AynOps
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@AynOpsRun a threat analysis on example.com"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
🛡️ AynOps
AI-Powered Cybersecurity Reconnaissance Platform
Talk to Claude. Get a full threat intelligence report. Ethically enforced. Audit-ready.
Features • Architecture • Quick Start • Demo • Team
The Problem
Security reconnaissance requires 6+ different tools, hours of manual work, and deep CLI expertise. Junior analysts miss critical correlations. There's no ethical enforcement preventing unauthorized scans. And there's zero audit trail for compliance.
Related MCP server: BugBounty MCP Server
The Solution
AynOps is a Model Context Protocol (MCP) server that gives Claude real-time cybersecurity reconnaissance capabilities — wrapped with ArmorIQ policy enforcement and cryptographic audit logging.
You type in plain English. AynOps handles the rest.
"Run a threat analysis on example.com"→ ArmorIQ verifies the target is authorized
→ 10 recon tools run in parallel
→ Claude correlates findings across all tools
→ Structured threat report with risk score and remediation roadmap
→ Every action logged to ArmorIQ's tamper-proof audit trail
What Makes AynOps Different
Traditional Tools (Nmap, Shodan) | AynOps | |
Interface | CLI expertise required | Plain English conversation |
Analysis | Raw data dumps | AI-correlated threat intelligence |
Ethics | No enforcement | ArmorIQ policy gate on every call |
Audit | Manual logging | Cryptographic audit trail (automatic) |
Speed | Run tools one by one | 10 tools in parallel |
CVEs | Separate lookup | Auto-triggered from detected software |
Features
🔍 10 Recon Tools
Tool | Capability |
| Domain owner, registrar, expiry, name servers |
| DNS records + subdomain brute-force |
| Nmap-powered — ports, services, version detection |
| SSL cert issuer, expiry, cipher, TLS version |
| Web server, CMS, CDN, JS frameworks, security headers |
| Subdomain discovery via CT logs |
| ASN, ISP, org, geolocation for any IP/domain |
| AbuseIPDB malicious IP check |
| NVD database — CVEs by software + version |
| All tools in parallel — one command, complete picture |
🧠 AI Threat Correlation (run_threat_analysis)
Unlike full_recon which summarizes each tool separately, run_threat_analysis instructs Claude to correlate findings across all tools together:
Connects detected software versions directly to CVEs
Links SSL expiry to open HTTPS ports as a compound risk
Combines missing headers with detected CMS for exploit surface analysis
Outputs a structured report: Executive Summary → Critical Findings → Risk Score (0–100) → Remediation Roadmap
🛡️ ArmorIQ Ethical Enforcement
Every sensitive tool call is gated through ArmorIQ:
capture_plan— cryptographically signs Claude's intent before any tool runsget_intent_token— mints a short-lived signed token (prevents prompt injection)Policy enforcement — unauthorized targets are blocked before your MCP server is ever reached
Audit trail — every ALLOW/BLOCK decision logged automatically to
platform.armoriq.ai
You: "scan google.com"
ArmorIQ: ❌ BLOCKED — target not in authorized scope
Audit ID: AQ-0012 | Logged to platform.armoriq.aiArchitecture
User (Claude Desktop)
│
▼
Claude AI
(parses intent, decides which tools to call)
│
▼
ArmorIQ Policy Gate
(capture_plan → get_intent_token → verify)
│
┌────┴────┐
│ │
ALLOW BLOCK → logged, user notified
│
▼
AynOps MCP Server (streamable-http)
│
┌────┴─────────────────────────┐
│ Wave 1 (parallel) │
├── whois_lookup │
├── dns_enumeration │
├── port_scan (Nmap) │
├── ssl_inspect │
├── tech_stack_detect │
├── asn_lookup │
├── cert_transparency │
└── headers_analyzer │
│ │
┌────┴──────────────┐ │
│ Wave 2 (parallel)│ │
├── cve_lookup │ │
