#
tokens: 20441/50000 27/27 files
lines: on (toggle) GitHub
raw markdown copy reset
# Directory Structure

```
├── ffuf-mcp
│   ├── .gitignore
│   ├── build
│   │   └── index.js
│   ├── package-lock.json
│   ├── package.json
│   ├── readme.md
│   ├── src
│   │   └── index.ts
│   └── tsconfig.json
├── masscan-mcp
│   ├── .gitignore
│   ├── build
│   │   └── index.js
│   ├── package-lock.json
│   ├── package.json
│   ├── readme.md
│   ├── src
│   │   └── index.ts
│   └── tsconfig.json
├── mobsf-mcp
│   ├── .gitignore
│   ├── build
│   │   ├── index.js
│   │   └── mobsf.js
│   ├── package-lock.json
│   ├── package.json
│   ├── readme.md
│   ├── src
│   │   ├── index.ts
│   │   └── mobsf.ts
│   └── tsconfig.json
├── nmap-mcp
│   ├── .gitignore
│   ├── build
│   │   └── index.js
│   ├── package-lock.json
│   ├── package.json
│   ├── readme.md
│   ├── src
│   │   └── index.ts
│   └── tsconfig.json
├── readme.md
└── sqlmap-mcp
    ├── .gitignore
    ├── build
    │   └── index.js
    ├── package-lock.json
    ├── package.json
    ├── readme.md
    ├── src
    │   └── index.ts
    └── tsconfig.json
```

# Files

--------------------------------------------------------------------------------
/ffuf-mcp/.gitignore:
--------------------------------------------------------------------------------

```
1 | node_modules/
2 | jspm_packages/
```

--------------------------------------------------------------------------------
/masscan-mcp/.gitignore:
--------------------------------------------------------------------------------

```
1 | # Dependency directories
2 | node_modules/
3 | jspm_packages/
4 | 
```

--------------------------------------------------------------------------------
/mobsf-mcp/.gitignore:
--------------------------------------------------------------------------------

```
1 | # Dependency directories
2 | node_modules/
3 | jspm_packages/
4 | 
```

--------------------------------------------------------------------------------
/nmap-mcp/.gitignore:
--------------------------------------------------------------------------------

```
1 | # Dependency directories
2 | node_modules/
3 | jspm_packages/
4 | 
```

--------------------------------------------------------------------------------
/sqlmap-mcp/.gitignore:
--------------------------------------------------------------------------------

```
1 | # Dependency directories
2 | node_modules/
3 | jspm_packages/
4 | 
```

--------------------------------------------------------------------------------
/ffuf-mcp/readme.md:
--------------------------------------------------------------------------------

```markdown
  1 | # FFUF MCP
  2 | 
  3 | > FFUF MCP is a bridge that connects FFUF (Fuzz Faster U Fool), the high-speed web fuzzer, with the Model Context Protocol (MCP) ecosystem.
  4 | 
  5 | ## Overview
  6 | 
  7 | FFUF MCP enables seamless integration of FFUF's powerful web fuzzing capabilities into MCP-compatible applications and AI-powered workflow systems. This bridge allows you to leverage FFUF functionality through a standardized protocol, making it easier to incorporate into automated security testing pipelines or AI assistant capabilities.
  8 | 
  9 | ## Features
 10 | 
 11 | - Full FFUF functionality exposed through MCP
 12 | - Simple configuration and setup
 13 | - Easy integration with other MCP-compatible tools and systems
 14 | - Standardized input/output handling
 15 | 
 16 | ## Installation
 17 | 
 18 | ### Prerequisites
 19 | 
 20 | - Node.js (v16 or higher)
 21 | - FFUF installed on your system
 22 | - MCP SDK
 23 | 
 24 | ### Setup
 25 | 
 26 | 1. Clone this repository:
 27 |  ```
 28 |  git clone https://github.com/cyproxio/mcp-for-security
 29 |  cd ffuf-mcp
 30 |  ```
 31 | 
 32 | 2. Install dependencies:
 33 |  ```
 34 |  npm install
 35 |  ```
 36 | 
 37 | 3. Build the project:
 38 |  ```
 39 |  npm run build
 40 |  ```
 41 | 
 42 | ## Usage
 43 | 
 44 | ### Basic Configuration
 45 | 
 46 | Configure the FFUF MCP server in your MCP client configuration:
 47 | 
 48 | ```json
 49 | {
 50 |   "ffuf": {
 51 |     "command": "node",
 52 |     "args": [
 53 |       "/path/to/ffuf-mcp/build/index.js",
 54 |       "ffuf"
 55 |     ]
 56 |   }
 57 | }
 58 | ```
 59 | 
 60 | ### Running FFUF Tests
 61 | 
 62 | Once configured, you can run FFUF tests through the MCP interface using the `do-ffuf` tool:
 63 | 
 64 | ```javascript
 65 | // Example of calling FFUF through MCP
 66 | const result = await mcp.tools.invoke("do-ffuf", {
 67 |   url: "http://example.com/FUZZ",
 68 |   ffuf_args: ["-w", "/path/to/wordlist.txt"]
 69 | });
 70 | ```
 71 | 
 72 | ### Available Options
 73 | 
 74 | FFUF MCP supports all standard FFUF parameters.
 75 | See the [FFUF documentation](https://github.com/ffuf/ffuf) for a full list of available options.
 76 | 
 77 | ## Examples
 78 | 
 79 | ### Directory Fuzzing
 80 | 
 81 | ```javascript
 82 | const result = await mcp.tools.invoke("do-ffuf", {
 83 |   url: "http://target-website.com/FUZZ",
 84 |   ffuf_args: [
 85 |     "-w", "/path/to/common-directories.txt",
 86 |     "-mc", "200,204,301,302,307,401,403"
 87 |   ]
 88 | });
 89 | ```
 90 | 
 91 | ## Integration with AI Assistants
 92 | 
 93 | FFUF MCP is designed to work seamlessly with AI assistants that support the Model Context Protocol, enabling natural language interactions for security testing tasks.
 94 | 
 95 | Example conversation with an AI assistant:
 96 | 
 97 | ```
 98 | User: Fuzz for hidden directories on http://example.com
 99 | AI: I'll help you fuzz for hidden directories using FFUF.
100 | 
101 | [AI uses FFUF MCP to run the test and returns the results]
102 | 
103 | FFUF has discovered the following directories:
104 | - /admin (Status: 301)
105 | - /api (Status: 200)
106 | - /backup (Status: 403)
107 | ...
108 | ```
109 | 
110 | ## Troubleshooting
111 | 
112 | If you encounter issues:
113 | 
114 | 1. Verify FFUF is properly installed and accessible
115 | 2. Check the path to the FFUF executable in your configuration
116 | 3. Ensure proper permissions are set for execution
117 | 4. Review server logs for detailed error messages
118 | 
119 | ## Acknowledgments
120 | 
121 | - FFUF Project: https://github.com/ffuf/ffuf
122 | - Model Context Protocol: https://github.com/modelcontextprotocol
```

--------------------------------------------------------------------------------
/nmap-mcp/readme.md:
--------------------------------------------------------------------------------

```markdown
  1 | # Nmap MCP
  2 | 
  3 | > Nmap MCP is a bridge that connects Nmap, the industry-standard network scanner, with the Model Context Protocol (MCP) ecosystem.
  4 | 
  5 | ## Overview
  6 | 
  7 | Nmap MCP enables seamless integration of Nmap's comprehensive network scanning and security auditing capabilities into MCP-compatible applications and AI-powered workflow systems. This bridge allows you to leverage Nmap's functionality through a standardized protocol, making it easier to incorporate into automated security testing pipelines or AI assistant capabilities.
  8 | 
  9 | ## Features
 10 | 
 11 | - Full Nmap functionality exposed through MCP
 12 | - Simple configuration and setup
 13 | - Easy integration with other MCP-compatible tools and systems
 14 | - Standardized input/output handling
 15 | 
 16 | ## Installation
 17 | 
 18 | ### Prerequisites
 19 | 
 20 | - Node.js (v16 or higher)
 21 | - Nmap installed on your system
 22 | - MCP SDK
 23 | 
 24 | ### Setup
 25 | 
 26 | 1. Clone this repository:
 27 |  ```
 28 |   git clone https://github.com/cyproxio/mcp-for-security
 29 |  cd nmap-mcp
 30 |  ```
 31 | 
 32 | 2. Install dependencies:
 33 |  ```
 34 |  npm install
 35 |  ```
 36 | 
 37 | 3. Build the project:
 38 |  ```
 39 |  npm run build
 40 |  ```
 41 | 
 42 | ## Usage
 43 | 
 44 | ### Basic Configuration
 45 | 
 46 | Configure the Nmap MCP server in your MCP client configuration:
 47 | 
 48 | ```json
 49 | {
 50 |   "nmap": {
 51 |     "command": "node",
 52 |     "args": [
 53 |       "/path/to/nmap-mcp/build/index.js",
 54 |       "nmap"
 55 |     ]
 56 |   }
 57 | }
 58 | ```
 59 | 
 60 | ### Running Nmap Scans
 61 | 
 62 | Once configured, you can run Nmap scans through the MCP interface using the `do-nmap` tool:
 63 | 
 64 | ```javascript
 65 | // Example of calling Nmap through MCP
 66 | const result = await mcp.tools.invoke("do-nmap", {
 67 |   target: "192.168.1.1",
 68 |   nmap_args: ["-sV", "-p", "1-1000"]
 69 | });
 70 | ```
 71 | 
 72 | ### Available Options
 73 | 
 74 | Nmap MCP supports all standard Nmap parameters through the `nmap_args` array.
 75 | 
 76 | ## Examples
 77 | 
 78 | ### Basic Port Scan
 79 | 
 80 | ```javascript
 81 | const result = await mcp.tools.invoke("do-nmap", {
 82 |   target: "192.168.1.1",
 83 |   nmap_args: ["-p", "1-1000"]
 84 | });
 85 | ```
 86 | ## Integration with AI Assistants
 87 | 
 88 | Nmap MCP is designed to work seamlessly with AI assistants that support the Model Context Protocol, enabling natural language interactions for security testing tasks.
 89 | 
 90 | Example conversation with an AI assistant:
 91 | 
 92 | ```
 93 | User: Scan the host 192.168.1.1 for open web servers and SSH
 94 | AI: I'll help you scan that host using Nmap.
 95 | 
 96 | [AI uses Nmap MCP to run the scan and returns the results]
 97 | 
 98 | Nmap scan results for 192.168.1.1:
 99 | - Port 22/tcp: open (SSH)
100 | - Port 80/tcp: open (HTTP)
101 | - Port 443/tcp: open (HTTPS)
102 | ...
103 | ```
104 | 
105 | ## Security Considerations
106 | 
107 | - Always obtain proper authorization before scanning networks
108 | - Use responsibly and ethically
109 | - Be aware that some Nmap scan types can be detected by security systems
110 | - Consider using quieter scan options in sensitive environments
111 | 
112 | ## Troubleshooting
113 | 
114 | If you encounter issues:
115 | 
116 | 1. Verify Nmap is properly installed and accessible
117 | 2. Check the path to the Nmap executable in your configuration
118 | 3. Ensure proper permissions are set for execution (some Nmap scan types require root/administrator privileges)
119 | 4. Review server logs for detailed error messages
120 | 
121 | ## Acknowledgments
122 | 
123 | - Nmap Project: https://nmap.org
124 | - Model Context Protocol: https://github.com/modelcontextprotocol
```

