An automated suite for Android APK security analysis that integrates tools such as JEB, JADX, APKTOOL, FlowDroid, and MobSF, and provides a unified API interface through the MCP protocol to achieve vulnerability detection with multi - tool cross - validation.

An MCP server implemented based on go - mcp, used for automated vulnerability scanning tasks in emergency response. It supports generating POCs, creating scanning tasks and workflows, and is compatible with both HTTP API and MCP protocol.

A powerful MCP server implemented for BurpSuite, providing programmatic access to Burp's core functions, including proxy interception, vulnerability scanning, and traffic logging.

An MCP server that provides an interface to interact with the scanning and proxy functions of Burpsuite Professional, supporting functions such as vulnerability scanning, traffic capture, and site structure viewing.

An MCP server based on containerized Kali Linux that provides the ability to execute commands for penetration testing and security research tools, supporting background task management and interactive vulnerability detection.

The ADEO CTI MCP Server is a security analysis platform that integrates the APIs of Shodan and VirusTotal, providing comprehensive network security services such as network intelligence, vulnerability assessment, and threat detection.

The Vulners MCP Server is a tool that provides access to the Vulners vulnerability database through the Model Context Protocol (MCP), supporting direct query of vulnerability information, CVE search, security bulletin analysis, and software package audit in AI assistants such as Claude Desktop.

A Nessus vulnerability scanning server based on the MCP protocol, supporting vulnerability scanning, management, analysis, and simulation testing functions

GhidraMCP is a Ghidra plugin that enables AI - assisted binary analysis through the Model Context Protocol (MCP), connecting reverse engineering with AI assistants and providing functions such as natural language interaction, in - depth code analysis, and security vulnerability detection.

An MCP server integrating Trivy security scanning capabilities, providing project vulnerability scanning and automatic fix capabilities through a standardized interface.

The Zebbern Kali MCP server is a comprehensive penetration testing platform based on the Model Context Protocol (MCP), providing 139 functions for AI assistants (such as GitHub Copilot) to directly execute security tools on the Kali Linux system through a standardized API, covering network reconnaissance, web application testing, password cracking, vulnerability exploitation, and Active Directory attacks.

BugBounty MCP Server is a comprehensive security testing tool that interacts with LLM through natural language, providing over 92 penetration testing tools, covering functions such as reconnaissance, scanning, vulnerability assessment, web applications, network security, OSINT, vulnerability exploitation, and report generation.

Sonatype MCP Server is a protocol server that connects AI assistants to Sonatype's dependency management and security intelligence platform, providing developers with real-time insights into security vulnerability scanning, license compliance checking, and health analysis of open-source dependencies.

A modular MCP server that provides comprehensive security vulnerability intelligence tools, including CVE queries, EPSS scoring, CVSS calculation, vulnerability detection, and Python package security checks.

The Shodan MCP server is a tool that provides Shodan API and CVEDB query services, supporting functions such as network reconnaissance, DNS query, vulnerability tracking, and device discovery, and providing structured data output for platforms such as Claude Desktop.

The BurpSuite MCP server is an implementation based on FastAPI that provides programmatic access to the core functions of BurpSuite, including proxy interception, vulnerability scanning, and traffic log analysis.

The Socket MCP server is a Model Context Protocol service for dependency security scanning, providing security scores and vulnerability detection functions for software package ecosystems such as npm and PyPI, supporting AI assistant integration and multiple deployment methods.

A website security scanning tool based on the MCP protocol, integrating dirsearch directory scanning and firecrawl crawler technology, capable of automatically identifying the website technology stack and classifying vulnerability risk levels

MCP Fortress is a comprehensive security tool designed for Model Context Protocol (MCP) servers, offering automated vulnerability scanning, runtime protection, risk scoring, and threat detection functions, and supporting integration with AI assistants such as Claude Code through the MCP server mode for security analysis.