└── ip_reputation │ │
└──────────────────────────┘
│
▼
threat_analysis_tool
(extract_signals + correlation instructions)
│
▼
Claude generates correlated
Threat Intelligence Report
│
▼
ArmorIQ Audit Log
(tamper-proof, platform.armoriq.ai)Tech Stack
Layer | Technology |
AI Interface | Claude (Anthropic) via MCP |
MCP Framework | FastMCP 3.3+ (streamable-http transport) |
Language | Python 3.12+ |
Port Scanning | Nmap |
Recon Libraries | python-whois, dnspython, ssl, requests |
CVE Database | NVD (National Vulnerability Database) |
IP Reputation | AbuseIPDB |
ASN / Geo | ipapi.com |
Ethical Layer | ArmorIQ Python SDK |
Containerization | Docker |
Deployment | Railway (cloud) |
Quick Start
Prerequisites
Python 3.12+
Nmap installed (nmap.org/download.html)
Claude Desktop
ArmorIQ account (platform.armoriq.ai)
1. Clone & Install
git clone https://github.com/gaoharimran29-glitch/AynOps-mcp-hackathon
cd AynOps-mcp-hackathon
pip install -r requirements.txt2. Configure Environment
cp .env.example .env
# Edit .env and add your API keysABUSEIPDB_API_KEY=your_key # abuseipdb.com (free)
IP_API_KEY=your_key # ipapi.com (free)
ARMORIQ_API_KEY=your_key # platform.armoriq.ai
ANALYST_EMAIL=you@domain.com # your identity in audit logs3. ArmorIQ Setup
pip install armoriq-sdk
armoriq loginThen register your server on platform.armoriq.ai → MCP Servers.
4. Run Server
# HTTP mode (for Claude Desktop remote connection / Railway deployment)
uv run server.py
# Local stdio mode (for quick local testing)
fastmcp run server.py5. Connect Claude Desktop
{
"mcpServers": {
"cybersecurity": {
"type": "streamable-http",
"url": "http://localhost:8000/mcp"
}
}
}Demo
Authorized Scan
You: "run threat analysis on testphp.vulnweb.com"
ArmorIQ: ✅ Target authorized — intent signed (AQ-0001)
[10 tools run in parallel...]
Claude:
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🛡️ AynOps Threat Intelligence Report
Target: testphp.vulnweb.com
Risk Score: 87/100 — CRITICAL
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Executive Summary:
testphp.vulnweb.com presents a critically vulnerable attack surface.
Apache 2.4.49 is running on ports 80 and 443, affected by
CVE-2021-41773 (CVSS 9.8) — remote code execution with no auth.
SSL cert expires in 12 days, compounding the exposure window.
🔴 Critical Findings:
• CVE-2021-41773 on Apache 2.4.49 — path traversal → RCE
• SSL expiry in 12 days + HTTPS on port 443 — compound risk
Remediation:
Immediate: Patch Apache to 2.4.51+, renew SSL cert
This week: Add missing security headers (CSP, X-Frame-Options)Unauthorized Scan (ArmorIQ Block)
You: "scan google.com"
❌ BLOCKED by ArmorIQ Policy Gate
Target : google.com
Reason : Target not in authorized scope
Audit ID: AQ-0002
Logged : platform.armoriq.ai/audit-logsAudit Trail
You: "show audit log"
✅ AQ-0001 | run_threat_analysis | testphp.vulnweb.com | ALLOW | gaohar@aynops.local
❌ AQ-0002 | port_scan | google.com | BLOCK | gaohar@aynops.local
2 operations: 1 allowed, 1 blocked.
Full trail: platform.armoriq.aiDeployment (Railway)
npm install -g @railway/cli
railway login
railway init
railway upSet environment variables in Railway dashboard → Variables tab.
Never commit API keys to your repository.
Team
Unit313 — NeuroX Hackathon 2026
Member | Role | College |
Gaohar Imran | Team Lead | Delhi University |
Mohd Ali | Team Member | Maharaja Surajmal Institute of Technology |
License
MIT — see LICENSE
AynOps — because security intelligence shouldn't require a PhD in CLI tools.
⭐ Star this repo if you found it useful
This server cannot be installed
Maintenance
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/gaoharimran29-glitch/AynOps-mcp-hackathon'
If you have feedback or need assistance with the MCP directory API, please join our Discord server