224,035 tools. Last updated 2026-06-22 08:08

"Resources for Penetration Testing and Security Analysis" matching MCP tools:

inspect_security_headers
Ground Truth - First Call Activation
Fetch a public URL and inspect security-relevant response headers before you claim that a product or endpoint has a strong browser-facing security baseline. Use this for quick due diligence on public apps and docs sites. It checks for common headers such as HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy, and X-Content-Type-Options. It does not replace a real security review, authenticated testing, or vulnerability scanning.
Connector
read_resource
UK Legal Research
Read a resource by its URI. For static resources, provide the exact URI. For templated resources, provide the URI with template parameters filled in. Returns the resource content as a string. Binary content is base64-encoded.
Connector
dataset_details
Opendata Swiss
Full metadata for one dataset (CKAN package_show) including its resources/distributions with download URLs. Use a dataset `name` (slug) or id from search_datasets. There is no datastore, so fetch `resources[].download_url`/`url` for the underlying data.
Connector
malware_get_template
website-search
Get Lenny Zeltser's malware analysis report template. The report covers Executive Summary, Sample Snapshot, Malware Family Identification, Component Inventory, Runtime Requirements, Sources, Capabilities, Indicators of Compromise, Analysis Details, What We Don't Know, optional Infection Vector, optional Detection Engineering, About this Report, Appendix: Analysis Environment, and optional Appendix: Analysis Scripts. This server never requests your sample, analysis notes, or indicators and instructs your AI to keep them local—guidelines and the report template flow to your AI for local analysis.
Connector
product_load_context
website-search
Load Lenny Zeltser's product strategy context for local analysis. Returns expert strategic frameworks, principles, and guidance for evaluating or creating security product plans. Includes rating-sheet items (the lens taxonomy: structure, words, tone) as concrete reference points for grounded feedback on the plan's writing. This server never requests your plans and instructs your AI to keep them local. Use detail_level to control response size: "minimal" (~2k tokens), "standard" (~5k tokens), "compact" (~3-4k tokens, all sections but stripped), or "comprehensive" (~12k tokens). Use market_segment: "smb" for SMB-specific guidance. Use product_focus: "endpoint" for endpoint security viability assessment. Set include_template: true to include the fill-in-the-blank template in the response.
Connector
assessment_get_brief_template
website-search
Get Lenny Zeltser's Security Assessment one-page executive brief template. Standalone variant of `assessment_get_template` for callers that only want the brief without the long-form report. This server never requests your assessment notes or report and instructs your AI to keep them local—the templates and guidelines flow to your AI for local analysis.
Connector

Matching MCP Servers

Security Testing MCP Server
Penetration Testing Security Testing & QA Tools
avi686
F
license
-
quality
D
maintenance
Provides penetration testing tools including nmap, nikto, sqlmap, wpscan, and exploit database searches for educational and authorized security testing purposes using Kali Linux tools.
Last updated 2025-09-25
Professional Penetration
Penetration Testing Security Autonomous Agents
AnGrY-Althaf
F
license
-
quality
D
maintenance
Provides access to over 40 industry-standard penetration testing tools, including Nmap, SQLMap, and Metasploit, within an isolated Kali Linux Docker container. It enables security professionals to perform comprehensive network reconnaissance, web application testing, and vulnerability research through natural language commands.
Last updated 2026-03-02

Matching MCP Connectors

Android Security Analyzer
MCP server for static security analysis of Android source code
Agentic Security Shield
12-layer security configs for AI coding agents. Autonomous purchase via x402 (USDC on Base).

