Integrates with OWASP security testing methodologies and guidelines for web application security assessment and vulnerability identification
Enables querying VirusTotal's API for threat intelligence, malware analysis, and security assessments of files, URLs, and domains
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@MCP Security Tools Suitecheck SSL certificate for github.com"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
MCP Security Tools Suite
A collection of Model Context Protocol (MCP) servers for ethical security testing, attack surface management, and penetration testing workflows.
π Important Security & Legal Notice
These tools are for authorized security testing only!
Always obtain explicit written permission before testing any systems
Follow responsible disclosure practices
Comply with all applicable laws and regulations
Never use these tools for malicious purposes
Respect rate limits and avoid causing service disruptions
Related MCP server: MCP Server Pentest
π¦ Components
1. Security Tools Server (security_server.py)
Core security assessment capabilities:
SSL certificate validation
CVE database queries
Security header analysis
DNS lookups and WHOIS
Breach database checking
2. ASM Server (asm_server.py)
Attack Surface Management features:
Subdomain enumeration
Technology identification
Attack surface mapping
Exposed service discovery
API endpoint enumeration
3. Threat Intelligence Server (Coming Soon)
IP reputation checking
IOC analysis
Threat feed integration
MITRE ATT&CK mapping
π Installation
Prerequisites
# Python 3.8+ required
python --version
# Create virtual environment
python -m venv mcp-security-env
source mcp-security-env/bin/activate # On Windows: mcp-security-env\Scripts\activate
# Install dependencies
pip install mcp aiohttp dnspython python-whois ssl-checkerOptional Dependencies
# For advanced features
pip install shodan censys masscan nmap-pythonAPI Keys Setup
Create a .env file in your project directory:
# API Keys for enhanced functionality
HIBP_API_KEY=your_have_i_been_pwned_key
SHODAN_API_KEY=your_shodan_api_key
VT_API_KEY=your_virustotal_api_key
CENSYS_API_ID=your_censys_id
CENSYS_API_SECRET=your_censys_secretπ§ Configuration
For Claude Desktop
Locate your Claude configuration file:
macOS:
~/Library/Application Support/Claude/claude_desktop_config.jsonWindows:
%APPDATA%\Claude\claude_desktop_config.jsonLinux:
~/.config/Claude/claude_desktop_config.json
Add the MCP servers:
{
"mcpServers": {
"security-tools": {
"command": "python",
"args": ["/absolute/path/to/security_server.py"],
"env": {
"HIBP_API_KEY": "your-api-key"
}
},
"asm-tools": {
"command": "python",
"args": ["/absolute/path/to/asm_server.py"]
}
}
}Restart Claude Desktop
For Custom Clients
import subprocess
import json
# Start MCP server
process = subprocess.Popen(
["python", "security_server.py"],
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE
)
# Send requests via JSON-RPC
request = {
"jsonrpc": "2.0",
"method": "tools/call",
"params": {
"name": "check_ssl_certificate",
"arguments": {"domain": "example.com"}
},
"id": 1
}
process.stdin.write(json.dumps(request).encode())
process.stdin.flush()π Usage Examples
Basic SSL Certificate Check
# Via MCP tool call
result = await check_ssl_certificate("github.com")
print(f"Certificate expires: {result['not_after']}")Subdomain Enumeration
# Passive reconnaissance only
subdomains = await discover_subdomains(
domain="example.com",
passive_only=True,
sources=["crtsh", "wayback"]
)Attack Surface Mapping
# Comprehensive asset discovery
surface = await map_attack_surface(
domain="example.com",
include_subdomains=True,
check_ports=False, # Requires explicit permission
identify_tech=True
)Security Header Analysis
# Check security posture
headers = await analyze_security_headers("https://example.com")
print(f"Security score: {headers['percentage']}%")π‘οΈ Best Practices
1. Authorization & Scope
Always define scope clearly before testing
Use scope configuration files
Implement IP/domain allowlists
Log all activities for audit trails
2. Rate Limiting
Respect target rate limits
Implement exponential backoff
Use async operations efficiently
Cache results when appropriate
3. Data Handling
Encrypt sensitive findings
Follow data retention policies
Redact PII in reports
Use secure communication channels
4. Operational Security
Use VPN/proxy when appropriate
Rotate API keys regularly
Monitor for abuse patterns
Implement kill switches
π Advanced Configuration
Custom Wordlists
# Add custom wordlists for enumeration
CUSTOM_SUBDOMAINS = [
"api", "dev", "staging", "test", "admin",
"portal", "secure", "vpn", "remote", "cloud"
]
CUSTOM_API_PATHS = [
"/api/v1", "/api/v2", "/graphql", "/rest",
"/oauth", "/auth", "/token", "/refresh"
]Proxy Configuration
# Route through proxy for testing
PROXY_CONFIG = {
"http": "http://proxy.example.com:8080",
"https": "https://proxy.example.com:8080"
}Custom User Agents
# Identify your scanner properly
USER_AGENTS = {
"default": "MCP-Security-Scanner/1.0 (Authorized Testing)",
"mobile": "Mozilla/5.0 (iPhone; CPU iPhone OS 14_0 like Mac OS X)",
"bot": "SecurityBot/1.0 (+https://example.com/bot-info)"
}π Debugging
Enable Debug Logging
import logging
logging.basicConfig(
level=logging.DEBUG,
format='%(asctime)s - %(name)s - %(levelname)s - %(message)s',
handlers=[
logging.FileHandler('mcp_security.log'),
logging.StreamHandler()
]
)Common Issues
Connection Timeouts
Increase timeout values
Check network connectivity
Verify firewall rules
Rate Limiting
Implement backoff strategies
Use API keys for higher limits
Cache results
SSL Errors
Update certificates
Configure SSL verification
Check proxy settings
π Output Formats
JSON Export
import json
# Export results
with open('scan_results.json', 'w') as f:
json.dump(attack_surface, f, indent=2)CSV Reports
import csv
# Generate CSV report
with open('vulnerabilities.csv', 'w', newline='') as f:
writer = csv.DictWriter(f, fieldnames=['host', 'port', 'service', 'severity'])
writer.writeheader()
writer.writerows(findings)HTML Reports
# Generate HTML report with findings
html_template = """
<!DOCTYPE html>
<html>
<head><title>Security Assessment Report</title></head>
<body>
<h1>Attack Surface Report</h1>
<h2>Executive Summary</h2>
<p>Risk Level: {risk_level}</p>
<h2>Findings</h2>
<ul>
{findings}
</ul>
</body>
</html>
"""π€ Contributing
Fork the repository
Create a feature branch
Follow secure coding practices
Add tests for new features
Submit a pull request
π License & Disclaimer
This software is provided for educational and authorized testing purposes only. The authors assume no liability for misuse or damage caused by this software. Always ensure you have explicit permission before testing any systems.
π Resources
π‘ Future Enhancements
Integration with Metasploit modules
Automated vulnerability scanning
Cloud security posture management
Container security assessment
GraphQL security testing
WebSocket security analysis
Mobile API testing support
Compliance reporting (PCI, HIPAA, SOC2)
Integration with SIEM platforms
Threat modeling automation
β οΈ Ethical Usage Guidelines
Remember the security professional's creed:
Do no harm
Respect privacy
Follow the law
Get permission
Report responsibly
Protect findings
Educate others
Built with respect for security and privacy by the cybersecurity community