mcp-tools
Verified Safeby silicon-works
Overview
Provides a collection of MCP servers wrapping various cybersecurity tools for automated penetration testing, vulnerability scanning, and exploitation tasks.
Installation
docker run -i --network host ghcr.io/silicon-works/mcp-tools-ffuf:latestEnvironment Variables
- ZAP_PORT
- NVD_API_KEY
- TARGET_DATA_FILE
- TEMPLATE_DIR
Security Notes
The server includes multiple tools designed for offensive security actions (e.g., exploit execution, payload generation, brute-forcing, scanning). While internal operations generally use argument lists for subprocess calls to mitigate shell injection within the server itself, the core functionality involves executing arbitrary user-provided code, commands, or crafting malicious inputs against target systems. For example, `exploit-runner` executes user scripts/commands, and `payload` compiles user-provided C code. The `searchsploit.get_exploit` method might allow reading arbitrary files within the container if a malicious `exploit_id` path is provided, though its impact is contained by the Docker environment. Users should understand these inherent risks for offensive security tools.
Similar Servers
MCP-Kali-Server
Enabling AI-driven offensive security testing by bridging AI agents to a Kali Linux terminal for command execution.
burp-mcp-agents
Connects Burp Suite MCP Server to AI backends (Codex, Gemini, Ollama, LM Studio) for assisted, non-destructive vulnerability analysis using real Burp traffic.
pentestMCP
This MCP server enables AI agents to perform automated and interactive penetration testing tasks by exposing a suite of security assessment utilities as callable tools.
mcp-pentest
An AI-driven middleware to orchestrate and manage penetration testing tools and engagements.