Popular MCP Servers

• 

  Beagle Security MCP Serverofficial

  beaglesecurity

  A

  security

  A

  license

  B

  quality

  Enables integration with Beagle Security API for managing security testing projects, applications, domain verification, and automated penetration tests. Provides 18 tools for creating, monitoring, and retrieving results from security assessments.

  Last updated 2025-07-09

  17

  1

  MIT
• 

  operant-mcpofficial

  operantlabs

  A

  security

  A

  license

  A

  quality

  A comprehensive security testing MCP server providing 51 tools for penetration testing, network forensics, memory analysis, and vulnerability assessment. It enables automated security audits and technical investigations across web applications, cloud environments, and network captures.

  Last updated 2026-04-01

  51

  32

  7

  MIT

• MCP Server Pentest

  9olidity

  A

  security

  A

  license

  B

  quality

  A security testing tool that enables automated vulnerability detection including XSS and SQL injection, along with comprehensive browser interaction capabilities for web application penetration testing.

  Last updated 2025-03-24

  1

  12

  764

  22

  MIT
• 

  Sekrd Security Scannerofficial

  sekrdcom

  A

  security

  F

  license

  A

  quality

  Enables deep security auditing of web applications directly from AI IDEs including Cursor and Claude Code. Scans URLs for vulnerabilities, returns security scores with SHIP/BLOCK verdicts, and provides specific fix prompts for remediation.

  Last updated 2026-04-13

  3

• ThreatByte-MCP

  anotherik

  A

  security

  A

  license

  B

  quality

  An intentionally vulnerable case management system designed for security training that provides MCP tools for SOC analyst workflows like case handling and indicator search. It enables users to explore and demonstrate common security weaknesses such as prompt injection, SQL injection, and broken authorization in an MCP-integrated environment.

  Last updated 2026-02-13

  22

  MIT

• BloodHound MCP Server

  mwnickerson

  A

  security

  A

  license

  B

  quality

  Enables security professionals to query and analyze Active Directory attack paths from BloodHound Community Edition data using natural language through Claude Desktop's Model Context Protocol interface.

  Last updated 2026-03-25

  79

  78

• osint-mcp-server

  badchars

  A

  security

  A

  license

  B

  quality

  Provides AI agents with 37 OSINT tools and 12 data sources to perform unified reconnaissance, domain analysis, and attack surface mapping. It enables agents to query, correlate, and reason across platforms like Shodan, VirusTotal, and Censys in parallel.

  Last updated 2026-03-17

  37

  169

  15

  MIT

• MCP Interactsh Bridge

  tachote

  A

  security

  A

  license

  A

  quality

  Enables out-of-band interaction testing by integrating ProjectDiscovery's interactsh service as an MCP server. Allows AI agents to create callback domains, send probes, and capture DNS/HTTP interactions for security testing and verification workflows.

  Last updated 2025-10-15

  4

  29

  2

  MIT

• OnSecurity MCP Server

  onsecurity

  A

  security

  A

  license

  B

  quality

  OnSecurity MCP Server

  Last updated 2025-08-13

  5

  MIT

• frida-mcp

  cbxss

  A

  security

  A

  license

  B

  quality

  An MCP server that enables AI-assisted mobile security testing by exposing Frida functionality for Android application research. It provides tools for hooking Java methods, manipulating memory, managing device processes, and executing custom Frida scripts.

  Last updated 2026-01-24

  37

  10

  MIT

• kali-mcp

  Hannes221

  A

  security

  A

  license

  A

  quality

  Provides an MCP interface to a full Kali Linux environment running in Docker, enabling AI assistants to execute security tools like nmap, sqlmap, and metasploit. It allows users to start/stop the container, run shell commands, and transfer files for security testing and educational purposes.

  Last updated 2026-03-23

  7

  6

  3

  MIT

• Adversary MCP Server

  brettbergin

  A

  security

  A

  license

  A

  quality

  A security-focused server that integrates with Cursor IDE to provide real-time vulnerability detection, exploit generation, and security insights during software development.

