mcp-security-hub
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseMCP Security Hub
MCP Security Hub
Overview
概述
MCP Security Hub is a collection of 38 production-ready, Dockerized MCP (Model Context Protocol) servers that bring offensive security tools to AI assistants. It enables Claude and other MCP clients to perform security assessments, vulnerability scanning, binary analysis, and penetration testing through natural language interactions.
Key capabilities:
- 300+ security tools across 13 categories (reconnaissance, web security, binary analysis, blockchain, cloud, OSINT, etc.)
- Docker-based architecture with security hardening (non-root, capability dropping, read-only mounts)
- Natural language interface to complex security tools
- Multi-tool orchestration via Docker Compose
- CI/CD-ready with automated builds and Trivy scanning
MCP Security Hub是一组包含38个可用于生产环境、基于Docker化的MCP(Model Context Protocol)服务器,可为AI助手带来攻击性安全工具。它使Claude及其他MCP客户端能够通过自然语言交互执行安全评估、漏洞扫描、二进制分析和渗透测试。
核心功能:
- 涵盖13个类别(侦察、Web安全、二进制分析、区块链、云、开源情报等)的300+安全工具
- 具备安全加固的Docker架构(非root运行、权限缩减、只读挂载)
- 复杂安全工具的自然语言交互界面
- 通过Docker Compose实现多工具编排
- 支持CI/CD,包含自动化构建和Trivy扫描
Installation
安装
Prerequisites
前置条件
- Docker and Docker Compose installed
- Claude Desktop or another MCP client
- Git for cloning the repository
- 已安装Docker和Docker Compose
- Claude Desktop或其他MCP客户端
- Git(用于克隆仓库)
Setup Steps
设置步骤
- Clone the repository:
bash
git clone https://github.com/FuzzingLabs/mcp-security-hub
cd mcp-security-hub- Build all MCP servers:
bash
docker-compose buildOr build specific servers:
bash
docker-compose build nmap-mcp nuclei-mcp sqlmap-mcp- Configure Claude Desktop:
Edit your Claude Desktop config file:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
json
{
"mcpServers": {
"nmap": {
"command": "docker",
"args": ["run", "-i", "--rm", "--cap-add=NET_RAW", "nmap-mcp:latest"]
},
"nuclei": {
"command": "docker",
"args": ["run", "-i", "--rm", "nuclei-mcp:latest"]
},
"sqlmap": {
"command": "docker",
"args": ["run", "-i", "--rm", "sqlmap-mcp:latest"]
},
"gitleaks": {
"command": "docker",
"args": ["run", "-i", "--rm", "-v", "${HOME}/projects:/app/target:ro", "gitleaks-mcp:latest"]
},
"radare2": {
"command": "docker",
"args": ["run", "-i", "--rm", "-v", "${HOME}/binaries:/samples:ro", "radare2-mcp:latest"]
}
}
}- Restart Claude Desktop to load the new MCP servers.
- 克隆仓库:
bash
git clone https://github.com/FuzzingLabs/mcp-security-hub
cd mcp-security-hub- 构建所有MCP服务器:
bash
docker-compose build或构建特定服务器:
bash
docker-compose build nmap-mcp nuclei-mcp sqlmap-mcp- 配置Claude Desktop:
编辑Claude Desktop配置文件:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
json
{
"mcpServers": {
"nmap": {
"command": "docker",
"args": ["run", "-i", "--rm", "--cap-add=NET_RAW", "nmap-mcp:latest"]
},
"nuclei": {
"command": "docker",
"args": ["run", "-i", "--rm", "nuclei-mcp:latest"]
},
"sqlmap": {
