mcp-for-security

MCP for Security exposes a collection of security testing tools via a unified MCP server interface. The Docker image cyprox/mcp-for-security bundles multiple security evaluation utilities (such as Amass, Nmap, Nuclei, Masscan, Shuffledns, and more) behind the MCP protocol, enabling clients to interact with each tool through standardized requests and responses. Use the MCP client to query, execute, and orchestrate these tools in automated workflows, threat intel pipelines, or interactive security assessments. The server is designed to streamline security reconnaissance, vulnerability discovery, and web/app security testing by providing consistent input/output formats across tools and simplifying integration with orchestration platforms.

Prerequisites:

• Docker installed on your host
• Basic familiarity with MCP clients and the command-line interface

Install and run:

1. Ensure Docker is running on your system.

2. Pull and run the MCP for Security image:

   docker run -i cyprox/mcp-for-security

   Note: The image may require additional runtime configuration depending on your environment. If you need to expose ports or mount volumes for persistent data, adjust the docker run options accordingly (e.g., -p for ports, -v for volumes).

3. Verify the server is up by using an MCP client to list available tools or perform a basic command against one of the included MCP endpoints.

If you prefer to integrate with an existing orchestration workflow, you can wrap the docker run command in a script or use a container orchestrator to manage the lifecycle of the MCP server.

Tips and considerations:

• The image exposes a suite of security tooling; each tool may have its own specific configuration requirements. Refer to the individual MCP documentation pages for each tool (as linked in the README) for usage details.
• When running in CI/CD or automated environments, pin a specific image tag to ensure reproducible builds (e.g., cyprox/mcp-for-security:v1.0).
• If you encounter port or networking issues, you may need to adjust Docker network settings or map necessary ports for tool outputs.
• Some tools generate substantial output; consider streaming or chunked responses where supported by your MCP client to avoid memory pressure.
• Review environment variables and mount points if tools require external data (wordlists, certificates, etc.).