assessment_review_report
website-search
Get Lenny Zeltser's expert criteria for reviewing an existing security assessment report or brief. Surfaces the 17 info-assessment review items across five groups (Key Takeaways, Assessment Scope, Prioritized Findings, Remediation Suggestions, Assessment Methodology), cross-cutting criteria, the risk-adjusted severity model, anti-patterns, and a pointer to rating_score_writing for a numeric score. This server never requests your assessment notes or report and instructs your AI to keep them local—the templates and guidelines flow to your AI for local analysis.
Connector
assessment_get_cross_server_routes
website-search
Get Lenny Zeltser's Security Assessment cross-server handoff routes — when this MCP server can't fulfill a request, which other MCP servers (or fallback workflows) to consult. Surfaces a compact subset of `assessment_load_context`. This server never requests your assessment notes or report and instructs your AI to keep them local—the templates and guidelines flow to your AI for local analysis.
Connector
scan_skill
SecurityScan
Scan a GitHub repository or skill URL for security vulnerabilities. This tool performs static analysis and AI-powered detection to identify: - Hardcoded credentials and API keys - Remote code execution patterns - Data exfiltration attempts - Privilege escalation risks - OWASP LLM Top 10 vulnerabilities Requires a valid X-API-Key header. Cached results (24h) do not consume credits. Args: skill_url: GitHub repository URL (e.g., https://github.com/owner/repo) or raw file URL to scan Returns: ScanResult with security score (0-100), recommendation, and detected issues. Score >= 80 is SAFE, 50-79 is CAUTION, < 50 is DANGEROUS. Example: scan_skill("https://github.com/anthropics/anthropic-sdk-python")
Connector
mock_from_schema
IA-QA — 130+ QA & Dev Tools for AI Agents
Generate realistic mock data from a JSON Schema. Supports all common types (string, number, integer, boolean, array, object, null), format hints (email, date, date-time, uri, uuid), enum, const, and nested schemas. Perfect for testing MCP tools with realistic data.
Connector
pentest_lookup_technique
pentest-mcp-server
Look up a MITRE ATT&CK technique by ID or keyword for authorized penetration testing and security research. Returns the full technique record: name, associated tactics, description, detection opportunities (log sources, behavioral indicators), real-world procedure examples from public reporting, recommended mitigations, and related sub-techniques. The detection and mitigation sections make this equally useful for defenders building detection coverage. Accepts exact IDs (T1190, T1059.001) or keyword search (e.g., "sql injection", "pass the hash", "web shell upload").
Connector
world-bank-data
The Stall
World Bank open data — 1600+ development indicators for 200+ countries. Returns most-recent values and 5-year trend for any indicator by country. Covers GDP, population, inflation, unemployment, FDI, debt, exports, CO₂, life expectancy, Gini, internet penetration, ease of doing business, and more. Accepts ticker-style aliases (gdp, inflation, unemployment) or full WB indicator codes. Sourced from api.worldbank.org — free, no key required. Use for country risk, macro comparisons, policy analysis, and development economics.
Connector
assessment_load_context
website-search
Load Lenny Zeltser's security assessment report writing context for local analysis. Returns a JSON payload with the risk-adjusted severity model (the spine), reader-first section guidance, completeness criteria, frameworks (NIST SP 800-115/800-30, OWASP WSTG/Risk Rating, CVSS, MITRE ATT&CK, PTES, PCI DSS, CREST), and the mcpHandoffs array. The 'profile' parameter ANNOTATES sections (internal/external applicability) rather than filtering — every section is returned so cross-profile comparisons are possible. This server never requests your assessment notes or report and instructs your AI to keep them local—the templates and guidelines flow to your AI for local analysis.
Connector
search_resources
ChangeGamer
Search the ChangeGamer corpus by keyword. Ranks resources by relevance across title, description, tags, category, and body, and returns metadata plus HTML/Markdown/JSON URLs (no body content). Use this to find resources before fetching them with get_resource.
Connector
get-code-vault-results
coderegistry
Returns analysis results for a vault. Free-tier teams receive summary-only results; paid teams receive full facet data and AI insights. Analysis is async; if status is 'processing', poll with exponential backoff (5s, 10s, 20s, 40s, max 60s). Analysis can be as quick as 20-30 minutes for under 500,000 lines of code. Larger codebases can take much longer, especially with the security scan. Facet meanings are documented in resources://docs/facets; AI Quotient is a code-quality metric (not AI-generated code). AI insights can take a few minutes after analysis completes; if ai_insights is empty, poll again and check ai_insights_status per facet (ready/processing/not_available). This endpoint always returns the latest version only; once reanalysis starts, prior versions are no longer accessible here. Requires X-API-Key (existing users can generate an API key in the web app). If headers aren't supported, pass api_key in arguments.
Connector
product_get_template
website-search
Get Lenny Zeltser's fill-in-the-blank template for planning a security product strategy. Includes strategic questions organized by section with evidence columns. This server never requests your product plans and instructs your AI to keep them local—guidelines flow to your AI for local analysis. The template is Copyright (c) 2026 Lenny Zeltser; any content you create using it is entirely yours.
Connector
search_resources
changegamer
Search the ChangeGamer corpus by keyword. Ranks resources by relevance across title, description, tags, category, and body, and returns metadata plus HTML/Markdown/JSON URLs (no body content). Use this to find resources before fetching them with get_resource.
Connector
search_vaadin_docs
docs-mcp
Search Vaadin documentation for relevant information about Vaadin development, components, and best practices. Uses hybrid semantic + keyword search. USE THIS TOOL for questions about: Vaadin components (Button, Grid, Dialog, etc.), TestBench, UI testing, unit testing, integration testing, @BrowserCallable, Binder, DataProvider, validation, styling, theming, security, Push, Collaboration Engine, PWA, production builds, Docker, deployment, performance, and any Vaadin-specific topics. When using this tool, try to deduce the correct development model from context: use "java" for Java-based views, "react" for React-based views, or "common" for both. Use get_full_document with file_paths containing the result's file_path when you need complete context.
Connector
url_scanner_async_scan
PreClick — An MCP-native URL preflight scanning service for autonomous agents (formerly URLCheck).
Submit a URL for asynchronous security analysis. Returns immediately with a task_id. Poll with url_scanner_async_task_status to check progress, then url_scanner_async_task_result to get the scan result. Async counterpart of url_scanner_scan for clients without native MCP Tasks support.
Connector
get_resource
changegamer
Fetch a ChangeGamer resource by slug. Free resources return full metadata and Markdown body. Premium resources require a valid api_key; without one a payment-required object is returned.
Connector