"command": "docker",
"args": ["run", "-i", "--rm", "sqlmap-mcp:latest"]
},
"gitleaks": {
"command": "docker",
"args": ["run", "-i", "--rm", "-v", "${HOME}/projects:/app/target:ro", "gitleaks-mcp:latest"]
},
"radare2": {
"command": "docker",
"args": ["run", "-i", "--rm", "-v", "${HOME}/binaries:/samples:ro", "radare2-mcp:latest"]
}
}
}- 重启Claude Desktop以加载新的MCP服务器。
Key MCP Servers by Category
按类别划分的核心MCP服务器
Reconnaissance
侦察
nmap-mcp - Port scanning and service detection:
bash
undefinednmap-mcp - 端口扫描与服务探测:
bash
undefinedStart the server
启动服务器
docker-compose up nmap-mcp -d
docker-compose up nmap-mcp -d
Example prompts:
示例提示:
"Scan 192.168.1.0/24 for open ports"
"扫描192.168.1.0/24网段的开放端口"
"Perform service detection on 10.0.0.5"
"对10.0.0.5执行服务探测"
"Run aggressive scan with OS detection on example.com"
"对example.com执行带操作系统探测的深度扫描"
**whatweb-mcp** - Web technology fingerprinting:
```bash
docker-compose up whatweb-mcp -d
**whatweb-mcp** - Web技术指纹识别:
```bash
docker-compose up whatweb-mcp -dExample prompts:
示例提示:
"Identify technologies used on example.com"
"识别example.com使用的技术栈"
"Fingerprint the CMS on this website"
"识别该网站的CMS系统"
**masscan-mcp** - High-speed port scanning:
```bash
docker-compose up masscan-mcp -d
**masscan-mcp** - 高速端口扫描:
```bash
docker-compose up masscan-mcp -dExample prompts:
示例提示:
"Fast scan ports 1-65535 on 10.0.0.0/16"
"快速扫描10.0.0.0/16网段的1-65535端口"
"Scan for web servers across this entire subnet"
"扫描整个子网中的Web服务器"
undefinedundefinedWeb Security
Web安全
nuclei-mcp - Template-based vulnerability scanning:
bash
docker-compose up nuclei-mcp -dnuclei-mcp - 基于模板的漏洞扫描:
bash
docker-compose up nuclei-mcp -dExample prompts:
示例提示:
"Scan example.com for CVEs and misconfigurations"
"扫描example.com的CVE漏洞和配置错误"
"Check this site for exposed sensitive files"
"检查该站点是否存在暴露的敏感文件"
"Run nuclei templates for authentication bypass"
"运行nuclei模板检测身份认证绕过漏洞"
**sqlmap-mcp** - SQL injection testing:
```bash
docker-compose up sqlmap-mcp -d
**sqlmap-mcp** - SQL注入测试:
```bash
docker-compose up sqlmap-mcp -dExample prompts:
示例提示:
"Test https://example.com/page?id=1 for SQL injection"
"Check if this login form is vulnerable to SQLi"
"检查该登录表单是否易受SQLi攻击"
"Enumerate databases on this vulnerable endpoint"
"枚举该漏洞端点的数据库信息"
**ffuf-mcp** - Web fuzzing:
```bash
docker-compose up ffuf-mcp -d
**ffuf-mcp** - Web模糊测试:
```bash
docker-compose up ffuf-mcp -dExample prompts:
示例提示:
"Fuzz directories on example.com"
"对example.com进行目录模糊测试"
"Find hidden API endpoints on this application"
"查找该应用中隐藏的API端点"
"Brute force parameter names for this URL"
"对该URL的参数名进行暴力破解"
undefinedundefinedBinary Analysis
二进制分析
radare2-mcp - Reverse engineering (requires volume mount):
bash
docker run -i --rm -v /path/to/binaries:/samples:ro radare2-mcp:latestradare2-mcp - 逆向工程(需要挂载卷):
bash
docker run -i --rm -v /path/to/binaries:/samples:ro radare2-mcp:latestExample prompts:
示例提示:
