GhostWall MCP Server
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@GhostWall MCP Serveranalyze network traffic for anomalies"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
๐ก๏ธ GhostWall - AI-Based Cyber Threat Detection Framework
GhostWall is a full-stack, completely offline, AI-powered Cyber Threat Detection Framework. Designed with a premium, high-visibility security dashboard, GhostWall serves as a mock defensive operations console. It demonstrates how multi-agent security orchestrations (ADK) can scan network traffic, correlate audit logs, evaluate threat payloads, and trigger active firewall blocksโentirely locally and without external API dependencies.
๐ Live Demo URL: https://ghostwall.vercel.app (Build ready for Vercel deployment)
๐ Visual Walkthrough & Screenshots
๐ป System Security HUD
The main dashboard features glassmorphic control cards, a system health score index, real-time restricted IP counters, and throughput meters.

๐น Real-Time Agentic Response Simulation
Watch the local multi-agent system respond step-by-step to a volumetric DDoS attack and sanitize inputs in the payload scanner:

Related MCP server: NetForensicMCP
๐ฏ Key Features
ADK Multi-Agent System: Orchestrates specialized security agents working in a collaborative pipeline.
Model Context Protocol (MCP): Implements an offline JSON-RPC MCP structure to register resources and tools that agents can query and trigger.
Threat Simulator: Interactively trigger simulated attack vectors (DDoS, Brute Force, SQL Injection, XSS, Port Scans) and witness immediate real-time defensive reactions.
Payload Sanitizer Sandbox: An interactive playground demonstrating strict static sanitization methods (SQLi, XSS, Traversal, Command Injection) with zero risk of code execution.
CLI Utility Skills: Built-in script tools for directory log scanning and independent payload validation.
Modern Obsidian Styling: Sleek cyberpunk theme featuring glowing neon status indicators, interactive SVG icons, and a custom command-line log viewer.
๐ ๏ธ Tech Stack
Frontend: React 18, Vite 5, Lucide Icons, Vanilla HSL CSS Variables (Obsidian glassmorphism design system)
Backend: Node.js, Express, Body Parser, CORS
Type Safety: TypeScript 5
Deployment: Vercel (integrated with Serverless Functions for full-stack compatibility)
Orchestration: ADK (Agent Development Kit) simulation engine
๐๏ธ System Architecture
GhostWall models a standard SOC (Security Operations Center) pipeline:
flowchart TD
User([User Simulation Trigger]) -->|Select DDoS/SQLi/Brute Force| App[GhostWall Dashboard Client]
App -->|POST /api/simulation/run| Express[Express.js Serverless Backend]
subgraph Multi-Agent System [ADK Orchestration Engine]
Express --> Manager[AgentManager]
Manager -->|Step 1| NetAgent[Network Traffic Analyzer Agent]
Manager -->|Step 2| LogAgent[Log Parser & Correlation Agent]
Manager -->|Step 3| ThreatAgent[Threat Scoring Agent]
Manager -->|Step 4| MitAgent[Response Mitigation Agent]
end
subgraph Local MCP Server [Model Context Protocol Server]
NetAgent -->|Call Tool| Tool1[network_traffic_analyzer]
LogAgent -->|Call Tool| Tool2[log_correlator]
ThreatAgent -->|Call Tool| Tool3[payload_sanitize_validator]
MitAgent -->|Call Tool| Tool4[firewall_mitigator]
Manager -->|Read Resource| Resource1[ghostwall://threats/logs]
Manager -->|Read Resource| Resource2[ghostwall://system/status]
end
Tool4 -->|Enforce Rule| Blacklist[(Firewall Blacklist / Memory Logs)]
Blacklist -->|Report Status| App๐ค Agent Directory & Roles
Network Traffic Analyzer Agent: Scans connections for volumetric patterns (e.g. DDoS volume threshold anomalies).
Log Parser & Correlation Agent: Links authentication failures with scanning events to spot multi-stage campaigns.
Threat Classification & Scoring Agent: Inspects exploit payloads and assigns risk index scores (0-100).
Automated Response Mitigation Agent: Determines containment actions (
BLOCK_IP,RATE_LIMIT,ISOLATE_SUBNET).
๐ Project Directory Structure
โโโ api/
โ โโโ index.ts # Vercel serverless entry point
โโโ assets/
โ โโโ initial_dashboard_view.png
โ โโโ ghostwall_threat_simulation_demo.webp
โโโ server/
โ โโโ index.ts # Express application & API routing
โ โโโ mcp-server.ts # Mock MCP JSON-RPC Server
โ โโโ adk/
โ โ โโโ agent-manager.ts # Multi-agent orchestrator loop
โ โ โโโ network-agent.ts # Network security agent
โ โ โโโ log-agent.ts # Correlation agent
โ โ โโโ threat-agent.ts # Scoring agent
โ โ โโโ mitigation-agent.ts # Firewall mitigation agent
โ โโโ scripts/
โ โโโ log-collector.ts # CLI Log Analyzer skill script
โ โโโ payload-validator.ts # Standalone static payload scanner
โโโ src/
โ โโโ App.tsx # Dashboard interface component
โ โโโ main.tsx # React DOM bootstrapper
โ โโโ index.css # Obsidian cyber theme CSS styles
โ โโโ vite-env.d.ts # Vite client type bindings
โโโ index.html # HTML entry (Outfit & JetBrains Fonts)
โโโ package.json # Project dependencies & build automation
โโโ tsconfig.json # TypeScript compilation config
โโโ vercel.json # Vercel deployment rewrite routes
โโโ vite.config.ts # Vite configuration with proxy settings๐ Quick Setup & Installation
Prerequisites
Node.js (v18+)
npm (v9+)
Local Development
Clone the repository and install dependencies:
git clone https://github.com/anshikasingh28072006/GhostWall.git cd GhostWall npm installRun the full application locally:
npm run devThis concurrent script launches the React client on http://localhost:3000 and proxy-binds to the Express backend API on http://localhost:3001.
CLI Security Tools
You can execute standalone tools directly in your terminal:
# Run log parser skill
npx ts-node server/scripts/log-collector.ts
# Run payload validator skill
npx ts-node server/scripts/payload-validator.ts "SELECT * FROM users WHERE 1=1"โก Vercel Deployment Instructions
GhostWall is deployed as a 100% client-side static React application. There is no backend server setup or API key configuration needed:
Push Changes to GitHub: Ensure all local changes are committed and pushed to your repo.
Import Project to Vercel:
Go to Vercel Dashboard and click Add New -> Project.
Import the
GhostWallrepository.
Configure Settings:
Framework Preset: Vite
Root Directory:
./(leave default)Build Command:
npm run build(runstsc && vite build)Output Directory:
dist
Deploy: Click Deploy. Vercel will build the React bundle and deploy the static site instantly.
๐ฎ Future Improvements
Add a live interactive threat map visualizing blocked geo-IP markers.
Implement exportable CSV reports for compliance auditing.
Expand signature lists to include SQLi-to-shell patterns.
Integrate WebSockets for live logging feeds.
๐ฅ Author & Contact
Author: Anshika Singh
GitHub: @anshikasingh28072006
Role: Cyber Security Analyst & Developer
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/anshikasingh28072006/GhostWall'
If you have feedback or need assistance with the MCP directory API, please join our Discord server