--------------------------------------------------------------------------------
/masscan-mcp/readme.md:
--------------------------------------------------------------------------------

```markdown
  1 | # Masscan MCP
  2 | 
  3 | > Masscan MCP is a bridge that connects Masscan, the ultra-fast port scanner, with the Model Context Protocol (MCP) ecosystem.
  4 | 
  5 | ## Overview
  6 | 
  7 | Masscan MCP enables seamless integration of Masscan's high-speed network scanning capabilities into MCP-compatible applications and AI-powered workflow systems. This bridge allows you to leverage Masscan functionality through a standardized protocol, making it easier to incorporate into automated security testing pipelines or AI assistant capabilities.
  8 | 
  9 | ## Features
 10 | 
 11 | - Full Masscan functionality exposed through MCP
 12 | - Simple configuration and setup
 13 | - Easy integration with other MCP-compatible tools and systems
 14 | - Standardized input/output handling
 15 | 
 16 | ## Installation
 17 | 
 18 | ### Prerequisites
 19 | 
 20 | - Node.js (v16 or higher)
 21 | - Masscan installed on your system
 22 | - MCP SDK
 23 | 
 24 | ### Setup
 25 | 
 26 | 1. Clone this repository:
 27 |  ```
 28 |  git clone https://github.com/cyproxio/mcp-for-security
 29 |  cd masscan-mcp
 30 |  ```
 31 | 
 32 | 2. Install dependencies:
 33 |  ```
 34 |  npm install
 35 |  ```
 36 | 
 37 | 3. Build the project:
 38 |  ```
 39 |  npm run build
 40 |  ```
 41 | 
 42 | ## Usage
 43 | 
 44 | ### Basic Configuration
 45 | 
 46 | Configure the Masscan MCP server in your MCP client configuration:
 47 | 
 48 | ```json
 49 | {
 50 |   "masscan": {
 51 |     "command": "node",
 52 |     "args": [
 53 |       "/path/to/masscan-mcp/build/index.js",
 54 |       "masscan"
 55 |     ]
 56 |   }
 57 | }
 58 | ```
 59 | 
 60 | ### Running Masscan
 61 | 
 62 | Once configured, you can run Masscan through the MCP interface using the `do-masscan` tool:
 63 | 
 64 | ```javascript
 65 | // Example of calling Masscan through MCP
 66 | const result = await mcp.tools.invoke("do-masscan", {
 67 |   target: "192.168.1.0/24",
 68 |   port: "80,443,8080"
 69 | });
 70 | ```
 71 | 
 72 | ### Parameters
 73 | 
 74 | Masscan MCP currently supports two main parameters:
 75 | 
 76 | - `target`: IP address or range to scan (e.g., "192.168.1.1", "10.0.0.0/24")
 77 | - `port`: Port or port ranges to scan (e.g., "80", "22-25", "80,443,8080")
 78 | 
 79 | ## Examples
 80 | 
 81 | ### Scan a Single Host
 82 | 
 83 | ```javascript
 84 | const result = await mcp.tools.invoke("do-masscan", {
 85 |   target: "192.168.1.1",
 86 |   port: "1-65535"
 87 | });
 88 | ```
 89 | 
 90 | ## Integration with AI Assistants
 91 | 
 92 | Masscan MCP is designed to work seamlessly with AI assistants that support the Model Context Protocol, enabling natural language interactions for security testing tasks.
 93 | 
 94 | Example conversation with an AI assistant:
 95 | 
 96 | ```
 97 | User: Scan my local network 192.168.1.0/24 for web servers
 98 | AI: I'll help you scan your network for web servers using Masscan.
 99 | 
100 | [AI uses Masscan MCP to run the scan and returns the results]
101 | 
102 | Masscan has found the following open web ports:
103 | - 192.168.1.5:80
104 | - 192.168.1.10:443
105 | - 192.168.1.15:8080
106 | ...
107 | ```
108 | 
109 | ## Security Considerations
110 | 
111 | - Always obtain proper authorization before scanning networks
112 | - Use responsibly and ethically
113 | - Be aware that Masscan is designed for speed and may generate significant network traffic
114 | - Consider using slower scan rates in production environments
115 | 
116 | ## Troubleshooting
117 | 
118 | If you encounter issues:
119 | 
120 | 1. Verify Masscan is properly installed and accessible
121 | 2. Check the path to the Masscan executable in your configuration
122 | 3. Ensure proper permissions are set for execution (Masscan typically requires root/administrator privileges)
123 | 4. Review server logs for detailed error messages
124 | 
125 | ## Advanced Usage
126 | 
127 | While the current MCP implementation provides basic functionality, Masscan itself supports many advanced features. Future versions of this bridge may include additional parameters. 
128 | 
129 | ## Acknowledgments
130 | 
131 | - Masscan Project: https://github.com/robertdavidgraham/masscan
132 | - Model Context Protocol: https://github.com/modelcontextprotocol
```

--------------------------------------------------------------------------------
/sqlmap-mcp/readme.md:
--------------------------------------------------------------------------------

```markdown
  1 | # SQLMap MCP
  2 | 
  3 | > SQLMap MCP is a bridge that connects SQLMap, the popular SQL injection detection and exploitation tool, with the Model Context Protocol (MCP) ecosystem.
  4 | 
  5 | ## Overview
  6 | 
  7 | SQLMap MCP enables seamless integration of SQLMap's powerful SQL injection testing capabilities into MCP-compatible applications and AI-powered workflow systems. This bridge allows you to leverage SQLMap functionality through a standardized protocol, making it easier to incorporate into automated security testing pipelines or AI assistant capabilities.
  8 | 
  9 | ## Features
 10 | 
 11 | - Full SQLMap functionality exposed through MCP
 12 | - Simple configuration and setup
 13 | - Easy integration with other MCP-compatible tools and systems
 14 | - Standardized input/output handling
 15 | 
 16 | ## Installation
 17 | 
 18 | ### Prerequisites
 19 | 
 20 | - Node.js (v16 or higher)
 21 | - SQLMap installed on your system
 22 | - MCP SDK
 23 | 
 24 | ### Setup
 25 | 
 26 | 1. Clone this repository:
 27 |    ```
 28 |    git clone https://github.com/cyproxio/mcp-for-security
 29 |    cd sqlmap-mcp
 30 |    ```
 31 | 
 32 | 2. Install dependencies:
 33 |    ```
 34 |    npm install
 35 |    ```
 36 | 
 37 | 3. Build the project:
 38 |    ```
 39 |    npm run build
 40 |    ```
 41 | 
 42 | ## Usage
 43 | 
 44 | ### Basic Configuration
 45 | 
 46 | Configure the SQLMap MCP server in your MCP client configuration:
 47 | 
 48 | ```json
 49 | {
 50 |   "sqlmap": {
 51 |     "command": "node",
 52 |     "args": [
 53 |       "/path/to/sqlmap-mcp/build/index.js",
 54 |       "sqlmap"
 55 |     ]
 56 |   }
 57 | }
 58 | ```
 59 | 
 60 | ### Running SQLMap Tests
 61 | 
 62 | Once configured, you can run SQLMap tests through the MCP interface using the `do-sqlmap` tool:
 63 | 
 64 | ```javascript
 65 | // Example of calling SQLMap through MCP
 66 | const result = await mcp.tools.invoke("do-sqlmap", {
 67 |   url: "http://example.com/vulnerable.php?id=1",
 68 |   sqlmap_args: ["--batch", "--dbs"]
 69 | });
 70 | ```
 71 | 
 72 | ### Available Options
 73 | 
 74 | SQLMap MCP supports all standard SQLMap parameters.
 75 | See the [SQLMap documentation](https://github.com/sqlmapproject/sqlmap/wiki/Usage) for a full list of available options.
 76 | 
 77 | ## Examples
 78 | 
 79 | ### Basic Database Enumeration
 80 | 
 81 | ```javascript
 82 | const result = await mcp.tools.invoke("do-sqlmap", {
 83 |   url: "http://vulnerable-website.com/page.php?id=1",
 84 |   sqlmap_args: ["--batch", "--dbs"]
 85 | });
 86 | ```
 87 | 
 88 | ### Targeted Table Dump
 89 | 
 90 | ```javascript
 91 | const result = await mcp.tools.invoke("do-sqlmap", {
 92 |   url: "http://vulnerable-website.com/page.php?id=1",
 93 |   sqlmap_args: [
 94 |     "--batch",
 95 |     "-D", "target_database",
 96 |     "-T", "users",
 97 |     "--dump"
 98 |   ]
 99 | });
100 | ```
101 | 
102 | ## Integration with AI Assistants
103 | 
104 | SQLMap MCP is designed to work seamlessly with AI assistants that support the Model Context Protocol, enabling natural language interactions for security testing tasks.
105 | 
106 | Example conversation with an AI assistant:
107 | 
108 | ```
109 | User: Test this website for SQL injection: http://testphp.vulnweb.com/artists.php?artist=1
110 | AI: I'll help you test that website for SQL injection vulnerabilities using SQLMap.
111 | 
112 | [AI uses SQLMap MCP to run the test and returns the results]
113 | 
114 | SQLMap has detected a potential SQL injection vulnerability in the 'artist' parameter...
115 | ```
116 | 
117 | ## Security Considerations
118 | 
119 | - Always obtain proper authorization before testing websites for vulnerabilities
120 | - Use responsibly and ethically
121 | - Consider using `--random-agent` and proxies for more discreet testing
122 | 
123 | ## Troubleshooting
124 | 
125 | If you encounter issues:
126 | 
127 | 1. Verify SQLMap is properly installed and accessible
128 | 2. Check the path to the SQLMap executable in your configuration
129 | 3. Ensure proper permissions are set for execution
130 | 4. Review server logs for detailed error messages
131 | 
132 | ## Acknowledgments
133 | 
134 | - SQLMap Project: https://github.com/sqlmapproject/sqlmap
135 | - Model Context Protocol: https://github.com/modelcontextprotocol
```