"Disassemble /samples/malware.exe and find main function"
"反汇编/samples/malware.exe并找到主函数"
"Analyze this binary for suspicious strings"
"分析该二进制文件中的可疑字符串"
"Decompile the authentication routine"
"反编译身份认证相关的代码逻辑"
**binwalk-mcp** - Firmware analysis:
```bash
docker-compose up binwalk-mcp -d
**binwalk-mcp** - 固件分析:
```bash
docker-compose up binwalk-mcp -dExample prompts:
示例提示:
"Extract filesystem from this firmware image"
"从该固件镜像中提取文件系统"
"Scan for embedded files in this binary"
"扫描该二进制文件中的嵌入文件"
"Analyze this router firmware for security issues"
"分析该路由器固件中的安全问题"
**yara-mcp** - Malware pattern matching:
```bash
docker-compose up yara-mcp -d
**yara-mcp** - 恶意软件模式匹配:
```bash
docker-compose up yara-mcp -dExample prompts:
示例提示:
"Scan this file for malware signatures"
"扫描该文件是否存在恶意软件签名"
"Check if this binary matches ransomware patterns"
"检查该二进制文件是否匹配勒索软件特征"
undefinedundefinedSecrets Detection
密钥检测
gitleaks-mcp - Find credentials in repos:
bash
docker run -i --rm -v /path/to/repo:/app/target:ro gitleaks-mcp:latestgitleaks-mcp - 查找仓库中的凭据:
bash
docker run -i --rm -v /path/to/repo:/app/target:ro gitleaks-mcp:latestExample prompts:
示例提示:
"Scan this repository for hardcoded secrets"
"扫描该仓库中的硬编码密钥"
"Find API keys in the commit history"
"在提交历史中查找API密钥"
"Check for AWS credentials in the codebase"
"检查代码库中的AWS凭据"
undefinedundefinedCloud Security
云安全
trivy-mcp - Container and IaC scanning:
bash
docker-compose up trivy-mcp -dtrivy-mcp - 容器与IaC扫描:
bash
docker-compose up trivy-mcp -dExample prompts:
示例提示:
"Scan this Docker image for vulnerabilities"
"扫描该Docker镜像中的漏洞"
"Audit my Terraform files for misconfigurations"
"审计我的Terraform文件中的配置错误"
"Check this Kubernetes manifest for security issues"
"检查该Kubernetes清单中的安全问题"
**prowler-mcp** - Cloud security auditing:
```bash
docker-compose up prowler-mcp -d
**prowler-mcp** - 云安全审计:
```bash
docker-compose up prowler-mcp -dExample prompts:
示例提示:
"Audit my AWS account for security best practices"
"审计我的AWS账户是否符合安全最佳实践"
"Check Azure for compliance violations"
"检查Azure是否存在合规性违规"
"Scan GCP project for misconfigurations"
"扫描GCP项目中的配置错误"
undefinedundefinedProject Structure
项目结构
mcp-security-hub/
├── reconnaissance/
│ ├── nmap-mcp/
│ ├── masscan-mcp/
│ ├── whatweb-mcp/
│ └── ...
├── web-security/
│ ├── nuclei-mcp/
│ ├── sqlmap-mcp/
│ ├── ffuf-mcp/
│ └── ...
├── binary-analysis/
│ ├── radare2-mcp/
│ ├── binwalk-mcp/
│ ├── yara-mcp/
│ └── ...
├── cloud-security/
│ ├── trivy-mcp/
│ ├── prowler-mcp/
│ └── ...
├── secrets/
│ └── gitleaks-mcp/
├── docker-compose.yml
└── examples/
└── .mcp.json (full config template)mcp-security-hub/
├── reconnaissance/
│ ├── nmap-mcp/
│ ├── masscan-mcp/
│ ├── whatweb-mcp/
│ └── ...
├── web-security/
│ ├── nuclei-mcp/
│ ├── sqlmap-mcp/
│ ├── ffuf-mcp/
│ └── ...
├── binary-analysis/
│ ├── radare2-mcp/
│ ├── binwalk-mcp/
│ ├── yara-mcp/
│ └── ...
├── cloud-security/
│ ├── trivy-mcp/
│ ├── prowler-mcp/
│ └── ...
