The Adversary MCP Server is an enterprise-grade security analysis tool that combines AI-powered vulnerability detection with Semgrep static analysis and Git diff-aware scanning for intelligent code security. It performs comprehensive security scans on files, folders, or codebases, leveraging OpenAI and Anthropic LLMs for context-aware vulnerability detection with confidence scoring and false positive filtering. Key capabilities include Git diff-aware scans for efficient CI/CD pipelines, proof-of-concept exploit generation, false positive management by UUID, and optimization for large codebases through parallel processing and intelligent file filtering. Results are output in both human-readable text and structured JSON formats, with seamless integration for Cursor IDE and command-line interfaces, ensuring security coverage aligned with industry standards like OWASP Top 10 and CWE.
Offers security analysis for JavaScript code, detecting vulnerabilities like DOM-based XSS, code injection, and prototype pollution through AST parsing.
Optional integration for enhanced exploit generation, allowing the MCP server to use OpenAI GPT models to create more sophisticated educational security exploit examples.
Integrates OWASP security guidelines and references for vulnerability classifications and remediation advice, mapping detected issues to OWASP Top 10 categories.
Provides vulnerability detection and analysis for Python code, including AST-based parsing to identify SQL injection, command injection, unsafe deserialization, and other Python-specific security issues.
Detects SQL injection vulnerabilities specific to SQLite database interactions in application code.
Enables security scanning of TypeScript code to identify vulnerabilities like DOM-based XSS, code injection, and other TypeScript-specific security concerns.
Adversary MCP Server
🔒 Clean Architecture security analysis with AI-powered vulnerability detection and validation
We think about your vulns so you don't have to.
Installation • Quick Start • Claude Code Setup • Cursor Setup • CLI Usage • MCP Tools • Architecture
Features
- AI-Powered Analysis - OpenAI/Anthropic LLM integration for intelligent vulnerability detection
- Smart Validation - Reduces false positives with LLM validation (70% confidence threshold)
- Multi-Engine Scanning - Combines Semgrep static analysis & AI analysis
- Automatic Persistence - Auto-saves scan results in JSON, Markdown, and CSV formats
- MCP Integration - Native support for Claude Code and Cursor IDE
- Comprehensive CLI - Full command-line interface with all scanning capabilities
- Rich Telemetry - Comprehensive tracking with dashboard visualization
Installation
Prerequisites
- Python 3.10+ (tested on 3.11, 3.12, 3.13)
- Semgrep - Static analysis engine (install)
Quick Install
Verify Installation
Quick Start
1. Configure Security Engine
2. Run Your First Scan
3. View Comprehensive Dashboard
Claude Code Setup
Configure MCP Server
Create or update ~/.config/claude-code/mcp.json
:
Using MCP Tools in Claude Code
Once configured, these tools are available in Claude Code:
- Ask Claude: "Scan this file for security issues using adv_scan_file"
- Ask Claude: "Check for vulnerabilities in the current project with adv_scan_folder"
- Ask Claude: "Analyze this code snippet for security issues using adv_scan_code"
Cursor IDE Setup
Configure MCP Server
Create .cursor/mcp.json
in your project:
Using pip installation:
For development:
Using MCP Tools in Cursor
Once configured, these tools are available in Cursor's chat:
- Ask Cursor: "Scan this file for security issues using adv_scan_file"
- Ask Cursor: "Check for vulnerabilities in the current project with adv_scan_folder"
- Ask Cursor: "Analyze this code snippet for security issues using adv_scan_code"
CLI Usage
Basic Commands
Scanning Examples
Configuration Commands
Available Options
MCP Tools
Available Tools
Tool | Description | Example Usage |
---|---|---|
adv_scan_code | Scan code snippets directly | "Scan this code for vulnerabilities" |
adv_scan_file | Scan specific files with full analysis | "Check security issues in auth.py" |
adv_scan_folder | Scan entire directories recursively | "Analyze the src folder for vulnerabilities" |
adv_get_status | Check server status and capabilities | "Is the security scanner configured?" |
adv_get_version | Get server version information | "What version is running?" |
adv_mark_false_positive | Mark findings as false positives | "Mark finding XYZ as false positive" |
adv_unmark_false_positive | Remove false positive marking | "Unmark finding ABC as false positive" |
MCP Tool Examples
Automatic Result Persistence
All MCP tools automatically save scan results in multiple formats:
- JSON:
.adversary.json
- Machine-readable results with full metadata - Markdown:
.adversary.md
- Human-readable report with remediation guidance - CSV:
.adversary.csv
- Spreadsheet-compatible format for analysis
Results are automatically placed alongside scanned files/directories with intelligent conflict resolution.
