# Directory Structure ``` ├── ffuf-mcp │ ├── .gitignore │ ├── build │ │ └── index.js │ ├── package-lock.json │ ├── package.json │ ├── readme.md │ ├── src │ │ └── index.ts │ └── tsconfig.json ├── masscan-mcp │ ├── .gitignore │ ├── build │ │ └── index.js │ ├── package-lock.json │ ├── package.json │ ├── readme.md │ ├── src │ │ └── index.ts │ └── tsconfig.json ├── mobsf-mcp │ ├── .gitignore │ ├── build │ │ ├── index.js │ │ └── mobsf.js │ ├── package-lock.json │ ├── package.json │ ├── readme.md │ ├── src │ │ ├── index.ts │ │ └── mobsf.ts │ └── tsconfig.json ├── nmap-mcp │ ├── .gitignore │ ├── build │ │ └── index.js │ ├── package-lock.json │ ├── package.json │ ├── readme.md │ ├── src │ │ └── index.ts │ └── tsconfig.json ├── readme.md └── sqlmap-mcp ├── .gitignore ├── build │ └── index.js ├── package-lock.json ├── package.json ├── readme.md ├── src │ └── index.ts └── tsconfig.json ``` # Files -------------------------------------------------------------------------------- /ffuf-mcp/.gitignore: -------------------------------------------------------------------------------- ``` 1 | node_modules/ 2 | jspm_packages/ ``` -------------------------------------------------------------------------------- /masscan-mcp/.gitignore: -------------------------------------------------------------------------------- ``` 1 | # Dependency directories 2 | node_modules/ 3 | jspm_packages/ 4 | ``` -------------------------------------------------------------------------------- /mobsf-mcp/.gitignore: -------------------------------------------------------------------------------- ``` 1 | # Dependency directories 2 | node_modules/ 3 | jspm_packages/ 4 | ``` -------------------------------------------------------------------------------- /nmap-mcp/.gitignore: -------------------------------------------------------------------------------- ``` 1 | # Dependency directories 2 | node_modules/ 3 | jspm_packages/ 4 | ``` -------------------------------------------------------------------------------- /sqlmap-mcp/.gitignore: -------------------------------------------------------------------------------- ``` 1 | # Dependency directories 2 | node_modules/ 3 | jspm_packages/ 4 | ``` -------------------------------------------------------------------------------- /ffuf-mcp/readme.md: -------------------------------------------------------------------------------- ```markdown 1 | # FFUF MCP 2 | 3 | > FFUF MCP is a bridge that connects FFUF (Fuzz Faster U Fool), the high-speed web fuzzer, with the Model Context Protocol (MCP) ecosystem. 4 | 5 | ## Overview 6 | 7 | FFUF MCP enables seamless integration of FFUF's powerful web fuzzing capabilities into MCP-compatible applications and AI-powered workflow systems. This bridge allows you to leverage FFUF functionality through a standardized protocol, making it easier to incorporate into automated security testing pipelines or AI assistant capabilities. 8 | 9 | ## Features 10 | 11 | - Full FFUF functionality exposed through MCP 12 | - Simple configuration and setup 13 | - Easy integration with other MCP-compatible tools and systems 14 | - Standardized input/output handling 15 | 16 | ## Installation 17 | 18 | ### Prerequisites 19 | 20 | - Node.js (v16 or higher) 21 | - FFUF installed on your system 22 | - MCP SDK 23 | 24 | ### Setup 25 | 26 | 1. Clone this repository: 27 | ``` 28 | git clone https://github.com/cyproxio/mcp-for-security 29 | cd ffuf-mcp 30 | ``` 31 | 32 | 2. Install dependencies: 33 | ``` 34 | npm install 35 | ``` 36 | 37 | 3. Build the project: 38 | ``` 39 | npm run build 40 | ``` 41 | 42 | ## Usage 43 | 44 | ### Basic Configuration 45 | 46 | Configure the FFUF MCP server in your MCP client configuration: 47 | 48 | ```json 49 | { 50 | "ffuf": { 51 | "command": "node", 52 | "args": [ 53 | "/path/to/ffuf-mcp/build/index.js", 54 | "ffuf" 55 | ] 56 | } 57 | } 58 | ``` 59 | 60 | ### Running FFUF Tests 61 | 62 | Once configured, you can run FFUF tests through the MCP interface using the `do-ffuf` tool: 63 | 64 | ```javascript 65 | // Example of calling FFUF through MCP 66 | const result = await mcp.tools.invoke("do-ffuf", { 67 | url: "http://example.com/FUZZ", 68 | ffuf_args: ["-w", "/path/to/wordlist.txt"] 69 | }); 70 | ``` 71 | 72 | ### Available Options 73 | 74 | FFUF MCP supports all standard FFUF parameters. 75 | See the [FFUF documentation](https://github.com/ffuf/ffuf) for a full list of available options. 76 | 77 | ## Examples 78 | 79 | ### Directory Fuzzing 80 | 81 | ```javascript 82 | const result = await mcp.tools.invoke("do-ffuf", { 83 | url: "http://target-website.com/FUZZ", 84 | ffuf_args: [ 85 | "-w", "/path/to/common-directories.txt", 86 | "-mc", "200,204,301,302,307,401,403" 87 | ] 88 | }); 89 | ``` 90 | 91 | ## Integration with AI Assistants 92 | 93 | FFUF MCP is designed to work seamlessly with AI assistants that support the Model Context Protocol, enabling natural language interactions for security testing tasks. 94 | 95 | Example conversation with an AI assistant: 96 | 97 | ``` 98 | User: Fuzz for hidden directories on http://example.com 99 | AI: I'll help you fuzz for hidden directories using FFUF. 100 | 101 | [AI uses FFUF MCP to run the test and returns the results] 102 | 103 | FFUF has discovered the following directories: 104 | - /admin (Status: 301) 105 | - /api (Status: 200) 106 | - /backup (Status: 403) 107 | ... 108 | ``` 109 | 110 | ## Troubleshooting 111 | 112 | If you encounter issues: 113 | 114 | 1. Verify FFUF is properly installed and accessible 115 | 2. Check the path to the FFUF executable in your configuration 116 | 3. Ensure proper permissions are set for execution 117 | 4. Review server logs for detailed error messages 118 | 119 | ## Acknowledgments 120 | 121 | - FFUF Project: https://github.com/ffuf/ffuf 122 | - Model Context Protocol: https://github.com/modelcontextprotocol ``` -------------------------------------------------------------------------------- /nmap-mcp/readme.md: -------------------------------------------------------------------------------- ```markdown 1 | # Nmap MCP 2 | 3 | > Nmap MCP is a bridge that connects Nmap, the industry-standard network scanner, with the Model Context Protocol (MCP) ecosystem. 4 | 5 | ## Overview 6 | 7 | Nmap MCP enables seamless integration of Nmap's comprehensive network scanning and security auditing capabilities into MCP-compatible applications and AI-powered workflow systems. This bridge allows you to leverage Nmap's functionality through a standardized protocol, making it easier to incorporate into automated security testing pipelines or AI assistant capabilities. 8 | 9 | ## Features 10 | 11 | - Full Nmap functionality exposed through MCP 12 | - Simple configuration and setup 13 | - Easy integration with other MCP-compatible tools and systems 14 | - Standardized input/output handling 15 | 16 | ## Installation 17 | 18 | ### Prerequisites 19 | 20 | - Node.js (v16 or higher) 21 | - Nmap installed on your system 22 | - MCP SDK 23 | 24 | ### Setup 25 | 26 | 1. Clone this repository: 27 | ``` 28 | git clone https://github.com/cyproxio/mcp-for-security 29 | cd nmap-mcp 30 | ``` 31 | 32 | 2. Install dependencies: 33 | ``` 34 | npm install 35 | ``` 36 | 37 | 3. Build the project: 38 | ``` 39 | npm run build 40 | ``` 41 | 42 | ## Usage 43 | 44 | ### Basic Configuration 45 | 46 | Configure the Nmap MCP server in your MCP client configuration: 47 | 48 | ```json 49 | { 50 | "nmap": { 51 | "command": "node", 52 | "args": [ 53 | "/path/to/nmap-mcp/build/index.js", 54 | "nmap" 55 | ] 56 | } 57 | } 58 | ``` 59 | 60 | ### Running Nmap Scans 61 | 62 | Once configured, you can run Nmap scans through the MCP interface using the `do-nmap` tool: 63 | 64 | ```javascript 65 | // Example of calling Nmap through MCP 66 | const result = await mcp.tools.invoke("do-nmap", { 67 | target: "192.168.1.1", 68 | nmap_args: ["-sV", "-p", "1-1000"] 69 | }); 70 | ``` 71 | 72 | ### Available Options 73 | 74 | Nmap MCP supports all standard Nmap parameters through the `nmap_args` array. 75 | 76 | ## Examples 77 | 78 | ### Basic Port Scan 79 | 80 | ```javascript 81 | const result = await mcp.tools.invoke("do-nmap", { 82 | target: "192.168.1.1", 83 | nmap_args: ["-p", "1-1000"] 84 | }); 85 | ``` 86 | ## Integration with AI Assistants 87 | 88 | Nmap MCP is designed to work seamlessly with AI assistants that support the Model Context Protocol, enabling natural language interactions for security testing tasks. 