├── secrets/
│ └── gitleaks-mcp/
├── docker-compose.yml
└── examples/
└── .mcp.json (完整配置模板)Docker Compose Orchestration
Docker Compose编排
Start multiple servers simultaneously:
bash
undefined同时启动多个服务器:
bash
undefinedReconnaissance stack
侦察工具栈
docker-compose up nmap-mcp whatweb-mcp masscan-mcp -d
docker-compose up nmap-mcp whatweb-mcp masscan-mcp -d
Web security stack
Web安全工具栈
docker-compose up nuclei-mcp sqlmap-mcp ffuf-mcp -d
docker-compose up nuclei-mcp sqlmap-mcp ffuf-mcp -d
Full suite
完整工具集
docker-compose up -d
docker-compose up -d
Check status
检查状态
docker-compose ps
docker-compose ps
View logs
查看日志
docker-compose logs -f nmap-mcp
docker-compose logs -f nmap-mcp
Stop services
停止服务
docker-compose down
undefineddocker-compose down
undefinedCommon Usage Patterns
常见使用模式
Network Reconnaissance Workflow
网络侦察工作流
bash
undefinedbash
undefined1. Build required images
1. 构建所需镜像
docker-compose build nmap-mcp whatweb-mcp
docker-compose build nmap-mcp whatweb-mcp
2. Start services
2. 启动服务
docker-compose up nmap-mcp whatweb-mcp -d
docker-compose up nmap-mcp whatweb-mcp -d
3. In Claude Desktop, use natural language:
3. 在Claude Desktop中使用自然语言:
"Scan 192.168.1.0/24 for web servers, then fingerprint their technologies"
"扫描192.168.1.0/24网段中的Web服务器,然后识别它们的技术栈"
Claude will orchestrate:
1. nmap-mcp scans for ports 80, 443, 8080
2. whatweb-mcp fingerprints each discovered host
3. Consolidates results into a security assessment
Claude将自动编排:
1. nmap-mcp扫描80、443、8080端口
2. whatweb-mcp识别每个发现主机的技术栈
3. 将结果整合为安全评估报告Web Application Assessment
Web应用评估
bash
undefinedbash
undefinedBuild and start
构建并启动
docker-compose build nuclei-mcp sqlmap-mcp ffuf-mcp
docker-compose up nuclei-mcp sqlmap-mcp ffuf-mcp -d
docker-compose build nuclei-mcp sqlmap-mcp ffuf-mcp
docker-compose up nuclei-mcp sqlmap-mcp ffuf-mcp -d
Prompt:
提示:
"Assess example.com for vulnerabilities: scan for CVEs, test for SQL injection, and fuzz directories"
"评估example.com的安全性:扫描CVE漏洞、测试SQL注入、进行目录模糊测试"
undefinedundefinedBinary Analysis Pipeline
二进制分析流水线
bash
undefinedbash
undefinedMount your binaries directory
挂载二进制文件目录
docker run -i --rm -v /path/to/samples:/samples:ro radare2-mcp:latest &
docker-compose up binwalk-mcp yara-mcp capa-mcp -d
docker run -i --rm -v /path/to/samples:/samples:ro radare2-mcp:latest &
docker-compose up binwalk-mcp yara-mcp capa-mcp -d
Prompt:
提示:
"Analyze /samples/suspicious.exe: extract strings, identify capabilities, and scan for malware"
"分析/samples/suspicious.exe:提取字符串、识别功能、扫描恶意软件"
undefinedundefinedSecrets Scanning in CI/CD
CI/CD中的密钥扫描
bash
undefinedbash
undefinedScan repository
扫描仓库
docker run -i --rm
-v $(pwd):/app/target:ro
gitleaks-mcp:latest
-v $(pwd):/app/target:ro
gitleaks-mcp:latest
docker run -i --rm
-v $(pwd):/app/target:ro
gitleaks-mcp:latest
-v $(pwd):/app/target:ro
gitleaks-mcp:latest
In automation:
自动化场景:
"Scan the current repository for hardcoded secrets and API keys"
"扫描当前仓库中的硬编码密钥和API密钥"
undefinedundefinedConfiguration Examples
配置示例
Volume Mounts for File Analysis
文件分析的卷挂载
For servers that need to access files (radare2, binwalk, gitleaks):
json
{
"mcpServers": {
"radare2": {
"command": "docker",
"args": [
"run", "-i", "--rm",
"-v", "/home/user/malware:/samples:ro",
"radare2-mcp:latest"
]
},
"gitleaks": {
"command": "docker",
"args": [
"run", "-i", "--rm",
"-v", "/home/user/projects:/app/target:ro",
"gitleaks-mcp:latest"
]
}
}
}对于需要访问文件的服务器(radare2、binwalk、gitleaks):
json
{
"mcpServers": {
