Security Python ★ 197

securityfortech/secops-mcp

All-in-one security testing toolbox that brings together popular open source tools through a single MCP interface. Connected to an AI agent, it enables tasks like pentesting, bug bounty hunting, threat hunting, and more.

Claude Desktop config.json'a ekle

{
  "mcpServers": {
    "securityfortech-secops-mcp": {
      "command": "python",
      "args": [
        "-m",
        "secops_mcp"
      ]
    }
  }
}

Bu MCP sunucusu hakkında

Security Operations Multi-Tool Platform (MCP)

Trust Score

A comprehensive security operations platform that integrates multiple security tools into a unified interface. This platform provides a centralized way to run various security scanning and testing tools.

Features

  • Unified Interface: Single entry point for multiple security tools
  • Docker Support: Easy deployment using Docker
  • JSON Output: Consistent JSON output format across all tools
  • Error Handling: Robust error handling and reporting
  • Extensible: Easy to add new tools and functionality

Included Tools

  • Nuclei: Fast and customizable vulnerability scanner
  • FFUF: Fast web fuzzer and content discovery tool
  • Amass: In-depth attack surface mapping and external asset discovery
  • Arjun: HTTP parameter discovery tool for finding hidden parameters
  • Dirsearch: Web path scanner
  • Gospider: Fast web spider for crawling and URL discovery
  • Hashcat: Advanced password recovery
  • HTTPX: Fast and multi-purpose HTTP toolkit
  • IPInfo: IP address information gathering
  • Nmap: Network exploration and security auditing
  • SQLMap: Automatic SQL injection and database takeover tool
  • Subfinder: Subdomain discovery tool
  • TLSX: TLS/SSL scanning and analysis
  • WFuzz: Web application fuzzer
  • XSStrike: Advanced XSS detection and exploitation

Tool Categories

Web Application Security

  • Nuclei: Vulnerability scanning with custom templates
  • FFUF: Fast web fuzzing and content discovery
  • WFuzz: Web application fuzzing
  • XSStrike: XSS detection and exploitation
  • SQLMap: SQL injection testing and exploitation
  • Arjun: HTTP parameter discovery and testing
  • Gospider: Web crawling and URL discovery
  • Dirsearch: Directory and file enumeration

Network Security

  • Nmap: Network scanning and service enumeration
  • HTTPX: HTTP probing and analysis
  • TLSX: TLS/SSL configuration analysis

Reconnaissance

  • Amass: Attack surface mapping and asset discovery
  • Subfinder: Subdomain enumeration
  • IPInfo: IP address intelligence gathering

Cryptography

  • Hashcat: Password cracking and hash analysis

Recent Additions

Gospider Integration

  • Web Crawling: Automated website crawling and URL discovery
  • Multiple Output Formats: JSON and text output support
  • Filtering Capabilities: Extension-based filtering and content filtering
  • Configurable Depth: Customizable crawling depth and concurrency
  • Subdomain Support: Option to include subdomains in crawling
  • Form Detection: Automatic detection of HTML forms
  • Secret Discovery: Identification of potential sensitive information

Arjun Integration

  • Parameter Discovery: Find hidden HTTP parameters in web applications
  • Multiple HTTP Methods: Support for GET, POST, PUT, and other methods
  • Bulk Scanning: Scan multiple URLs simultaneously
  • Custom Wordlists: Use custom parameter wordlists
  • Stable Mode: Reduced false positives with stable scanning mode
  • Custom Headers: Support for custom HTTP headers and authentication
  • Threading Support: Configurable threading for faster scans

Installation

  1. Clone the repository:

    git clone https://github.com/securityfortech/secops-mcp.git
cd secops-mcp

  2. Build the Docker image:

    docker build -t secops-mcp .

  3. Run the container:

    docker run -it --rm secops-mcp

Manual Installation

  1. Clone the repository:

    git clone https://github.com/securityfortech/secops-mcp.git
cd secops-mcp

  2. Create and activate a virtual environment:

    python -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate

  3. Install dependencies:

    pip install -r requirements.txt

  4. Install required tools:

    • Follow the installation instructions for each tool in the tools/ directory
    • Ensure all tools are in your system PATH

Usage

  1. Start the application:

    python main.py

  2. The application will provide a unified interface for running various security tools.

  3. Each tool returns results in a consistent JSON format:

    {
    "success": boolean,
    "error": string (if error),
    "results": object (if success)
}

Usage Examples

Gospider Web Crawling

# Basic web crawling
gospider_scan("https://example.com", depth=3, include_subs=True)

# Filtered crawling for specific file types
gospider_filtered_scan(
    "https://example.com",
    extensions=["js", "json", "xml"],
    exclude_extensions=["png", "jpg", "css"]
)

Arjun Parameter Discovery

# Basic parameter discovery
arjun_scan("https://example.com/api", method="GET")

# POST parameter discovery with custom data
arjun_scan(
    "https://example.com/login",
    method="POST",
    data="username=test&password=test",
    stable=True
)

# Bulk parameter scanning
arjun_bulk_parameter_scan([
    "https://example.com/api/v1",
    "https://example.com/api/v2"
])

Tool Configuration

Each tool can be configured through its respective wrapper in the tools/ directory. Configuration options include:

  • Output formats
  • Timeouts
  • Verbosity levels
  • Custom wordlists
  • Tool-specific parameters

Security Considerations

  • This tool is for authorized security testing only
  • Always obtain proper authorization before scanning systems
  • Be mindful of rate limiting and scanning intensity
  • Respect robots.txt and terms of service
  • Use appropriate wordlists and scanning parameters

Contributing

  1. Fork the repository
  2. Create a feature branch
  3. Commit your changes
  4. Push to the branch
  5. Create a Pull Request

License

This project is licensed under the MIT License - see the LICENSE file for details.

Acknowledgments

  • All the security tools and their developers
  • The security community for their contributions and support

Benzer MCP sunucuları

LaurieWired/GhidraMCP Security

A Model Context Protocol server for Ghidra that enables LLMs to autonomously reverse engineer applications. Provides tools for decompiling binaries, renaming methods and data, and listing methods, classes, imports, and exports.

LaurieWired/GhidraMCP ★ 9,126
mrexodia/ida-pro-mcp Security

MCP server for IDA Pro, allowing you to perform binary analysis with AI assistants. This plugin implement decompilation, disassembly and allows you to generate malware analysis reports automatically.

mrexodia/ida-pro-mcp ★ 9,115
zinja-coder/jadx-ai-mcp Security

JADX-AI-MCP is a plugin and MCP Server for the JADX decompiler that integrates directly with Model Context Protocol (MCP) to provide live reverse engineering support with LLMs like Claude.

zinja-coder/jadx-ai-mcp ★ 2,251
beelzebub-labs/beelzebub Security

Beelzebub is a honeypot framework that lets you build honeypot tools using MCP. Its purpose is to detect prompt injection or malicious agent behavior. The underlying idea is to provide the agent with tools it would never use in its normal work.

beelzebub-labs/beelzebub ★ 2,033
safedep/vet Security

vet-mcp checks open source packages—like those suggested by AI coding tools—for vulnerabilities and malicious code. It supports npm and PyPI, and runs locally via Docker or as a standalone binary for fast, automated vetting.

safedep/vet ★ 1,066
semgrep/mcp Security

Allow AI agents to scan code for security vulnerabilites using Semgrep.

semgrep/mcp ★ 668
Daha fazla: Security →