secpluger
by Aldiharley
Overview
Automates multi-step penetration testing workflows, including reconnaissance, vulnerability scanning, exploitation, and reporting, with AI orchestration and evidence collection.
Installation
python3 src/mcp/secpluger_mcp_server.pyEnvironment Variables
- NVD_API_KEY
Security Notes
The server's core function involves executing external security tools and exploits, often using 'subprocess.run(shell=True)' with dynamically constructed commands. While designed for offensive security, this poses a risk of shell injection or arbitrary command execution on the host machine if workflow JSON files or user-provided inputs (e.g., target URLs, parameters) are manipulated by untrusted sources or contain unexpected metacharacters. Strong sandboxing/isolation of the server is highly recommended.
Similar Servers
flowlens-mcp-server
Provides rich browser context (user actions, network, console, storage, DOM, screen recording) to coding agents for in-depth debugging and automated regression testing of web applications.
VibeShift
VibeShift is an intelligent security agent that integrates with AI coding assistants to analyze AI-generated code for vulnerabilities, suggest remediations, and facilitate web test recording, crawling, and execution.
mcp-pentest
An AI-driven middleware to orchestrate and manage penetration testing tools and engagements.
pentest-mcp
Provides a comprehensive server environment for professional penetration testing, integrating tools like Nmap, Gobuster, Nikto, and John the Ripper for network and web vulnerability scanning, and password cracking.