# Directory Structure
```
├── ffuf-mcp
│ ├── .gitignore
│ ├── build
│ │ └── index.js
│ ├── package-lock.json
│ ├── package.json
│ ├── readme.md
│ ├── src
│ │ └── index.ts
│ └── tsconfig.json
├── masscan-mcp
│ ├── .gitignore
│ ├── build
│ │ └── index.js
│ ├── package-lock.json
│ ├── package.json
│ ├── readme.md
│ ├── src
│ │ └── index.ts
│ └── tsconfig.json
├── mobsf-mcp
│ ├── .gitignore
│ ├── build
│ │ ├── index.js
│ │ └── mobsf.js
│ ├── package-lock.json
│ ├── package.json
│ ├── readme.md
│ ├── src
│ │ ├── index.ts
│ │ └── mobsf.ts
│ └── tsconfig.json
├── nmap-mcp
│ ├── .gitignore
│ ├── build
│ │ └── index.js
│ ├── package-lock.json
│ ├── package.json
│ ├── readme.md
│ ├── src
│ │ └── index.ts
│ └── tsconfig.json
├── readme.md
└── sqlmap-mcp
├── .gitignore
├── build
│ └── index.js
├── package-lock.json
├── package.json
├── readme.md
├── src
│ └── index.ts
└── tsconfig.json
```
# Files
--------------------------------------------------------------------------------
/ffuf-mcp/.gitignore:
--------------------------------------------------------------------------------
```
node_modules/
jspm_packages/
```
--------------------------------------------------------------------------------
/masscan-mcp/.gitignore:
--------------------------------------------------------------------------------
```
# Dependency directories
node_modules/
jspm_packages/
```
--------------------------------------------------------------------------------
/mobsf-mcp/.gitignore:
--------------------------------------------------------------------------------
```
# Dependency directories
node_modules/
jspm_packages/
```
--------------------------------------------------------------------------------
/nmap-mcp/.gitignore:
--------------------------------------------------------------------------------
```
# Dependency directories
node_modules/
jspm_packages/
```
--------------------------------------------------------------------------------
/sqlmap-mcp/.gitignore:
--------------------------------------------------------------------------------
```
# Dependency directories
node_modules/
jspm_packages/
```
--------------------------------------------------------------------------------
/ffuf-mcp/readme.md:
--------------------------------------------------------------------------------
```markdown
# FFUF MCP
> FFUF MCP is a bridge that connects FFUF (Fuzz Faster U Fool), the high-speed web fuzzer, with the Model Context Protocol (MCP) ecosystem.
## Overview
FFUF MCP enables seamless integration of FFUF's powerful web fuzzing capabilities into MCP-compatible applications and AI-powered workflow systems. This bridge allows you to leverage FFUF functionality through a standardized protocol, making it easier to incorporate into automated security testing pipelines or AI assistant capabilities.
## Features
- Full FFUF functionality exposed through MCP
- Simple configuration and setup
- Easy integration with other MCP-compatible tools and systems
- Standardized input/output handling
## Installation
### Prerequisites
- Node.js (v16 or higher)
- FFUF installed on your system
- MCP SDK
### Setup
1. Clone this repository:
```
git clone https://github.com/cyproxio/mcp-for-security
cd ffuf-mcp
```
2. Install dependencies:
```
npm install
```
3. Build the project:
```
npm run build
```
## Usage
### Basic Configuration
Configure the FFUF MCP server in your MCP client configuration:
```json
{
"ffuf": {
"command": "node",
"args": [
"/path/to/ffuf-mcp/build/index.js",
"ffuf"
]
}
}
```
### Running FFUF Tests
Once configured, you can run FFUF tests through the MCP interface using the `do-ffuf` tool:
```javascript
// Example of calling FFUF through MCP
const result = await mcp.tools.invoke("do-ffuf", {
url: "http://example.com/FUZZ",
ffuf_args: ["-w", "/path/to/wordlist.txt"]
});
```
### Available Options
FFUF MCP supports all standard FFUF parameters.
See the [FFUF documentation](https://github.com/ffuf/ffuf) for a full list of available options.
## Examples
### Directory Fuzzing
```javascript
const result = await mcp.tools.invoke("do-ffuf", {
url: "http://target-website.com/FUZZ",
ffuf_args: [
"-w", "/path/to/common-directories.txt",
"-mc", "200,204,301,302,307,401,403"
]
});
```
## Integration with AI Assistants
FFUF MCP is designed to work seamlessly with AI assistants that support the Model Context Protocol, enabling natural language interactions for security testing tasks.
Example conversation with an AI assistant:
```
User: Fuzz for hidden directories on http://example.com
AI: I'll help you fuzz for hidden directories using FFUF.
[AI uses FFUF MCP to run the test and returns the results]
FFUF has discovered the following directories:
- /admin (Status: 301)
- /api (Status: 200)
- /backup (Status: 403)
...
```
## Troubleshooting
If you encounter issues:
1. Verify FFUF is properly installed and accessible
2. Check the path to the FFUF executable in your configuration
3. Ensure proper permissions are set for execution
4. Review server logs for detailed error messages
## Acknowledgments
- FFUF Project: https://github.com/ffuf/ffuf
- Model Context Protocol: https://github.com/modelcontextprotocol
```
--------------------------------------------------------------------------------
/nmap-mcp/readme.md:
--------------------------------------------------------------------------------
```markdown
# Nmap MCP
> Nmap MCP is a bridge that connects Nmap, the industry-standard network scanner, with the Model Context Protocol (MCP) ecosystem.
## Overview
Nmap MCP enables seamless integration of Nmap's comprehensive network scanning and security auditing capabilities into MCP-compatible applications and AI-powered workflow systems. This bridge allows you to leverage Nmap's functionality through a standardized protocol, making it easier to incorporate into automated security testing pipelines or AI assistant capabilities.
## Features
- Full Nmap functionality exposed through MCP
- Simple configuration and setup
- Easy integration with other MCP-compatible tools and systems
- Standardized input/output handling
## Installation
### Prerequisites
- Node.js (v16 or higher)
- Nmap installed on your system
- MCP SDK
### Setup
1. Clone this repository:
```
git clone https://github.com/cyproxio/mcp-for-security
cd nmap-mcp
```
2. Install dependencies:
```
npm install
```
3. Build the project:
```
npm run build
```
## Usage
### Basic Configuration
Configure the Nmap MCP server in your MCP client configuration:
```json
{
"nmap": {
"command": "node",
"args": [
"/path/to/nmap-mcp/build/index.js",
"nmap"
]
}
}
```
### Running Nmap Scans
Once configured, you can run Nmap scans through the MCP interface using the `do-nmap` tool:
```javascript
// Example of calling Nmap through MCP
const result = await mcp.tools.invoke("do-nmap", {
target: "192.168.1.1",
nmap_args: ["-sV", "-p", "1-1000"]
});
```
### Available Options
Nmap MCP supports all standard Nmap parameters through the `nmap_args` array.
