - kali-linux - educational license: MIT owner: local

4. Update registry (~/.docker/mcp/registry.yaml):

   registry: security: ref: ""

5. Configure Claude Desktop (add to your config):

   { "mcpServers": { "mcp-toolkit-gateway": { "command": "docker", "args": [ "run", "-i", "--rm", "--network=host", "-v", "/var/run/docker.sock:/var/run/docker.sock", "-v", "/path/to/your/home/.docker/mcp:/mcp", "docker/mcp-gateway", "--catalog=/mcp/catalogs/docker-mcp.yaml", "--catalog=/mcp/catalogs/custom.yaml", "--config=/mcp/config.yaml", "--registry=/mcp/registry.yaml", "--tools-config=/mcp/tools.yaml", "--transport=stdio" ] } } }

6. Restart Claude Desktop

Usage Examples

In Claude Desktop, you can ask:

• "Scan example.com for open ports using nmap"

• "Check https://testsite.com for web vulnerabilities with nikto"

• "Search for Apache exploits in the database"

• "Test WordPress site at https://myblog.com for vulnerabilities"

• "Brute force directories on https://target.com with custom extensions"

• "Perform SQL injection testing on https://webapp.com/page?id=1"

Environment Variables

• SCAN_TIMEOUT: Maximum scan time in seconds (default: 300)

• DEFAULT_INTENSITY: Nmap timing template T1-T5 (default: T3)

• DIRB_WORDLIST: Path to directory wordlist (default: common.txt)

• MAX_THREADS: Maximum thread count for tools (default: 10)

Security and Legal Notice

IMPORTANT: This tool is for educational purposes and authorized testing only. Users are responsible for:

• Obtaining proper authorization before scanning any systems

• Complying with local laws and regulations

• Using tools ethically and responsibly

• Not using for malicious purposes

The developers assume no responsibility for misuse of these tools.

License

MIT License