Dashboard & Telemetry
Comprehensive HTML Dashboard
The scanner includes a rich web-based dashboard for comprehensive telemetry analysis:
Dashboard Features:
- MCP Tool Analytics - Track tool usage, success rates, and performance
- Scan Engine Metrics - Monitor Semgrep, LLM, and validation performance
- Threat Analysis - Categorize findings by severity and confidence
- System Health - Performance monitoring and statistics
- Language Analysis - Track scanning efficiency by programming language
- Recent Activity - Timeline view of recent scans and operations
Telemetry System
Adversary MCP Server includes comprehensive telemetry tracking:
- Automatic Collection - All MCP tools, CLI commands, and scan operations are automatically tracked
- Local Storage - All data stored locally, never transmitted to external services
- Zero Configuration - Telemetry works out-of-the-box with no setup required
- Performance Insights - Identify bottlenecks and optimize scanning workflows
- Usage Analytics - Understand tool usage patterns and effectiveness
Architecture
Implementation
Adversary MCP Server is built using Clean Architecture principles with Domain-Driven Design (DDD), ensuring separation of concerns, maintainability, and testability.
New Architecture Benefits
- Separation of Concern: Business logic isolated from infrastructure
- Dependency Inversion: High-level modules don't depend on low-level details
- Testability: Pure domain logic enables comprehensive unit testing
- Maintainability: Changes to infrastructure don't affect business rules
- Scalability: New scan strategies and validators easily pluggable
- Type Safety: Rich domain models with comprehensive validation
Architectural Layers
Domain Layer (Core Business Logic)
- Entities:
ScanRequest
,ScanResult
,ThreatMatch
- Rich business objects - Value Objects:
ScanContext
,SeverityLevel
,ConfidenceScore
,FilePath
- Immutable domain concepts - Domain Services:
ScanOrchestrator
,ThreatAggregator
,ValidationService
- Pure business orchestration - Interfaces:
IScanStrategy
,IValidationStrategy
- Contracts for external dependencies
Application Layer (Use Cases & Coordination)
- MCP Server: Handles Cursor IDE integration via Model Context Protocol
- CLI Commands: Command-line interface for security scanning operations
- Adapters: Bridge domain interfaces with infrastructure implementations
SemgrepAdapter
- Adapts Semgrep scanner to domainIScanStrategy
LLMAdapter
- Adapts LLM scanner to domainIScanStrategy
ValidationAdapter
- Adapts LLM validator to domainIValidationStrategy
Infrastructure Layer (External Services)
- SemgrepScanner: Static analysis engine integration
- LLMScanner: AI-powered vulnerability detection
- LLMValidator: False positive filtering with LLM analysis
- SQLAlchemy Database: Persistent storage for telemetry and results
- File System: Code file access and Git operations
- Telemetry System: Performance tracking and dashboard generation
Data Flow Architecture
- Input Processing:
ScanRequest
created withScanContext
(file/directory/code) - Domain Orchestration:
ScanOrchestrator
coordinates scanning strategies - Parallel Analysis: Multiple
IScanStrategy
implementations execute concurrently - Threat Aggregation:
ThreatAggregator
deduplicates and merges findings - Validation Pipeline:
ValidationService
filters false positives using AI - Result Assembly: Rich
ScanResult
with comprehensive metadata - Presentation: Results formatted for CLI, MCP, or dashboard consumption
Key Design Patterns
- Strategy Pattern: Pluggable scan and validation strategies
- Adapter Pattern: Infrastructure integration without domain coupling
- Factory Pattern: Bootstrap and dependency injection
- Value Objects: Immutable domain concepts with validation
- Domain Services: Complex business logic coordination
How It Works
- Multi-Engine Analysis: Parallel execution of Semgrep static analysis and LLM AI analysis
- Intelligent Validation: LLM-powered false positive reduction with confidence scoring
- Threat Aggregation: Smart deduplication and merging using fingerprint and proximity strategies
- Performance Optimization: Async processing, caching, and batch operations
- Comprehensive Telemetry: SQLAlchemy-backed metrics with interactive Chart.js dashboard
- Git Integration: Diff-aware scanning for efficient CI/CD pipeline integration
- Zero-Config Operation: Auto-discovery and configuration with sensible defaults
Configuration
Environment Variables
Configuration File
Settings are automatically managed through the CLI and stored in ~/.adversary/config.json
:
CI/CD Integration
GitHub Actions
Development
Setup Development Environment
Running Tests
Support
License
MIT License - see LICENSE for details.
Contributing
Contributions are welcome! Please see our Contributing Guide for details.
hybrid server
The server is able to function both locally and remotely, depending on the configuration or use case.
Tools
A security-focused server that integrates with Cursor IDE to provide real-time vulnerability detection, exploit generation, and security insights during software development.
Related MCP Servers
- -securityAlicense-qualityAn AI-powered development toolkit for Cursor providing intelligent coding assistance through advanced reasoning, UI screenshot analysis, and code review tools.Last updated -649333MIT License
- -securityAlicense-qualityA collection of Laravel helper tools for integration with Cursor IDE, providing features like log viewing, error searching, artisan command execution, and model information display directly within the editor.Last updated -12MIT License
- -securityFlicense-qualityA TypeScript-based server project that can be integrated with Cursor IDE as an MCP (Model Control Protocol) server, enabling enhanced development capabilities.Last updated -137
- AsecurityAlicenseAqualityA security testing tool that enables automated vulnerability detection including XSS and SQL injection, along with comprehensive browser interaction capabilities for web application penetration testing.Last updated -1261119MIT License