secpluger
by Aldiharley
Overview
Automates multi-step penetration testing workflows, including reconnaissance, vulnerability scanning, exploitation, and reporting, with AI orchestration and evidence collection.
Installation
python3 src/mcp/secpluger_mcp_server.pyEnvironment Variables
- NVD_API_KEY
Security Notes
The server's core function involves executing external security tools and exploits, often using 'subprocess.run(shell=True)' with dynamically constructed commands. While designed for offensive security, this poses a risk of shell injection or arbitrary command execution on the host machine if workflow JSON files or user-provided inputs (e.g., target URLs, parameters) are manipulated by untrusted sources or contain unexpected metacharacters. Strong sandboxing/isolation of the server is highly recommended.
Similar Servers
MCP-Kali-Server
Enabling AI-driven offensive security testing by bridging AI agents to a Kali Linux terminal for command execution.
burp-mcp-agents
Connects Burp Suite MCP Server to AI backends (Codex, Gemini, Ollama, LM Studio) for assisted, non-destructive vulnerability analysis using real Burp traffic.
VibeShift
VibeShift is an intelligent security agent that integrates with AI coding assistants to analyze AI-generated code for vulnerabilities, suggest remediations, and facilitate web test recording, crawling, and execution.
pentestMCP
This MCP server enables AI agents to perform automated and interactive penetration testing tasks by exposing a suite of security assessment utilities as callable tools.