"radare2": {
"command": "docker",
"args": [
"run", "-i", "--rm",
"-v", "/home/user/malware:/samples:ro",
"radare2-mcp:latest"
]
},
"gitleaks": {
"command": "docker",
"args": [
"run", "-i", "--rm",
"-v", "/home/user/projects:/app/target:ro",
"gitleaks-mcp:latest"
]
}
}
}Network Capabilities
网络权限
For servers requiring raw socket access (nmap, masscan):
json
{
"mcpServers": {
"nmap": {
"command": "docker",
"args": [
"run", "-i", "--rm",
"--cap-add=NET_RAW",
"nmap-mcp:latest"
]
}
}
}对于需要原始套接字访问的服务器(nmap、masscan):
json
{
"mcpServers": {
"nmap": {
"command": "docker",
"args": [
"run", "-i", "--rm",
"--cap-add=NET_RAW",
"nmap-mcp:latest"
]
}
}
}API-Based Servers
基于API的服务器
For servers requiring API keys (use environment variables):
json
{
"mcpServers": {
"shodan": {
"command": "docker",
"args": [
"run", "-i", "--rm",
"-e", "SHODAN_API_KEY",
"shodan-mcp:latest"
],
"env": {
"SHODAN_API_KEY": "${SHODAN_API_KEY}"
}
},
"virustotal": {
"command": "docker",
"args": [
"run", "-i", "--rm",
"-e", "VT_API_KEY",
"virustotal-mcp:latest"
],
"env": {
"VT_API_KEY": "${VT_API_KEY}"
}
}
}
}对于需要API密钥的服务器(使用环境变量):
json
{
"mcpServers": {
"shodan": {
"command": "docker",
"args": [
"run", "-i", "--rm",
"-e", "SHODAN_API_KEY",
"shodan-mcp:latest"
],
"env": {
"SHODAN_API_KEY": "${SHODAN_API_KEY}"
}
},
"virustotal": {
"command": "docker",
"args": [
"run", "-i", "--rm",
"-e", "VT_API_KEY",
"virustotal-mcp:latest"
],
"env": {
"VT_API_KEY": "${VT_API_KEY}"
}
}
}
}Building Individual Servers
构建独立服务器
Each server can be built independently:
bash
undefined每个服务器都可以独立构建:
bash
undefinedNavigate to server directory
进入服务器目录
cd reconnaissance/nmap-mcp
cd reconnaissance/nmap-mcp
Build with Docker
使用Docker构建
docker build -t nmap-mcp:latest .
docker build -t nmap-mcp:latest .
Run directly
直接运行
docker run -i --rm --cap-add=NET_RAW nmap-mcp:latest
docker run -i --rm --cap-add=NET_RAW nmap-mcp:latest
Or use docker-compose from root
或从根目录使用docker-compose
cd ../..
docker-compose build nmap-mcp
docker-compose run --rm nmap-mcp
undefinedcd ../..
docker-compose build nmap-mcp
docker-compose run --rm nmap-mcp
undefinedSecurity Hardening Features
安全加固特性
All containers implement:
- Non-root execution: Runs as (UID 1000)
mcpuser - Capability dropping: with selective adds
cap_drop: ALL - Read-only mounts: Sample directories are
:ro - No new privileges:
security_opt: no-new-privileges:true - Resource limits: CPU and memory constraints in docker-compose
- Minimal base images: Alpine/Debian slim
- Health checks: Built-in container monitoring
- Vulnerability scanning: Trivy scans in CI/CD
Example Dockerfile pattern:
dockerfile
FROM python:3.11-alpine所有容器均实现:
- 非root执行:以(UID 1000)身份运行
mcpuser - 权限缩减:并选择性添加必要权限
cap_drop: ALL - 只读挂载:样本目录设置为
:ro - 禁止新权限:
security_opt: no-new-privileges:true - 资源限制:docker-compose中设置CPU和内存约束
- 轻量级基础镜像:使用Alpine/Debian slim镜像
- 健康检查:内置容器监控
- 漏洞扫描:CI/CD中集成Trivy扫描
示例Dockerfile模式:
dockerfile
FROM python:3.11-alpineCreate non-root user
创建非root用户
RUN addgroup -g 1000 mcpuser &&
adduser -D -u 1000 -G mcpuser mcpuser
adduser -D -u 1000 -G mcpuser mcpuser
RUN addgroup -g 1000 mcpuser &&
adduser -D -u 1000 -G mcpuser mcpuser
adduser -D -u 1000 -G mcpuser mcpuser
Install tool
安装工具
RUN apk add --no-cache nmap nmap-scripts
RUN apk add --no-cache nmap nmap-scripts
Switch to non-root
切换到非root用户
USER mcpuser
WORKDIR /app
USER mcpuser
WORKDIR /app
Copy MCP server
复制MCP服务器代码
COPY --chown=mcpuser:mcpuser server.py .
