Provides access to Shodan API functionality, enabling AI assistants to query information about internet-connected devices for cybersecurity research and threat intelligence.

A Model Context Protocol server that integrates essential penetration testing tools (Nmap, Gobuster, Nikto, John the Ripper) into a unified natural language interface, allowing security professionals to execute and chain multiple tools through conversational commands.

Provides a Model Context Protocol server implementation that allows AI agents and other MCP clients to programmatically interact with DefectDojo, a vulnerability management tool, for managing findings, products, and engagements.

Burpsuite MCP Server

OnSecurity MCP Server

An AI-powered penetration testing reasoning engine that provides automated attack path planning, step-by-step guidance for CTFs/HTB challenges, and tool recommendations using Beam Search and MCTS algorithms.

A security-focused server that integrates with Cursor IDE to provide real-time vulnerability detection, exploit generation, and security insights during software development.

A security testing tool that enables automated vulnerability detection including XSS and SQL injection, along with comprehensive browser interaction capabilities for web application penetration testing.

A comprehensive HTTP client MCP server for security testing, API testing, and web automation that provides full-featured HTTP tools with detailed logging capabilities.

A Model Context Protocol server designed for testing backend APIs for security vulnerabilities like authentication bypass, injection attacks, and data leakage.

An MCP server that provides secure access to Kali Linux cybersecurity tools through Claude's interface, enabling users to run Kali Linux commands directly from Claude Desktop.

A tool that allows penetration testing through Kali Linux commands executed via a Multi-Conversation Protocol server, supporting security testing operations like SQL injection and command execution.

Connects Nuclei vulnerability scanner with MCP-compatible applications, enabling AI assistants to perform security testing through natural language interactions.

An MCP server that allows AI assistants and LLMs to interact with the Horizon3.ai API for scheduling pentests, querying results, and automating security workflows through natural language commands.

Enables AI assistants to perform network scanning operations using NMAP, offering a standardized interface for network analysis and security assessments through AI conversations.

An intelligent layered port scanning service based on MCP protocol, designed for AI assistants and development tools to perform network security analysis with real-time feedback.

BurpSuite MCP Server: A powerful Model Context Protocol (MCP) server implementation for BurpSuite, providing programmatic access to Burp's core functionalities.

A lightweight, extensible cybersecurity toolkit that connects AI assistants to security tools through the Model Context Protocol (MCP), enabling AI-assisted security research, scanning, and analysis.

Enables Active Directory enumeration and abuse operations through the bloodyAD tool. Supports LDAP queries, user/group management, DNS operations, and security testing directly from AI assistants.

Enables AI assistants to interact with Metasploit Framework through 28 comprehensive tools for penetration testing and security analysis. Provides secure, structured access to MSF modules, database operations, session management, and payload generation capabilities.

fluidattacks-mcp

A Model Context Protocol server that enables AI assistants to search and retrieve information about security exploits and vulnerabilities from the Exploit Database, enhancing cybersecurity research capabilities.

Enables secure integration with Metasploit Framework for AI assistants, providing comprehensive access to penetration testing tools, module management, payload generation, and database operations. Designed for authorized security testing and defensive analysis with 28 specialized tools covering complete MSF functionality.

A proof-of-concept tool that integrates AI into security operations, allowing users to perform offensive security tasks like network scanning and reconnaissance through natural language commands to GitHub Copilot.

Provides Claude with access to Shodan for IP address lookups, service discovery, and vulnerability scanning, allowing users to query information about hosts, count results, and check API usage.

A Model Context Protocol (MCP) server for dnstwist, a powerful DNS fuzzing tool that helps detect typosquatting, phishing, and corporate espionage.

Enables users to run and manage BBOT security scans through the MCP interface. Provides comprehensive tools for executing reconnaissance scans, monitoring progress, and retrieving results with support for concurrent scanning operations.

Provides access to 13+ penetration testing and security audit tools through a unified MCP interface. Enables security professionals to perform vulnerability scanning, web fuzzing, network reconnaissance, and other security assessments through containerized tools like Nuclei, Nmap, SQLMap, and FFUF.

Enables out-of-band interaction testing by integrating ProjectDiscovery's interactsh service as an MCP server. Allows AI agents to create callback domains, send probes, and capture DNS/HTTP interactions for security testing and verification workflows.

Provides a bridge between large language models and the Metasploit Framework, enabling AI assistants to access and control penetration testing functionality through natural language.

Integrates OWASP ZAP security testing with AI assistants through MCP, enabling automated vulnerability scanning and AI-powered security analysis during development. Supports multiple scan types including active, passive, and AJAX spider scans with real-time status updates.

A module that enables AI assistants to access and utilize common penetration testing and security tools like Nmap and Metasploit through a simple interface.

A FastMCP-based interface for Metasploit Framework, enabling AI agents to interact with Metasploit capabilities for exploitation, payload generation, target scanning, and session management.

An agent-based network scanning system that uses Nmap for network discovery and leverages DeepSeek API to analyze scan results for security vulnerabilities and recommendations.