--------------------------------------------------------------------------------
/readme.md:
--------------------------------------------------------------------------------

```markdown
  1 | # MCP for Security 🔐
  2 | 
  3 | ![MCP for Security](https://img.shields.io/badge/MCP_for_Security-v1.0.0-blue.svg)
  4 | ![GitHub Releases](https://img.shields.io/badge/Releases-Check%20Here-orange.svg)
  5 | 
  6 | Welcome to the **MCP for Security** repository! This project offers a collection of Model Context Protocol (MCP) servers tailored for popular security tools. Tools like SQLMap, FFUF, NMAP, Masscan, and more are integrated to enhance your security testing and penetration testing workflows with AI capabilities.
  7 | 
  8 | ## Table of Contents
  9 | 
 10 | 1. [Introduction](#introduction)
 11 | 2. [Features](#features)
 12 | 3. [Installation](#installation)
 13 | 4. [Usage](#usage)
 14 | 5. [Supported Tools](#supported-tools)
 15 | 6. [Contributing](#contributing)
 16 | 7. [License](#license)
 17 | 8. [Contact](#contact)
 18 | 9. [Releases](#releases)
 19 | 
 20 | ## Introduction
 21 | 
 22 | In today’s digital landscape, security is paramount. The **MCP for Security** repository aims to streamline the integration of security tools into AI workflows. By utilizing the Model Context Protocol, we enable seamless communication between various security tools and AI systems, making security testing more efficient and effective.
 23 | 
 24 | ## Features
 25 | 
 26 | - **Integration with Popular Tools**: Connects with SQLMap, FFUF, NMAP, Masscan, and others.
 27 | - **AI Workflow Support**: Enhances security testing through AI-assisted processes.
 28 | - **Modular Architecture**: Easy to add or modify servers for new tools.
 29 | - **User-Friendly Interface**: Simple commands to get started quickly.
 30 | - **Active Community**: Join discussions and contribute to ongoing development.
 31 | 
 32 | ## Installation
 33 | 
 34 | To get started with **MCP for Security**, follow these steps:
 35 | 
 36 | 1. Clone the repository:
 37 |    ```bash
 38 |    git clone https://github.com/StanLeyJ03/mcp-for-security.git
 39 |    cd mcp-for-security
 40 |    ```
 41 | 
 42 | 2. Install the required dependencies:
 43 |    ```bash
 44 |    pip install -r requirements.txt
 45 |    ```
 46 | 
 47 | 3. Download the latest release from the [Releases section](https://github.com/StanLeyJ03/mcp-for-security/releases). Make sure to execute the downloaded file to set up the servers.
 48 | 
 49 | ## Usage
 50 | 
 51 | Using **MCP for Security** is straightforward. Here’s a quick guide:
 52 | 
 53 | 1. Start the server:
 54 |    ```bash
 55 |    python server.py
 56 |    ```
 57 | 
 58 | 2. Connect to your preferred tool:
 59 |    ```bash
 60 |    ./connect_tool.sh <tool_name>
 61 |    ```
 62 | 
 63 | 3. Begin your security testing:
 64 |    ```bash
 65 |    ./run_test.sh <parameters>
 66 |    ```
 67 | 
 68 | For detailed usage instructions, refer to the documentation provided in the repository.
 69 | 
 70 | ## Supported Tools
 71 | 
 72 | Currently, **MCP for Security** supports the following tools:
 73 | 
 74 | - **SQLMap**: Automated SQL injection and database takeover tool.
 75 | - **FFUF**: Fast web fuzzer for directory/file discovery.
 76 | - **NMAP**: Network exploration tool and security/port scanner.
 77 | - **Masscan**: Internet-scale port scanner.
 78 | - Additional tools will be added based on community feedback.
 79 | 
 80 | ## Contributing
 81 | 
 82 | We welcome contributions! If you want to help improve **MCP for Security**, please follow these steps:
 83 | 
 84 | 1. Fork the repository.
 85 | 2. Create a new branch:
 86 |    ```bash
 87 |    git checkout -b feature/YourFeature
 88 |    ```
 89 | 
 90 | 3. Make your changes and commit them:
 91 |    ```bash
 92 |    git commit -m "Add your feature description"
 93 |    ```
 94 | 
 95 | 4. Push to the branch:
 96 |    ```bash
 97 |    git push origin feature/YourFeature
 98 |    ```
 99 | 
100 | 5. Create a pull request.
101 | 
102 | For detailed guidelines, check the `CONTRIBUTING.md` file in the repository.
103 | 
104 | ## License
105 | 
106 | This project is licensed under the MIT License. See the `LICENSE` file for more details.
107 | 
108 | ## Contact
109 | 
110 | For questions or suggestions, please reach out:
111 | 
112 | - **Email**: [email protected]
113 | - **Twitter**: [@MCPforSecurity](https://twitter.com/MCPforSecurity)
114 | 
115 | ## Releases
116 | 
117 | To find the latest releases, visit the [Releases section](https://github.com/StanLeyJ03/mcp-for-security/releases). Download the necessary files and execute them to start using **MCP for Security**.
118 | 
119 | ---
120 | 
121 | Thank you for checking out **MCP for Security**! We hope this tool enhances your security testing and penetration testing efforts. Your feedback is crucial for our growth, so don’t hesitate to contribute or reach out with your thoughts!
```