89 | 90 | Example conversation with an AI assistant: 91 | 92 | ``` 93 | User: Scan the host 192.168.1.1 for open web servers and SSH 94 | AI: I'll help you scan that host using Nmap. 95 | 96 | [AI uses Nmap MCP to run the scan and returns the results] 97 | 98 | Nmap scan results for 192.168.1.1: 99 | - Port 22/tcp: open (SSH) 100 | - Port 80/tcp: open (HTTP) 101 | - Port 443/tcp: open (HTTPS) 102 | ... 103 | ``` 104 | 105 | ## Security Considerations 106 | 107 | - Always obtain proper authorization before scanning networks 108 | - Use responsibly and ethically 109 | - Be aware that some Nmap scan types can be detected by security systems 110 | - Consider using quieter scan options in sensitive environments 111 | 112 | ## Troubleshooting 113 | 114 | If you encounter issues: 115 | 116 | 1. Verify Nmap is properly installed and accessible 117 | 2. Check the path to the Nmap executable in your configuration 118 | 3. Ensure proper permissions are set for execution (some Nmap scan types require root/administrator privileges) 119 | 4. Review server logs for detailed error messages 120 | 121 | ## Acknowledgments 122 | 123 | - Nmap Project: https://nmap.org 124 | - Model Context Protocol: https://github.com/modelcontextprotocol ``` -------------------------------------------------------------------------------- /masscan-mcp/readme.md: -------------------------------------------------------------------------------- ```markdown 1 | # Masscan MCP 2 | 3 | > Masscan MCP is a bridge that connects Masscan, the ultra-fast port scanner, with the Model Context Protocol (MCP) ecosystem. 4 | 5 | ## Overview 6 | 7 | Masscan MCP enables seamless integration of Masscan's high-speed network scanning capabilities into MCP-compatible applications and AI-powered workflow systems. This bridge allows you to leverage Masscan functionality through a standardized protocol, making it easier to incorporate into automated security testing pipelines or AI assistant capabilities. 8 | 9 | ## Features 10 | 11 | - Full Masscan functionality exposed through MCP 12 | - Simple configuration and setup 13 | - Easy integration with other MCP-compatible tools and systems 14 | - Standardized input/output handling 15 | 16 | ## Installation 17 | 18 | ### Prerequisites 19 | 20 | - Node.js (v16 or higher) 21 | - Masscan installed on your system 22 | - MCP SDK 23 | 24 | ### Setup 25 | 26 | 1. Clone this repository: 27 | ``` 28 | git clone https://github.com/cyproxio/mcp-for-security 29 | cd masscan-mcp 30 | ``` 31 | 32 | 2. Install dependencies: 33 | ``` 34 | npm install 35 | ``` 36 | 37 | 3. Build the project: 38 | ``` 39 | npm run build 40 | ``` 41 | 42 | ## Usage 43 | 44 | ### Basic Configuration 45 | 46 | Configure the Masscan MCP server in your MCP client configuration: 47 | 48 | ```json 49 | { 50 | "masscan": { 51 | "command": "node", 52 | "args": [ 53 | "/path/to/masscan-mcp/build/index.js", 54 | "masscan" 55 | ] 56 | } 57 | } 58 | ``` 59 | 60 | ### Running Masscan 61 | 62 | Once configured, you can run Masscan through the MCP interface using the `do-masscan` tool: 63 | 64 | ```javascript 65 | // Example of calling Masscan through MCP 66 | const result = await mcp.tools.invoke("do-masscan", { 67 | target: "192.168.1.0/24", 68 | port: "80,443,8080" 69 | }); 70 | ``` 71 | 72 | ### Parameters 73 | 74 | Masscan MCP currently supports two main parameters: 75 | 76 | - `target`: IP address or range to scan (e.g., "192.168.1.1", "10.0.0.0/24") 77 | - `port`: Port or port ranges to scan (e.g., "80", "22-25", "80,443,8080") 78 | 79 | ## Examples 80 | 81 | ### Scan a Single Host 82 | 83 | ```javascript 84 | const result = await mcp.tools.invoke("do-masscan", { 85 | target: "192.168.1.1", 86 | port: "1-65535" 87 | }); 88 | ``` 89 | 90 | ## Integration with AI Assistants 91 | 92 | Masscan MCP is designed to work seamlessly with AI assistants that support the Model Context Protocol, enabling natural language interactions for security testing tasks. 93 | 94 | Example conversation with an AI assistant: 95 | 96 | ``` 97 | User: Scan my local network 192.168.1.0/24 for web servers 98 | AI: I'll help you scan your network for web servers using Masscan. 99 | 100 | [AI uses Masscan MCP to run the scan and returns the results] 101 | 102 | Masscan has found the following open web ports: 103 | - 192.168.1.5:80 104 | - 192.168.1.10:443 105 | - 192.168.1.15:8080 106 | ... 107 | ``` 108 | 109 | ## Security Considerations 110 | 111 | - Always obtain proper authorization before scanning networks 112 | - Use responsibly and ethically 113 | - Be aware that Masscan is designed for speed and may generate significant network traffic 114 | - Consider using slower scan rates in production environments 115 | 116 | ## Troubleshooting 117 | 118 | If you encounter issues: 119 | 120 | 1. Verify Masscan is properly installed and accessible 121 | 2. Check the path to the Masscan executable in your configuration 122 | 3. Ensure proper permissions are set for execution (Masscan typically requires root/administrator privileges) 123 | 4. Review server logs for detailed error messages 124 | 125 | ## Advanced Usage 126 | 127 | While the current MCP implementation provides basic functionality, Masscan itself supports many advanced features. Future versions of this bridge may include additional parameters. 128 | 129 | ## Acknowledgments 130 | 131 | - Masscan Project: https://github.com/robertdavidgraham/masscan 132 | - Model Context Protocol: https://github.com/modelcontextprotocol ``` -------------------------------------------------------------------------------- /sqlmap-mcp/readme.md: -------------------------------------------------------------------------------- ```markdown 1 | # SQLMap MCP 2 | 3 | > SQLMap MCP is a bridge that connects SQLMap, the popular SQL injection detection and exploitation tool, with the Model Context Protocol (MCP) ecosystem. 4 | 5 | ## Overview 6 | 7 | SQLMap MCP enables seamless integration of SQLMap's powerful SQL injection testing capabilities into MCP-compatible applications and AI-powered workflow systems. This bridge allows you to leverage SQLMap functionality through a standardized protocol, making it easier to incorporate into automated security testing pipelines or AI assistant capabilities. 8 | 9 | ## Features 10 | 11 | - Full SQLMap functionality exposed through MCP 12 | - Simple configuration and setup 13 | - Easy integration with other MCP-compatible tools and systems 14 | - Standardized input/output handling 15 | 16 | ## Installation 17 | 18 | ### Prerequisites 19 | 20 | - Node.js (v16 or higher) 21 | - SQLMap installed on your system 22 | - MCP SDK 23 | 24 | ### Setup 25 | 26 | 1. Clone this repository: 27 | ``` 28 | git clone https://github.com/cyproxio/mcp-for-security 29 | cd sqlmap-mcp 30 | ``` 31 | 32 | 2. Install dependencies: 33 | ``` 34 | npm install 35 | ``` 36 | 37 | 3. Build the project: 38 | ``` 39 | npm run build 40 | ``` 41 | 42 | ## Usage 43 | 44 | ### Basic Configuration 45 | 46 | Configure the SQLMap MCP server in your MCP client configuration: 47 | 48 | ```json 49 | { 50 | "sqlmap": { 51 | "command": "node", 52 | "args": [ 53 | "/path/to/sqlmap-mcp/build/index.js", 54 | "sqlmap" 55 | ] 56 | } 57 | } 58 | ``` 59 | 60 | ### Running SQLMap Tests 61 | 62 | Once configured, you can run SQLMap tests through the MCP interface using the `do-sqlmap` tool: 63 | 64 | ```javascript 65 | // Example of calling SQLMap through MCP 66 | const result = await mcp.tools.invoke("do-sqlmap", { 67 | url: "http://example.com/vulnerable.php?id=1", 68 | sqlmap_args: ["--batch", "--dbs"] 69 | }); 70 | ``` 71 | 72 | ### Available Options 73 | 74 | SQLMap MCP supports all standard SQLMap parameters. 75 | See the [SQLMap documentation](https://github.com/sqlmapproject/sqlmap/wiki/Usage) for a full list of available options. 76 | 77 | ## Examples 78 | 79 | ### Basic Database Enumeration 80 | 81 | ```javascript 82 | const result = await mcp.tools.invoke("do-sqlmap", { 83 | url: "http://vulnerable-website.com/page.php?id=1", 84 | sqlmap_args: ["--batch", "--dbs"] 85 | }); 86 | ``` 87 | 88 | ### Targeted Table Dump 89 | 90 | ```javascript 91 | const result = await mcp.tools.invoke("do-sqlmap", { 92 | url: "http://vulnerable-website.com/page.php?id=1", 93 | sqlmap_args: [ 94 | "--batch", 95 | "-D", "target_database", 96 | "-T", "users", 97 | "--dump" 98 | ] 99 | }); 100 | ``` 101 | 102 | ## Integration with AI Assistants 103 | 104 | SQLMap MCP is designed to work seamlessly with AI assistants that support the Model Context Protocol, enabling natural language interactions for security testing tasks. 