SecPipe
OfficialEnables GitHub Copilot to orchestrate security research workflows, discovering and executing containerized security tools from the MCP Security Hub.
Provides access to Trivy for vulnerability scanning of containers, filesystems, and repositories, integrated into AI-driven security pipelines.
Provides access to VirusTotal for analyzing files and URLs against a vast threat intelligence database, integrated into AI-driven security pipelines.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@SecPipeAnalyze firmware.bin for vulnerabilities"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
π§ SecPipe AI is under active development. Expect breaking changes and new features!
π Overview
SecPipe AI is an open-source MCP server that enables AI agents (GitHub Copilot, Claude, etc.) to orchestrate security research workflows through the Model Context Protocol (MCP).
SecPipe connects your AI assistant to MCP tool hubs β collections of containerized security tools that the agent can discover, chain, and execute autonomously. Instead of manually running security tools, describe what you want and let your AI assistant handle it.
The Core: Hub Architecture
SecPipe acts as a meta-MCP server β a single MCP endpoint that gives your AI agent access to tools from multiple MCP hub servers. Each hub server is a containerized security tool (Binwalk, YARA, Radare2, Nmap, etc.) that the agent can discover at runtime.
π Discovery: The agent lists available hub servers and discovers their tools
π€ AI-Native: Hub tools provide agent context β usage tips, workflow guidance, and domain knowledge
π Composable: Chain tools from different hubs into automated pipelines
π¦ Extensible: Add your own MCP servers to the hub registry
π¬ Use Case: Firmware Vulnerability Research
Scenario: Analyze a firmware image to find security vulnerabilities β fully automated by an AI agent.
User: "Search for vulnerabilities in firmware.bin"
Agent β Binwalk: Extract filesystem from firmware image
Agent β YARA: Scan extracted files for vulnerability patterns
Agent β Radare2: Trace dangerous function calls in prioritized binaries
Agent β Report: 8 vulnerabilities found (2 critical, 4 high, 2 medium)π¬ Use Case: Rust Fuzzing Pipeline
Scenario: Fuzz a Rust crate to discover vulnerabilities using AI-assisted harness generation and parallel fuzzing.
User: "Fuzz the blurhash crate for vulnerabilities"
Agent β Rust Analyzer: Identify fuzzable functions and attack surface
Agent β Harness Gen: Generate and validate fuzzing harnesses
Agent β Cargo Fuzzer: Run parallel coverage-guided fuzzing sessions
Agent β Crash Analysis: Deduplicate and triage discovered crashesβ Support the Project
If you find SecPipe useful, please star the repo to support development! π
β¨ Features
Feature | Description |
π€ AI-Native | Built for MCP β works with GitHub Copilot, Claude, and any MCP-compatible agent |
π Hub System | Connect to MCP tool hubs β each hub brings dozens of containerized security tools |
π Tool Discovery | Agents discover available tools at runtime with built-in usage guidance |
π Pipelines | Chain tools from different hubs into automated multi-step workflows |
π Persistent Sessions | Long-running tools (Radare2, fuzzers) with stateful container sessions |
π Local First | All execution happens on your machine β no cloud required |
π Sandboxed | Every tool runs in an isolated container via Docker or Podman |
ποΈ Architecture
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β AI Agent (Copilot/Claude) β
βββββββββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββ
β MCP Protocol (stdio)
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β SecPipe MCP Server β
β β
β Projects Hub Discovery Hub Execution β
β ββββββββββββββββ ββββββββββββββββββββ βββββββββββββββββββββ β
β βinit_project β βlist_hub_servers β βexecute_hub_tool β β
