skillpack.co
All solutions

FuzzingLabs Security Hub

active

MCP servers for Nmap, Ghidra, Nuclei, SQLMap, Hashcat. 481 stars. Stronger on reverse engineering and binary/protocol analysis. Best for security researchers doing binary work.

Score 59

Where it wins

Reverse engineering focus — Ghidra integration via MCP

Binary and protocol analysis tools (Hashcat, Nuclei)

481 stars — niche but active

Where to be skeptical

Narrower than HexStrike or cyproxio collections

Reverse engineering focus limits general applicability

Editorial verdict

#3 offensive security. MCP servers for Nmap, Ghidra, Nuclei, SQLMap, Hashcat. 481 stars. Differentiates on reverse engineering / binary analysis. Best for security researchers working with binaries and protocols.

Related

Security

Related but not ranked

CodeQL (via GitHub MCP Server)

88

GitHub-native SAST via CodeQL, accessible through the official GitHub MCP Server. Copilot Autofix generates fixes from CodeQL alerts. GitHub Security Lab Taskflow Agent found ~30 real CVEs. Zero extra setup for GitHub users.

TruffleHog

88

18K+ stars. 800+ secret types. Unique credential verification — confirms if leaked creds are still active. Scans S3, Docker, Slack — not just git. No official MCP but community integrations exist.

Gitleaks

88

24.4K stars — most-starred secret scanner. 150+ patterns. Fastest pre-commit scanner. The community default for pre-commit secret detection. No official MCP.

Tencent AI-Infra-Guard

81

Most comprehensive OSS AI red teaming tool. 3,264 stars. Full-stack: ClawScan, Agent Scan, Skills Scan, MCP scan, jailbreak eval. 43 AI framework components, 589 CVEs cataloged. v4.0 released.

Public evidence

Raw GitHub source

GitHub README peek

Constrained peek so you can sanity-check the source material without leaving the site.

Offensive Security MCP Servers

Build Status Security Scan

Production-ready, Dockerized MCP (Model Context Protocol) servers for offensive security tools. Enable AI assistants like Claude to perform security assessments, vulnerability scanning, and binary analysis.

<p align="center"> </p>

Features

  • 38 MCP Servers covering reconnaissance, web security, binary analysis, blockchain security, cloud security, code security, secrets detection, threat intelligence, OSINT, Active Directory, fuzzing, and more
  • 300+ Security Tools accessible via natural language through Claude or other MCP clients
  • Production Hardened - Non-root containers, minimal images, Trivy-scanned
  • Docker Compose orchestration for multi-tool workflows
  • CI/CD Ready with GitHub Actions for automated builds and security scanning

Quick Start

# Clone the repository
git clone https://github.com/FuzzingLabs/mcp-security-hub
cd mcp-security-hub

# Build all MCP servers
docker-compose build

# Start specific servers
docker-compose up nmap-mcp nuclei-mcp -d

# Verify health
docker-compose ps
Configure Claude Desktop / Claude Code

Important: You must build the images first with docker-compose build before using them.

Copy the example config to your Claude Desktop configuration:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json

Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "nmap": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "--cap-add=NET_RAW", "nmap-mcp:latest"]
    },
    "nuclei": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "nuclei-mcp:latest"]
    },
    "gitleaks": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "-v", "/path/to/repos:/app/target:ro", "gitleaks-mcp:latest"]
    },
    "radare2": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "-v", "/path/to/binaries:/samples:ro", "radare2-mcp:latest"]
    }
  }
}

For project-level config, copy .mcp.json to your project root. See examples/ for full configuration templates with all MCPs and volume mount patterns.

Available MCP Servers

Reconnaissance (8 servers)
ServerToolsDescription
nmap-mcp8Port scanning, service detection, OS fingerprinting, NSE scripts
shodan-mcp-Wrapper for official Shodan MCP
pd-tools-mcp-Wrapper for ProjectDiscovery tools (subfinder, httpx, katana)
whatweb-mcp5Web technology fingerprinting and CMS detection
masscan-mcp6High-speed port scanning for large networks
zoomeye-mcp-Wrapper for ZoomEye MCP - Cyberspace search engine
networksdb-mcp4IP/ASN/DNS lookups via NetworksDB
externalattacker-mcp6Attack surface mapping with ExternalAttacker
Web Security (6 servers)
ServerToolsDescription
nuclei-mcp7Template-based vulnerability scanning with 8000+ templates
sqlmap-mcp8SQL injection detection and exploitation
nikto-mcp-Wrapper for Nikto MCP web server scanner
ffuf-mcp9Web fuzzing for directories, files, parameters, and virtual hosts
waybackurls-mcp3Fetch historical URLs from Wayback Machine for reconnaissance
burp-mcp-Wrapper for official Burp Suite MCP
Binary Analysis (6 servers)
ServerToolsDescription
radare2-mcp32Wrapper for official radare2-mcp - disassembly, decompilation
binwalk-mcp6Firmware analysis, signature scanning, extraction
yara-mcp7Pattern matching for malware classification
capa-mcp5Capability detection in executables
ghidra-mcp-Wrapper for pyghidra-mcp - Headless AI-powered reverse engineering
ida-mcp-Wrapper for ida-pro-mcp - IDA Pro integration
Blockchain Security (3 servers)
ServerToolsDescription
daml-viewer-mcp1DAML access-control table generation and run tracking
medusa-mcp4High-performance smart contract fuzzer for Solidity
solazy-mcp8Solana sBPF static analysis and reverse engineering
Cloud Security (3 servers)
ServerToolsDescription
trivy-mcp7Container, filesystem, and IaC vulnerability scanning
prowler-mcp6AWS/Azure/GCP security auditing and compliance
roadrecon-mcp6Azure AD enumeration via RoadRecon
Secrets Detection (1 server)
ServerToolsDescription
gitleaks-mcp5Find secrets and credentials in git repos and files
Exploitation (1 server)
ServerToolsDescription
searchsploit-mcp5Exploit-DB search and retrieval
Fuzzing (2 servers)
ServerToolsDescription
boofuzz-mcp4Network protocol fuzzing using Boofuzz
View on GitHub →