pd-tools-mcp
Verified Safeby intelligent-ears
Overview
Automated bug bounty reconnaissance and vulnerability scanning by integrating ProjectDiscovery security tools.
Installation
npm startSecurity Notes
The server uses 'child_process.spawn' to execute external ProjectDiscovery tools. While this method is generally safer than 'exec' as it avoids shell interpretation of arguments by default, the wrapper does not perform explicit input sanitization for all user-provided arguments (e.g., 'ports' for naabu, 'scope' for katana). If a highly specific malicious input were crafted that exploits a parsing vulnerability in an underlying ProjectDiscovery tool, it could potentially lead to unexpected behavior. The 'httpx' tool uses a hardcoded path based on the Go home directory, which introduces a dependency on that specific installation location. Overall, the security relies heavily on the integrity and security of the installed ProjectDiscovery tools and the host system's PATH configuration.
Similar Servers
mcp-pentest
An AI-driven middleware to orchestrate and manage penetration testing tools and engagements.
pentestMCP
Provides an AI-powered interface for ethical penetration testing by exposing a suite of security assessment tools as callable functions for LLM agents.
mcp-security-scanner
A Python-based penetration testing tool designed to scan and identify vulnerabilities in Model Context Protocol (MCP) servers.
pentest-mcp
This server provides a Model Context Protocol (MCP) interface for professional penetration testing, enabling automated execution and analysis of security tools like Nmap, John the Ripper, Gobuster, and Nikto.