mcp-for-security-python

This MCP server collection provides a large suite of security-focused tools implemented as individual MCP servers under the Python-based FastMCP framework. The repository hosts 20 completed tooling modules (e.g., assetfinder-mcp, waybackurls-mcp, crtsh-mcp, shuffledns-mcp, httpx-mcp, nuclei-mcp, sqlmap-mcp, wpsscan-mcp, and others) each wrapped to expose a consistent MCP API. You can start the collection as a single runtime that serves multiple tools, and invoke each tool via its dedicated MCP endpoint or through the common tool invocation interface provided by FastMCP. The project emphasizes a 100% API-compatible design with the original JavaScript/TypeScript version, translated to Python, and offers docstrings and parameter descriptions to aid integration and usage.

To use, first run the MCP server launcher for the Python version, then connect to the port and address exposed by the server to invoke individual tools. Each tool is exposed via an @mcp.tool()-decorated function inside its module and can be executed asynchronously. You can also leverage API-call integration patterns demonstrated by wrappers like crtsh-mcp and mobsf-mcp to fetch remote data when a local tool needs external information. The collection is designed for independent operation; you can run tools in parallel within the same FastMCP instance and rely on the unified error handling and documentation support for easy integration.

Prerequisites:

• Python 3.8 or newer
• pip (Python package installer)
• Git (optional, for cloning the repository)

Installation steps:

1. Set up a Python virtual environment (recommended): python3 -m venv venv source venv/bin/activate # On Windows use: venv\Scripts\activate

2. Install FastMCP (required framework): pip install fastmcp>=2.0.0

3. Install project dependencies (if a requirements file is provided): pip install -r requirements.txt # if present

4. Install or install in editable mode the MCP Python package from this repository: git clone <repository-url> # if cloning cd mcp-for-security-python pip install -e . # or: python setup.py install

5. Run the MCP server entry point (as defined by the module name in this readme): python -m mcp_for_security_python

6. Verify the server is running by checking logs and accessing the MCP endpoints as documented in the repository.

Notes:

• If you encounter missing dependencies, ensure your virtual environment is active and that you are using Python 3.8+.
• The repository notes that this is a Python refactor and may require manual verification before production use.

Tips and potential issues:

• This project is a complete Python refactor of the original JavaScript/TypeScript version and may contain runtime issues not yet manually tested. Validate tool outputs in a staging environment before production use.
• The collection includes 20 tools organized under separate mcp-<tool-name>/ directories. Each tool follows the documented pattern with @mcp.tool() wrappers and supports asynchronous execution.
• Environment variables and configuration options can be found within individual tool modules; set any required variables via the env map in mcp_config or through your hosting environment.
• Ensure proper resource limits for asyncio-based subprocess calls, especially for high-load scanning tools like masscan-mcp, nuclei-mcp, or nmap-mcp.
• If you need to customize tool behavior, refer to the docstrings and parameter descriptions within each tool module to understand required arguments and optional flags.