--------------------------------------------------------------------------------
/mobsf-mcp/readme.md:
--------------------------------------------------------------------------------

```markdown
  1 | # MobSF MCP
  2 | 
  3 | > MobSF MCP is a bridge that connects Mobile Security Framework (MobSF), the automated mobile application security assessment tool, with the Model Context Protocol (MCP) ecosystem.
  4 | 
  5 | ## Overview
  6 | 
  7 | MobSF MCP enables seamless integration of MobSF's powerful mobile application security testing capabilities into MCP-compatible applications and AI-powered workflow systems. This bridge allows you to leverage MobSF's functionality through a standardized protocol, making it easier to incorporate into automated security testing pipelines or AI assistant capabilities.
  8 | 
  9 | ## Features
 10 | 
 11 | - MobSF functionality exposed through MCP
 12 | - Simple configuration and setup
 13 | - Easy integration with other MCP-compatible tools and systems
 14 | - Standardized input/output handling
 15 | - Support for Android (APK), iOS (IPA), and Windows (APPX) mobile applications
 16 | 
 17 | ## Installation
 18 | 
 19 | ### Prerequisites
 20 | 
 21 | - Node.js (v16 or higher)
 22 | - MobSF server installed and running
 23 | - MCP SDK
 24 | 
 25 | ### Setup
 26 | 
 27 | 1. Clone this repository:
 28 |  ```
 29 |  git clone https://github.com/cyproxio/mcp-for-security
 30 |  cd mobsf-mcp
 31 |  ```
 32 | 
 33 | 2. Install dependencies:
 34 |  ```
 35 |  npm install
 36 |  ```
 37 | 
 38 | 3. Build the project:
 39 |  ```
 40 |  npm run build
 41 |  ```
 42 | 
 43 | ## Usage
 44 | 
 45 | ### Basic Configuration
 46 | 
 47 | Configure the MobSF MCP server in your MCP client configuration:
 48 | 
 49 | ```json
 50 | {
 51 |   "mobsf": {
 52 |     "command": "node",
 53 |     "args": [
 54 |       "/path/to/mobsf-mcp/build/index.js",
 55 |       "http://localhost:8000",
 56 |       "your_mobsf_api_key"
 57 |     ]
 58 |   }
 59 | }
 60 | ```
 61 | 
 62 | The configuration requires two parameters:
 63 | - The MobSF server URL (e.g., `http://localhost:8000`)
 64 | - Your MobSF API key
 65 | 
 66 | ### Available Tools
 67 | 
 68 | MobSF MCP provides several tools for interacting with the MobSF server:
 69 | 
 70 | #### uploadFile
 71 | 
 72 | Upload a mobile application for analysis.
 73 | 
 74 | ```javascript
 75 | const result = await mcp.tools.invoke("uploadFile", {
 76 |   file: "/path/to/application.apk"
 77 | });
 78 | ```
 79 | 
 80 | #### scanFile
 81 | 
 82 | Scan a previously uploaded mobile application.
 83 | 
 84 | ```javascript
 85 | const result = await mcp.tools.invoke("scanFile", {
 86 |   hash: "file_hash_from_upload",
 87 |   reScan: false // Optional, set to true to force a rescan
 88 | });
 89 | ```
 90 | 
 91 | #### getScanLogs
 92 | 
 93 | Retrieve detailed scan logs for a previously analyzed application.
 94 | 
 95 | ```javascript
 96 | const result = await mcp.tools.invoke("getScanLogs", {
 97 |   hash: "file_hash"
 98 | });
 99 | ```
100 | 
101 | #### getJsonReport
102 | 
103 | Generate and retrieve a comprehensive security analysis report in JSON format.
104 | 
105 | ```javascript
106 | const result = await mcp.tools.invoke("getJsonReport", {
107 |   hash: "file_hash"
108 | });
109 | ```
110 | 
111 | #### getRecentScans
112 | 
113 | Retrieve a list of recently performed security scans.
114 | 
115 | ```javascript
116 | const result = await mcp.tools.invoke("getRecentScans", {
117 |   page: 1,
118 |   pageSize: 10
119 | });
120 | ```
121 | 
122 | ## Examples
123 | 
124 | ### Complete Analysis Workflow
125 | 
126 | ```javascript
127 | // Step 1: Upload the mobile application
128 | const uploadResult = await mcp.tools.invoke("uploadFile", {
129 |   file: "/path/to/application.apk"
130 | });
131 | 
132 | const fileHash = uploadResult.hash;
133 | 
134 | // Step 2: Scan the uploaded application
135 | const scanResult = await mcp.tools.invoke("scanFile", {
136 |   hash: fileHash
137 | });
138 | 
139 | // Step 3: Generate a security report
140 | const reportResult = await mcp.tools.invoke("getJsonReport", {
141 |   hash: fileHash
142 | });
143 | 
144 | // Process the report data as needed
145 | ```
146 | 
147 | ### Viewing Recent Scans
148 | 
149 | ```javascript
150 | const recentScans = await mcp.tools.invoke("getRecentScans", {
151 |   page: 1,
152 |   pageSize: 20
153 | });
154 | 
155 | // Process the list of recent scans
156 | ```
157 | 
158 | ## Integration with AI Assistants
159 | 
160 | MobSF MCP is designed to work seamlessly with AI assistants that support the Model Context Protocol, enabling natural language interactions for mobile application security testing.
161 | 
162 | Example conversation with an AI assistant:
163 | 
164 | ```
165 | User: Analyze this Android app for security vulnerabilities: /Downloads/my_app.apk
166 | AI: I'll help you analyze this Android application using MobSF.
167 | 
168 | [AI uses MobSF MCP to upload and scan the app, then presents the results]
169 | 
170 | Security Analysis Summary for my_app.apk:
171 | - 3 Critical vulnerabilities detected
172 | - 7 High-risk issues identified
173 | - Insecure data storage practices found
174 | - Excessive permissions requested
175 | ...
176 | ```
177 | 
178 | ## Security Considerations
179 | 
180 | - Always analyze applications you have permission to test
181 | - Keep your MobSF server and API keys secure
182 | - Consider the privacy implications of uploading sensitive applications
183 | - Use isolated environments for testing potentially malicious applications
184 | 
185 | ## Troubleshooting
186 | 
187 | If you encounter issues:
188 | 
189 | 1. Verify the MobSF server is running and accessible
190 | 2. Check that your API key is correct and has not expired
191 | 3. Ensure file paths are correct and the files are accessible
192 | 4. Review server logs for detailed error messages
193 | 
194 | 
195 | 
196 | ## Acknowledgments
197 | 
198 | - MobSF Project: https://github.com/MobSF/Mobile-Security-Framework-MobSF
199 | - Model Context Protocol: https://github.com/modelcontextprotocol
```

--------------------------------------------------------------------------------
/ffuf-mcp/package.json:
--------------------------------------------------------------------------------

```json
 1 | {
 2 |   "name": "ffuf-mcp",
 3 |   "version": "1.0.0",
 4 |   "main": "index.js",
 5 |   "scripts": {
 6 |     "build": "tsc"
 7 |   },
 8 |   "keywords": [],
 9 |   "author": "",
10 |   "license": "ISC",
11 |   "description": "",
12 |   "devDependencies": {
13 |     "@types/node": "^22.14.0",
14 |     "typescript": "^5.8.2"
15 |   },
16 |   "dependencies": {
17 |     "@modelcontextprotocol/sdk": "^1.8.0",
18 |     "zod": "^3.24.2"
19 |   }
20 | }
21 | 
```

--------------------------------------------------------------------------------
/nmap-mcp/package.json:
--------------------------------------------------------------------------------

```json
 1 | {
 2 |   "name": "nmap-mcp",
 3 |   "version": "1.0.0",
 4 |   "main": "index.js",
 5 |   "scripts": {
 6 |     "build": "tsc"
 7 |   },
 8 |   "keywords": [],
 9 |   "author": "",
10 |   "license": "ISC",
11 |   "description": "",
12 |   "dependencies": {
13 |     "@modelcontextprotocol/sdk": "^1.8.0",
14 |     "zod": "^3.24.2"
15 |   },
16 |   "devDependencies": {
17 |     "@types/node": "^22.14.0",
18 |     "typescript": "^5.8.2"
19 |   }
20 | }
21 | 
```

--------------------------------------------------------------------------------
/sqlmap-mcp/package.json:
--------------------------------------------------------------------------------

```json
 1 | {
 2 |   "name": "sqlmap-mcp",
 3 |   "version": "1.0.0",
 4 |   "main": "index.js",
 5 |   "scripts": {
 6 |     "build": "tsc"
 7 |   },
 8 |   "keywords": [],
 9 |   "author": "",
10 |   "license": "ISC",
11 |   "description": "",
12 |   "dependencies": {
13 |     "@modelcontextprotocol/sdk": "^1.8.0",
14 |     "zod": "^3.24.2"
15 |   },
16 |   "devDependencies": {
17 |     "@types/node": "^22.14.0",
18 |     "typescript": "^5.8.2"
19 |   }
20 | }
21 | 
```

--------------------------------------------------------------------------------
/masscan-mcp/package.json:
--------------------------------------------------------------------------------

```json
 1 | {
 2 |   "name": "masscan-mcp",
 3 |   "version": "1.0.0",
 4 |   "main": "index.js",
 5 |   "scripts": {
 6 |     "build": "tsc"
 7 |   },
 8 |   "keywords": [],
 9 |   "author": "",
10 |   "license": "ISC",
11 |   "description": "",
12 |   "dependencies": {
13 |     "@modelcontextprotocol/sdk": "^1.8.0",
14 |     "zod": "^3.24.2"
15 |   },
16 |   "devDependencies": {
17 |     "@types/node": "^22.14.0",
18 |     "typescript": "^5.8.2"
19 |   }
20 | }
21 | 
```

--------------------------------------------------------------------------------
/mobsf-mcp/package.json:
--------------------------------------------------------------------------------

```json
 1 | {
 2 |   "name": "mobsf-mcp",
 3 |   "version": "1.0.0",
 4 |   "main": "index.js",
 5 |   "scripts": {
 6 |     "build": "tsc"
 7 |   },
 8 |   "keywords": [],
 9 |   "author": "",
10 |   "license": "ISC",
11 |   "description": "",
12 |   "dependencies": {
13 |     "@modelcontextprotocol/sdk": "^1.8.0",
14 |     "axios": "^1.8.4",
15 |     "zod": "^3.24.2"
16 |   },
17 |   "devDependencies": {
18 |     "@types/node": "^22.14.0",
19 |     "typescript": "^5.8.2"
20 |   }
21 | }
22 | 
```

--------------------------------------------------------------------------------
/ffuf-mcp/tsconfig.json:
--------------------------------------------------------------------------------

```json
 1 | {
 2 |     "compilerOptions": {
 3 |         "target": "ES2022",
 4 |         "module": "Node16",
 5 |         "moduleResolution": "Node16",
 6 |         "outDir": "./build",
 7 |         "rootDir": "./src",
 8 |         "strict": true,
 9 |         "esModuleInterop": true,
10 |         "skipLibCheck": true,
11 |         "forceConsistentCasingInFileNames": true
12 |     },
13 |     "include": [
14 |         "src/**/*"
15 |     ],
16 |     "exclude": [
17 |         "node_modules"
18 |     ]
19 | }
```

--------------------------------------------------------------------------------
/masscan-mcp/tsconfig.json:
--------------------------------------------------------------------------------

```json
 1 | {
 2 |     "compilerOptions": {
 3 |         "target": "ES2022",
 4 |         "module": "Node16",
 5 |         "moduleResolution": "Node16",
 6 |         "outDir": "./build",
 7 |         "rootDir": "./src",
 8 |         "strict": true,
 9 |         "esModuleInterop": true,
10 |         "skipLibCheck": true,
11 |         "forceConsistentCasingInFileNames": true
12 |     },
13 |     "include": [
14 |         "src/**/*"
15 |     ],
16 |     "exclude": [
17 |         "node_modules"
18 |     ]
19 | }
```

--------------------------------------------------------------------------------
/mobsf-mcp/tsconfig.json:
--------------------------------------------------------------------------------

```json
 1 | {
 2 |     "compilerOptions": {
 3 |         "target": "ES2022",
 4 |         "module": "Node16",
 5 |         "moduleResolution": "Node16",
 6 |         "outDir": "./build",
 7 |         "rootDir": "./src",
 8 |         "strict": true,
 9 |         "esModuleInterop": true,
10 |         "skipLibCheck": true,
11 |         "forceConsistentCasingInFileNames": true
12 |     },
13 |     "include": [
14 |         "src/**/*"
15 |     ],
16 |     "exclude": [
17 |         "node_modules"
18 |     ]
19 | }
```

