Skip to main content
Glama
Vorota-ai

nmap-mcp

by Vorota-ai
OverviewSchemaRelated ServersScoreDiscussions
Python
Local

Nmap MCP Server by Vorota AI

nmap-mcp is a production-ready Model Context Protocol (MCP) server that wraps Nmap, the industry-standard network scanner, to enable AI agents to perform automated network security assessments. Built by Vorota AI, it provides 6 scanning tools, 9 scan types, and 6 timing templates -- making it the most comprehensive Nmap integration for AI-powered security workflows available today.

License Python versions MCP Protocol Docker

Install MCP Server

Quick Start

Build and run nmap-mcp with Docker (includes Nmap):

docker build -t nmap-mcp https://github.com/vorotaai/nmap-mcp.git
docker run --rm -i nmap-mcp

Then add to any MCP client:

{
  "mcpServers": {
    "nmap-mcp": {
      "command": "docker",
      "args": ["run", "--rm", "-i", "nmap-mcp"]
    }
  }
}

Features

nmap-mcp from Vorota AI exposes 6 specialized scanning tools to any MCP-compatible AI agent:

  • Port Scanning -- TCP Connect, SYN stealth, UDP, FIN, XMAS, NULL, and ACK scan types with configurable port ranges and timing templates (T0 through T5).

  • Host Discovery -- Ping-sweep an entire subnet to find live hosts before deeper scanning.

  • Service Detection -- Identify running services and their exact versions on open ports with adjustable probe intensity (0-9).

  • OS Fingerprinting -- Determine operating systems through TCP/IP stack analysis.

  • Vulnerability Scanning -- Run Nmap Scripting Engine (NSE) scripts in safe categories to detect known vulnerabilities.

  • Quick Scan -- Fast top-N port scan with aggressive timing for rapid reconnaissance.

All tools include built-in input validation, network size limits, and timeout enforcement to prevent misuse.

Recommended Workflow

For a thorough AI-powered security assessment, nmap-mcp tools are designed to be used in sequence:

  1. Discover Hosts -- Use discover-hosts to find live targets on the network.

  2. Quick Scan -- Run quick-scan on discovered hosts for a fast overview of open ports.

  3. Port Scan -- Use scan-ports with specific scan types for deeper port analysis.

  4. Detect Services -- Run detect-services on open ports to identify software versions.

  5. Detect OS -- Use detect-os to fingerprint the operating system (requires root).

  6. Scan Vulnerabilities -- Run scan-vulnerabilities to check for known security issues.

AI agents like Claude, Cursor, and VS Code Copilot can orchestrate this entire workflow automatically in a single conversation.

Installation

Docker (recommended -- includes Nmap)

docker build -t nmap-mcp https://github.com/vorotaai/nmap-mcp.git

From source

Requires Python 3.10+, Nmap on PATH, and uv:

git clone https://github.com/vorotaai/nmap-mcp.git
cd nmap-mcp
uv sync --all-groups
nmap-mcp

Usage with MCP Clients

nmap-mcp is compatible with all major MCP clients: Claude Desktop, Claude Code, Cursor, VS Code Copilot, Windsurf, and Cline.

First, build the Docker image:

docker build -t nmap-mcp https://github.com/vorotaai/nmap-mcp.git

Claude Desktop

Add to your Claude Desktop configuration file (claude_desktop_config.json):

{
  "mcpServers": {
    "nmap-mcp": {
      "command": "docker",
      "args": ["run", "--rm", "-i", "nmap-mcp"]
    }
  }
}

Claude Code

claude mcp add nmap-mcp -- docker run --rm -i nmap-mcp

Cursor

Install MCP Server

Or add manually to your Cursor MCP settings (.cursor/mcp.json):

{
  "mcpServers": {
    "nmap-mcp": {
      "command": "docker",
      "args": ["run", "--rm", "-i", "nmap-mcp"]
    }
  }
}

VS Code / VS Code Insiders

Add to your VS Code settings (.vscode/mcp.json):

{
  "servers": {
    "nmap-mcp": {
      "command": "docker",
      "args": ["run", "--rm", "-i", "nmap-mcp"]
    }
  }
}

Windsurf / Cline

Use the same server configuration as Claude Desktop above. Refer to your client's documentation for the config file location.