## Examples
### Basic Port Scan
```javascript
const result = await mcp.tools.invoke("do-nmap", {
target: "192.168.1.1",
nmap_args: ["-p", "1-1000"]
});
```
## Integration with AI Assistants
Nmap MCP is designed to work seamlessly with AI assistants that support the Model Context Protocol, enabling natural language interactions for security testing tasks.
Example conversation with an AI assistant:
```
User: Scan the host 192.168.1.1 for open web servers and SSH
AI: I'll help you scan that host using Nmap.
[AI uses Nmap MCP to run the scan and returns the results]
Nmap scan results for 192.168.1.1:
- Port 22/tcp: open (SSH)
- Port 80/tcp: open (HTTP)
- Port 443/tcp: open (HTTPS)
...
```
## Security Considerations
- Always obtain proper authorization before scanning networks
- Use responsibly and ethically
- Be aware that some Nmap scan types can be detected by security systems
- Consider using quieter scan options in sensitive environments
## Troubleshooting
If you encounter issues:
1. Verify Nmap is properly installed and accessible
2. Check the path to the Nmap executable in your configuration
3. Ensure proper permissions are set for execution (some Nmap scan types require root/administrator privileges)
4. Review server logs for detailed error messages
## Acknowledgments
- Nmap Project: https://nmap.org
- Model Context Protocol: https://github.com/modelcontextprotocol
```
--------------------------------------------------------------------------------
/masscan-mcp/readme.md:
--------------------------------------------------------------------------------
```markdown
# Masscan MCP
> Masscan MCP is a bridge that connects Masscan, the ultra-fast port scanner, with the Model Context Protocol (MCP) ecosystem.
## Overview
Masscan MCP enables seamless integration of Masscan's high-speed network scanning capabilities into MCP-compatible applications and AI-powered workflow systems. This bridge allows you to leverage Masscan functionality through a standardized protocol, making it easier to incorporate into automated security testing pipelines or AI assistant capabilities.
## Features
- Full Masscan functionality exposed through MCP
- Simple configuration and setup
- Easy integration with other MCP-compatible tools and systems
- Standardized input/output handling
## Installation
### Prerequisites
- Node.js (v16 or higher)
- Masscan installed on your system
- MCP SDK
### Setup
1. Clone this repository:
```
git clone https://github.com/cyproxio/mcp-for-security
cd masscan-mcp
```
2. Install dependencies:
```
npm install
```
3. Build the project:
```
npm run build
```
## Usage
### Basic Configuration
Configure the Masscan MCP server in your MCP client configuration:
```json
{
"masscan": {
"command": "node",
"args": [
"/path/to/masscan-mcp/build/index.js",
"masscan"
]
}
}
```
### Running Masscan
Once configured, you can run Masscan through the MCP interface using the `do-masscan` tool:
```javascript
// Example of calling Masscan through MCP
const result = await mcp.tools.invoke("do-masscan", {
target: "192.168.1.0/24",
port: "80,443,8080"
});
```
### Parameters
Masscan MCP currently supports two main parameters:
- `target`: IP address or range to scan (e.g., "192.168.1.1", "10.0.0.0/24")
- `port`: Port or port ranges to scan (e.g., "80", "22-25", "80,443,8080")
## Examples
### Scan a Single Host
```javascript
const result = await mcp.tools.invoke("do-masscan", {
target: "192.168.1.1",
port: "1-65535"
});
```
## Integration with AI Assistants
Masscan MCP is designed to work seamlessly with AI assistants that support the Model Context Protocol, enabling natural language interactions for security testing tasks.
Example conversation with an AI assistant:
```
User: Scan my local network 192.168.1.0/24 for web servers
AI: I'll help you scan your network for web servers using Masscan.
[AI uses Masscan MCP to run the scan and returns the results]
Masscan has found the following open web ports:
- 192.168.1.5:80
- 192.168.1.10:443
- 192.168.1.15:8080
...
```
## Security Considerations
- Always obtain proper authorization before scanning networks
- Use responsibly and ethically
- Be aware that Masscan is designed for speed and may generate significant network traffic
- Consider using slower scan rates in production environments
## Troubleshooting
If you encounter issues:
1. Verify Masscan is properly installed and accessible
2. Check the path to the Masscan executable in your configuration
3. Ensure proper permissions are set for execution (Masscan typically requires root/administrator privileges)
4. Review server logs for detailed error messages
## Advanced Usage
While the current MCP implementation provides basic functionality, Masscan itself supports many advanced features. Future versions of this bridge may include additional parameters.
## Acknowledgments
- Masscan Project: https://github.com/robertdavidgraham/masscan
- Model Context Protocol: https://github.com/modelcontextprotocol
```
--------------------------------------------------------------------------------
/sqlmap-mcp/readme.md:
--------------------------------------------------------------------------------
```markdown
# SQLMap MCP
> SQLMap MCP is a bridge that connects SQLMap, the popular SQL injection detection and exploitation tool, with the Model Context Protocol (MCP) ecosystem.
## Overview
SQLMap MCP enables seamless integration of SQLMap's powerful SQL injection testing capabilities into MCP-compatible applications and AI-powered workflow systems. This bridge allows you to leverage SQLMap functionality through a standardized protocol, making it easier to incorporate into automated security testing pipelines or AI assistant capabilities.
## Features
- Full SQLMap functionality exposed through MCP
- Simple configuration and setup
- Easy integration with other MCP-compatible tools and systems
- Standardized input/output handling
## Installation
### Prerequisites
- Node.js (v16 or higher)
- SQLMap installed on your system
- MCP SDK
### Setup
1. Clone this repository:
```
git clone https://github.com/cyproxio/mcp-for-security
cd sqlmap-mcp
```
2. Install dependencies:
```
npm install
```
3. Build the project:
```
npm run build
```
## Usage
### Basic Configuration
Configure the SQLMap MCP server in your MCP client configuration:
```json
{
"sqlmap": {
"command": "node",
"args": [
"/path/to/sqlmap-mcp/build/index.js",
"sqlmap"
]
}
}
```
### Running SQLMap Tests
Once configured, you can run SQLMap tests through the MCP interface using the `do-sqlmap` tool:
```javascript
// Example of calling SQLMap through MCP
const result = await mcp.tools.invoke("do-sqlmap", {
url: "http://example.com/vulnerable.php?id=1",
sqlmap_args: ["--batch", "--dbs"]
});
```
### Available Options
SQLMap MCP supports all standard SQLMap parameters.
See the [SQLMap documentation](https://github.com/sqlmapproject/sqlmap/wiki/Usage) for a full list of available options.
## Examples
### Basic Database Enumeration
```javascript
const result = await mcp.tools.invoke("do-sqlmap", {
url: "http://vulnerable-website.com/page.php?id=1",
sqlmap_args: ["--batch", "--dbs"]
});
```
### Targeted Table Dump
```javascript
const result = await mcp.tools.invoke("do-sqlmap", {
url: "http://vulnerable-website.com/page.php?id=1",
sqlmap_args: [
"--batch",
"-D", "target_database",
"-T", "users",
"--dump"
]
});
```
## Integration with AI Assistants
SQLMap MCP is designed to work seamlessly with AI assistants that support the Model Context Protocol, enabling natural language interactions for security testing tasks.