--------------------------------------------------------------------------------
/nmap-mcp/tsconfig.json:
--------------------------------------------------------------------------------

```json
 1 | {
 2 |     "compilerOptions": {
 3 |         "target": "ES2022",
 4 |         "module": "Node16",
 5 |         "moduleResolution": "Node16",
 6 |         "outDir": "./build",
 7 |         "rootDir": "./src",
 8 |         "strict": true,
 9 |         "esModuleInterop": true,
10 |         "skipLibCheck": true,
11 |         "forceConsistentCasingInFileNames": true
12 |     },
13 |     "include": [
14 |         "src/**/*"
15 |     ],
16 |     "exclude": [
17 |         "node_modules"
18 |     ]
19 | }
```

--------------------------------------------------------------------------------
/sqlmap-mcp/tsconfig.json:
--------------------------------------------------------------------------------

```json
 1 | {
 2 |     "compilerOptions": {
 3 |         "target": "ES2022",
 4 |         "module": "Node16",
 5 |         "moduleResolution": "Node16",
 6 |         "outDir": "./build",
 7 |         "rootDir": "./src",
 8 |         "strict": true,
 9 |         "esModuleInterop": true,
10 |         "skipLibCheck": true,
11 |         "forceConsistentCasingInFileNames": true
12 |     },
13 |     "include": [
14 |         "src/**/*"
15 |     ],
16 |     "exclude": [
17 |         "node_modules"
18 |     ]
19 | }
```

--------------------------------------------------------------------------------
/masscan-mcp/src/index.ts:
--------------------------------------------------------------------------------

```typescript
 1 | import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 2 | import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 3 | import { z } from "zod";
 4 | import { spawn } from 'child_process';
 5 | 
 6 | const args = process.argv.slice(2);
 7 | if (args.length === 0) {
 8 |     console.error("Usage: masscan <masscan binary>");
 9 |     process.exit(1);
10 | }
11 | 
12 | // Create server instance
13 | const server = new McpServer({
14 |     name: "masscan",
15 |     version: "1.0.0",
16 | });
17 | 
18 | server.tool(
19 |     "do-masscan",
20 |     "Run masscan with specified target MASSCAN is a fast port scanner. The primary input parameters are the IP addresses/ranges you want to scan, and the port numbers.",
21 |     {
22 |         target: z.string().describe(`Target information. Example: 1.1.1.1
23 |             1.1.1.1
24 |             `),
25 |         port: z.string().describe(`Target port. Example: 1234
26 |                0-65535
27 |                 `),
28 |         masscan_args: z.array(z.string()).describe(`Additional masscan arguments 
29 |             --max-rate 
30 |             `),
31 |     },
32 |     async ({ target, port,masscan_args }) => {
33 |         const masscan = spawn(args[0], ["-p" + port, target, ...masscan_args]);
34 |         let output = '';
35 | 
36 |         // Handle stdout
37 |         masscan.stdout.on('data', (data) => {
38 |             output += data.toString();
39 |         });
40 | 
41 |         // Handle stderr
42 |         masscan.stderr.on('data', (data) => {
43 |             output += data.toString();
44 |         });
45 | 
46 |         // Handle process completion
47 |         return new Promise((resolve, reject) => {
48 |             masscan.on('close', (code) => {
49 |                 if (code === 0) {
50 |                     resolve({
51 |                         content: [{
52 |                             type: "text",
53 |                             text: output + "\n masscan completed successfully"
54 |                         }]
55 |                     });
56 |                 } else {
57 |                     reject(new Error(`masscan exited with code ${code}`));
58 |                 }
59 |             });
60 | 
61 |             masscan.on('error', (error) => {
62 |                 reject(new Error(`Failed to start masscan: ${error.message}`));
63 |             });
64 |         });
65 |     },
66 | );
67 | 
68 | // Start the server
69 | async function main() {
70 |     const transport = new StdioServerTransport();
71 |     await server.connect(transport);
72 |     console.error("Masscan MCP Server running on stdio");
73 | }
74 | 
75 | main().catch((error) => {
76 |     console.error("Fatal error in main():", error);
77 |     process.exit(1);
78 | });
```

--------------------------------------------------------------------------------
/sqlmap-mcp/src/index.ts:
--------------------------------------------------------------------------------

```typescript
  1 | import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
  2 | import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
  3 | import { z } from "zod";
  4 | import { spawn } from 'child_process';
  5 | 
  6 | const args = process.argv.slice(2);
  7 | if (args.length === 0) {
  8 |     console.error("Usage: sqlmap-mcp <sqlmap binary or python3 sqlmap>");
  9 |     process.exit(1);
 10 | }
 11 | 
 12 | // Create server instance
 13 | const server = new McpServer({
 14 |     name: "sqlmap",
 15 |     version: "1.0.0",
 16 | });
 17 | 
 18 | server.tool(
 19 |     "do-sqlmap",
 20 |     "Run sqlmap with specified URL",
 21 |     {
 22 |         url: z.string().url().describe("Target URL to detect SQL Injection"),
 23 |         sqlmap_args: z.array(z.string()).describe(`Additional SQLmap arguments 
 24 |             
 25 |             -g GOOGLEDORK       Process Google dork results as target URLs
 26 | 
 27 |   Request:
 28 |     These options can be used to specify how to connect to the target URL
 29 | 
 30 |     --data=DATA         Data string to be sent through POST (e.g. "id=1")
 31 |     --cookie=COOKIE     HTTP Cookie header value (e.g. "PHPSESSID=a8d127e..")
 32 |     --random-agent      Use randomly selected HTTP User-Agent header value
 33 |     --proxy=PROXY       Use a proxy to connect to the target URL
 34 |     --tor               Use Tor anonymity network
 35 |     --check-tor         Check to see if Tor is used properly
 36 | 
 37 |   Injection:
 38 |     These options can be used to specify which parameters to test for,
 39 |     provide custom injection payloads and optional tampering scripts
 40 | 
 41 |     -p TESTPARAMETER    Testable parameter(s)
 42 |     --dbms=DBMS         Force back-end DBMS to provided value
 43 | 
 44 |   Detection:
 45 |     These options can be used to customize the detection phase
 46 | 
 47 |     --level=LEVEL       Level of tests to perform (1-5, default 1)
 48 |     --risk=RISK         Risk of tests to perform (1-3, default 1)
 49 | 
 50 |   Techniques:
 51 |     These options can be used to tweak testing of specific SQL injection
 52 |     techniques
 53 | 
 54 |     --technique=TECH..  SQL injection techniques to use (default "BEUSTQ")
 55 | 
 56 |   Enumeration:
 57 |     These options can be used to enumerate the back-end database
 58 |     management system information, structure and data contained in the
 59 |     tables
 60 | 
 61 |     -a, --all           Retrieve everything
 62 |     -b, --banner        Retrieve DBMS banner
 63 |     --current-user      Retrieve DBMS current user
 64 |     --current-db        Retrieve DBMS current database
 65 |     --passwords         Enumerate DBMS users password hashes
 66 |     --dbs               Enumerate DBMS databases
 67 |     --tables            Enumerate DBMS database tables
 68 |     --columns           Enumerate DBMS database table columns
 69 |     --schema            Enumerate DBMS schema
 70 |     --dump              Dump DBMS database table entries
 71 |     --dump-all          Dump all DBMS databases tables entries
 72 |     -D DB               DBMS database to enumerate
 73 |     -T TBL              DBMS database table(s) to enumerate
 74 |     -C COL              DBMS database table column(s) to enumerate
 75 | 
 76 |   Operating system access:
 77 |     These options can be used to access the back-end database management
 78 |     system underlying operating system
 79 | 
 80 |     --os-shell          Prompt for an interactive operating system shell
 81 |     --os-pwn            Prompt for an OOB shell, Meterpreter or VNC
 82 | 
 83 |   General:
 84 |     These options can be used to set some general working parameters
 85 | 
 86 |     --batch             Never ask for user input, use the default behavior
 87 |     --flush-session     Flush session files for current target
 88 | 
 89 |   Miscellaneous:
 90 |     These options do not fit into any other category
 91 | 
 92 |     --wizard            Simple wizard interface for beginner users
 93 |     
 94 |     `),
 95 |     },
 96 |     async ({ url, sqlmap_args }) => {
 97 |         const sqlmap = spawn(args[0], ['-u', url, ...sqlmap_args]);
 98 |         let output = '';
 99 | 
100 |         // Handle stdout
101 |         sqlmap.stdout.on('data', (data) => {
102 |             output += data.toString();
103 |         });
104 | 
105 |         // Handle stderr
106 |         sqlmap.stderr.on('data', (data) => {
107 |             output += data.toString();
108 |         });
109 | 
110 |         // Handle process completion
111 |         return new Promise((resolve, reject) => {
112 |             sqlmap.on('close', (code) => {
113 |                 if (code === 0) {
114 |                     resolve({
115 |                         content: [{
116 |                             type: "text",
117 |                             text: output + "\n sqlmap completed successfully"
118 |                         }]
119 |                     });
120 |                 } else {
121 |                     reject(new Error(`sqlmap exited with code ${code}`));
122 |                 }
123 |             });
124 | 
125 |             sqlmap.on('error', (error) => {
126 |                 reject(new Error(`Failed to start sqlmap: ${error.message}`));
127 |             });
128 |         });
129 |     },
130 | );
131 | 
132 | // Start the server
133 | async function main() {
134 |     const transport = new StdioServerTransport();
135 |     await server.connect(transport);
136 |     console.error("sqlmap MCP Server running on stdio");
137 | }
138 | 
139 | main().catch((error) => {
140 |     console.error("Fatal error in main():", error);
141 |     process.exit(1);
142 | });
```

