RedQuanta MCP is a multi-tool security automation server designed to expose a suite of offense-focused scanning and discovery utilities through a consistent MCP interface. It integrates LL.M.-driven orchestration with native security tooling to provide modular capabilities such as network discovery (Nmap), web fuzzing (FFUF), directory discovery (Gobuster), vulnerability and security testing (Nikto, SQLMap), and broader security workflows. Each tool is exposed as a ready-to-call MCP capability, documented with a sample JSON payload that demonstrates the required structure, fields, and options. You can invoke these tools through the MCP API to perform targeted assessments, parse results, and feed them into downstream workflows or an LLM-driven analysis loop.

Typical use cases include automated port and service discovery with Nmap, fast web application fuzzing with FFUF, URL and directory enumeration with Gobuster, vulnerability probing with Nikto, and targeted injection testing with SQLMap. The server also supports layered, multi-step workflows, enabling you to chain tool invocations, pass results between steps, and apply aggressive profiling or targeted scripts where appropriate. The included sample payloads show how to customize targets, wordlists, scripts, and headers to suit your assessment scenario.

Prerequisites:

• Node.js (v14+ recommended) and npm
• Git

1. Clone the repository: git clone https://github.com/SC4RFurry/sc4rfurry-redquanta-mcp.git cd sc4rfurry-redquanta-mcp

2. Install dependencies: npm install

3. Configure environment (optional):

   • PORT: port to run the MCP server on (default 8080)
   • LOG_LEVEL: info|debug|warn|error
   • DEBUG: boolean to enable verbose debugging

4. Start the MCP server: npm start

   or: node server.js

5. Verify the server is running on http://localhost:8080 (or the configured port).

Notes:

• The MCP server exposes multiple security tooling capabilities; ensure you have the necessary network access and permissions to run discovery and testing against target systems.

Environment variables and configuration options:

• PORT: Port where the MCP server listens.
• LOG_LEVEL: Logging verbosity; common values are info, debug, warn, error.
• DEBUG: Enable verbose internal debugging output when set to true.

Tool-specific notes:

• NMAP: Use with care on target networks; ensure you have authorization to scan. Target and script options can be customized per the JSON examples in the README.
• FFUF: Fast web fuzzing; supply target URL and wordlists. Use conservative thread settings in production.
• Gobuster: Directory and DNS enumeration; provide the URL and wordlists as shown in examples.
• Nikto: Web server vulnerability scanning; suitable for authenticated and unauthenticated checks.
• SQLMap: Advanced SQL injection testing; use with explicit targets and safe operational parameters.

Common issues:

• CORS or network restrictions may block API access; ensure proper network configuration.
• Large wordlists can consume significant resources; consider scoped testing or rate limiting.
• Some tools require additional permissions or dependencies; consult per-tool docs for prerequisites.