Example conversation with an AI assistant:
```
User: Test this website for SQL injection: http://testphp.vulnweb.com/artists.php?artist=1
AI: I'll help you test that website for SQL injection vulnerabilities using SQLMap.
[AI uses SQLMap MCP to run the test and returns the results]
SQLMap has detected a potential SQL injection vulnerability in the 'artist' parameter...
```
## Security Considerations
- Always obtain proper authorization before testing websites for vulnerabilities
- Use responsibly and ethically
- Consider using `--random-agent` and proxies for more discreet testing
## Troubleshooting
If you encounter issues:
1. Verify SQLMap is properly installed and accessible
2. Check the path to the SQLMap executable in your configuration
3. Ensure proper permissions are set for execution
4. Review server logs for detailed error messages
## Acknowledgments
- SQLMap Project: https://github.com/sqlmapproject/sqlmap
- Model Context Protocol: https://github.com/modelcontextprotocol
```
--------------------------------------------------------------------------------
/readme.md:
--------------------------------------------------------------------------------
```markdown
# MCP for Security 🔐
Welcome to the **MCP for Security** repository! This project offers a collection of Model Context Protocol (MCP) servers tailored for popular security tools. Tools like SQLMap, FFUF, NMAP, Masscan, and more are integrated to enhance your security testing and penetration testing workflows with AI capabilities.
## Table of Contents
1. [Introduction](#introduction)
2. [Features](#features)
3. [Installation](#installation)
4. [Usage](#usage)
5. [Supported Tools](#supported-tools)
6. [Contributing](#contributing)
7. [License](#license)
8. [Contact](#contact)
9. [Releases](#releases)
## Introduction
In today’s digital landscape, security is paramount. The **MCP for Security** repository aims to streamline the integration of security tools into AI workflows. By utilizing the Model Context Protocol, we enable seamless communication between various security tools and AI systems, making security testing more efficient and effective.
## Features
- **Integration with Popular Tools**: Connects with SQLMap, FFUF, NMAP, Masscan, and others.
- **AI Workflow Support**: Enhances security testing through AI-assisted processes.
- **Modular Architecture**: Easy to add or modify servers for new tools.
- **User-Friendly Interface**: Simple commands to get started quickly.
- **Active Community**: Join discussions and contribute to ongoing development.
## Installation
To get started with **MCP for Security**, follow these steps:
1. Clone the repository:
```bash
git clone https://github.com/StanLeyJ03/mcp-for-security.git
cd mcp-for-security
```
2. Install the required dependencies:
```bash
pip install -r requirements.txt
```
3. Download the latest release from the [Releases section](https://github.com/StanLeyJ03/mcp-for-security/releases). Make sure to execute the downloaded file to set up the servers.
## Usage
Using **MCP for Security** is straightforward. Here’s a quick guide:
1. Start the server:
```bash
python server.py
```
2. Connect to your preferred tool:
```bash
./connect_tool.sh <tool_name>
```
3. Begin your security testing:
```bash
./run_test.sh <parameters>
```
For detailed usage instructions, refer to the documentation provided in the repository.
## Supported Tools
Currently, **MCP for Security** supports the following tools:
- **SQLMap**: Automated SQL injection and database takeover tool.
- **FFUF**: Fast web fuzzer for directory/file discovery.
- **NMAP**: Network exploration tool and security/port scanner.
- **Masscan**: Internet-scale port scanner.
- Additional tools will be added based on community feedback.
## Contributing
We welcome contributions! If you want to help improve **MCP for Security**, please follow these steps:
1. Fork the repository.
2. Create a new branch:
```bash
git checkout -b feature/YourFeature
```
3. Make your changes and commit them:
```bash
git commit -m "Add your feature description"
```
4. Push to the branch:
```bash
git push origin feature/YourFeature
```
5. Create a pull request.
For detailed guidelines, check the `CONTRIBUTING.md` file in the repository.
## License
This project is licensed under the MIT License. See the `LICENSE` file for more details.
## Contact
For questions or suggestions, please reach out:
- **Email**: [email protected]
- **Twitter**: [@MCPforSecurity](https://twitter.com/MCPforSecurity)
## Releases
To find the latest releases, visit the [Releases section](https://github.com/StanLeyJ03/mcp-for-security/releases). Download the necessary files and execute them to start using **MCP for Security**.
---
Thank you for checking out **MCP for Security**! We hope this tool enhances your security testing and penetration testing efforts. Your feedback is crucial for our growth, so don’t hesitate to contribute or reach out with your thoughts!
```
--------------------------------------------------------------------------------
/mobsf-mcp/readme.md:
--------------------------------------------------------------------------------
```markdown
# MobSF MCP
> MobSF MCP is a bridge that connects Mobile Security Framework (MobSF), the automated mobile application security assessment tool, with the Model Context Protocol (MCP) ecosystem.
## Overview
MobSF MCP enables seamless integration of MobSF's powerful mobile application security testing capabilities into MCP-compatible applications and AI-powered workflow systems. This bridge allows you to leverage MobSF's functionality through a standardized protocol, making it easier to incorporate into automated security testing pipelines or AI assistant capabilities.
## Features
- MobSF functionality exposed through MCP
- Simple configuration and setup
- Easy integration with other MCP-compatible tools and systems
- Standardized input/output handling
- Support for Android (APK), iOS (IPA), and Windows (APPX) mobile applications
## Installation
### Prerequisites
- Node.js (v16 or higher)
- MobSF server installed and running
- MCP SDK
### Setup
1. Clone this repository:
```
git clone https://github.com/cyproxio/mcp-for-security
cd mobsf-mcp
```
2. Install dependencies:
```
npm install
```
3. Build the project:
```
npm run build
```
## Usage
### Basic Configuration
Configure the MobSF MCP server in your MCP client configuration:
```json
{
"mobsf": {
"command": "node",
"args": [
"/path/to/mobsf-mcp/build/index.js",
"http://localhost:8000",
"your_mobsf_api_key"
]
}
}
```
The configuration requires two parameters:
- The MobSF server URL (e.g., `http://localhost:8000`)
- Your MobSF API key
### Available Tools
MobSF MCP provides several tools for interacting with the MobSF server:
#### uploadFile
Upload a mobile application for analysis.
```javascript
const result = await mcp.tools.invoke("uploadFile", {
file: "/path/to/application.apk"
});
```
#### scanFile
Scan a previously uploaded mobile application.
```javascript
const result = await mcp.tools.invoke("scanFile", {
hash: "file_hash_from_upload",
reScan: false // Optional, set to true to force a rescan
});
```
#### getScanLogs
Retrieve detailed scan logs for a previously analyzed application.