CMD ["python", "server.py"]
undefinedCOPY --chown=mcpuser:mcpuser server.py .
CMD ["python", "server.py"]
undefinedTroubleshooting
故障排除
MCP Server Not Appearing in Claude
MCP服务器未在Claude中显示
-
Verify build completed:bash
docker images | grep mcp -
Check Claude config syntax:bash
# Validate JSON cat ~/Library/Application\ Support/Claude/claude_desktop_config.json | python -m json.tool -
Restart Claude Desktop completely (Quit, not just close window)
-
Check Docker daemon is running:bash
docker ps
-
验证构建完成:bash
docker images | grep mcp -
检查Claude配置语法:bash
# 验证JSON格式 cat ~/Library/Application\ Support/Claude/claude_desktop_config.json | python -m json.tool -
完全重启Claude Desktop(退出程序,而非仅关闭窗口)
-
检查Docker守护进程是否运行:bash
docker ps
Permission Denied Errors
权限拒绝错误
For network scanning tools (nmap, masscan), add capability:
NET_RAWjson
{
"command": "docker",
"args": ["run", "-i", "--rm", "--cap-add=NET_RAW", "nmap-mcp:latest"]
}对于网络扫描工具(nmap、masscan),添加权限:
NET_RAWjson
{
"command": "docker",
"args": ["run", "-i", "--rm", "--cap-add=NET_RAW", "nmap-mcp:latest"]
}Volume Mount Issues
卷挂载问题
Ensure paths exist and use absolute paths:
json
{
"command": "docker",
"args": [
"run", "-i", "--rm",
"-v", "/absolute/path/to/files:/samples:ro",
"radare2-mcp:latest"
]
}确保路径存在并使用绝对路径:
json
{
"command": "docker",
"args": [
"run", "-i", "--rm",
"-v", "/absolute/path/to/files:/samples:ro",
"radare2-mcp:latest"
]
}Container Fails to Start
容器启动失败
Check logs:
bash
docker-compose logs nmap-mcp
docker logs $(docker ps -aq --filter name=nmap-mcp)Verify health:
bash
docker-compose ps
docker inspect nmap-mcp:latest查看日志:
bash
docker-compose logs nmap-mcp
docker logs $(docker ps -aq --filter name=nmap-mcp)验证健康状态:
bash
docker-compose ps
docker inspect nmap-mcp:latestAPI Key Not Working
API密钥无效
For API-based servers, ensure environment variables are exported:
bash
export SHODAN_API_KEY="your-key-here"
export VT_API_KEY="your-key-here"对于基于API的服务器,确保环境变量已导出:
bash
export SHODAN_API_KEY="your-key-here"
export VT_API_KEY="your-key-here"Then start Claude Desktop from the same shell
然后从同一终端启动Claude Desktop
open -a "Claude"
Or set in Claude config:
```json
{
"mcpServers": {
"shodan": {
"command": "docker",
"args": ["run", "-i", "--rm", "-e", "SHODAN_API_KEY", "shodan-mcp:latest"],
"env": {
"SHODAN_API_KEY": "${SHODAN_API_KEY}"
}
}
}
}open -a "Claude"
或在Claude配置中设置:
```json
{
"mcpServers": {
"shodan": {
"command": "docker",
"args": ["run", "-i", "--rm", "-e", "SHODAN_API_KEY", "shodan-mcp:latest"],
"env": {
"SHODAN_API_KEY": "${SHODAN_API_KEY}"
}
}
}
}Build Failures
构建失败
Update Docker Compose schema version if needed:
yaml
version: '3.8' # or higherClean build cache:
bash
docker-compose build --no-cache nmap-mcp
docker system prune -a如有需要,更新Docker Compose schema版本:
yaml
version: '3.8' # 或更高版本清理构建缓存:
bash
docker-compose build --no-cache nmap-mcp
docker system prune -aMCP Protocol Errors
MCP协议错误
Ensure MCP client (Claude Desktop) is up to date. The servers implement the Model Context Protocol specification and require compatible clients.