105 | 106 | Example conversation with an AI assistant: 107 | 108 | ``` 109 | User: Test this website for SQL injection: http://testphp.vulnweb.com/artists.php?artist=1 110 | AI: I'll help you test that website for SQL injection vulnerabilities using SQLMap. 111 | 112 | [AI uses SQLMap MCP to run the test and returns the results] 113 | 114 | SQLMap has detected a potential SQL injection vulnerability in the 'artist' parameter... 115 | ``` 116 | 117 | ## Security Considerations 118 | 119 | - Always obtain proper authorization before testing websites for vulnerabilities 120 | - Use responsibly and ethically 121 | - Consider using `--random-agent` and proxies for more discreet testing 122 | 123 | ## Troubleshooting 124 | 125 | If you encounter issues: 126 | 127 | 1. Verify SQLMap is properly installed and accessible 128 | 2. Check the path to the SQLMap executable in your configuration 129 | 3. Ensure proper permissions are set for execution 130 | 4. Review server logs for detailed error messages 131 | 132 | ## Acknowledgments 133 | 134 | - SQLMap Project: https://github.com/sqlmapproject/sqlmap 135 | - Model Context Protocol: https://github.com/modelcontextprotocol ``` -------------------------------------------------------------------------------- /readme.md: -------------------------------------------------------------------------------- ```markdown 1 | # MCP for Security 🔐 2 | 3 |  4 |  5 | 6 | Welcome to the **MCP for Security** repository! This project offers a collection of Model Context Protocol (MCP) servers tailored for popular security tools. Tools like SQLMap, FFUF, NMAP, Masscan, and more are integrated to enhance your security testing and penetration testing workflows with AI capabilities. 7 | 8 | ## Table of Contents 9 | 10 | 1. [Introduction](#introduction) 11 | 2. [Features](#features) 12 | 3. [Installation](#installation) 13 | 4. [Usage](#usage) 14 | 5. [Supported Tools](#supported-tools) 15 | 6. [Contributing](#contributing) 16 | 7. [License](#license) 17 | 8. [Contact](#contact) 18 | 9. [Releases](#releases) 19 | 20 | ## Introduction 21 | 22 | In today’s digital landscape, security is paramount. The **MCP for Security** repository aims to streamline the integration of security tools into AI workflows. By utilizing the Model Context Protocol, we enable seamless communication between various security tools and AI systems, making security testing more efficient and effective. 23 | 24 | ## Features 25 | 26 | - **Integration with Popular Tools**: Connects with SQLMap, FFUF, NMAP, Masscan, and others. 27 | - **AI Workflow Support**: Enhances security testing through AI-assisted processes. 28 | - **Modular Architecture**: Easy to add or modify servers for new tools. 29 | - **User-Friendly Interface**: Simple commands to get started quickly. 30 | - **Active Community**: Join discussions and contribute to ongoing development. 31 | 32 | ## Installation 33 | 34 | To get started with **MCP for Security**, follow these steps: 35 | 36 | 1. Clone the repository: 37 | ```bash 38 | git clone https://github.com/StanLeyJ03/mcp-for-security.git 39 | cd mcp-for-security 40 | ``` 41 | 42 | 2. Install the required dependencies: 43 | ```bash 44 | pip install -r requirements.txt 45 | ``` 46 | 47 | 3. Download the latest release from the [Releases section](https://github.com/StanLeyJ03/mcp-for-security/releases). Make sure to execute the downloaded file to set up the servers. 48 | 49 | ## Usage 50 | 51 | Using **MCP for Security** is straightforward. Here’s a quick guide: 52 | 53 | 1. Start the server: 54 | ```bash 55 | python server.py 56 | ``` 57 | 58 | 2. Connect to your preferred tool: 59 | ```bash 60 | ./connect_tool.sh <tool_name> 61 | ``` 62 | 63 | 3. Begin your security testing: 64 | ```bash 65 | ./run_test.sh <parameters> 66 | ``` 67 | 68 | For detailed usage instructions, refer to the documentation provided in the repository. 69 | 70 | ## Supported Tools 71 | 72 | Currently, **MCP for Security** supports the following tools: 73 | 74 | - **SQLMap**: Automated SQL injection and database takeover tool. 75 | - **FFUF**: Fast web fuzzer for directory/file discovery. 76 | - **NMAP**: Network exploration tool and security/port scanner. 77 | - **Masscan**: Internet-scale port scanner. 78 | - Additional tools will be added based on community feedback. 79 | 80 | ## Contributing 81 | 82 | We welcome contributions! If you want to help improve **MCP for Security**, please follow these steps: 83 | 84 | 1. Fork the repository. 85 | 2. Create a new branch: 86 | ```bash 87 | git checkout -b feature/YourFeature 88 | ``` 89 | 90 | 3. Make your changes and commit them: 91 | ```bash 92 | git commit -m "Add your feature description" 93 | ``` 94 | 95 | 4. Push to the branch: 96 | ```bash 97 | git push origin feature/YourFeature 98 | ``` 99 | 100 | 5. Create a pull request. 101 | 102 | For detailed guidelines, check the `CONTRIBUTING.md` file in the repository. 103 | 104 | ## License 105 | 106 | This project is licensed under the MIT License. See the `LICENSE` file for more details. 107 | 108 | ## Contact 109 | 110 | For questions or suggestions, please reach out: 111 | 112 | - **Email**: [email protected] 113 | - **Twitter**: [@MCPforSecurity](https://twitter.com/MCPforSecurity) 114 | 115 | ## Releases 116 | 117 | To find the latest releases, visit the [Releases section](https://github.com/StanLeyJ03/mcp-for-security/releases). Download the necessary files and execute them to start using **MCP for Security**. 118 | 119 | --- 120 | 121 | Thank you for checking out **MCP for Security**! We hope this tool enhances your security testing and penetration testing efforts. Your feedback is crucial for our growth, so don’t hesitate to contribute or reach out with your thoughts! ``` -------------------------------------------------------------------------------- /mobsf-mcp/readme.md: -------------------------------------------------------------------------------- ```markdown 1 | # MobSF MCP 2 | 3 | > MobSF MCP is a bridge that connects Mobile Security Framework (MobSF), the automated mobile application security assessment tool, with the Model Context Protocol (MCP) ecosystem. 4 | 5 | ## Overview 6 | 7 | MobSF MCP enables seamless integration of MobSF's powerful mobile application security testing capabilities into MCP-compatible applications and AI-powered workflow systems. This bridge allows you to leverage MobSF's functionality through a standardized protocol, making it easier to incorporate into automated security testing pipelines or AI assistant capabilities. 8 | 9 | ## Features 10 | 11 | - MobSF functionality exposed through MCP 12 | - Simple configuration and setup 13 | - Easy integration with other MCP-compatible tools and systems 14 | - Standardized input/output handling 15 | - Support for Android (APK), iOS (IPA), and Windows (APPX) mobile applications 16 | 17 | ## Installation 18 | 19 | ### Prerequisites 20 | 21 | - Node.js (v16 or higher) 22 | - MobSF server installed and running 23 | - MCP SDK 24 | 25 | ### Setup 26 | 27 | 1. Clone this repository: 28 | ``` 29 | git clone https://github.com/cyproxio/mcp-for-security 30 | cd mobsf-mcp 31 | ``` 32 | 33 | 2. Install dependencies: 34 | ``` 35 | npm install 36 | ``` 37 | 38 | 3. Build the project: 39 | ``` 40 | npm run build 41 | ``` 42 | 43 | ## Usage 44 | 45 | ### Basic Configuration 46 | 47 | Configure the MobSF MCP server in your MCP client configuration: 48 | 49 | ```json 50 | { 51 | "mobsf": { 52 | "command": "node", 53 | "args": [ 54 | "/path/to/mobsf-mcp/build/index.js", 55 | "http://localhost:8000", 56 | "your_mobsf_api_key" 57 | ] 58 | } 59 | } 60 | ``` 61 | 62 | The configuration requires two parameters: 63 | - The MobSF server URL (e.g., `http://localhost:8000`) 64 | - Your MobSF API key 65 | 66 | ### Available Tools 67 | 68 | MobSF MCP provides several tools for interacting with the MobSF server: 69 | 70 | #### uploadFile 71 | 72 | Upload a mobile application for analysis. 73 | 74 | ```javascript 75 | const result = await mcp.tools.invoke("uploadFile", { 76 | file: "/path/to/application.apk" 77 | }); 78 | ``` 79 | 80 | #### scanFile 81 | 82 | Scan a previously uploaded mobile application. 