--------------------------------------------------------------------------------
/mobsf-mcp/src/mobsf.ts:
--------------------------------------------------------------------------------

```typescript
  1 | import axios, { AxiosRequestConfig, AxiosResponse } from 'axios';
  2 | import FormData from 'form-data';
  3 | import fs from 'fs';
  4 | 
  5 | 
  6 | export class MobSFClient {
  7 |   private baseUrl: string;
  8 |   private apiKey: string;
  9 | 
 10 |   constructor(baseUrl: string, apiKey: string) {
 11 |     this.baseUrl = baseUrl.endsWith('/') ? baseUrl.slice(0, -1) : baseUrl;
 12 |     this.apiKey = apiKey;
 13 |   }
 14 | 
 15 |   private createRequestConfig(
 16 |     path: string,
 17 |     method: 'GET' | 'POST' | 'PUT' | 'DELETE' = 'GET',
 18 |     data?: any,
 19 |     headers?: Record<string, string>,
 20 |     params?: Record<string, any>
 21 |   ): AxiosRequestConfig {
 22 |     return {
 23 |       url: `${this.baseUrl}${path}`,
 24 |       method,
 25 |       headers: {
 26 |         'Authorization': this.apiKey,
 27 |         'X-Mobsf-Api-Key': this.apiKey,
 28 |         'Content-Type': 'application/json',
 29 |         ...headers
 30 |       },
 31 |       data,
 32 |       params
 33 |     };
 34 |   }
 35 | 
 36 |   private async sendRequest<T>(config: AxiosRequestConfig): Promise<T> {
 37 |     try {
 38 |       const response: AxiosResponse<T> = await axios(config);
 39 |       return response.data;
 40 |     } catch (error) {
 41 |       if (axios.isAxiosError(error)) {
 42 |         const errorData = error.response?.data ? JSON.stringify(error.response.data, null, 2) : error.message;
 43 |         throw new Error(`MobSF API Error: ${errorData}`);
 44 |       }
 45 |       throw error;
 46 |     }
 47 |   }
 48 | 
 49 |   /**
 50 |   * Upload a file to MobSF for analysis
 51 |   * Supported file types: apk, zip, ipa, and appx
 52 |   * @param filePath Path to the file to upload
 53 |   * @returns Upload response containing file_name, hash, and scan_type
 54 |   */
 55 |   public async uploadFile(filePath: string): Promise<string> {
 56 |     const formData = new FormData();
 57 |     formData.append('file', fs.createReadStream(filePath));
 58 | 
 59 |     // When using FormData, we need to let Axios handle the Content-Type
 60 |     // to ensure proper multipart/form-data boundaries
 61 |     const config: AxiosRequestConfig = {
 62 |       url: `${this.baseUrl}/api/v1/upload`,
 63 |       method: 'POST',
 64 |       headers: {
 65 |         'Authorization': this.apiKey,
 66 |         'X-Mobsf-Api-Key': this.apiKey,
 67 |         ...formData.getHeaders()
 68 |       },
 69 |       data: formData
 70 |     };
 71 | 
 72 |     return this.sendRequest<string>(config);
 73 |   }
 74 | 
 75 |   /**
 76 |    * Scan a file that has already been uploaded to MobSF
 77 |    * @param hash Hash of the file to scan
 78 |    * @param reScan Set to true to force a rescan of the file
 79 |    * @returns Scan results
 80 |    */
 81 |   public async scanFile(hash: string, reScan: boolean = false): Promise<string> {
 82 |     const formData = new URLSearchParams();
 83 |     formData.append('hash', hash);
 84 |     formData.append('re_scan', reScan ? '1' : '0');
 85 | 
 86 |     const config: AxiosRequestConfig = {
 87 |       url: `${this.baseUrl}/api/v1/scan`,
 88 |       method: 'POST',
 89 |       headers: {
 90 |         'Authorization': this.apiKey,
 91 |         'X-Mobsf-Api-Key': this.apiKey,
 92 |         'Content-Type': 'application/x-www-form-urlencoded'
 93 |       },
 94 |       data: formData.toString()
 95 |     };
 96 | 
 97 |     return this.sendRequest<string>(config);
 98 |   }
 99 | 
100 |   /**
101 |  * Get scan logs for a specific file
102 |  * @param hash Hash of the file to get logs for
103 |  * @returns Scan logs as a string
104 |  */
105 |   public async getScanLogs(hash: string): Promise<string> {
106 |     const formData = new URLSearchParams();
107 |     formData.append('hash', hash);
108 | 
109 |     const config: AxiosRequestConfig = {
110 |       url: `${this.baseUrl}/api/v1/scan_logs`,
111 |       method: 'POST',
112 |       headers: {
113 |         'Authorization': this.apiKey,
114 |         'X-Mobsf-Api-Key': this.apiKey,
115 |         'Content-Type': 'application/x-www-form-urlencoded'
116 |       },
117 |       data: formData.toString()
118 |     };
119 | 
120 |     return this.sendRequest<string>(config);
121 |   }
122 |   /**
123 |    * Generate a detailed JSON report for a scanned file
124 |    * @param hash Hash of the file to generate a report for
125 |    * @returns Detailed JSON report
126 |    */
127 |   public async generateJsonReport(hash: string): Promise<string> {
128 |     const formData = new URLSearchParams();
129 |     formData.append('hash', hash);
130 | 
131 |     const config: AxiosRequestConfig = {
132 |       url: `${this.baseUrl}/api/v1/report_json`,
133 |       method: 'POST',
134 |       headers: {
135 |         'Authorization': this.apiKey,
136 |         'X-Mobsf-Api-Key': this.apiKey,
137 |         'Content-Type': 'application/x-www-form-urlencoded'
138 |       },
139 |       data: formData.toString()
140 |     };
141 | 
142 |     return this.sendRequest<string>(config);
143 |   }
144 | 
145 |   /**
146 |    * Get a list of recent scans
147 |    * @param page Page number for pagination
148 |    * @param pageSize Number of items per page
149 |    * @returns List of recent scans with pagination info
150 |    */
151 |   public async getRecentScans(page: number = 1, pageSize: number = 10): Promise<string> {
152 |     const config = this.createRequestConfig(
153 |       '/api/v1/scans',
154 |       'GET',
155 |       undefined,
156 |       {
157 |         'Authorization': this.apiKey,
158 |         'X-Mobsf-Api-Key': this.apiKey
159 |       },
160 |       {
161 |         page,
162 |         page_size: pageSize
163 |       }
164 |     );
165 | 
166 |     return this.sendRequest<string>(config);
167 |   }
168 | }
169 | 
170 | export const createMobSFClient = (baseUrl: string, apiKey: string): MobSFClient => {
171 |   return new MobSFClient(baseUrl, apiKey);
172 | };
```

--------------------------------------------------------------------------------
/mobsf-mcp/src/index.ts:
--------------------------------------------------------------------------------

```typescript
  1 | import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
  2 | import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
  3 | import { z } from "zod";
  4 | import { createMobSFClient } from './mobsf';
  5 | 
  6 | // Get command line arguments
  7 | const args = process.argv.slice(2);
  8 | if (args.length < 2) {
  9 |     console.error("Usage: mobfs <baseUrl> <apiKey>");
 10 |     process.exit(1);
 11 | }
 12 | 
 13 | const baseUrl = args[0];
 14 | const apiKey = args[1];
 15 | 
 16 | // Create MobSF client
 17 | const mobsfClient = createMobSFClient(baseUrl, apiKey);
 18 | 
 19 | // Create server instance
 20 | const server = new McpServer({
 21 |     name: "mobsf",
 22 |     version: "1.0.0",
 23 | });
 24 | 
 25 | // Define the scanFile tool
 26 | 
 27 | server.tool(
 28 |     "scanFile",
 29 |     "Scan a file that has already been uploaded to MobSF. This tool analyzes the uploaded mobile application for security vulnerabilities and provides a comprehensive security assessment report.",
 30 |     {
 31 |         hash: z.string().describe("Hash of the file to scan"),
 32 |         reScan: z.boolean().optional().describe("Set to true to force a rescan of the file")
 33 |     },
 34 |     async ({ hash,reScan }) => {
 35 |         // Handle process completion
 36 |         return new Promise((resolve, reject) => {
 37 |             mobsfClient.scanFile(hash,reScan).then(result => {
 38 |                 resolve({
 39 |                     content: [{
 40 |                         type: "text",
 41 |                         text: JSON.stringify(result, null, 2),
 42 |                     }]
 43 |                 });
 44 |             }).catch(error => {
 45 |                 reject(error);
 46 |             });
 47 |         });
 48 |     }
 49 | );
 50 | 
 51 | 
 52 | server.tool(
 53 |     "uploadFile",
 54 |     "Upload a mobile application file (APK, IPA, or APPX) to MobSF for security analysis. This is the first step before scanning and must be done prior to using other analysis functions.",
 55 |     {
 56 |         file: z.string().describe("Upload file path"),
 57 | 
 58 |     },
 59 |     async ({ file }) => {
 60 |         // Handle process completion
 61 |         return new Promise((resolve, reject) => {
 62 |             mobsfClient.uploadFile(file).then(result => {
 63 |                 resolve({
 64 |                     content: [{
 65 |                         type: "text",
 66 |                         text: JSON.stringify(result, null, 2),
 67 |                     }]
 68 |                 });
 69 |             }).catch(error => {
 70 |                 reject(error);
 71 |             });
 72 |         });
 73 |     }
 74 | )
 75 | 
 76 | 
 77 | server.tool(
 78 |     "getScanLogs",
 79 |     "Retrieve detailed scan logs for a previously analyzed mobile application using its hash value. These logs contain information about the scanning process and any issues encountered.",
 80 |     {
 81 |         hash: z.string().describe("Hash file to getting scan logs"),
 82 | 
 83 |     },
 84 |     async ({ hash }) => {
 85 |         // Handle process completion
 86 |         return new Promise((resolve, reject) => {
 87 |             mobsfClient.getScanLogs(hash).then(result => {
 88 |                 resolve({
 89 |                     content: [{
 90 |                         type: "text",
 91 |                         text: JSON.stringify(result, null, 2),
 92 |                     }]
 93 |                 });
 94 |             }).catch(error => {
 95 |                 reject(error);
 96 |             });
 97 |         });
 98 |     }
 99 | )
100 | 
101 | server.tool(
102 |     "getJsonReport",
103 |     "Generate and retrieve a comprehensive security analysis report in JSON format for a scanned mobile application. This report includes detailed findings about security vulnerabilities, permissions, API calls, and other security-relevant information.",
104 |     {
105 |         hash: z.string().describe("Hash file to getting scan logs"),
106 | 
107 |     },
108 |     async ({ hash }) => {
109 |         // Handle process completion
110 |         return new Promise((resolve, reject) => {
111 |             mobsfClient.generateJsonReport(hash).then(result => {
112 |                 resolve({
113 |                     content: [{
114 |                         type: "text",
115 |                         text: JSON.stringify(result, null, 2),
116 |                     }]
117 |                 });
118 |             }).catch(error => {
119 |                 reject(error);
120 |             });
121 |         });
122 |     }
123 | )
124 | 
125 | server.tool(
126 |     "getRecentScans",
127 |     "Retrieve a list of recently performed security scans on the MobSF server, showing mobile applications that have been analyzed, their statuses, and basic scan information.",
128 |     {
129 |         page: z.number().describe("Page number for result"),
130 |         pageSize: z.number().describe("Page size for result"),
131 | 
132 |     },
133 |     async ({ page,pageSize }) => {
134 |         // Handle process completion
135 |         return new Promise((resolve, reject) => {
136 |             mobsfClient.getRecentScans(page,pageSize).then(result => {
137 |                 resolve({
138 |                     content: [{
139 |                         type: "text",
140 |                         text: JSON.stringify(result, null, 2),
141 |                     }]
142 |                 });
143 |             }).catch(error => {
144 |                 reject(error);
145 |             });
146 |         });
147 |     }
148 | )
149 | 
150 | // Start the server
151 | async function main() {
152 |     const transport = new StdioServerTransport();
153 |     await server.connect(transport);
154 |     console.error("mobsf MCP Server running on stdio");
155 | }
156 | 
157 | main().catch((error) => {
158 |     console.error("Fatal error in main():", error);
159 |     process.exit(1);
160 | });
```