  Last updated 2025-08-26

  7

  1

  MIT

• Shodan MCP Server

  GangGreenTemperTatum

  A

  security

  A

  license

  A

  quality

  Enables comprehensive security reconnaissance, vulnerability assessment, and threat intelligence gathering by integrating Shodan's API. It provides tools for searching internet-connected devices, performing DNS operations, and querying the Shodan exploit database.

  Last updated 2026-01-17

  11

  Apache 2.0

• TurboPentest

  integsec

  A

  security

  A

  license

  A

  quality

  MCP server for TurboPentest — run AI-powered penetration tests and review findings from your coding assistant.

  Last updated 2026-04-16

  8

  165

  MIT

• BLT-MCP

  OWASP-BLT

  A

  security

  A

  license

  B

  quality

  Provides AI agents with structured access to the OWASP Bug Logging Tool (BLT) ecosystem for logging bugs, triaging issues, and managing security workflows. It enables actions like submitting vulnerabilities, tracking contributor leaderboards, and awarding gamified bacon points through a unified interface.

  Last updated 2026-04-16

  4

  9

  AGPL 3.0

• Kali Metasploit MCP Server

  andreransom58-coder

  A

  security

  A

  license

  B

  quality

  Enables interaction with Metasploit Framework for authorized security testing, including exploit searches, payload management, network scanning with nmap, and database operations for penetration testing workflows.

  Last updated 2025-11-17

  9

  MIT

• Shodan MCP Server

  Cyreslab-AI

  A

  security

  A

  license

  B

  quality

  Provides access to Shodan API functionality, enabling AI assistants to query information about internet-connected devices for cybersecurity research and threat intelligence.

  Last updated 2025-06-29

  23

  41

  MIT

• VulneraMCP

  telmon95

  A

  security

  A

  license

  B

  quality

  AI-powered bug bounty hunting platform that integrates security tools (OWASP ZAP, Caido, Burp Suite) for automated reconnaissance, vulnerability testing, JavaScript analysis, and finding management with PostgreSQL storage.

  Last updated 2025-11-28

  47

  27

  MIT

• Burpsuite MCP Server

  Cyreslab-AI

  A

  security

  A

  license

  B

  quality

  Burpsuite MCP Server

  Last updated 2025-05-15

  5

  7

  MIT

• DefectDojo MCP Server

  jamiesonio

  A

  security

  A

  license

  B

  quality

  Provides a Model Context Protocol server implementation that allows AI agents and other MCP clients to programmatically interact with DefectDojo, a vulnerability management tool, for managing findings, products, and engagements.

  Last updated 2025-04-01

  11

  13

  MIT

• MCP HTTP Requests

  godzeo

  A

  security

  -

  license

  A

  quality

  A comprehensive HTTP client MCP server for security testing, API testing, and web automation that provides full-featured HTTP tools with detailed logging capabilities.

  Last updated 2025-06-29

  8

  8

  MIT

• APVISO MCP Server

  Apviso

  A

  security

  F

  license

  A

  quality

  Enables interaction with the APVISO AI-powered penetration testing platform to manage targets, initiate scans, and retrieve vulnerability findings. It allows developers to integrate security testing workflows directly into MCP-compatible tools like Claude Code and Cursor.

  Last updated 2026-04-01

  18

  14

• MCP Shamash

  NeoTecDigital

  A

  security

  F

  license

  B

  quality

  Enables security auditing, penetration testing, and compliance validation with tools like Semgrep, Trivy, Gitleaks, and OWASP ZAP. Features strict project boundary enforcement and supports OWASP, CIS, and NIST compliance frameworks.

  Last updated 2026-02-28

  7

• PentestMCP

  YoussefSahnoun

  A

  security

  A

  license

  C

  quality

  Enables LLMs to perform Active Directory penetration testing using tools like NetExec, Bloodhound, Nmap, Certipy, and John the Ripper. Automates vulnerability discovery, attack path analysis, and documentation generation for security assessments.

  Last updated 2025-11-11

  26

  5

  MIT

• Pentest MCP

  DMontgomery40

  A

  security

  A

  license

  D

  quality

  A Model Context Protocol server that integrates essential penetration testing tools (Nmap, Gobuster, Nikto, John the Ripper) into a unified natural language interface, allowing security professionals to execute and chain multiple tools through conversational commands.