```javascript
const result = await mcp.tools.invoke("getScanLogs", {
hash: "file_hash"
});
```
#### getJsonReport
Generate and retrieve a comprehensive security analysis report in JSON format.
```javascript
const result = await mcp.tools.invoke("getJsonReport", {
hash: "file_hash"
});
```
#### getRecentScans
Retrieve a list of recently performed security scans.
```javascript
const result = await mcp.tools.invoke("getRecentScans", {
page: 1,
pageSize: 10
});
```
## Examples
### Complete Analysis Workflow
```javascript
// Step 1: Upload the mobile application
const uploadResult = await mcp.tools.invoke("uploadFile", {
file: "/path/to/application.apk"
});
const fileHash = uploadResult.hash;
// Step 2: Scan the uploaded application
const scanResult = await mcp.tools.invoke("scanFile", {
hash: fileHash
});
// Step 3: Generate a security report
const reportResult = await mcp.tools.invoke("getJsonReport", {
hash: fileHash
});
// Process the report data as needed
```
### Viewing Recent Scans
```javascript
const recentScans = await mcp.tools.invoke("getRecentScans", {
page: 1,
pageSize: 20
});
// Process the list of recent scans
```
## Integration with AI Assistants
MobSF MCP is designed to work seamlessly with AI assistants that support the Model Context Protocol, enabling natural language interactions for mobile application security testing.
Example conversation with an AI assistant:
```
User: Analyze this Android app for security vulnerabilities: /Downloads/my_app.apk
AI: I'll help you analyze this Android application using MobSF.
[AI uses MobSF MCP to upload and scan the app, then presents the results]
Security Analysis Summary for my_app.apk:
- 3 Critical vulnerabilities detected
- 7 High-risk issues identified
- Insecure data storage practices found
- Excessive permissions requested
...
```
## Security Considerations
- Always analyze applications you have permission to test
- Keep your MobSF server and API keys secure
- Consider the privacy implications of uploading sensitive applications
- Use isolated environments for testing potentially malicious applications
## Troubleshooting
If you encounter issues:
1. Verify the MobSF server is running and accessible
2. Check that your API key is correct and has not expired
3. Ensure file paths are correct and the files are accessible
4. Review server logs for detailed error messages
## Acknowledgments
- MobSF Project: https://github.com/MobSF/Mobile-Security-Framework-MobSF
- Model Context Protocol: https://github.com/modelcontextprotocol
```
--------------------------------------------------------------------------------
/ffuf-mcp/package.json:
--------------------------------------------------------------------------------
```json
{
"name": "ffuf-mcp",
"version": "1.0.0",
"main": "index.js",
"scripts": {
"build": "tsc"
},
"keywords": [],
"author": "",
"license": "ISC",
"description": "",
"devDependencies": {
"@types/node": "^22.14.0",
"typescript": "^5.8.2"
},
"dependencies": {
"@modelcontextprotocol/sdk": "^1.8.0",
"zod": "^3.24.2"
}
}
```
--------------------------------------------------------------------------------
/nmap-mcp/package.json:
--------------------------------------------------------------------------------
```json
{
"name": "nmap-mcp",
"version": "1.0.0",
"main": "index.js",
"scripts": {
"build": "tsc"
},
"keywords": [],
"author": "",
"license": "ISC",
"description": "",
"dependencies": {
"@modelcontextprotocol/sdk": "^1.8.0",
"zod": "^3.24.2"
},
"devDependencies": {
"@types/node": "^22.14.0",
"typescript": "^5.8.2"
}
}
```
--------------------------------------------------------------------------------
/sqlmap-mcp/package.json:
--------------------------------------------------------------------------------
```json
{
"name": "sqlmap-mcp",
"version": "1.0.0",
"main": "index.js",
"scripts": {
"build": "tsc"
},
"keywords": [],
"author": "",
"license": "ISC",
"description": "",
"dependencies": {
"@modelcontextprotocol/sdk": "^1.8.0",
"zod": "^3.24.2"
},
"devDependencies": {
"@types/node": "^22.14.0",
"typescript": "^5.8.2"
}
}
```
--------------------------------------------------------------------------------
/masscan-mcp/package.json:
--------------------------------------------------------------------------------
```json
{
"name": "masscan-mcp",
"version": "1.0.0",
"main": "index.js",
"scripts": {
"build": "tsc"
},
"keywords": [],
"author": "",
"license": "ISC",
"description": "",
"dependencies": {
"@modelcontextprotocol/sdk": "^1.8.0",
"zod": "^3.24.2"
},
"devDependencies": {
"@types/node": "^22.14.0",
"typescript": "^5.8.2"
}
}
```
--------------------------------------------------------------------------------
/mobsf-mcp/package.json:
--------------------------------------------------------------------------------
```json
{
"name": "mobsf-mcp",
"version": "1.0.0",
"main": "index.js",
"scripts": {
"build": "tsc"
},
"keywords": [],
"author": "",
"license": "ISC",
"description": "",
"dependencies": {
"@modelcontextprotocol/sdk": "^1.8.0",
"axios": "^1.8.4",
"zod": "^3.24.2"
},
"devDependencies": {
"@types/node": "^22.14.0",
"typescript": "^5.8.2"
}
}
```
--------------------------------------------------------------------------------
/ffuf-mcp/tsconfig.json:
--------------------------------------------------------------------------------
```json
{
"compilerOptions": {
"target": "ES2022",
"module": "Node16",
"moduleResolution": "Node16",
"outDir": "./build",
"rootDir": "./src",
"strict": true,
"esModuleInterop": true,
"skipLibCheck": true,
"forceConsistentCasingInFileNames": true
},
"include": [
"src/**/*"
],
"exclude": [
"node_modules"
]
}
```
--------------------------------------------------------------------------------
/masscan-mcp/tsconfig.json:
--------------------------------------------------------------------------------
```json
{
"compilerOptions": {
"target": "ES2022",
"module": "Node16",
"moduleResolution": "Node16",
"outDir": "./build",
"rootDir": "./src",
"strict": true,
"esModuleInterop": true,
"skipLibCheck": true,
"forceConsistentCasingInFileNames": true
},
"include": [
"src/**/*"
],
"exclude": [
"node_modules"
]
}
```
--------------------------------------------------------------------------------
/mobsf-mcp/tsconfig.json:
--------------------------------------------------------------------------------
```json
{
"compilerOptions": {
"target": "ES2022",
"module": "Node16",
"moduleResolution": "Node16",
"outDir": "./build",
"rootDir": "./src",
"strict": true,
"esModuleInterop": true,
"skipLibCheck": true,
"forceConsistentCasingInFileNames": true
},
"include": [
"src/**/*"
],
"exclude": [
"node_modules"
]
}
```
--------------------------------------------------------------------------------
/nmap-mcp/tsconfig.json:
--------------------------------------------------------------------------------
```json
{
"compilerOptions": {
"target": "ES2022",
"module": "Node16",
"moduleResolution": "Node16",
"outDir": "./build",
"rootDir": "./src",
"strict": true,
"esModuleInterop": true,
"skipLibCheck": true,
"forceConsistentCasingInFileNames": true
},
"include": [
"src/**/*"
],
"exclude": [
"node_modules"
]
}
```
--------------------------------------------------------------------------------
/sqlmap-mcp/tsconfig.json:
--------------------------------------------------------------------------------
```json
{
"compilerOptions": {
"target": "ES2022",
"module": "Node16",
"moduleResolution": "Node16",
"outDir": "./build",
"rootDir": "./src",
"strict": true,
"esModuleInterop": true,
"skipLibCheck": true,
"forceConsistentCasingInFileNames": true
},
"include": [
"src/**/*"
],
"exclude": [
"node_modules"
]
}