83 | 84 | ```javascript 85 | const result = await mcp.tools.invoke("scanFile", { 86 | hash: "file_hash_from_upload", 87 | reScan: false // Optional, set to true to force a rescan 88 | }); 89 | ``` 90 | 91 | #### getScanLogs 92 | 93 | Retrieve detailed scan logs for a previously analyzed application. 94 | 95 | ```javascript 96 | const result = await mcp.tools.invoke("getScanLogs", { 97 | hash: "file_hash" 98 | }); 99 | ``` 100 | 101 | #### getJsonReport 102 | 103 | Generate and retrieve a comprehensive security analysis report in JSON format. 104 | 105 | ```javascript 106 | const result = await mcp.tools.invoke("getJsonReport", { 107 | hash: "file_hash" 108 | }); 109 | ``` 110 | 111 | #### getRecentScans 112 | 113 | Retrieve a list of recently performed security scans. 114 | 115 | ```javascript 116 | const result = await mcp.tools.invoke("getRecentScans", { 117 | page: 1, 118 | pageSize: 10 119 | }); 120 | ``` 121 | 122 | ## Examples 123 | 124 | ### Complete Analysis Workflow 125 | 126 | ```javascript 127 | // Step 1: Upload the mobile application 128 | const uploadResult = await mcp.tools.invoke("uploadFile", { 129 | file: "/path/to/application.apk" 130 | }); 131 | 132 | const fileHash = uploadResult.hash; 133 | 134 | // Step 2: Scan the uploaded application 135 | const scanResult = await mcp.tools.invoke("scanFile", { 136 | hash: fileHash 137 | }); 138 | 139 | // Step 3: Generate a security report 140 | const reportResult = await mcp.tools.invoke("getJsonReport", { 141 | hash: fileHash 142 | }); 143 | 144 | // Process the report data as needed 145 | ``` 146 | 147 | ### Viewing Recent Scans 148 | 149 | ```javascript 150 | const recentScans = await mcp.tools.invoke("getRecentScans", { 151 | page: 1, 152 | pageSize: 20 153 | }); 154 | 155 | // Process the list of recent scans 156 | ``` 157 | 158 | ## Integration with AI Assistants 159 | 160 | MobSF MCP is designed to work seamlessly with AI assistants that support the Model Context Protocol, enabling natural language interactions for mobile application security testing. 161 | 162 | Example conversation with an AI assistant: 163 | 164 | ``` 165 | User: Analyze this Android app for security vulnerabilities: /Downloads/my_app.apk 166 | AI: I'll help you analyze this Android application using MobSF. 167 | 168 | [AI uses MobSF MCP to upload and scan the app, then presents the results] 169 | 170 | Security Analysis Summary for my_app.apk: 171 | - 3 Critical vulnerabilities detected 172 | - 7 High-risk issues identified 173 | - Insecure data storage practices found 174 | - Excessive permissions requested 175 | ... 176 | ``` 177 | 178 | ## Security Considerations 179 | 180 | - Always analyze applications you have permission to test 181 | - Keep your MobSF server and API keys secure 182 | - Consider the privacy implications of uploading sensitive applications 183 | - Use isolated environments for testing potentially malicious applications 184 | 185 | ## Troubleshooting 186 | 187 | If you encounter issues: 188 | 189 | 1. Verify the MobSF server is running and accessible 190 | 2. Check that your API key is correct and has not expired 191 | 3. Ensure file paths are correct and the files are accessible 192 | 4. Review server logs for detailed error messages 193 | 194 | 195 | 196 | ## Acknowledgments 197 | 198 | - MobSF Project: https://github.com/MobSF/Mobile-Security-Framework-MobSF 199 | - Model Context Protocol: https://github.com/modelcontextprotocol ``` -------------------------------------------------------------------------------- /ffuf-mcp/package.json: -------------------------------------------------------------------------------- ```json 1 | { 2 | "name": "ffuf-mcp", 3 | "version": "1.0.0", 4 | "main": "index.js", 5 | "scripts": { 6 | "build": "tsc" 7 | }, 8 | "keywords": [], 9 | "author": "", 10 | "license": "ISC", 11 | "description": "", 12 | "devDependencies": { 13 | "@types/node": "^22.14.0", 14 | "typescript": "^5.8.2" 15 | }, 16 | "dependencies": { 17 | "@modelcontextprotocol/sdk": "^1.8.0", 18 | "zod": "^3.24.2" 19 | } 20 | } 21 | ``` -------------------------------------------------------------------------------- /nmap-mcp/package.json: -------------------------------------------------------------------------------- ```json 1 | { 2 | "name": "nmap-mcp", 3 | "version": "1.0.0", 4 | "main": "index.js", 5 | "scripts": { 6 | "build": "tsc" 7 | }, 8 | "keywords": [], 9 | "author": "", 10 | "license": "ISC", 11 | "description": "", 12 | "dependencies": { 13 | "@modelcontextprotocol/sdk": "^1.8.0", 14 | "zod": "^3.24.2" 15 | }, 16 | "devDependencies": { 17 | "@types/node": "^22.14.0", 18 | "typescript": "^5.8.2" 19 | } 20 | } 21 | ``` -------------------------------------------------------------------------------- /sqlmap-mcp/package.json: -------------------------------------------------------------------------------- ```json 1 | { 2 | "name": "sqlmap-mcp", 3 | "version": "1.0.0", 4 | "main": "index.js", 5 | "scripts": { 6 | "build": "tsc" 7 | }, 8 | "keywords": [], 9 | "author": "", 10 | "license": "ISC", 11 | "description": "", 12 | "dependencies": { 13 | "@modelcontextprotocol/sdk": "^1.8.0", 14 | "zod": "^3.24.2" 15 | }, 16 | "devDependencies": { 17 | "@types/node": "^22.14.0", 18 | "typescript": "^5.8.2" 19 | } 20 | } 21 | ``` -------------------------------------------------------------------------------- /masscan-mcp/package.json: -------------------------------------------------------------------------------- ```json 1 | { 2 | "name": "masscan-mcp", 3 | "version": "1.0.0", 4 | "main": "index.js", 5 | "scripts": { 6 | "build": "tsc" 7 | }, 8 | "keywords": [], 9 | "author": "", 10 | "license": "ISC", 11 | "description": "", 12 | "dependencies": { 13 | "@modelcontextprotocol/sdk": "^1.8.0", 14 | "zod": "^3.24.2" 15 | }, 16 | "devDependencies": { 17 | "@types/node": "^22.14.0", 18 | "typescript": "^5.8.2" 19 | } 20 | } 21 | ``` -------------------------------------------------------------------------------- /mobsf-mcp/package.json: -------------------------------------------------------------------------------- ```json 1 | { 2 | "name": "mobsf-mcp", 3 | "version": "1.0.0", 4 | "main": "index.js", 5 | "scripts": { 6 | "build": "tsc" 7 | }, 8 | "keywords": [], 9 | "author": "", 10 | "license": "ISC", 11 | "description": "", 12 | "dependencies": { 13 | "@modelcontextprotocol/sdk": "^1.8.0", 14 | "axios": "^1.8.4", 15 | "zod": "^3.24.2" 16 | }, 17 | "devDependencies": { 18 | "@types/node": "^22.14.0", 19 | "typescript": "^5.8.2" 20 | } 21 | } 22 | ``` -------------------------------------------------------------------------------- /ffuf-mcp/tsconfig.json: -------------------------------------------------------------------------------- ```json 1 | { 2 | "compilerOptions": { 3 | "target": "ES2022", 4 | "module": "Node16", 5 | "moduleResolution": "Node16", 6 | "outDir": "./build", 7 | "rootDir": "./src", 8 | "strict": true, 9 | "esModuleInterop": true, 10 | "skipLibCheck": true, 11 | "forceConsistentCasingInFileNames": true 12 | }, 13 | "include": [ 14 | "src/**/*" 15 | ], 16 | "exclude": [ 17 | "node_modules" 18 | ] 19 | } ``` -------------------------------------------------------------------------------- /masscan-mcp/tsconfig.json: -------------------------------------------------------------------------------- ```json 1 | { 2 | "compilerOptions": { 3 | "target": "ES2022", 4 | "module": "Node16", 5 | "moduleResolution": "Node16", 6 | "outDir": "./build", 7 | "rootDir": "./src", 8 | "strict": true, 9 | "esModuleInterop": true, 10 | "skipLibCheck": true, 11 | "forceConsistentCasingInFileNames": true 12 | }, 13 | "include": [ 14 | "src/**/*" 15 | ], 16 | "exclude": [ 17 | "node_modules" 18 | ] 19 | } ``` -------------------------------------------------------------------------------- /mobsf-mcp/tsconfig.json: -------------------------------------------------------------------------------- ```json 1 | { 2 | "compilerOptions": { 3 | "target": "ES2022", 4 | "module": "Node16", 5 | "moduleResolution": "Node16", 6 | "outDir": "./build", 7 | "rootDir": "./src", 8 | "strict": true, 9 | "esModuleInterop": true, 10 | "skipLibCheck": true, 11 | "forceConsistentCasingInFileNames": true 12 | }, 13 | "include": [ 14 | "src/**/*" 15 | ], 16 | "exclude": [ 17 | "node_modules" 18 | ] 19 | } ``` -------------------------------------------------------------------------------- /nmap-mcp/tsconfig.json: -------------------------------------------------------------------------------- ```json 1 | { 2 | "compilerOptions": { 3 | "target": "ES2022", 4 | "module": "Node16", 5 | "moduleResolution": "Node16", 6 | "outDir": "./build", 7 | "rootDir": "./src", 8 | "strict": true, 9 | "esModuleInterop": true, 10 | "skipLibCheck": true, 11 | "forceConsistentCasingInFileNames": true 12 | }, 13 | "include": [ 14 | "src/**/*" 15 | ], 16 | "exclude": [ 17 | "node_modules" 18 | ] 19 | } ``` -------------------------------------------------------------------------------- /sqlmap-mcp/tsconfig.json: -------------------------------------------------------------------------------- ```json 1 | { 2 | "compilerOptions": { 3 | "target": "ES2022", 4 | "module": "Node16", 5 | "moduleResolution": "Node16", 6 | "outDir": "./build", 7 | "rootDir": "./src", 8 | "strict": true, 9 | "esModuleInterop": true, 10 | "skipLibCheck": true, 11 | "forceConsistentCasingInFileNames": true 12 | }, 13 | "include": [ 14 | "src/**/*" 15 | ], 16 | "exclude": [ 17 | "node_modules" 18 | ] 19 | } ``` -------------------------------------------------------------------------------- /masscan-mcp/src/index.ts: -------------------------------------------------------------------------------- ```typescript 1 | import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js"; 2 | import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js"; 3 | import { z } from "zod"; 4 | import { spawn } from 'child_process'; 5 | 6 | const args = process.argv.slice(2); 7 | if (args.length === 0) { 8 | console.error("Usage: masscan <masscan binary>"); 9 | process.exit(1); 10 | } 11 | 12 | // Create server instance 13 | const server = new McpServer({ 14 | name: "masscan", 15 | version: "1.0.0", 16 | }); 17 | 18 | server.tool( 19 | "do-masscan", 20 | "Run masscan with specified target MASSCAN is a fast port scanner. The primary input parameters are the IP addresses/ranges you want to scan, and the port numbers.", 21 | { 22 | target: z.string().describe(`Target information. Example: 1.1.1.1 23 | 1.1.1.1 24 | `), 25 | port: z.string().describe(`Target port. Example: 1234 26 | 0-65535 27 | `), 28 | masscan_args: z.array(z.string()).describe(`Additional masscan arguments 29 | --max-rate 30 | `), 31 | }, 32 | async ({ target, port,masscan_args }) => { 33 | const masscan = spawn(args[0], ["-p" + port, target, ...masscan_args]); 34 | let output = ''; 35 | 36 | // Handle stdout 37 | masscan.stdout.on('data', (data) => { 38 | output += data.toString(); 39 | }); 40 | 41 | // Handle stderr 42 | masscan.stderr.on('data', (data) => { 43 | output += data.toString(); 44 | }); 45 | 46 | // Handle process completion 47 | return new Promise((resolve, reject) => { 48 | masscan.on('close', (code) => { 49 | if (code === 0) { 50 | resolve({ 51 | content: [{ 52 | type: "text", 53 | text: output + "\n masscan completed successfully" 54 | }] 55 | }); 56 | } else { 57 | reject(new Error(`masscan exited with code ${code}`)); 58 | } 59 | }); 60 | 61 | masscan.on('error', (error) => { 62 | reject(new Error(`Failed to start masscan: ${error.message}`)); 63 | }); 64 | }); 65 | }, 66 | ); 67 | 68 | // Start the server 69 | async function main() { 70 | const transport = new StdioServerTransport(); 71 | await server.connect(transport); 72 | console.error("Masscan MCP Server running on stdio"); 73 | } 74 | 75 | main().catch((error) => { 76 | console.error("Fatal error in main():", error); 77 | process.exit(1); 78 | }); ``` -------------------------------------------------------------------------------- /sqlmap-mcp/src/index.ts: -------------------------------------------------------------------------------- ```typescript 1 | import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js"; 2 | import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js"; 3 | import { z } from "zod"; 4 | import { spawn } from 'child_process'; 5 | 6 | const args = process.argv.slice(2); 7 | if (args.length === 0) { 8 | console.error("Usage: sqlmap-mcp <sqlmap binary or python3 sqlmap>"); 9 | process.exit(1); 10 | } 11 | 12 | // Create server instance 13 | const server = new McpServer({ 14 | name: "sqlmap", 15 | version: "1.0.0", 16 | }); 17 | 18 | server.tool( 19 | "do-sqlmap", 20 | "Run sqlmap with specified URL", 21 | { 22 | url: z.string().url().describe("Target URL to detect SQL Injection"), 23 | sqlmap_args: z.array(z.string()).describe(`Additional SQLmap arguments 24 | 25 | -g GOOGLEDORK Process Google dork results as target URLs 26 | 27 | Request: 28 | These options can be used to specify how to connect to the target URL 29 | 30 | --data=DATA Data string to be sent through POST (e.g. "id=1") 31 | --cookie=COOKIE HTTP Cookie header value (e.g. "PHPSESSID=a8d127e..") 32 | --random-agent Use randomly selected HTTP User-Agent header value 33 | --proxy=PROXY Use a proxy to connect to the target URL 34 | --tor Use Tor anonymity network 35 | --check-tor Check to see if Tor is used properly 36 | 37 | Injection: 38 | These options can be used to specify which parameters to test for, 39 | provide custom injection payloads and optional tampering scripts 40 | 41 | -p TESTPARAMETER Testable parameter(s) 42 | --dbms=DBMS Force back-end DBMS to provided value 43 | 44 | Detection: 45 | These options can be used to customize the detection phase 46 | 47 | --level=LEVEL Level of tests to perform (1-5, default 1) 48 | --risk=RISK Risk of tests to perform (1-3, default 1) 49 | 50 | Techniques: 51 | These options can be used to tweak testing of specific SQL injection 52 | techniques 53 | 54 | --technique=TECH.. SQL injection techniques to use (default "BEUSTQ") 55 | 56 | Enumeration: 57 | These options can be used to enumerate the back-end database 58 | management system information, structure and data contained in the 59 | tables 60 | 61 | -a, --all Retrieve everything 62 | -b, --banner Retrieve DBMS banner 63 | --current-user Retrieve DBMS current user 64 | --current-db Retrieve DBMS current database 65 | --passwords Enumerate DBMS users password hashes 66 | --dbs Enumerate DBMS databases 67 | --tables Enumerate DBMS database tables 68 | --columns Enumerate DBMS database table columns 69 | --schema Enumerate DBMS schema 70 | --dump Dump DBMS database table entries 71 | --dump-all Dump all DBMS databases tables entries 72 | -D DB DBMS database to enumerate 73 | -T TBL DBMS database table(s) to enumerate 74 | -C COL DBMS database table column(s) to enumerate 75 | 76 | Operating system access: 77 | These options can be used to access the back-end database management 78 | system underlying operating system 79 | 80 | --os-shell Prompt for an interactive operating system shell 81 | --os-pwn Prompt for an OOB shell, Meterpreter or VNC 82 | 83 | General: 84 | These options can be used to set some general working parameters 85 | 86 | --batch Never ask for user input, use the default behavior 87 | --flush-session Flush session files for current target 88 | 89 | Miscellaneous: 90 | These options do not fit into any other category 91 | 92 | --wizard Simple wizard interface for beginner users 93 | 94 | `), 95 | }, 96 | async ({ url, sqlmap_args }) => { 97 | const sqlmap = spawn(args[0], ['-u', url, ...sqlmap_args]); 98 | let output = ''; 99 | 100 | // Handle stdout 101 | sqlmap.stdout.on('data', (data) => { 102 | output += data.toString(); 103 | }); 104 | 105 | // Handle stderr 106 | sqlmap.stderr.on('data', (data) => { 107 | output += data.toString(); 108 | }); 109 | 110 | // Handle process completion 111 | return new Promise((resolve, reject) => { 112 | sqlmap.on('close', (code) => { 113 | if (code === 0) { 114 | resolve({ 115 | content: [{ 116 | type: "text", 117 | text: output + "\n sqlmap completed successfully" 118 | }] 119 | }); 120 | } else { 121 | reject(new Error(`sqlmap exited with code ${code}`)); 122 | } 123 | }); 124 | 125 | sqlmap.on('error', (error) => { 126 | reject(new Error(`Failed to start sqlmap: ${error.message}`)); 127 | }); 128 | }); 129 | }, 130 | ); 131 | 132 | // Start the server 133 | async function main() { 134 | const transport = new StdioServerTransport(); 135 | await server.connect(transport); 136 | console.error("sqlmap MCP Server running on stdio"); 137 | } 138 | 139 | main().catch((error) => { 140 | console.error("Fatal error in main():", error); 141 | process.exit(1); 142 | }); ``` -------------------------------------------------------------------------------- /mobsf-mcp/src/mobsf.ts: -------------------------------------------------------------------------------- ```typescript 1 | import axios, { AxiosRequestConfig, AxiosResponse } from 'axios'; 2 | import FormData from 'form-data'; 