An MCP server that integrates various penetration testing tools, enabling security professionals to perform reconnaissance, vulnerability scanning, and API testing through natural language commands in compatible LLM clients like Claude Desktop.

Enables comprehensive cybersecurity vulnerability assessment by searching GitHub repositories for exploits, querying NIST NVD for CVE details, and accessing CISA's Known Exploited Vulnerabilities catalog. Supports complete vulnerability research workflows from threat intelligence gathering to proof-of-concept discovery.

Enables vulnerability scanning of web applications using the xray security scanner. Provides URL scanning capabilities with configurable crawlers, plugins, and POCs to detect security vulnerabilities through natural language interactions.

Provides secure access to Exegol penetration testing tools for CTF competitions and red team learning. Enables AI assistants to perform web penetration testing, network reconnaissance, password cracking, OSINT analysis, and more for educational purposes.

Enables ethical security testing and attack surface management through SSL certificate validation, CVE queries, subdomain enumeration, security header analysis, and comprehensive reconnaissance capabilities. Designed for authorized penetration testing workflows with responsible disclosure practices.

Provides a secure interface for AI assistants to interact with penetration testing tools like nmap, hydra, sqlmap, and nikto for educational cybersecurity purposes. Includes input sanitization and runs in a Docker container with Kali Linux tools for authorized testing scenarios.

Enables secure execution of penetration testing commands on Kali Linux through Server-Sent Events with intelligent command validation, real-time monitoring, and comprehensive audit logging. Designed for authorized security research and penetration testing workflows.

AI-powered cybersecurity automation platform with 150+ security tools and 12+ autonomous AI agents for penetration testing, vulnerability assessment, and bug bounty hunting. Enables comprehensive security testing through intelligent tool selection and automated workflows.

Enables website security scanning and vulnerability assessment by integrating dirsearch path scanning with firecrawl web scraping. Provides structured vulnerability reports categorized by risk level and detailed content analysis of high-risk URLs.

Enables AI agents to generate and manage specialized bug bounty hunting workflows including reconnaissance, vulnerability testing, OSINT gathering, and file upload testing. Provides REST API endpoints for comprehensive security assessments with intelligence-driven vulnerability prioritization.

Enables LLMs to execute common security testing tools like nmap, sqlmap, hydra, and metasploit through a secure Docker container. Provides controlled access to penetration testing utilities with configurable timeouts and tool discovery capabilities.

Enables comprehensive network security scanning and vulnerability assessment using Linux tools like nmap. Provides network discovery, port scanning, service identification, OS detection, and device discovery capabilities for authorized security testing.

Enables LLMs to execute Kali Linux security tools like nmap, sqlmap, and hydra in a secure, sandboxed environment. Provides both MCP and HTTP API interfaces for penetration testing and security assessment tasks.

Damn Vulnerable MCP Server for Security Researchers.

Enables users to perform security testing and penetration testing tasks through a Docker-based API that provides access to popular security tools like nmap, nikto, sqlmap, wpscan, dirb, and searchsploit. Designed for educational purposes with input sanitization and non-root execution for safer pentesting workflows.

Enables security auditing, penetration testing, and compliance validation with tools like Semgrep, Trivy, Gitleaks, and OWASP ZAP. Features strict project boundary enforcement and supports OWASP, CIS, and NIST compliance frameworks.

Provides a one-stop automated solution for Android APK security analysis by integrating tools like JEB, JADX, APKTOOL, FlowDroid, and MobSF into unified MCP standard API interfaces.

An automated penetration testing framework that enables intelligent security assessments through reconnaissance, vulnerability scanning, and controlled exploitation. Features AI-driven workflow management with comprehensive reporting for authorized security testing.

Enables AI-powered Java source code vulnerability auditing through function-level taint analysis. Performs reverse tracking from dangerous functions to external entry points to automatically discover potential security vulnerability chains.

Enables advanced malware development, threat intelligence analysis, and offensive security operations through specialized tools for multi-language payload generation, obfuscation, OSINT reconnaissance, and forensic analysis. Designed for authorized penetration testing, red team exercises, and cybersecurity research with comprehensive educational capabilities.

Provides secure access to Kali Linux security tools through a dockerized environment for authorized penetration testing and defensive security. Enables network scanning, web application testing, system enumeration, and credential testing with built-in input sanitization and network restrictions.

test

An MCP Server that enables users to interact with Google's On-Demand Scanning API (v1beta1) through natural language, likely providing capabilities for vulnerability scanning and security analysis of containers and artifacts.

A demonstration server that allows large language models to perform penetration testing tasks autonomously by interfacing with the Mythic C2 framework.

A Model Context Protocol server that provides intelligent hashcat integration for Claude Desktop, allowing users to crack hashes, analyze passwords, and perform security assessments directly from Claude conversations.

Enables comprehensive security testing and penetration testing through natural language conversations with 92+ tools for reconnaissance, vulnerability assessment, web application testing, OSINT, and reporting. Designed for authorized bug bounty hunting and security assessments.