  Last updated 2026-03-23

  9

  69

  132

  MIT

• Burp Suite MCP Server

  jayluxferro

  A

  security

  F

  license

  A

  quality

  Exposes Burp Suite's REST API to AI assistants, enabling users to trigger vulnerability scans, monitor progress, and manage security tasks through natural language. It also provides programmatic access to Burp's security knowledge base for querying vulnerability definitions and remediation advice.

  Last updated 2026-04-08

  8

  1

• Kali MCP Server

  azza39925

  A

  security

  F

  license

  A

  quality

  Enables AI assistants to perform authorized penetration testing and security assessments by exposing 20+ Kali Linux security tools (nmap, sqlmap, gobuster, hydra, etc.) through a safe, validated interface with command allowlists, rate limiting, and input sanitization.

  Last updated 2025-11-29

  19

• Reports MCP Server

  izzy0101010101

  A

  security

  F

  license

  A

  quality

  Enables management of penetration testing reports and vulnerabilities through a REST API, supporting CVSS 3.1 scoring, HTML formatting, and secure JWT authentication for comprehensive security assessment documentation.

  Last updated 2025-08-31

  9

  3

• PentestThinkingMCP

  LT7T

  A

  security

  A

  license

  C

  quality

  An AI-powered penetration testing reasoning engine that provides automated attack path planning, step-by-step guidance for CTFs/HTB challenges, and tool recommendations using Beam Search and MCTS algorithms.

  Last updated 2025-05-27

  1

  MIT

• ProjectDiscovery MCP Server

  intelligent-ears

  A

  security

  F

  license

  A

  quality

  Integrates ProjectDiscovery security tools to perform automated reconnaissance, subdomain discovery, and vulnerability scanning. It enables comprehensive bug hunting workflows by chaining tools like subfinder, naabu, and nuclei into a unified pipeline.

  Last updated 2025-12-06

  7

  2

• CyberMCP

  ricauts

  A

  security

  A

  license

  C

  quality

  A Model Context Protocol server designed for testing backend APIs for security vulnerabilities like authentication bypass, injection attacks, and data leakage.

  Last updated 2025-05-28

  14

  15

  MIT

• Kali Linux MCP Server

  sfz009900

  A

  security

  F

  license

  A

  quality

  A tool that allows penetration testing through Kali Linux commands executed via a Multi-Conversation Protocol server, supporting security testing operations like SQL injection and command execution.

  Last updated 2025-09-14

  5

  52

• VibeDefender MCP Server

  yunusj

  A

  security

  A

  license

  -

  quality

  Provides security assessment methodology, tool documentation, and step-by-step workflows to guide AI agents through vulnerability scanning, static analysis, and penetration testing of applications and URLs.

  Last updated 2025-12-20

  1

  MIT

• BloodyAD MCP

  dcollaoa

  -

  security

  A

  license

  -

  quality

  Enables Active Directory enumeration and abuse operations through the bloodyAD tool. Supports LDAP queries, user/group management, DNS operations, and security testing directly from AI assistants.

  Last updated 2025-09-27

  16

  MIT

• Kali MCP Server

  Vasanthadithya-mundrathi

  A

  security

  F

  license

  C

  quality

  Provides access to 20+ Kali Linux penetration testing tools through isolated Docker containers, enabling network scanning, vulnerability assessment, password cracking, web security testing, and forensics through natural language commands.

  Last updated 2025-12-04

  26

  3

• MCPPentestBOT

  kannanprabu

  -

  security

  A

  license

  -

  quality

  Enables AI assistants to perform authorized security testing and penetration testing operations including SSL/TLS analysis, port scanning, vulnerability scanning, and HTTP security header audits through natural language interactions.

  Last updated 2025-11-12

  1

  MIT

• MCP NMAP Server

  PhialsBasement

  -

  security

  A

  license

  -

  quality

  Enables AI assistants to perform network scanning operations using NMAP, offering a standardized interface for network analysis and security assessments through AI conversations.

  Last updated 2026-01-28

  53

  45

  MIT

• Nmap MCP Server

  flagify-com

  -

  security

  A

  license

  -

  quality

  Enables network security scanning using Nmap through MCP protocol. Supports quick port scans, full port scans with service detection, and custom Nmap commands with async task management.