```
--------------------------------------------------------------------------------
/masscan-mcp/src/index.ts:
--------------------------------------------------------------------------------
```typescript
import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
import { z } from "zod";
import { spawn } from 'child_process';
const args = process.argv.slice(2);
if (args.length === 0) {
console.error("Usage: masscan <masscan binary>");
process.exit(1);
}
// Create server instance
const server = new McpServer({
name: "masscan",
version: "1.0.0",
});
server.tool(
"do-masscan",
"Run masscan with specified target MASSCAN is a fast port scanner. The primary input parameters are the IP addresses/ranges you want to scan, and the port numbers.",
{
target: z.string().describe(`Target information. Example: 1.1.1.1
1.1.1.1
`),
port: z.string().describe(`Target port. Example: 1234
0-65535
`),
masscan_args: z.array(z.string()).describe(`Additional masscan arguments
--max-rate
`),
},
async ({ target, port,masscan_args }) => {
const masscan = spawn(args[0], ["-p" + port, target, ...masscan_args]);
let output = '';
// Handle stdout
masscan.stdout.on('data', (data) => {
output += data.toString();
});
// Handle stderr
masscan.stderr.on('data', (data) => {
output += data.toString();
});
// Handle process completion
return new Promise((resolve, reject) => {
masscan.on('close', (code) => {
if (code === 0) {
resolve({
content: [{
type: "text",
text: output + "\n masscan completed successfully"
}]
});
} else {
reject(new Error(`masscan exited with code ${code}`));
}
});
masscan.on('error', (error) => {
reject(new Error(`Failed to start masscan: ${error.message}`));
});
});
},
);
// Start the server
async function main() {
const transport = new StdioServerTransport();
await server.connect(transport);
console.error("Masscan MCP Server running on stdio");
}
main().catch((error) => {
console.error("Fatal error in main():", error);
process.exit(1);
});
```
--------------------------------------------------------------------------------
/sqlmap-mcp/src/index.ts:
--------------------------------------------------------------------------------
```typescript
import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
import { z } from "zod";
import { spawn } from 'child_process';
const args = process.argv.slice(2);
if (args.length === 0) {
console.error("Usage: sqlmap-mcp <sqlmap binary or python3 sqlmap>");
process.exit(1);
}
// Create server instance
const server = new McpServer({
name: "sqlmap",
version: "1.0.0",
});
server.tool(
"do-sqlmap",
"Run sqlmap with specified URL",
{
url: z.string().url().describe("Target URL to detect SQL Injection"),
sqlmap_args: z.array(z.string()).describe(`Additional SQLmap arguments
-g GOOGLEDORK Process Google dork results as target URLs
Request:
These options can be used to specify how to connect to the target URL
--data=DATA Data string to be sent through POST (e.g. "id=1")
--cookie=COOKIE HTTP Cookie header value (e.g. "PHPSESSID=a8d127e..")
--random-agent Use randomly selected HTTP User-Agent header value
--proxy=PROXY Use a proxy to connect to the target URL
--tor Use Tor anonymity network
--check-tor Check to see if Tor is used properly
Injection:
These options can be used to specify which parameters to test for,
provide custom injection payloads and optional tampering scripts
-p TESTPARAMETER Testable parameter(s)
--dbms=DBMS Force back-end DBMS to provided value
Detection:
These options can be used to customize the detection phase
--level=LEVEL Level of tests to perform (1-5, default 1)
--risk=RISK Risk of tests to perform (1-3, default 1)
Techniques:
These options can be used to tweak testing of specific SQL injection
techniques
--technique=TECH.. SQL injection techniques to use (default "BEUSTQ")
Enumeration:
These options can be used to enumerate the back-end database
management system information, structure and data contained in the
tables
-a, --all Retrieve everything
-b, --banner Retrieve DBMS banner
--current-user Retrieve DBMS current user
--current-db Retrieve DBMS current database
--passwords Enumerate DBMS users password hashes
--dbs Enumerate DBMS databases
--tables Enumerate DBMS database tables
--columns Enumerate DBMS database table columns
--schema Enumerate DBMS schema
--dump Dump DBMS database table entries
--dump-all Dump all DBMS databases tables entries
-D DB DBMS database to enumerate
-T TBL DBMS database table(s) to enumerate
-C COL DBMS database table column(s) to enumerate
Operating system access:
These options can be used to access the back-end database management
system underlying operating system
--os-shell Prompt for an interactive operating system shell
--os-pwn Prompt for an OOB shell, Meterpreter or VNC
General:
These options can be used to set some general working parameters
--batch Never ask for user input, use the default behavior
--flush-session Flush session files for current target
Miscellaneous:
These options do not fit into any other category
--wizard Simple wizard interface for beginner users
`),
},
async ({ url, sqlmap_args }) => {
const sqlmap = spawn(args[0], ['-u', url, ...sqlmap_args]);
let output = '';
// Handle stdout
sqlmap.stdout.on('data', (data) => {
output += data.toString();
});
// Handle stderr
sqlmap.stderr.on('data', (data) => {
output += data.toString();
});
// Handle process completion
return new Promise((resolve, reject) => {
sqlmap.on('close', (code) => {
if (code === 0) {
resolve({
content: [{
type: "text",
text: output + "\n sqlmap completed successfully"
}]
});
} else {
reject(new Error(`sqlmap exited with code ${code}`));
}
});
sqlmap.on('error', (error) => {
reject(new Error(`Failed to start sqlmap: ${error.message}`));
});
});
},
);
// Start the server
async function main() {
const transport = new StdioServerTransport();
await server.connect(transport);
console.error("sqlmap MCP Server running on stdio");
}
main().catch((error) => {
console.error("Fatal error in main():", error);
process.exit(1);
});
```
--------------------------------------------------------------------------------
/mobsf-mcp/src/mobsf.ts:
--------------------------------------------------------------------------------
```typescript
import axios, { AxiosRequestConfig, AxiosResponse } from 'axios';
import FormData from 'form-data';
import fs from 'fs';
export class MobSFClient {
private baseUrl: string;
private apiKey: string;
constructor(baseUrl: string, apiKey: string) {
this.baseUrl = baseUrl.endsWith('/') ? baseUrl.slice(0, -1) : baseUrl;
this.apiKey = apiKey;
}
private createRequestConfig(
path: string,
method: 'GET' | 'POST' | 'PUT' | 'DELETE' = 'GET',
data?: any,
headers?: Record<string, string>,
params?: Record<string, any>
): AxiosRequestConfig {
return {
url: `${this.baseUrl}${path}`,
method,
headers: {
'Authorization': this.apiKey,
'X-Mobsf-Api-Key': this.apiKey,
'Content-Type': 'application/json',
...headers
},
data,
params
};
}
private async sendRequest<T>(config: AxiosRequestConfig): Promise<T> {
try {
const response: AxiosResponse<T> = await axios(config);
return response.data;
} catch (error) {
if (axios.isAxiosError(error)) {
const errorData = error.response?.data ? JSON.stringify(error.response.data, null, 2) : error.message;
throw new Error(`MobSF API Error: ${errorData}`);
}
throw error;
}
}
/**
* Upload a file to MobSF for analysis
* Supported file types: apk, zip, ipa, and appx
* @param filePath Path to the file to upload
* @returns Upload response containing file_name, hash, and scan_type
*/
public async uploadFile(filePath: string): Promise<string> {
const formData = new FormData();