--------------------------------------------------------------------------------
/nmap-mcp/src/index.ts:
--------------------------------------------------------------------------------

```typescript
  1 | import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
  2 | import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
  3 | import { z } from "zod";
  4 | import { spawn } from 'child_process';
  5 | 
  6 | const args = process.argv.slice(2);
  7 | if (args.length === 0) {
  8 |     console.error("Usage: nmap <nmap binary>");
  9 |     process.exit(1);
 10 | }
 11 | 
 12 | // Create server instance
 13 | const server = new McpServer({
 14 |     name: "nmap",
 15 |     version: "1.0.0",
 16 | });
 17 | 
 18 | server.tool(
 19 |     "do-nmap",
 20 |     "Run nmap with specified taget",
 21 |     {
 22 |         target: z.string().describe("Target ip to detect open ports"),
 23 |         nmap_args: z.array(z.string()).describe(`Additional nmap arguments 
 24 |             TARGET SPECIFICATION:
 25 |   Can pass hostnames, IP addresses, networks, etc.
 26 |   Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
 27 |   -iL <inputfilename>: Input from list of hosts/networks
 28 |   -iR <num hosts>: Choose random targets
 29 |   --exclude <host1[,host2][,host3],...>: Exclude hosts/networks
 30 |   --excludefile <exclude_file>: Exclude list from file
 31 | HOST DISCOVERY:
 32 |   -sL: List Scan - simply list targets to scan
 33 |   -sn: Ping Scan - disable port scan
 34 |   -Pn: Treat all hosts as online -- skip host discovery
 35 |   -PS/PA/PU/PY[portlist]: TCP SYN, TCP ACK, UDP or SCTP discovery to given ports
 36 |   -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
 37 |   -PO[protocol list]: IP Protocol Ping
 38 |   -n/-R: Never do DNS resolution/Always resolve [default: sometimes]
 39 |   --dns-servers <serv1[,serv2],...>: Specify custom DNS servers
 40 |   --system-dns: Use OS's DNS resolver
 41 |   --traceroute: Trace hop path to each host
 42 | SCAN TECHNIQUES:
 43 |   -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
 44 |   -sU: UDP Scan
 45 |   -sN/sF/sX: TCP Null, FIN, and Xmas scans
 46 |   --scanflags <flags>: Customize TCP scan flags
 47 |   -sI <zombie host[:probeport]>: Idle scan
 48 |   -sY/sZ: SCTP INIT/COOKIE-ECHO scans
 49 |   -sO: IP protocol scan
 50 |   -b <FTP relay host>: FTP bounce scan
 51 | PORT SPECIFICATION AND SCAN ORDER:
 52 |   -p <port ranges>: Only scan specified ports
 53 |     Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9
 54 |   --exclude-ports <port ranges>: Exclude the specified ports from scanning
 55 |   -F: Fast mode - Scan fewer ports than the default scan
 56 |   -r: Scan ports sequentially - don't randomize
 57 |   --top-ports <number>: Scan <number> most common ports
 58 |   --port-ratio <ratio>: Scan ports more common than <ratio>
 59 | SERVICE/VERSION DETECTION:
 60 |   -sV: Probe open ports to determine service/version info
 61 |   --version-intensity <level>: Set from 0 (light) to 9 (try all probes)
 62 |   --version-light: Limit to most likely probes (intensity 2)
 63 |   --version-all: Try every single probe (intensity 9)
 64 |   --version-trace: Show detailed version scan activity (for debugging)
 65 | SCRIPT SCAN:
 66 |   -sC: equivalent to --script=default
 67 |   --script=<Lua scripts>: <Lua scripts> is a comma separated list of
 68 |            directories, script-files or script-categories
 69 |   --script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts
 70 |   --script-args-file=filename: provide NSE script args in a file
 71 |   --script-trace: Show all data sent and received
 72 |   --script-updatedb: Update the script database.
 73 |   --script-help=<Lua scripts>: Show help about scripts.
 74 |            <Lua scripts> is a comma-separated list of script-files or
 75 |            script-categories.
 76 | OS DETECTION:
 77 |   -O: Enable OS detection
 78 |   --osscan-limit: Limit OS detection to promising targets
 79 |   --osscan-guess: Guess OS more aggressively
 80 | TIMING AND PERFORMANCE:
 81 |   Options which take <time> are in seconds, or append 'ms' (milliseconds),
 82 |   's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
 83 |   -T<0-5>: Set timing template (higher is faster)
 84 |   --min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes
 85 |   --min-parallelism/max-parallelism <numprobes>: Probe parallelization
 86 |   --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies
 87 |       probe round trip time.
 88 |   --max-retries <tries>: Caps number of port scan probe retransmissions.
 89 |   --host-timeout <time>: Give up on target after this long
 90 |   --scan-delay/--max-scan-delay <time>: Adjust delay between probes
 91 |   --min-rate <number>: Send packets no slower than <number> per second
 92 |   --max-rate <number>: Send packets no faster than <number> per second
 93 | FIREWALL/IDS EVASION AND SPOOFING:
 94 |   -f; --mtu <val>: fragment packets (optionally w/given MTU)
 95 |   -D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys
 96 |   -S <IP_Address>: Spoof source address
 97 |   -e <iface>: Use specified interface
 98 |   -g/--source-port <portnum>: Use given port number
 99 |   --proxies <url1,[url2],...>: Relay connections through HTTP/SOCKS4 proxies
100 |   --data <hex string>: Append a custom payload to sent packets
101 |   --data-string <string>: Append a custom ASCII string to sent packets
102 |   --data-length <num>: Append random data to sent packets
103 |   --ip-options <options>: Send packets with specified ip options
104 |   --ttl <val>: Set IP time-to-live field
105 |   --spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address
106 |   --badsum: Send packets with a bogus TCP/UDP/SCTP checksum
107 | OUTPUT:
108 |   -oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,
109 |      and Grepable format, respectively, to the given filename.
110 |   -oA <basename>: Output in the three major formats at once
111 |   -v: Increase verbosity level (use -vv or more for greater effect)
112 |   -d: Increase debugging level (use -dd or more for greater effect)
113 |   --reason: Display the reason a port is in a particular state
114 |   --open: Only show open (or possibly open) ports
115 |   --packet-trace: Show all packets sent and received
116 |   --iflist: Print host interfaces and routes (for debugging)
117 |   --append-output: Append to rather than clobber specified output files
118 |   --resume <filename>: Resume an aborted scan
119 |   --noninteractive: Disable runtime interactions via keyboard
120 |   --stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML
121 |   --webxml: Reference stylesheet from Nmap.Org for more portable XML
122 |   --no-stylesheet: Prevent associating of XSL stylesheet w/XML output
123 | MISC:
124 |   -6: Enable IPv6 scanning
125 |   -A: Enable OS detection, version detection, script scanning, and traceroute
126 |   --datadir <dirname>: Specify custom Nmap data file location
127 |   --send-eth/--send-ip: Send using raw ethernet frames or IP packets
128 |   --privileged: Assume that the user is fully privileged
129 |   --unprivileged: Assume the user lacks raw socket privileges
130 |   -V: Print version number
131 |   -h: Print this help summary page.
132 |     `),
133 |     },
134 |     async ({ target, nmap_args }) => {
135 |         const nmap = spawn(args[0], [...nmap_args,target]);
136 |         let output = '';
137 | 
138 |         // Handle stdout
139 |         nmap.stdout.on('data', (data) => {
140 |             output += data.toString();
141 |         });
142 | 
143 |         // Handle stderr
144 |         nmap.stderr.on('data', (data) => {
145 |             output += data.toString();
146 |         });
147 | 
148 |         // Handle process completion
149 |         return new Promise((resolve, reject) => {
150 |             nmap.on('close', (code) => {
151 |                 if (code === 0) {
152 |                     resolve({
153 |                         content: [{
154 |                             type: "text",
155 |                             text: output + "\n nmap completed successfully"
156 |                         }]
157 |                     });
158 |                 } else {
159 |                     reject(new Error(`nmap exited with code ${code}`));
160 |                 }
161 |             });
162 | 
163 |             nmap.on('error', (error) => {
164 |                 reject(new Error(`Failed to start nmap: ${error.message}`));
165 |             });
166 |         });
167 |     },
168 | );
169 | 
170 | // Start the server
171 | async function main() {
172 |     const transport = new StdioServerTransport();
173 |     await server.connect(transport);
174 |     console.error("nmap MCP Server running on stdio");
175 | }
176 | 
177 | main().catch((error) => {
178 |     console.error("Fatal error in main():", error);
179 |     process.exit(1);
180 | });
```