A front - end engineering security auditing tool based on Node.js that supports comprehensive dependency security audits of local projects and remote repositories and can generate detailed vulnerability reports.

A vulnerability scanning server based on the MCP protocol, supporting security scanning of single or multiple IP addresses, providing detailed vulnerability reports and repair suggestions.

The Dynatrace MCP Server is a remote service that allows developers to interact with the Dynatrace observability platform, integrating real-time monitoring data directly into the development workflow. It supports functions such as problem detection, log query, and security vulnerability analysis.

SecureAnnex MCP Server is a tool for analyzing the security of browser extensions, providing functions for querying, analyzing, and evaluating the security of extensions, including vulnerability detection, signature check, code review, etc.

apktool-mcp-server is an MCP server based on Apktool, integrating large language models (such as Claude), providing real-time reverse engineering support, including vulnerability analysis, manifest parsing, and code review.

An implementation of the DefectDojo MCP Server, providing API interaction capabilities between AI agents and vulnerability management tools

The Solodit MCP server is a model context protocol service for searching and retrieving Solodit vulnerability reports, supporting keyword search and retrieval of full report content.

The Nuclei MCP Server is a high-performance vulnerability scanning service implementation based on the Mark3 Labs MCP protocol

This project is a collection of resources related to the security of the Model Context Protocol (MCP), including research papers, security vulnerability analyses, tools, articles, and other relevant resources. It aims to help developers and security experts understand and address security challenges in the MCP protocol.

MCP Server Semgrep is a server that complies with the Model Context Protocol standard, integrating the Semgrep static analysis tool with an AI assistant to provide code security analysis, quality improvement, and vulnerability detection functions. The project simplifies the architecture design, supports multi - platform operation, can be installed in multiple ways, and provides a rich set of code analysis functions.

An SSE - based MCP server that provides query access to the OSV open - source vulnerability database, supporting single - package/batch vulnerability queries and obtaining vulnerability details.

The ExploitDB MCP Server is a Model Context Protocol server that provides security vulnerability query services, supporting searching for vulnerability information by keywords, CVE numbers, etc., and includes functions such as vulnerability details, statistical data, and automatic updates.

A server implementation based on the Model Context Protocol (MCP) for querying the NIST National Vulnerability Database (NVD) through an API.

A lightweight MCP server for querying software package vulnerability information in the OSV database.

A Java source code vulnerability auditing tool based on function-level taint analysis. It provides security analysis capabilities for AI assistants through the MCP protocol, supporting the detection of multiple vulnerability types and call chain tracing.

VulniCheck is an AI - driven security scanner that provides comprehensive security analysis for Python projects and GitHub repositories. It runs as a Docker - based HTTP MCP server, supports standard HTTP streaming, and offers containerized deployment and comprehensive vulnerability scanning capabilities, including dependency checking, key detection, Docker file analysis, and AI risk assessment.

An MCP server for querying the CVE-Search API, providing comprehensive access to vulnerability information.

NVD MCP Server is a server connected to the National Vulnerability Database (NVD). Through the Model Context Protocol (MCP) framework, it allows developers to query vulnerability information in natural language and provides functions such as real - time CVE details query, keyword search, latest vulnerability retrieval, and severity filtering. It can be integrated into the IDE to enhance development security.

This project demonstrates a security vulnerability that enables remote code execution and data theft through MCP tool poisoning. It includes the implementation of a malicious server and an explanation of the attack principle, aiming for educational research.

A comprehensive code repository security scanning tool that provides functions such as vulnerability detection, sensitive information scanning, and dependency auditing through the MCP server to help developers identify security issues in code repositories.

The Red Hat Lightspeed MCP server is a lightweight, self-hosted solution that connects LLM agents such as Claude Desktop to the Red Hat Lightspeed service. It supports read-only operations and natural language queries, covering multiple service modules such as Advisor, Inventory, Vulnerability, and Remediations.