OpenVAS-MCP
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@OpenVAS-MCPscan 192.168.1.100 for open ports and vulnerabilities"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
OpenVAS-MCP
A self-hosted MCP server that gives AI agents structured access to OpenVAS / Greenbone vulnerability scanning — without sending your data anywhere.
OpenVAS has no native interface for AI agents. Most integrations require cloud connectivity or expose GVM credentials to every client. OpenVAS-MCP solves this:
Local-first. Talks only to your GVM instance. No telemetry, no external calls — verified by CI.
Credential isolation. AI agents authenticate to the MCP server; the server holds the single GVM service account.
Thin bridge. Returns structured scan data as-is. Analysis and reporting logic belong in the agent or a platform built on top.
See docs/architecture.md for a full architecture diagram and design details.
Quick start
0. Vibeinstall (optional, if you trust claude more than yourself)
Run in your terminal:
claude "install this, make no mistake."If you prefer to stay in control, follow the manual setup below.
1. Get a GVM instance
Don't have one? Spin up the bundled Greenbone Community Edition stack:
docker compose -f docker/openvas/compose.yaml up -d2. Connect an MCP client
stdio (Claude Desktop, Cursor, Windsurf, Cline, …)
Requirements: Python 3.10+
git clone https://github.com/CyberSecAuto-Labs/OpenVAS-MCP
cd OpenVAS-MCP
python3.11 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txtAdd to mcpServers in your client config file:
{
"mcpServers": {
"openvas": {
"command": "/path/to/.venv/bin/python", // ← edit this to your venv path
"args": ["-m", "openvas_mcp"],
"env": { "GVM_PASSWORD": "secret" } // ← edit this to your GVM password
}
}
}Config file locations:
Client | Path |
Claude Desktop (macOS) |
|
Claude Desktop (Windows) |
|
Cursor |
|
Windsurf |
|
Cline / Roo Code | via the MCP panel in the VS Code extension |
HTTP/SSE (networked agents)
Requirements: Docker
Download the compose files from the latest release and run:
# GVM running locally via Unix socket
MCP_API_KEYS="supersecrettoken:my-agent" GVM_PASSWORD=secret docker compose up
# GVM on a remote host via TCP
MCP_API_KEYS="supersecrettoken:my-agent" GVM_HOST=192.168.1.10 GVM_PASSWORD=secret docker compose upMCP_API_KEYS is a comma-separated list of token:name pairs sent as a Bearer token by the MCP client. Multiple clients: "tok1:agent1,tok2:agent2". Pass MCP_ALLOW_UNAUTHENTICATED=1 instead to skip auth on a trusted network.
Point your MCP client at the server:
{
"mcpServers": {
"openvas": {
"url": "http://your-server:8000/sse", // ← edit this to your server address
"headers": {
"Authorization": "Bearer supersecrettoken" // ← your MCP_API_KEYS token
}
}
}
}Plain TCP connections (GVM_HOST set, GVM_TLS unset) send GVM credentials unencrypted. Use GVM_TLS=1 or a Unix socket for anything beyond local dev.
All-in-one dev setup
Greenbone Community Edition + MCP server from source in one go:
# Start the Greenbone stack
docker compose -f docker/openvas/compose.yaml up -d
# Start the MCP server, connected via gvmd socket
GVM_PASSWORD=secret docker compose -f compose.yaml -f compose.override.yaml up --buildSeecompose.override.yaml for how the socket volume is mounted.
Related MCP server: wrg-mcp-server
Configuration
Variable | Default | Description |
| — | GVM password (required) |
|
| Unix socket path (default connection) |
| — | Connect via TCP instead of socket (IPv4 and IPv6) |
|
|
|
| — | Bearer API keys for HTTP transport auth ( |
See docs/configuration.md for the full reference, including TLS options, policy file, scan limits, and logging.
Available tools
Tool | Description |
| Return all scan targets |
| Create a target with specified hosts/CIDRs |
| Return all scan tasks |
| Create and start a scan against a target |
| Poll status and progress of a running scan |
| Retrieve findings, optionally filtered by minimum severity |
Example: "Scan 192.168.1.0/24 and show me anything above severity 7" — the agent calls create_target → start_scan → get_scan_status → fetch_scan_results(min_severity=7.0).
Release integrity
Every release image is:
Signed with cosign keyless OIDC signing — no long-lived key to compromise.
SBOM attached — a CycloneDX JSON bill of materials is generated with syft and attached to each GitHub Release.
Vulnerability-scanned — grype scans the SBOM on every PR (
vuln-scan.yml) and at release time, failing on fixablehighseverity findings (--only-fixed).Egress-audited — the
startup-egressworkflow tracesconnect()syscalls viastraceon every push and PR, asserting no unexpected outbound connections at startup. Integration tests extend this to live GMP code paths.
Verify the image signature before running:
cosign verify \
--certificate-identity-regexp "https://github.com/CyberSecAuto-Labs/OpenVAS-MCP/.github/workflows/release.yml@refs/tags/.*" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
ghcr.io/cybersecauto-labs/openvas-mcp:<version>Docs
docs/architecture.md — architecture diagram, component overview, and transport details
docs/configuration.md — full environment variable reference, TLS, policy file, scan limits, logging
docs/design.md — design decisions and known limitations
docs/ci.md — CI workflows, guarantees, and tradeoffs
License
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/CyberSecAuto-Labs/OpenVAS-MCP'
If you have feedback or need assistance with the MCP directory API, please join our Discord server