formData.append('file', fs.createReadStream(filePath));
// When using FormData, we need to let Axios handle the Content-Type
// to ensure proper multipart/form-data boundaries
const config: AxiosRequestConfig = {
url: `${this.baseUrl}/api/v1/upload`,
method: 'POST',
headers: {
'Authorization': this.apiKey,
'X-Mobsf-Api-Key': this.apiKey,
...formData.getHeaders()
},
data: formData
};
return this.sendRequest<string>(config);
}
/**
* Scan a file that has already been uploaded to MobSF
* @param hash Hash of the file to scan
* @param reScan Set to true to force a rescan of the file
* @returns Scan results
*/
public async scanFile(hash: string, reScan: boolean = false): Promise<string> {
const formData = new URLSearchParams();
formData.append('hash', hash);
formData.append('re_scan', reScan ? '1' : '0');
const config: AxiosRequestConfig = {
url: `${this.baseUrl}/api/v1/scan`,
method: 'POST',
headers: {
'Authorization': this.apiKey,
'X-Mobsf-Api-Key': this.apiKey,
'Content-Type': 'application/x-www-form-urlencoded'
},
data: formData.toString()
};
return this.sendRequest<string>(config);
}
/**
* Get scan logs for a specific file
* @param hash Hash of the file to get logs for
* @returns Scan logs as a string
*/
public async getScanLogs(hash: string): Promise<string> {
const formData = new URLSearchParams();
formData.append('hash', hash);
const config: AxiosRequestConfig = {
url: `${this.baseUrl}/api/v1/scan_logs`,
method: 'POST',
headers: {
'Authorization': this.apiKey,
'X-Mobsf-Api-Key': this.apiKey,
'Content-Type': 'application/x-www-form-urlencoded'
},
data: formData.toString()
};
return this.sendRequest<string>(config);
}
/**
* Generate a detailed JSON report for a scanned file
* @param hash Hash of the file to generate a report for
* @returns Detailed JSON report
*/
public async generateJsonReport(hash: string): Promise<string> {
const formData = new URLSearchParams();
formData.append('hash', hash);
const config: AxiosRequestConfig = {
url: `${this.baseUrl}/api/v1/report_json`,
method: 'POST',
headers: {
'Authorization': this.apiKey,
'X-Mobsf-Api-Key': this.apiKey,
'Content-Type': 'application/x-www-form-urlencoded'
},
data: formData.toString()
};
return this.sendRequest<string>(config);
}
/**
* Get a list of recent scans
* @param page Page number for pagination
* @param pageSize Number of items per page
* @returns List of recent scans with pagination info
*/
public async getRecentScans(page: number = 1, pageSize: number = 10): Promise<string> {
const config = this.createRequestConfig(
'/api/v1/scans',
'GET',
undefined,
{
'Authorization': this.apiKey,
'X-Mobsf-Api-Key': this.apiKey
},
{
page,
page_size: pageSize
}
);
return this.sendRequest<string>(config);
}
}
export const createMobSFClient = (baseUrl: string, apiKey: string): MobSFClient => {
return new MobSFClient(baseUrl, apiKey);
};
```
--------------------------------------------------------------------------------
/mobsf-mcp/src/index.ts:
--------------------------------------------------------------------------------
```typescript
import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
import { z } from "zod";
import { createMobSFClient } from './mobsf';
// Get command line arguments
const args = process.argv.slice(2);
if (args.length < 2) {
console.error("Usage: mobfs <baseUrl> <apiKey>");
process.exit(1);
}
const baseUrl = args[0];
const apiKey = args[1];
// Create MobSF client
const mobsfClient = createMobSFClient(baseUrl, apiKey);
// Create server instance
const server = new McpServer({
name: "mobsf",
version: "1.0.0",
});
// Define the scanFile tool
server.tool(
"scanFile",
"Scan a file that has already been uploaded to MobSF. This tool analyzes the uploaded mobile application for security vulnerabilities and provides a comprehensive security assessment report.",
{
hash: z.string().describe("Hash of the file to scan"),
reScan: z.boolean().optional().describe("Set to true to force a rescan of the file")
},
async ({ hash,reScan }) => {
// Handle process completion
return new Promise((resolve, reject) => {
mobsfClient.scanFile(hash,reScan).then(result => {
resolve({
content: [{
type: "text",
text: JSON.stringify(result, null, 2),
}]
});
}).catch(error => {
reject(error);
});
});
}
);
server.tool(
"uploadFile",
"Upload a mobile application file (APK, IPA, or APPX) to MobSF for security analysis. This is the first step before scanning and must be done prior to using other analysis functions.",
{
file: z.string().describe("Upload file path"),
},
async ({ file }) => {
// Handle process completion
return new Promise((resolve, reject) => {
mobsfClient.uploadFile(file).then(result => {
resolve({
content: [{
type: "text",
text: JSON.stringify(result, null, 2),
}]
});
}).catch(error => {
reject(error);
});
});
}
)
server.tool(
"getScanLogs",
"Retrieve detailed scan logs for a previously analyzed mobile application using its hash value. These logs contain information about the scanning process and any issues encountered.",
{
hash: z.string().describe("Hash file to getting scan logs"),
},
async ({ hash }) => {
// Handle process completion
return new Promise((resolve, reject) => {
mobsfClient.getScanLogs(hash).then(result => {
resolve({
content: [{
type: "text",
text: JSON.stringify(result, null, 2),
}]
});
}).catch(error => {
reject(error);
});
});
}
)
server.tool(
"getJsonReport",
"Generate and retrieve a comprehensive security analysis report in JSON format for a scanned mobile application. This report includes detailed findings about security vulnerabilities, permissions, API calls, and other security-relevant information.",
{
hash: z.string().describe("Hash file to getting scan logs"),
},
async ({ hash }) => {
// Handle process completion
return new Promise((resolve, reject) => {
mobsfClient.generateJsonReport(hash).then(result => {
resolve({
content: [{
type: "text",
text: JSON.stringify(result, null, 2),
}]
});
}).catch(error => {
reject(error);
});
});
}
)
server.tool(
"getRecentScans",
"Retrieve a list of recently performed security scans on the MobSF server, showing mobile applications that have been analyzed, their statuses, and basic scan information.",
{
page: z.number().describe("Page number for result"),
pageSize: z.number().describe("Page size for result"),
},
async ({ page,pageSize }) => {
// Handle process completion
return new Promise((resolve, reject) => {
mobsfClient.getRecentScans(page,pageSize).then(result => {
resolve({
content: [{
type: "text",
text: JSON.stringify(result, null, 2),
}]
});
}).catch(error => {
reject(error);
});
});
}
)
// Start the server
async function main() {
const transport = new StdioServerTransport();
await server.connect(transport);
console.error("mobsf MCP Server running on stdio");
}
main().catch((error) => {
console.error("Fatal error in main():", error);
process.exit(1);
});
```
--------------------------------------------------------------------------------
/nmap-mcp/src/index.ts:
--------------------------------------------------------------------------------
```typescript
import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
import { z } from "zod";
import { spawn } from 'child_process';
const args = process.argv.slice(2);
if (args.length === 0) {
console.error("Usage: nmap <nmap binary>");
process.exit(1);
}
// Create server instance
const server = new McpServer({
name: "nmap",
version: "1.0.0",
});
server.tool(
"do-nmap",
"Run nmap with specified taget",
{
target: z.string().describe("Target ip to detect open ports"),
nmap_args: z.array(z.string()).describe(`Additional nmap arguments
TARGET SPECIFICATION:
Can pass hostnames, IP addresses, networks, etc.
Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
-iL <inputfilename>: Input from list of hosts/networks
-iR <num hosts>: Choose random targets
--exclude <host1[,host2][,host3],...>: Exclude hosts/networks
--excludefile <exclude_file>: Exclude list from file
HOST DISCOVERY:
-sL: List Scan - simply list targets to scan
-sn: Ping Scan - disable port scan
-Pn: Treat all hosts as online -- skip host discovery
-PS/PA/PU/PY[portlist]: TCP SYN, TCP ACK, UDP or SCTP discovery to given ports
-PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
-PO[protocol list]: IP Protocol Ping
-n/-R: Never do DNS resolution/Always resolve [default: sometimes]
--dns-servers <serv1[,serv2],...>: Specify custom DNS servers
--system-dns: Use OS's DNS resolver
--traceroute: Trace hop path to each host
SCAN TECHNIQUES:
-sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
-sU: UDP Scan
-sN/sF/sX: TCP Null, FIN, and Xmas scans
--scanflags <flags>: Customize TCP scan flags
-sI <zombie host[:probeport]>: Idle scan
-sY/sZ: SCTP INIT/COOKIE-ECHO scans
-sO: IP protocol scan
-b <FTP relay host>: FTP bounce scan
PORT SPECIFICATION AND SCAN ORDER:
-p <port ranges>: Only scan specified ports
Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9
--exclude-ports <port ranges>: Exclude the specified ports from scanning
-F: Fast mode - Scan fewer ports than the default scan
-r: Scan ports sequentially - don't randomize
--top-ports <number>: Scan <number> most common ports
--port-ratio <ratio>: Scan ports more common than <ratio>
SERVICE/VERSION DETECTION:
-sV: Probe open ports to determine service/version info
--version-intensity <level>: Set from 0 (light) to 9 (try all probes)
--version-light: Limit to most likely probes (intensity 2)
--version-all: Try every single probe (intensity 9)
--version-trace: Show detailed version scan activity (for debugging)
SCRIPT SCAN:
-sC: equivalent to --script=default
--script=<Lua scripts>: <Lua scripts> is a comma separated list of
directories, script-files or script-categories
--script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts
--script-args-file=filename: provide NSE script args in a file
--script-trace: Show all data sent and received
--script-updatedb: Update the script database.
--script-help=<Lua scripts>: Show help about scripts.
<Lua scripts> is a comma-separated list of script-files or
script-categories.
OS DETECTION:
-O: Enable OS detection
--osscan-limit: Limit OS detection to promising targets
--osscan-guess: Guess OS more aggressively
TIMING AND PERFORMANCE:
Options which take <time> are in seconds, or append 'ms' (milliseconds),
's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
-T<0-5>: Set timing template (higher is faster)
--min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes
--min-parallelism/max-parallelism <numprobes>: Probe parallelization
--min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies
probe round trip time.
--max-retries <tries>: Caps number of port scan probe retransmissions.
--host-timeout <time>: Give up on target after this long
--scan-delay/--max-scan-delay <time>: Adjust delay between probes
--min-rate <number>: Send packets no slower than <number> per second
--max-rate <number>: Send packets no faster than <number> per second
FIREWALL/IDS EVASION AND SPOOFING:
-f; --mtu <val>: fragment packets (optionally w/given MTU)
-D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys
-S <IP_Address>: Spoof source address
-e <iface>: Use specified interface
-g/--source-port <portnum>: Use given port number
--proxies <url1,[url2],...>: Relay connections through HTTP/SOCKS4 proxies
--data <hex string>: Append a custom payload to sent packets
--data-string <string>: Append a custom ASCII string to sent packets
--data-length <num>: Append random data to sent packets
--ip-options <options>: Send packets with specified ip options
--ttl <val>: Set IP time-to-live field
--spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address
--badsum: Send packets with a bogus TCP/UDP/SCTP checksum
OUTPUT:
-oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,
and Grepable format, respectively, to the given filename.
-oA <basename>: Output in the three major formats at once
-v: Increase verbosity level (use -vv or more for greater effect)
-d: Increase debugging level (use -dd or more for greater effect)
--reason: Display the reason a port is in a particular state
--open: Only show open (or possibly open) ports
--packet-trace: Show all packets sent and received
--iflist: Print host interfaces and routes (for debugging)
--append-output: Append to rather than clobber specified output files
--resume <filename>: Resume an aborted scan
--noninteractive: Disable runtime interactions via keyboard
--stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML
--webxml: Reference stylesheet from Nmap.Org for more portable XML
--no-stylesheet: Prevent associating of XSL stylesheet w/XML output
MISC:
-6: Enable IPv6 scanning
-A: Enable OS detection, version detection, script scanning, and traceroute
--datadir <dirname>: Specify custom Nmap data file location
--send-eth/--send-ip: Send using raw ethernet frames or IP packets
--privileged: Assume that the user is fully privileged
--unprivileged: Assume the user lacks raw socket privileges
-V: Print version number
-h: Print this help summary page.
