MCP-SecurityTools

# Introduction to MCP-SecurityTools **MCP-SecurityTools is an open-source project focused on collecting and updating MCPs in the field of cybersecurity, aiming to summarize, organize, and optimize various security tools, techniques, and practical experiences related to MCP.** | mcp name | Introduction | | ------------------------------------------------------------ | ------------------------------------- | | [uncover-MCP](#一uncover-mcp使ai具有调用fofashodan能力) | Enables AI to call FOFA/SHODAN. | | [ENScan_GO-MCP](#二enscan_go-mcp使ai具有一键信息收集能力) | Enables AI to have one-click information collection capability. | | [VirusTotal-MCP](#三virustotal-mcp使ai具有virustotal的安全分析能力) | Enables AI to perform security analysis using VirusTotal. | | [cloudsword-MCP](#四cloudsword-mcp使ai具有云安全能力) | Enables AI to have cloud security capabilities, allowing R to penetrate cloud environments. | | [ZoomEye-MCP](#五zoomeye-mcp使ai具有查询zoomeye来获取网络资产信息) | Enables AI to query ZoomEye for network asset information. | | [AWVS-MCP](#六awvs-mcp使ai具有调用awvs进行漏洞扫描能力) | Enables AI to call AWVS for vulnerability scanning. | | GhidraMCP | To be updated, planned. | | IDA-MCP | To be updated, planned. | | Nmap-MCP | To be updated, planned. | ## Zero: Introduction MCP (Model Context Protocol) is an open protocol designed to standardize how applications provide context to LLM (Large Language Model). You can think of MCP as the USB-C interface for AI applications. Just as USB-C provides a standardized way for devices to connect various peripherals and accessories, MCP offers a standardized method for AI models to connect to different data sources and tools. ### 0.1 Why Choose MCP? MCP helps you build agents and complex workflows on top of LLM. LLMs often need to integrate with data and tools, and MCP provides: - A list of pre-built integrations that your LLM can connect to directly - Flexibility to switch between different LLM providers and vendors - Best practices for securing data within your infrastructure ### 0.2 Overall Architecture Essentially, MCP follows a client-server architecture, where the host application can connect to multiple servers:  **MCP Host**: Programs like Claude, Cherry Studio client, IDE, or AI tools that want to access data through MCP. - **MCP Client**: A protocol client that maintains a 1:1 connection with the server. - **MCP Server**: A lightweight program that exposes specific functionalities through a standardized Model Context Protocol. - **Local Data Sources**: Computer files, databases, and services that the MCP server can securely access. - **Remote Services**: External systems provided over the internet that the MCP server can connect to (e.g., via API). ## 1: uncover-MCP (Enable AI to Call FOFA/SHODAN) **Project Address:** `https://github.com/Co5mos/uncover-mcp` ### 1.1 Compilation Instructions ``` # Clone the Repository git clone https://github.com/Co5mos/uncover-mcp cd uncover-mcp # Build the Project (Requires Go 1.21 or higher) go build -o uncover-mcp ./cmd/uncover-mcp # It is recommended to use the author's build file: https://github.com/Co5mos/uncover-mcp/releases/tag/v0.0.1-beta ```  ``` ### 1.2 Usage **Run as MCP service instance:** ```json { "mcpServers": { "uncover-mcp": { "command": "./uncover-mcp", "args": [], "env": { "SHODAN_API_KEY": "", "FOFA_EMAIL": "", "FOFA_KEY": "" } } } } ``` **Usage in Cherry Studio** > For the Cherry Studio MCP usage tutorial, please refer to: `https://docs.cherry-ai.com/advanced-basic/mcp` ```json { "mcpServers": { "uncover-mcp": { "name": "uncover-mcp", "isActive": true, "command": "You compile the uncover-mcp binary file", "args": [ "uncover-mcp" ], "env": { "SHODAN_API_KEY": "xxxxxxxxxx", "FOFA_EMAIL": "xxxxxxxxxx", "FOFA_KEY": "xxxxxxxxxx" } } } } ```   **Usage in cline** ```json { "mcpServers": { "uncover-mcp": { "command": "You compile the uncover-mcp binary file", "args": [], "env": { "SHODAN_API_KEY": "xxxxxxxxxx", "FOFA_EMAIL": "xxxxxxxxxx", "FOFA_KEY": "xxxxxxxxxx" }, "autoApprove": [ "fofa" ] } } } ```  ## II: ENScan_GO-MCP (Enabling AI with One-Key Information Collection Capability) **Project Address:** `https://github.com/wgpsec/ENScan_GO` ### 2.1 Using MCP Start the MCP server, which will listen on `http://localhost:8080` ``` ./enscan --mcp ``` **Taking Cherry Studio configuration as an example**   ## Three: VirusTotal-MCP (Enabling AI with VirusTotal's Security Analysis Capabilities) **Project Address:** ` https://github.com/BurtTheCoder/mcp-virustotal` ### 3.1 Compilation Instructions ```txt # Node Environment Required ```bash git clone https://github.com/BurtTheCoder/mcp-virustotal.git cd mcp-virustotal npm install npm run build ``` ### 3.2 Usage **Using in Cherry Studio** > For the tutorial on using Cherry Studio MCP, please refer to: `https://docs.cherry-ai.com/advanced-basic/mcp` ```json { "mcpServers": { "s4Q9KPP86Ec_MWVfGURLI": { "isActive": true, "name": "virustotal-mcp", "description": "virustotal-mcp", "command": "node", "args": [ "--experimental-modules", "You compile the uncover-mcp binary file" ], "env": { "VIRUSTOTAL_API_KEY": "xxxxxxxxxx" } } } } ```  **Using in cline** ```json { "mcpServers": { "virustotal": { "command": "node", "args": [ "--experimental-modules", "You compile the uncover-mcp binary file" ], "env": { "VIRUSTOTAL_API_KEY": "xxxxxxxxxx" }, "autoApprove": [ "get_url_report", "get_file_report", "get_url_relationship", "get_ip_report", "get_domain_report", "get_url_relationship", "get_file_relationship" ] } } } ```  ## Four: cloudsword-MCP (Enabling AI with Cloud Security Capabilities) **Project Address:** ` https://github.com/wgpsec/cloudsword` > cloudsword has supported the MCP protocol since version v0.0.2, supporting both SSE and STDIO modes. Use the command `./cloudsword sse http://localhost:8080` to listen on port 8080 locally. ## 4.1 Usage **Using in Cherry Studio** **Currently, it cannot be used in cline; this will be resolved later.** **SSE Mode** Taking Cherry Studio as an example, fill in `http://localhost:8080/sse` to obtain tool information. ```json { "mcpServers": { "iAcI362KsjDNFU_FqZEaO": { "isActive": true, "name": "cloudsword-MCP", "description": "", "baseUrl": "http://localhost:8080/sse" } } } ``` [](https://github.com/wgpsec/cloudsword/blob/master/static/image-20250401193340509.png) **STDIO Mode** ```json { "mcpServers": { "iAcI362KsjDNFU_FqZEaO": { "name": "cloudsword-MCP", "description": "Enabling AI with cloud security capabilities", "isActive": true, "command": "You compile the uncover-mcp binary file", "args": [ "stdio" ] } } } ```  [](https://github.com/wgpsec/cloudsword/blob/master/static/image-20250401193444375.png) **Usage Example** [](https://github.com/wgpsec/cloudsword/blob/master/static/image-20250401194214015.png) ## Five: ZoomEye-MCP (Enabling AI to Query ZoomEye for Network Asset Information) **Project Address:** `https://github.com/zoomeye-ai/mcp_zoomeye` > Allows large language models (LLM) to query ZoomEye for network asset information using dork and other search parameters. **Usage Tutorial:** The official documentation is very detailed `https://github.com/zoomeye-ai/mcp_zoomeye` ## 5.1 Usage **Using in Cherry Studio** **Installation and Usage** ``` # Installation via pip pip install mcp-server-zoomeye ``` ```json { "mcpServers": { "zoomeye": { "isActive": true, "name": "zoomeye-MCP", "description": "zoomeye-MCP", "command": "uvx", "args": [ "mcp-server-zoomeye" ], "env": { "ZOOMEYE_API_KEY": "xxxxxxxxx" } } } } ```    ## VI: AWVS-MCP (Enabling AI to Invoke AWVS for Vulnerability Scanning) **Project Address:** ` https://github.com/Ta0ing/MCP-SecurityTools/tree/main/awvs-mcp` > Supports SSE and STDIO modes Use the command `awvs-mcp sse --port 8080` to listen on port 8080 locally. ## 6.1 Usage **Using in Cherry Studio** **SSE Mode** Take Cherry Studio as an example, fill in `http://localhost:8080/sse` to obtain the tool information.