  Last updated 2025-12-11

  2

  MIT

• reptor-mcp

  slvnlrt

  -

  security

  A

  license

  -

  quality

  An MCP server that exposes the pentest reporting and automation features of SysReptor as programmable tools for AI agents and automated workflows. It enables users to manage findings, projects, and templates through a standardized interface by wrapping the reptor CLI.

  Last updated 2026-04-14

  6

  MIT

• BBOT MCP Server

  marlinkcyber

  -

  security

  A

  license

  -

  quality

  Enables users to run and manage BBOT security scans through the MCP interface. Provides comprehensive tools for executing reconnaissance scans, monitoring progress, and retrieving results with support for concurrent scanning operations.

  Last updated 2025-08-13

  2

  MIT

• ExploitDB MCP Server

  Cyreslab-AI

  -

  security

  A

  license

  -

  quality

  A Model Context Protocol server that enables AI assistants to search and retrieve information about security exploits and vulnerabilities from the Exploit Database, enhancing cybersecurity research capabilities.

  Last updated 2025-11-02

  19

  MIT

• Security Scanner MCP Server

  marc-shade

  A

  security

  F

  license

  -

  quality

  Enables comprehensive vulnerability scanning using Nuclei scanner with support for single targets, network ranges, and cluster-wide security assessments with customizable severity levels and automated scheduling.

  Last updated 2026-02-22

  8

• Shodan MCP Server

  bonetrees

  -

  security

  A

  license

  -

  quality

  Provides Claude with access to Shodan for IP address lookups, service discovery, and vulnerability scanning, allowing users to query information about hosts, count results, and check API usage.

  Last updated 2025-07-15

  1

  MIT

• CTF MCP Server

  zemi-gh

  -

  security

  A

  license

  -

  quality

  Exposes common CTF and cybersecurity tools (crypto, forensics, malware analysis, steganography, reverse engineering, pwn, OSINT) so LLMs can help solve capture-the-flag challenges in a controlled lab environment.

  Last updated 2025-11-29

  MIT

• middleBrick

  middleBrick

  -

  security

  A

  license

  -

  quality

  Scan APIs for security vulnerabilities and get OWASP risk scores. Detects auth bypass, BOLA/IDOR, data exposure, prompt injection, and 12+ security categories.

  Last updated 2026-04-03

  13

  Apache 2.0

• Kali Linux MCP Server

  ofryma

  -

  security

  A

  license

  -

  quality

  Enables AI assistants to perform penetration testing and security assessments by exposing 60+ Kali Linux security tools including network scanning, web security testing, password cracking, exploitation frameworks, and OSINT capabilities through an AI-friendly interface.

  Last updated 2025-11-19

  2

  MIT

• MCP Kali Server

  foxibu

  -

  security

  A

  license

  -

  quality

  Connects MCP clients to a Kali Linux terminal API, enabling AI-assisted penetration testing, CTF challenge solving, and automated security reconnaissance through command execution.

  Last updated 2025-11-17

  1

  MIT

• Endevor-MCP

  gglessner

  -

  security

  A

  license

  -

  quality

  A Model Context Protocol server providing 43 tools for Broadcom Endevor SCM interaction, enabling inventory browsing, element lifecycle management, and package workflows. It is designed for AI-driven mainframe operations and surgical, source-informed penetration testing of CICS applications.

  Last updated 2026-02-18

• Metasploit MCP Server

  GH05TCREW

  -

  security

  A

  license

  -

  quality

  Provides a bridge between large language models and the Metasploit Framework, enabling AI assistants to access and control penetration testing functionality through natural language.

  Last updated 2026-02-05

  580

  Apache 2.0

• Kali MCP Server

  letchupkt

  -

  security

  A

  license

  -

  quality

  Enables AI assistants to execute penetration testing commands and security tools on Kali Linux remotely. Supports automated reconnaissance, vulnerability scanning, and CTF solving through integration with 25+ offensive security tools like nmap, gobuster, and nuclei.

  Last updated 2025-11-09

  16

  MIT