moderate2026-03
MCP for Security: 569 stars, curated pentesting MCP collectionWell-organized MCP server collection for working pentesters. SQLMap, FFUF, NMAP, Masscan accessible through MCP. 569 stars.
569 GitHub starsOpen-source community
← All solutions
MCP for Security (cyproxio)
activeBest curated offensive security MCP collection. 569 stars. SQLMap, FFUF, NMAP, Masscan, etc. Well-organized MCP server collection for working pentesters.
Score 53
Where it wins
Well-curated collection of proven pentesting tools via MCP
569 stars — solid community adoption
Includes SQLMap, FFUF, NMAP, Masscan — the standard pentesting toolkit
Where to be skeptical
Curated collection, not a unified tool — coordination between servers varies
Narrower than HexStrike's 150+ tool breadth
Requires authorization context for use
Editorial verdict
#2 offensive security. Curated collection of pentesting MCP servers (SQLMap, FFUF, NMAP, Masscan). 569 stars. Better organized than HexStrike but narrower scope. For authorized pentesting only.
Related
CodeQL (via GitHub MCP Server)
88GitHub-native SAST via CodeQL, accessible through the official GitHub MCP Server. Copilot Autofix generates fixes from CodeQL alerts. GitHub Security Lab Taskflow Agent found ~30 real CVEs. Zero extra setup for GitHub users.
TruffleHog
8818K+ stars. 800+ secret types. Unique credential verification — confirms if leaked creds are still active. Scans S3, Docker, Slack — not just git. No official MCP but community integrations exist.
Gitleaks
8824.4K stars — most-starred secret scanner. 150+ patterns. Fastest pre-commit scanner. The community default for pre-commit secret detection. No official MCP.
Tencent AI-Infra-Guard
81Most comprehensive OSS AI red teaming tool. 3,264 stars. Full-stack: ClawScan, Agent Scan, Skills Scan, MCP scan, jailbreak eval. 43 AI framework components, 589 CVEs cataloged. v4.0 released.
Public evidence
Raw GitHub source
GitHub README could not be fetched right now.