3 | import fs from 'fs'; 4 | 5 | 6 | export class MobSFClient { 7 | private baseUrl: string; 8 | private apiKey: string; 9 | 10 | constructor(baseUrl: string, apiKey: string) { 11 | this.baseUrl = baseUrl.endsWith('/') ? baseUrl.slice(0, -1) : baseUrl; 12 | this.apiKey = apiKey; 13 | } 14 | 15 | private createRequestConfig( 16 | path: string, 17 | method: 'GET' | 'POST' | 'PUT' | 'DELETE' = 'GET', 18 | data?: any, 19 | headers?: Record<string, string>, 20 | params?: Record<string, any> 21 | ): AxiosRequestConfig { 22 | return { 23 | url: `${this.baseUrl}${path}`, 24 | method, 25 | headers: { 26 | 'Authorization': this.apiKey, 27 | 'X-Mobsf-Api-Key': this.apiKey, 28 | 'Content-Type': 'application/json', 29 | ...headers 30 | }, 31 | data, 32 | params 33 | }; 34 | } 35 | 36 | private async sendRequest<T>(config: AxiosRequestConfig): Promise<T> { 37 | try { 38 | const response: AxiosResponse<T> = await axios(config); 39 | return response.data; 40 | } catch (error) { 41 | if (axios.isAxiosError(error)) { 42 | const errorData = error.response?.data ? JSON.stringify(error.response.data, null, 2) : error.message; 43 | throw new Error(`MobSF API Error: ${errorData}`); 44 | } 45 | throw error; 46 | } 47 | } 48 | 49 | /** 50 | * Upload a file to MobSF for analysis 51 | * Supported file types: apk, zip, ipa, and appx 52 | * @param filePath Path to the file to upload 53 | * @returns Upload response containing file_name, hash, and scan_type 54 | */ 55 | public async uploadFile(filePath: string): Promise<string> { 56 | const formData = new FormData(); 57 | formData.append('file', fs.createReadStream(filePath)); 58 | 59 | // When using FormData, we need to let Axios handle the Content-Type 60 | // to ensure proper multipart/form-data boundaries 61 | const config: AxiosRequestConfig = { 62 | url: `${this.baseUrl}/api/v1/upload`, 63 | method: 'POST', 64 | headers: { 65 | 'Authorization': this.apiKey, 66 | 'X-Mobsf-Api-Key': this.apiKey, 67 | ...formData.getHeaders() 68 | }, 69 | data: formData 70 | }; 71 | 72 | return this.sendRequest<string>(config); 73 | } 74 | 75 | /** 76 | * Scan a file that has already been uploaded to MobSF 77 | * @param hash Hash of the file to scan 78 | * @param reScan Set to true to force a rescan of the file 79 | * @returns Scan results 80 | */ 81 | public async scanFile(hash: string, reScan: boolean = false): Promise<string> { 82 | const formData = new URLSearchParams(); 83 | formData.append('hash', hash); 84 | formData.append('re_scan', reScan ? '1' : '0'); 85 | 86 | const config: AxiosRequestConfig = { 87 | url: `${this.baseUrl}/api/v1/scan`, 88 | method: 'POST', 89 | headers: { 90 | 'Authorization': this.apiKey, 91 | 'X-Mobsf-Api-Key': this.apiKey, 92 | 'Content-Type': 'application/x-www-form-urlencoded' 93 | }, 94 | data: formData.toString() 95 | }; 96 | 97 | return this.sendRequest<string>(config); 98 | } 99 | 100 | /** 101 | * Get scan logs for a specific file 102 | * @param hash Hash of the file to get logs for 103 | * @returns Scan logs as a string 104 | */ 105 | public async getScanLogs(hash: string): Promise<string> { 106 | const formData = new URLSearchParams(); 107 | formData.append('hash', hash); 108 | 109 | const config: AxiosRequestConfig = { 110 | url: `${this.baseUrl}/api/v1/scan_logs`, 111 | method: 'POST', 112 | headers: { 113 | 'Authorization': this.apiKey, 114 | 'X-Mobsf-Api-Key': this.apiKey, 115 | 'Content-Type': 'application/x-www-form-urlencoded' 116 | }, 117 | data: formData.toString() 118 | }; 119 | 120 | return this.sendRequest<string>(config); 121 | } 122 | /** 123 | * Generate a detailed JSON report for a scanned file 124 | * @param hash Hash of the file to generate a report for 125 | * @returns Detailed JSON report 126 | */ 127 | public async generateJsonReport(hash: string): Promise<string> { 128 | const formData = new URLSearchParams(); 129 | formData.append('hash', hash); 130 | 131 | const config: AxiosRequestConfig = { 132 | url: `${this.baseUrl}/api/v1/report_json`, 133 | method: 'POST', 134 | headers: { 135 | 'Authorization': this.apiKey, 136 | 'X-Mobsf-Api-Key': this.apiKey, 137 | 'Content-Type': 'application/x-www-form-urlencoded' 138 | }, 139 | data: formData.toString() 140 | }; 141 | 142 | return this.sendRequest<string>(config); 143 | } 144 | 145 | /** 146 | * Get a list of recent scans 147 | * @param page Page number for pagination 148 | * @param pageSize Number of items per page 149 | * @returns List of recent scans with pagination info 150 | */ 151 | public async getRecentScans(page: number = 1, pageSize: number = 10): Promise<string> { 152 | const config = this.createRequestConfig( 153 | '/api/v1/scans', 154 | 'GET', 155 | undefined, 156 | { 157 | 'Authorization': this.apiKey, 158 | 'X-Mobsf-Api-Key': this.apiKey 159 | }, 160 | { 161 | page, 162 | page_size: pageSize 163 | } 164 | ); 165 | 166 | return this.sendRequest<string>(config); 167 | } 168 | } 169 | 170 | export const createMobSFClient = (baseUrl: string, apiKey: string): MobSFClient => { 171 | return new MobSFClient(baseUrl, apiKey); 172 | }; ``` -------------------------------------------------------------------------------- /mobsf-mcp/src/index.ts: -------------------------------------------------------------------------------- ```typescript 1 | import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js"; 2 | import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js"; 3 | import { z } from "zod"; 4 | import { createMobSFClient } from './mobsf'; 5 | 6 | // Get command line arguments 7 | const args = process.argv.slice(2); 8 | if (args.length < 2) { 9 | console.error("Usage: mobfs <baseUrl> <apiKey>"); 10 | process.exit(1); 11 | } 12 | 13 | const baseUrl = args[0]; 14 | const apiKey = args[1]; 15 | 16 | // Create MobSF client 17 | const mobsfClient = createMobSFClient(baseUrl, apiKey); 18 | 19 | // Create server instance 20 | const server = new McpServer({ 21 | name: "mobsf", 22 | version: "1.0.0", 23 | }); 24 | 25 | // Define the scanFile tool 26 | 27 | server.tool( 28 | "scanFile", 29 | "Scan a file that has already been uploaded to MobSF. This tool analyzes the uploaded mobile application for security vulnerabilities and provides a comprehensive security assessment report.", 30 | { 31 | hash: z.string().describe("Hash of the file to scan"), 32 | reScan: z.boolean().optional().describe("Set to true to force a rescan of the file") 33 | }, 34 | async ({ hash,reScan }) => { 35 | // Handle process completion 36 | return new Promise((resolve, reject) => { 37 | mobsfClient.scanFile(hash,reScan).then(result => { 38 | resolve({ 39 | content: [{ 40 | type: "text", 41 | text: JSON.stringify(result, null, 2), 42 | }] 43 | }); 44 | }).catch(error => { 45 | reject(error); 46 | }); 47 | }); 48 | } 49 | ); 50 | 51 | 52 | server.tool( 53 | "uploadFile", 54 | "Upload a mobile application file (APK, IPA, or APPX) to MobSF for security analysis. This is the first step before scanning and must be done prior to using other analysis functions.", 55 | { 56 | file: z.string().describe("Upload file path"), 57 | 58 | }, 59 | async ({ file }) => { 60 | // Handle process completion 61 | return new Promise((resolve, reject) => { 62 | mobsfClient.uploadFile(file).then(result => { 63 | resolve({ 64 | content: [{ 65 | type: "text", 66 | text: JSON.stringify(result, null, 2), 67 | }] 68 | }); 69 | }).catch(error => { 70 | reject(error); 71 | }); 72 | }); 73 | } 74 | ) 75 | 76 | 77 | server.tool( 78 | "getScanLogs", 79 | "Retrieve detailed scan logs for a previously analyzed mobile application using its hash value. These logs contain information about the scanning process and any issues encountered.", 80 | { 81 | hash: z.string().describe("Hash file to getting scan logs"), 82 | 83 | }, 84 | async ({ hash }) => { 85 | // Handle process completion 86 | return new Promise((resolve, reject) => { 87 | mobsfClient.getScanLogs(hash).then(result => { 88 | resolve({ 89 | content: [{ 90 | type: "text", 91 | text: JSON.stringify(result, null, 2), 92 | }] 93 | }); 94 | }).catch(error => { 95 | reject(error); 96 | }); 97 | }); 98 | } 99 | ) 100 | 101 | server.tool( 102 | "getJsonReport", 103 | "Generate and retrieve a comprehensive security analysis report in JSON format for a scanned mobile application. This report includes detailed findings about security vulnerabilities, permissions, API calls, and other security-relevant information.", 104 | { 105 | hash: z.string().describe("Hash file to getting