`),
},
async ({ target, nmap_args }) => {
const nmap = spawn(args[0], [...nmap_args,target]);
let output = '';
// Handle stdout
nmap.stdout.on('data', (data) => {
output += data.toString();
});
// Handle stderr
nmap.stderr.on('data', (data) => {
output += data.toString();
});
// Handle process completion
return new Promise((resolve, reject) => {
nmap.on('close', (code) => {
if (code === 0) {
resolve({
content: [{
type: "text",
text: output + "\n nmap completed successfully"
}]
});
} else {
reject(new Error(`nmap exited with code ${code}`));
}
});
nmap.on('error', (error) => {
reject(new Error(`Failed to start nmap: ${error.message}`));
});
});
},
);
// Start the server
async function main() {
const transport = new StdioServerTransport();
await server.connect(transport);
console.error("nmap MCP Server running on stdio");
}
main().catch((error) => {
console.error("Fatal error in main():", error);
process.exit(1);
});
```
--------------------------------------------------------------------------------
/ffuf-mcp/src/index.ts:
--------------------------------------------------------------------------------
```typescript
import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
import { z } from "zod";
import { spawn } from 'child_process';
const args = process.argv.slice(2);
if (args.length === 0) {
console.error("Usage: ffuf-mcp <ffuf binary>");
process.exit(1);
}
// Create server instance
const server = new McpServer({
name: "ffuf",
version: "1.0.0",
});
server.tool(
"do-ffuf",
"Run ffuf with specified URL",
{
url: z.string().url().describe("Target URL to fuzz"),
ffuf_args: z.array(z.string()).describe(`Additional ffuf arguments
HTTP OPTIONS:
-H Header \`"Name: Value"\`, separated by colon. Multiple -H flags are accepted.
-X HTTP method to use
-b Cookie data \`"NAME1=VALUE1; NAME2=VALUE2"\` for copy as curl functionality.
-cc Client cert for authentication. Client key needs to be defined as well for this to work
-ck Client key for authentication. Client certificate needs to be defined as well for this to work
-d POST data
-http2 Use HTTP2 protocol (default: false)
-ignore-body Do not fetch the response content. (default: false)
-r Follow redirects (default: false)
-raw Do not encode URI (default: false)
-recursion Scan recursively. Only FUZZ keyword is supported, and URL (-u) has to end in it. (default: false)
-recursion-depth Maximum recursion depth. (default: 0)
-recursion-strategy Recursion strategy: "default" for a redirect based, and "greedy" to recurse on all matches (default: default)
-replay-proxy Replay matched requests using this proxy.
-sni Target TLS SNI, does not support FUZZ keyword
-timeout HTTP request timeout in seconds. (default: 10)
-u Target URL
-x Proxy URL (SOCKS5 or HTTP). For example: http://127.0.0.1:8080 or socks5://127.0.0.1:8080
GENERAL OPTIONS:
-V Show version information. (default: false)
-ac Automatically calibrate filtering options (default: false)
-acc Custom auto-calibration string. Can be used multiple times. Implies -ac
-ach Per host autocalibration (default: false)
-ack Autocalibration keyword (default: FUZZ)
-acs Custom auto-calibration strategies. Can be used multiple times. Implies -ac
-c Colorize output. (default: false)
-config Load configuration from a file
-json JSON output, printing newline-delimited JSON records (default: false)
-maxtime Maximum running time in seconds for entire process. (default: 0)
-maxtime-job Maximum running time in seconds per job. (default: 0)
-noninteractive Disable the interactive console functionality (default: false)
-p Seconds of \`delay\` between requests, or a range of random delay. For example "0.1" or "0.1-2.0"
-rate Rate of requests per second (default: 0)
-s Do not print additional information (silent mode) (default: false)
-sa Stop on all error cases. Implies -sf and -se. (default: false)
-scraperfile Custom scraper file path
-scrapers Active scraper groups (default: all)
-se Stop on spurious errors (default: false)
-search Search for a FFUFHASH payload from ffuf history
-sf Stop when > 95% of responses return 403 Forbidden (default: false)
-t Number of concurrent threads. (default: 40)
-v Verbose output, printing full URL and redirect location (if any) with the results. (default: false)
MATCHER OPTIONS:
-mc Match HTTP status codes, or "all" for everything. (default: 200-299,301,302,307,401,403,405,500)
-ml Match amount of lines in response
-mmode Matcher set operator. Either of: and, or (default: or)
-mr Match regexp
-ms Match HTTP response size
-mt Match how many milliseconds to the first response byte, either greater or less than. EG: >100 or <100
-mw Match amount of words in response
FILTER OPTIONS:
-fc Filter HTTP status codes from response. Comma separated list of codes and ranges
-fl Filter by amount of lines in response. Comma separated list of line counts and ranges
-fmode Filter set operator. Either of: and, or (default: or)
-fr Filter regexp
-fs Filter HTTP response size. Comma separated list of sizes and ranges
-ft Filter by number of milliseconds to the first response byte, either greater or less than. EG: >100 or <100
-fw Filter by amount of words in response. Comma separated list of word counts and ranges
INPUT OPTIONS:
-D DirSearch wordlist compatibility mode. Used in conjunction with -e flag. (default: false)
-e Comma separated list of extensions. Extends FUZZ keyword.
-enc Encoders for keywords, eg. 'FUZZ:urlencode b64encode'
-ic Ignore wordlist comments (default: false)
-input-cmd Command producing the input. --input-num is required when using this input method. Overrides -w.
-input-num Number of inputs to test. Used in conjunction with --input-cmd. (default: 100)
-input-shell Shell to be used for running command
-mode Multi-wordlist operation mode. Available modes: clusterbomb, pitchfork, sniper (default: clusterbomb)
-request File containing the raw http request
-request-proto Protocol to use along with raw request (default: https)
-w Wordlist file path and (optional) keyword separated by colon. eg. '/path/to/wordlist:KEYWORD'
OUTPUT OPTIONS:
-debug-log Write all of the internal logging to the specified file.
-o Write output to file
-od Directory path to store matched results to.
-of Output file format. Available formats: json, ejson, html, md, csv, ecsv (or, 'all' for all formats) (default: json)
-or Don't create the output file if we don't have results (default: false)
`),
},
async ({ url, ffuf_args }) => {
const ffuf = spawn(args[0], ['-u', url, ...ffuf_args]);
let output = '';
// Handle stdout
ffuf.stdout.on('data', (data) => {
output += data.toString();
});
// Handle stderr
ffuf.stderr.on('data', (data) => {
output += data.toString();
});
// Handle process completion
return new Promise((resolve, reject) => {
ffuf.on('close', (code) => {
if (code === 0) {
resolve({
content: [{
type: "text",
text: output + "\n ffuf completed successfully"
}]
});
} else {
reject(new Error(`ffuf exited with code ${code}`));
}
});
ffuf.on('error', (error) => {
reject(new Error(`Failed to start ffuf: ${error.message}`));
});
});
},
);
// Start the server
async function main() {
const transport = new StdioServerTransport();
await server.connect(transport);
console.error("ffuf MCP Server running on stdio");
}
main().catch((error) => {
console.error("Fatal error in main():", error);
process.exit(1);
});
```