β βset_assets β βdiscover_hub_toolsβ βstart_hub_server β β
β βlist_results β βget_tool_schema β βstop_hub_server β β
β ββββββββββββββββ ββββββββββββββββββββ βββββββββββββββββββββ β
βββββββββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββ
β Docker/Podman
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β MCP Hub Servers β
β β
β βββββββββββββ βββββββββββββ βββββββββββββ βββββββββββββ β
β β Binwalk β β YARA β β Radare2 β β Nmap β β
β β 6 tools β β 5 tools β β 32 tools β β 8 tools β β
β βββββββββββββ βββββββββββββ βββββββββββββ βββββββββββββ β
β βββββββββββββ βββββββββββββ βββββββββββββ βββββββββββββ β
β β Nuclei β β SQLMap β β Trivy β β ... β β
β β 7 tools β β 8 tools β β 7 tools β β 36 hubs β β
β βββββββββββββ βββββββββββββ βββββββββββββ βββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββπ§ MCP Security Hub
SecPipe ships with built-in support for the MCP Security Hub β a collection of 36 production-ready, Dockerized MCP servers covering offensive security:
Category | Servers | Examples |
π Reconnaissance | 8 | Nmap, Masscan, Shodan, WhatWeb |
π Web Security | 6 | Nuclei, SQLMap, ffuf, Nikto |
π¬ Binary Analysis | 6 | Radare2, Binwalk, YARA, Capa, Ghidra |
βοΈ Blockchain | 3 | Medusa, Solazy, DAML Viewer |
βοΈ Cloud Security | 3 | Trivy, Prowler, RoadRecon |
π» Code Security | 1 | Semgrep |
π Secrets Detection | 1 | Gitleaks |
π₯ Exploitation | 1 | SearchSploit |
π― Fuzzing | 2 | Boofuzz, Dharma |
π΅οΈ OSINT | 2 | Maigret, DNSTwist |
π‘οΈ Threat Intel | 2 | VirusTotal, AlienVault OTX |
π° Active Directory | 1 | BloodHound |
185+ individual tools accessible through a single MCP connection.
The hub is open source and can be extended with your own MCP servers. See the mcp-security-hub repository for details.
π¦ Installation
Prerequisites
Python 3.12+
uv package manager
Docker (Install Docker) or Podman
Quick Install
# Clone the repository
git clone https://github.com/FuzzingLabs/secpipe_ai.git
cd secpipe_ai
# Install dependencies
uv syncLink the Security Hub
# Clone the MCP Security Hub
git clone https://github.com/FuzzingLabs/mcp-security-hub.git ~/.secpipe/hubs/mcp-security-hub
# Build the Docker images for the hub tools
./scripts/build-hub-images.shOr use the terminal UI (uv run secpipe ui) to link hubs interactively.
Configure MCP for Your AI Agent
# For GitHub Copilot
uv run secpipe mcp install copilot
# For Claude Code (CLI)
uv run secpipe mcp install claude-code
# For Claude Desktop (standalone app)
uv run secpipe mcp install claude-desktop
# Verify installation
uv run secpipe mcp statusRestart your editor and your AI agent will have access to SecPipe tools!
π§βπ» Usage
Once installed, just talk to your AI agent:
"What security tools are available?"
"Scan this firmware image for vulnerabilities"
"Analyze this binary with radare2"
"Run nuclei against https://example.com"The agent will use SecPipe to discover the right hub tools, chain them into a pipeline, and return results β all without you touching a terminal.
See the Usage Guide for detailed setup and advanced workflows.
π Project Structure
secpipe_ai/
βββ secpipe-mcp/ # MCP server β the core of SecPipe
βββ secpipe-cli/ # Command-line interface & terminal UI
βββ secpipe-common/ # Shared abstractions (containers, storage)
βββ secpipe-runner/ # Container execution engine (Docker/Podman)
βββ secpipe-tests/ # Integration tests
βββ mcp-security-hub/ # Default hub: 36 offensive security MCP servers
βββ scripts/ # Hub image build scriptsπ€ Contributing
We welcome contributions from the community!
π Report bugs via GitHub Issues
π‘ Suggest features or improvements
π§ Submit pull requests
π Add new MCP servers to the Security Hub
See CONTRIBUTING.md for guidelines.
π License
BSL 1.1 - See LICENSE for details.
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/FuzzingLabs/secpipe'
If you have feedback or need assistance with the MCP directory API, please join our Discord server