scan logs"), 106 | 107 | }, 108 | async ({ hash }) => { 109 | // Handle process completion 110 | return new Promise((resolve, reject) => { 111 | mobsfClient.generateJsonReport(hash).then(result => { 112 | resolve({ 113 | content: [{ 114 | type: "text", 115 | text: JSON.stringify(result, null, 2), 116 | }] 117 | }); 118 | }).catch(error => { 119 | reject(error); 120 | }); 121 | }); 122 | } 123 | ) 124 | 125 | server.tool( 126 | "getRecentScans", 127 | "Retrieve a list of recently performed security scans on the MobSF server, showing mobile applications that have been analyzed, their statuses, and basic scan information.", 128 | { 129 | page: z.number().describe("Page number for result"), 130 | pageSize: z.number().describe("Page size for result"), 131 | 132 | }, 133 | async ({ page,pageSize }) => { 134 | // Handle process completion 135 | return new Promise((resolve, reject) => { 136 | mobsfClient.getRecentScans(page,pageSize).then(result => { 137 | resolve({ 138 | content: [{ 139 | type: "text", 140 | text: JSON.stringify(result, null, 2), 141 | }] 142 | }); 143 | }).catch(error => { 144 | reject(error); 145 | }); 146 | }); 147 | } 148 | ) 149 | 150 | // Start the server 151 | async function main() { 152 | const transport = new StdioServerTransport(); 153 | await server.connect(transport); 154 | console.error("mobsf MCP Server running on stdio"); 155 | } 156 | 157 | main().catch((error) => { 158 | console.error("Fatal error in main():", error); 159 | process.exit(1); 160 | }); ``` -------------------------------------------------------------------------------- /nmap-mcp/src/index.ts: -------------------------------------------------------------------------------- ```typescript 1 | import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js"; 2 | import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js"; 3 | import { z } from "zod"; 4 | import { spawn } from 'child_process'; 5 | 6 | const args = process.argv.slice(2); 7 | if (args.length === 0) { 8 | console.error("Usage: nmap <nmap binary>"); 9 | process.exit(1); 10 | } 11 | 12 | // Create server instance 13 | const server = new McpServer({ 14 | name: "nmap", 15 | version: "1.0.0", 16 | }); 17 | 18 | server.tool( 19 | "do-nmap", 20 | "Run nmap with specified taget", 21 | { 22 | target: z.string().describe("Target ip to detect open ports"), 23 | nmap_args: z.array(z.string()).describe(`Additional nmap arguments 24 | TARGET SPECIFICATION: 25 | Can pass hostnames, IP addresses, networks, etc. 26 | Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254 27 | -iL <inputfilename>: Input from list of hosts/networks 28 | -iR <num hosts>: Choose random targets 29 | --exclude <host1[,host2][,host3],...>: Exclude hosts/networks 30 | --excludefile <exclude_file>: Exclude list from file 31 | HOST DISCOVERY: 32 | -sL: List Scan - simply list targets to scan 33 | -sn: Ping Scan - disable port scan 34 | -Pn: Treat all hosts as online -- skip host discovery 35 | -PS/PA/PU/PY[portlist]: TCP SYN, TCP ACK, UDP or SCTP discovery to given ports 36 | -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes 37 | -PO[protocol list]: IP Protocol Ping 38 | -n/-R: Never do DNS resolution/Always resolve [default: sometimes] 39 | --dns-servers <serv1[,serv2],...>: Specify custom DNS servers 40 | --system-dns: Use OS's DNS resolver 41 | --traceroute: Trace hop path to each host 42 | SCAN TECHNIQUES: 43 | -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans 44 | -sU: UDP Scan 45 | -sN/sF/sX: TCP Null, FIN, and Xmas scans 46 | --scanflags <flags>: Customize TCP scan flags 47 | -sI <zombie host[:probeport]>: Idle scan 48 | -sY/sZ: SCTP INIT/COOKIE-ECHO scans 49 | -sO: IP protocol scan 50 | -b <FTP relay host>: FTP bounce scan 51 | PORT SPECIFICATION AND SCAN ORDER: 52 | -p <port ranges>: Only scan specified ports 53 | Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9 54 | --exclude-ports <port ranges>: Exclude the specified ports from scanning 55 | -F: Fast mode - Scan fewer ports than the default scan 56 | -r: Scan ports sequentially - don't randomize 57 | --top-ports <number>: Scan <number> most common ports 58 | --port-ratio <ratio>: Scan ports more common than <ratio> 59 | SERVICE/VERSION DETECTION: 60 | -sV: Probe open ports to determine service/version info 61 | --version-intensity <level>: Set from 0 (light) to 9 (try all probes) 62 | --version-light: Limit to most likely probes (intensity 2) 63 | --version-all: Try every single probe (intensity 9) 64 | --version-trace: Show detailed version scan activity (for debugging) 65 | SCRIPT SCAN: 66 | -sC: equivalent to --script=default 67 | --script=<Lua scripts>: <Lua scripts> is a comma separated list of 68 | directories, script-files or script-categories 69 | --script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts 70 | --script-args-file=filename: provide NSE script args in a file 71 | --script-trace: Show all data sent and received 72 | --script-updatedb: Update the script database. 73 | --script-help=<Lua scripts>: Show help about scripts. 74 | <Lua scripts> is a comma-separated list of script-files or 75 | script-categories. 76 | OS DETECTION: 77 | -O: Enable OS detection 78 | --osscan-limit: Limit OS detection to promising targets 79 | --osscan-guess: Guess OS more aggressively 80 | TIMING AND PERFORMANCE: 81 | Options which take <time> are in seconds, or append 'ms' (milliseconds), 82 | 's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m). 83 | -T<0-5>: Set timing template (higher is faster) 84 | --min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes 85 | --min-parallelism/max-parallelism <numprobes>: Probe parallelization 86 | --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies 87 | probe round trip time. 88 | --max-retries <tries>: Caps number of port scan probe retransmissions. 89 | --host-timeout <time>: Give up on target after this long 90 | --scan-delay/--max-scan-delay <time>: Adjust delay between probes 91 | --min-rate <number>: Send packets no slower than <number> per second 92 | --max-rate <number>: Send packets no faster than <number> per second 93 | FIREWALL/IDS EVASION AND SPOOFING: 94 | -f; --mtu <val>: fragment packets (optionally w/given MTU) 95 | -D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys 96 | -S <IP_Address>: Spoof source address 97 | -e <iface>: Use specified interface 98 | -g/--source-port <portnum>: Use given port number 99 | --proxies <url1,[url2],...>: Relay connections through HTTP/SOCKS4 proxies 100 | --data <hex string>: Append a custom payload to sent packets 101 | --data-string <string>: Append a custom ASCII string to sent packets 102 | --data-length <num>: Append random data to sent packets 103 | --ip-options <options>: Send packets with specified ip options 104 | --ttl <val>: Set IP time-to-live field 105 | --spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address 106 | --badsum: Send packets with a bogus TCP/UDP/SCTP checksum 107 | OUTPUT: 108 | -oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3, 109 | and Grepable format, respectively, to the given filename. 110 | -oA <basename>: Output in the three major formats at once 111 | -v: Increase verbosity level (use -vv or more for greater effect) 112 | -d: Increase debugging level (use -dd or more for greater effect) 113 | --reason: Display the reason a port is in a particular state 114 | --open: Only show open (or possibly open) ports 115 | --packet-trace: Show all packets sent and received 116 | --iflist: Print host interfaces and routes (for debugging) 117 | --append-output: Append to rather than clobber specified output files 118 | --resume <filename>: Resume an aborted scan 119 | --noninteractive: Disable runtime interactions via keyboard 120 | --stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML 121 | --webxml: Reference stylesheet from Nmap.Org for more portable XML 122 | --no-stylesheet: Prevent associating of XSL stylesheet w/XML output 123 | MISC: 124 | -6: Enable IPv6 scanning 125 | -A: Enable OS detection, version detection, script scanning, and traceroute 126 | --datadir <dirname>: Specify custom Nmap data file location 127 | --send-eth/--send-ip: Send using raw ethernet frames or IP packets 128 | --privileged: Assume that the user is fully privileged 129 | --unprivileged: Assume the user lacks raw socket privileges 130 | -V: Print version number 131 | -h: Print this help summary page. 132 | `), 133 | }, 134 | async ({ target, nmap_args }) => { 