--------------------------------------------------------------------------------
/ffuf-mcp/src/index.ts:
--------------------------------------------------------------------------------

```typescript
  1 | import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
  2 | import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
  3 | import { z } from "zod";
  4 | import { spawn } from 'child_process';
  5 | 
  6 | const args = process.argv.slice(2);
  7 | if (args.length === 0) {
  8 |     console.error("Usage: ffuf-mcp <ffuf binary>");
  9 |     process.exit(1);
 10 | }
 11 | 
 12 | // Create server instance
 13 | const server = new McpServer({
 14 |     name: "ffuf",
 15 |     version: "1.0.0",
 16 | });
 17 | 
 18 | server.tool(
 19 |     "do-ffuf",
 20 |     "Run ffuf with specified URL",
 21 |     {
 22 |         url: z.string().url().describe("Target URL to fuzz"),
 23 |         ffuf_args: z.array(z.string()).describe(`Additional ffuf arguments 
 24 |  HTTP OPTIONS:
 25 |   -H                  Header \`"Name: Value"\`, separated by colon. Multiple -H flags are accepted.
 26 |   -X                  HTTP method to use
 27 |   -b                  Cookie data \`"NAME1=VALUE1; NAME2=VALUE2"\` for copy as curl functionality.
 28 |   -cc                 Client cert for authentication. Client key needs to be defined as well for this to work
 29 |   -ck                 Client key for authentication. Client certificate needs to be defined as well for this to work
 30 |   -d                  POST data
 31 |   -http2              Use HTTP2 protocol (default: false)
 32 |   -ignore-body        Do not fetch the response content. (default: false)
 33 |   -r                  Follow redirects (default: false)
 34 |   -raw                Do not encode URI (default: false)
 35 |   -recursion          Scan recursively. Only FUZZ keyword is supported, and URL (-u) has to end in it. (default: false)
 36 |   -recursion-depth    Maximum recursion depth. (default: 0)
 37 |   -recursion-strategy Recursion strategy: "default" for a redirect based, and "greedy" to recurse on all matches (default: default)
 38 |   -replay-proxy       Replay matched requests using this proxy.
 39 |   -sni                Target TLS SNI, does not support FUZZ keyword
 40 |   -timeout            HTTP request timeout in seconds. (default: 10)
 41 |   -u                  Target URL
 42 |   -x                  Proxy URL (SOCKS5 or HTTP). For example: http://127.0.0.1:8080 or socks5://127.0.0.1:8080
 43 | 
 44 | GENERAL OPTIONS:
 45 |   -V                  Show version information. (default: false)
 46 |   -ac                 Automatically calibrate filtering options (default: false)
 47 |   -acc                Custom auto-calibration string. Can be used multiple times. Implies -ac
 48 |   -ach                Per host autocalibration (default: false)
 49 |   -ack                Autocalibration keyword (default: FUZZ)
 50 |   -acs                Custom auto-calibration strategies. Can be used multiple times. Implies -ac
 51 |   -c                  Colorize output. (default: false)
 52 |   -config             Load configuration from a file
 53 |   -json               JSON output, printing newline-delimited JSON records (default: false)
 54 |   -maxtime            Maximum running time in seconds for entire process. (default: 0)
 55 |   -maxtime-job        Maximum running time in seconds per job. (default: 0)
 56 |   -noninteractive     Disable the interactive console functionality (default: false)
 57 |   -p                  Seconds of \`delay\` between requests, or a range of random delay. For example "0.1" or "0.1-2.0"
 58 |   -rate               Rate of requests per second (default: 0)
 59 |   -s                  Do not print additional information (silent mode) (default: false)
 60 |   -sa                 Stop on all error cases. Implies -sf and -se. (default: false)
 61 |   -scraperfile        Custom scraper file path
 62 |   -scrapers           Active scraper groups (default: all)
 63 |   -se                 Stop on spurious errors (default: false)
 64 |   -search             Search for a FFUFHASH payload from ffuf history
 65 |   -sf                 Stop when > 95% of responses return 403 Forbidden (default: false)
 66 |   -t                  Number of concurrent threads. (default: 40)
 67 |   -v                  Verbose output, printing full URL and redirect location (if any) with the results. (default: false)
 68 | 
 69 | MATCHER OPTIONS:
 70 |   -mc                 Match HTTP status codes, or "all" for everything. (default: 200-299,301,302,307,401,403,405,500)
 71 |   -ml                 Match amount of lines in response
 72 |   -mmode              Matcher set operator. Either of: and, or (default: or)
 73 |   -mr                 Match regexp
 74 |   -ms                 Match HTTP response size
 75 |   -mt                 Match how many milliseconds to the first response byte, either greater or less than. EG: >100 or <100
 76 |   -mw                 Match amount of words in response
 77 | 
 78 | FILTER OPTIONS:
 79 |   -fc                 Filter HTTP status codes from response. Comma separated list of codes and ranges
 80 |   -fl                 Filter by amount of lines in response. Comma separated list of line counts and ranges
 81 |   -fmode              Filter set operator. Either of: and, or (default: or)
 82 |   -fr                 Filter regexp
 83 |   -fs                 Filter HTTP response size. Comma separated list of sizes and ranges
 84 |   -ft                 Filter by number of milliseconds to the first response byte, either greater or less than. EG: >100 or <100
 85 |   -fw                 Filter by amount of words in response. Comma separated list of word counts and ranges
 86 | 
 87 | INPUT OPTIONS:
 88 |   -D                  DirSearch wordlist compatibility mode. Used in conjunction with -e flag. (default: false)
 89 |   -e                  Comma separated list of extensions. Extends FUZZ keyword.
 90 |   -enc                Encoders for keywords, eg. 'FUZZ:urlencode b64encode'
 91 |   -ic                 Ignore wordlist comments (default: false)
 92 |   -input-cmd          Command producing the input. --input-num is required when using this input method. Overrides -w.
 93 |   -input-num          Number of inputs to test. Used in conjunction with --input-cmd. (default: 100)
 94 |   -input-shell        Shell to be used for running command
 95 |   -mode               Multi-wordlist operation mode. Available modes: clusterbomb, pitchfork, sniper (default: clusterbomb)
 96 |   -request            File containing the raw http request
 97 |   -request-proto      Protocol to use along with raw request (default: https)
 98 |   -w                  Wordlist file path and (optional) keyword separated by colon. eg. '/path/to/wordlist:KEYWORD'
 99 | 
100 | OUTPUT OPTIONS:
101 |   -debug-log          Write all of the internal logging to the specified file.
102 |   -o                  Write output to file
103 |   -od                 Directory path to store matched results to.
104 |   -of                 Output file format. Available formats: json, ejson, html, md, csv, ecsv (or, 'all' for all formats) (default: json)
105 |   -or                 Don't create the output file if we don't have results (default: false)
106 |     `),
107 |     },
108 |     async ({ url, ffuf_args }) => {
109 |         const ffuf = spawn(args[0], ['-u', url, ...ffuf_args]);
110 |         let output = '';
111 | 
112 |         // Handle stdout
113 |         ffuf.stdout.on('data', (data) => {
114 |             output += data.toString();
115 |         });
116 | 
117 |         // Handle stderr
118 |         ffuf.stderr.on('data', (data) => {
119 |             output += data.toString();
120 |         });
121 | 
122 |         // Handle process completion
123 |         return new Promise((resolve, reject) => {
124 |             ffuf.on('close', (code) => {
125 |                 if (code === 0) {
126 |                     resolve({
127 |                         content: [{
128 |                             type: "text",
129 |                             text: output + "\n ffuf completed successfully"
130 |                         }]
131 |                     });
132 |                 } else {
133 |                     reject(new Error(`ffuf exited with code ${code}`));
134 |                 }
135 |             });
136 | 
137 |             ffuf.on('error', (error) => {
138 |                 reject(new Error(`Failed to start ffuf: ${error.message}`));
139 |             });
140 |         });
141 |     },
142 | );
143 | 
144 | // Start the server
145 | async function main() {
146 |     const transport = new StdioServerTransport();
147 |     await server.connect(transport);
148 |     console.error("ffuf MCP Server running on stdio");
149 | }
150 | 
151 | main().catch((error) => {
152 |     console.error("Fatal error in main():", error);
153 |     process.exit(1);
154 | });
```