Available Tools

Tool

Description

Key Parameters

Root Required

scan-ports

Port scan with configurable scan type, port range, and timing

target, ports, scan_type (tcp_connect, syn, udp, fin, xmas, null, ack), timing (T0-T5)

Some types

discover-hosts

Find live hosts on a network using ping scan (-sn)

target (CIDR notation supported)

No

detect-services

Identify services and versions on open ports (-sV)

target, ports, intensity (0-9)

No

detect-os

OS fingerprinting via TCP/IP stack analysis (-O)

target

Yes

scan-vulnerabilities

Run NSE vulnerability detection scripts in safe categories

target, ports, categories (auth, default, discovery, safe, version, vuln)

No

quick-scan

Fast top-N port scan with aggressive timing

target, top_ports (number of top ports to scan)

No

Scan Types

The scan-ports tool supports 7 scan types, each suited for different scenarios:

Scan Type

Flag

Root Required

Description

tcp_connect

-sT

No

Full TCP handshake; reliable but detectable

syn

-sS

Yes

SYN stealth scan; fast and less detectable

udp

-sU

Yes

UDP port scan; slower but finds UDP services

fin

-sF

Yes

FIN scan; stealthy, bypasses some firewalls

xmas

-sX

Yes

XMAS scan; sets FIN, PSH, URG flags

null

-sN

Yes

NULL scan; sends no flags

ack

-sA

Yes

ACK scan; maps firewall rulesets

Timing Templates

Template

Name

Use Case

T0

Paranoid

IDS evasion

T1

Sneaky

IDS evasion

T2

Polite

Reduced bandwidth usage

T3

Normal

Default speed

T4

Aggressive

Fast, reliable networks

T5

Insane

Fastest, may lose accuracy

Configuration

nmap-mcp is configured through environment variables:

Variable

Default

Description

NMAP_BINARY

nmap

Path to the Nmap binary

NMAP_SCAN_TIMEOUT

600

Maximum scan duration in seconds

NMAP_MAX_TARGETS

256

Maximum number of target hosts per scan (max /24 subnet)

FASTMCP_LOG_LEVEL

WARNING

Logging level (DEBUG, INFO, WARNING, ERROR)

Example with custom configuration via Docker:

{
  "mcpServers": {
    "nmap-mcp": {
      "command": "docker",
      "args": [
        "run", "--rm", "-i",
        "-e", "NMAP_SCAN_TIMEOUT=120",
        "-e", "NMAP_MAX_TARGETS=128",
        "-e", "FASTMCP_LOG_LEVEL=ERROR",
        "nmap-mcp"
      ]
    }
  }
}

Security

Authorization is required. nmap-mcp is a security tool that performs network scanning. You must ensure:

  • You have explicit authorization to scan any target network or host.

  • You comply with all applicable laws and organizational policies.

  • You use this tool only in environments where you have permission to conduct security assessments.

Safety Measures

nmap-mcp by Vorota AI implements multiple layers of security to prevent misuse:

  • Input validation -- All inputs are validated against a set of forbidden characters (;, |, &, $, `, (, ), {, }, <, >, newlines) to prevent command injection attacks.

  • Network size limits -- Scans are limited to a maximum of 256 hosts by default (equivalent to a /24 subnet). This is configurable via NMAP_MAX_TARGETS.

  • Restricted NSE categories -- Only safe script categories are allowed: auth, default, discovery, safe, version, and vuln. Dangerous categories like exploit, dos, and intrusive are blocked.

  • Configurable timeouts -- All scans have a configurable timeout with a hard maximum of 600 seconds to prevent runaway processes.

  • No shell execution -- All Nmap commands are executed using Python's subprocess module with argument lists, never through a shell. This eliminates shell injection vectors entirely.

FAQ

What is nmap-mcp?

nmap-mcp is a Model Context Protocol (MCP) server built by Vorota AI that enables AI agents to perform Nmap network scans. It wraps the full power of Nmap -- port scanning, host discovery, service detection, OS fingerprinting, and vulnerability scanning -- into 6 structured tools that AI assistants like Claude, Cursor, and VS Code Copilot can call directly.

How do I use Nmap with AI agents?

Build the nmap-mcp Docker image and configure it as an MCP server in your AI client (Claude Desktop, Claude Code, Cursor, VS Code, Windsurf, or Cline). Once connected, you can ask the AI to scan networks, detect services, fingerprint operating systems, and find vulnerabilities using natural language. The AI agent will call the appropriate nmap-mcp tools and interpret the results for you.

Is nmap-mcp safe to use?

Yes. nmap-mcp includes multiple safety mechanisms: input validation to prevent command injection, network size limits to avoid scanning overly broad ranges, restricted NSE script categories that exclude dangerous scripts, configurable timeouts, and no shell execution. However, network scanning itself requires authorization -- always ensure you have permission before scanning any target.

What MCP clients are supported?

nmap-mcp works with all MCP-compatible clients, including Claude Desktop, Claude Code, Cursor, VS Code (via GitHub Copilot), Windsurf, and Cline. Any client that supports the Model Context Protocol's stdio transport can connect to nmap-mcp.

Contributing

Contributions are welcome. To set up the development environment:

git clone https://github.com/vorotaai/nmap-mcp.git
cd nmap-mcp
uv sync --all-groups

Running Tests

uv run pytest

Code Quality

uv run ruff check .
uv run ruff format .

Please open an issue or pull request on GitHub for bugs, feature requests, or improvements.

License

This project is licensed under the Apache License 2.0.

Copyright (c) Vorota AI

Install Server
A
license - permissive license
A
quality
D
maintenance

How are these scores calculated?

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Vorota-ai/nmap-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server