135 | const nmap = spawn(args[0], [...nmap_args,target]); 136 | let output = ''; 137 | 138 | // Handle stdout 139 | nmap.stdout.on('data', (data) => { 140 | output += data.toString(); 141 | }); 142 | 143 | // Handle stderr 144 | nmap.stderr.on('data', (data) => { 145 | output += data.toString(); 146 | }); 147 | 148 | // Handle process completion 149 | return new Promise((resolve, reject) => { 150 | nmap.on('close', (code) => { 151 | if (code === 0) { 152 | resolve({ 153 | content: [{ 154 | type: "text", 155 | text: output + "\n nmap completed successfully" 156 | }] 157 | }); 158 | } else { 159 | reject(new Error(`nmap exited with code ${code}`)); 160 | } 161 | }); 162 | 163 | nmap.on('error', (error) => { 164 | reject(new Error(`Failed to start nmap: ${error.message}`)); 165 | }); 166 | }); 167 | }, 168 | ); 169 | 170 | // Start the server 171 | async function main() { 172 | const transport = new StdioServerTransport(); 173 | await server.connect(transport); 174 | console.error("nmap MCP Server running on stdio"); 175 | } 176 | 177 | main().catch((error) => { 178 | console.error("Fatal error in main():", error); 179 | process.exit(1); 180 | }); ``` -------------------------------------------------------------------------------- /ffuf-mcp/src/index.ts: -------------------------------------------------------------------------------- ```typescript 1 | import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js"; 2 | import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js"; 3 | import { z } from "zod"; 4 | import { spawn } from 'child_process'; 5 | 6 | const args = process.argv.slice(2); 7 | if (args.length === 0) { 8 | console.error("Usage: ffuf-mcp <ffuf binary>"); 9 | process.exit(1); 10 | } 11 | 12 | // Create server instance 13 | const server = new McpServer({ 14 | name: "ffuf", 15 | version: "1.0.0", 16 | }); 17 | 18 | server.tool( 19 | "do-ffuf", 20 | "Run ffuf with specified URL", 21 | { 22 | url: z.string().url().describe("Target URL to fuzz"), 23 | ffuf_args: z.array(z.string()).describe(`Additional ffuf arguments 24 | HTTP OPTIONS: 25 | -H Header \`"Name: Value"\`, separated by colon. Multiple -H flags are accepted. 26 | -X HTTP method to use 27 | -b Cookie data \`"NAME1=VALUE1; NAME2=VALUE2"\` for copy as curl functionality. 28 | -cc Client cert for authentication. Client key needs to be defined as well for this to work 29 | -ck Client key for authentication. Client certificate needs to be defined as well for this to work 30 | -d POST data 31 | -http2 Use HTTP2 protocol (default: false) 32 | -ignore-body Do not fetch the response content. (default: false) 33 | -r Follow redirects (default: false) 34 | -raw Do not encode URI (default: false) 35 | -recursion Scan recursively. Only FUZZ keyword is supported, and URL (-u) has to end in it. (default: false) 36 | -recursion-depth Maximum recursion depth. (default: 0) 37 | -recursion-strategy Recursion strategy: "default" for a redirect based, and "greedy" to recurse on all matches (default: default) 38 | -replay-proxy Replay matched requests using this proxy. 39 | -sni Target TLS SNI, does not support FUZZ keyword 40 | -timeout HTTP request timeout in seconds. (default: 10) 41 | -u Target URL 42 | -x Proxy URL (SOCKS5 or HTTP). For example: http://127.0.0.1:8080 or socks5://127.0.0.1:8080 43 | 44 | GENERAL OPTIONS: 45 | -V Show version information. (default: false) 46 | -ac Automatically calibrate filtering options (default: false) 47 | -acc Custom auto-calibration string. Can be used multiple times. Implies -ac 48 | -ach Per host autocalibration (default: false) 49 | -ack Autocalibration keyword (default: FUZZ) 50 | -acs Custom auto-calibration strategies. Can be used multiple times. Implies -ac 51 | -c Colorize output. (default: false) 52 | -config Load configuration from a file 53 | -json JSON output, printing newline-delimited JSON records (default: false) 54 | -maxtime Maximum running time in seconds for entire process. (default: 0) 55 | -maxtime-job Maximum running time in seconds per job. (default: 0) 56 | -noninteractive Disable the interactive console functionality (default: false) 57 | -p Seconds of \`delay\` between requests, or a range of random delay. For example "0.1" or "0.1-2.0" 58 | -rate Rate of requests per second (default: 0) 59 | -s Do not print additional information (silent mode) (default: false) 60 | -sa Stop on all error cases. Implies -sf and -se. (default: false) 61 | -scraperfile Custom scraper file path 62 | -scrapers Active scraper groups (default: all) 63 | -se Stop on spurious errors (default: false) 64 | -search Search for a FFUFHASH payload from ffuf history 65 | -sf Stop when > 95% of responses return 403 Forbidden (default: false) 66 | -t Number of concurrent threads. (default: 40) 67 | -v Verbose output, printing full URL and redirect location (if any) with the results. (default: false) 68 | 69 | MATCHER OPTIONS: 70 | -mc Match HTTP status codes, or "all" for everything. (default: 200-299,301,302,307,401,403,405,500) 71 | -ml Match amount of lines in response 72 | -mmode Matcher set operator. Either of: and, or (default: or) 73 | -mr Match regexp 74 | -ms Match HTTP response size 75 | -mt Match how many milliseconds to the first response byte, either greater or less than. EG: >100 or <100 76 | -mw Match amount of words in response 77 | 78 | FILTER OPTIONS: 79 | -fc Filter HTTP status codes from response. Comma separated list of codes and ranges 80 | -fl Filter by amount of lines in response. Comma separated list of line counts and ranges 81 | -fmode Filter set operator. Either of: and, or (default: or) 82 | -fr Filter regexp 83 | -fs Filter HTTP response size. Comma separated list of sizes and ranges 84 | -ft Filter by number of milliseconds to the first response byte, either greater or less than. EG: >100 or <100 85 | -fw Filter by amount of words in response. Comma separated list of word counts and ranges 86 | 87 | INPUT OPTIONS: 88 | -D DirSearch wordlist compatibility mode. Used in conjunction with -e flag. (default: false) 89 | -e Comma separated list of extensions. Extends FUZZ keyword. 90 | -enc Encoders for keywords, eg. 'FUZZ:urlencode b64encode' 91 | -ic Ignore wordlist comments (default: false) 92 | -input-cmd Command producing the input. --input-num is required when using this input method. Overrides -w. 93 | -input-num Number of inputs to test. Used in conjunction with --input-cmd. (default: 100) 94 | -input-shell Shell to be used for running command 95 | -mode Multi-wordlist operation mode. Available modes: clusterbomb, pitchfork, sniper (default: clusterbomb) 96 | -request File containing the raw http request 97 | -request-proto Protocol to use along with raw request (default: https) 98 | -w Wordlist file path and (optional) keyword separated by colon. eg. '/path/to/wordlist:KEYWORD' 99 | 100 | OUTPUT OPTIONS: 101 | -debug-log Write all of the internal logging to the specified file. 102 | -o Write output to file 103 | -od Directory path to store matched results to. 104 | -of Output file format. Available formats: json, ejson, html, md, csv, ecsv (or, 'all' for all formats) (default: json) 105 | -or Don't create the output file if we don't have results (default: false) 106 | `), 107 | }, 108 | async ({ url, ffuf_args }) => { 109 | const ffuf = spawn(args[0], ['-u', url, ...ffuf_args]); 110 | let output = ''; 111 | 112 | // Handle stdout 113 | ffuf.stdout.on('data', (data) => { 114 | output += data.toString(); 115 | }); 116 | 117 | // Handle stderr 118 | ffuf.stderr.on('data', (data) => { 119 | output += data.toString(); 120 | }); 121 | 122 | // Handle process completion 123 | return new Promise((resolve, reject) => { 124 | ffuf.on('close', (code) => { 125 | if (code === 0) { 126 | resolve({ 127 | content: [{ 128 | type: "text", 129 | text: output + "\n ffuf completed successfully" 130 | }] 131 | }); 132 | } else { 133 | reject(new Error(`ffuf exited with code ${code}`)); 134 | } 135 | }); 136 | 137 | ffuf.on('error', (error) => { 138 | reject(new Error(`Failed to start ffuf: ${error.message}`)); 139 | }); 140 | }); 141 | }, 142 | ); 143 | 144 | // Start the server 145 | async function main() { 146 | const transport = new StdioServerTransport(); 147 | await server.connect(transport); 148 | console.error("ffuf MCP Server running on stdio"); 149 | } 150 | 151 | main().catch((error) => { 152 | console.error("Fatal error in main():", error); 153 | process.exit(1); 154 | }); ```