确保MCP客户端(Claude Desktop)已更新。这些服务器实现了Model Context Protocol规范,需要兼容的客户端。
Advanced Usage
高级用法
Custom MCP Server Development
自定义MCP服务器开发
Follow the project's structure to add new security tools:
new-category/
└── newtool-mcp/
├── Dockerfile
├── server.py
├── requirements.txt
└── README.mdExample structure:
server.pypython
#!/usr/bin/env python3
import json
import subprocess
import sys
def handle_request(request):
"""Handle MCP protocol requests"""
method = request.get("method")
params = request.get("params", {})
if method == "tools/list":
return {
"tools": [
{
"name": "scan_target",
"description": "Scan target with tool",
"inputSchema": {
"type": "object",
"properties": {
"target": {"type": "string"}
},
"required": ["target"]
}
}
]
}
elif method == "tools/call":
tool_name = params.get("name")
arguments = params.get("arguments", {})
if tool_name == "scan_target":
result = subprocess.run(
["tool", "scan", arguments["target"]],
capture_output=True,
text=True,
timeout=300
)
return {"content": [{"type": "text", "text": result.stdout}]}
return {"error": "Unknown method"}
if __name__ == "__main__":
for line in sys.stdin:
request = json.loads(line)
response = handle_request(request)
print(json.dumps(response))
sys.stdout.flush()遵循项目结构添加新的安全工具:
new-category/
└── newtool-mcp/
├── Dockerfile
├── server.py
├── requirements.txt
└── README.md示例结构:
server.pypython
#!/usr/bin/env python3
import json
import subprocess
import sys
def handle_request(request):
"""处理MCP协议请求"""
method = request.get("method")
params = request.get("params", {})
if method == "tools/list":
return {
"tools": [
{
"name": "scan_target",
"description": "使用工具扫描目标",
"inputSchema": {
"type": "object",
"properties": {
"target": {"type": "string"}
},
"required": ["target"]
}
}
]
}
elif method == "tools/call":
tool_name = params.get("name")
arguments = params.get("arguments", {})
if tool_name == "scan_target":
result = subprocess.run(
["tool", "scan", arguments["target"]],
capture_output=True,
text=True,
timeout=300
)
return {"content": [{"type": "text", "text": result.stdout}]}
return {"error": "未知方法"}
if __name__ == "__main__":
for line in sys.stdin:
request = json.loads(line)
response = handle_request(request)
print(json.dumps(response))
sys.stdout.flush()Multi-Stage Security Assessments
多阶段安全评估
Combine multiple servers in a single workflow:
User: "Perform a full security assessment of example.com"
Claude orchestrates:
1. nmap-mcp: Port scan and service detection
2. whatweb-mcp: Technology fingerprinting
3. nuclei-mcp: CVE and misconfiguration scanning
4. sqlmap-mcp: SQL injection testing on discovered forms
5. ffuf-mcp: Directory and file fuzzing
6. gitleaks-mcp: Check if .git directory exposed and scan for secrets
Results consolidated into comprehensive report.在单个工作流中组合多个服务器:
用户:"对example.com执行全面安全评估"
Claude自动编排:
1. nmap-mcp:端口扫描与服务探测
2. whatweb-mcp:技术栈指纹识别
3. nuclei-mcp:CVE漏洞与配置错误扫描
4. sqlmap-mcp:对发现的表单进行SQL注入测试
5. ffuf-mcp:目录与文件模糊测试
6. gitleaks-mcp:检查是否暴露.git目录并扫描密钥
最终将结果整合为综合报告。Resources
资源
- Documentation: https://fuzzinglabs.github.io/mcp-security-hub/
- GitHub: https://github.com/FuzzingLabs/mcp-security-hub
- MCP Protocol: https://modelcontextprotocol.io/
- Examples: https://github.com/FuzzingLabs/mcp-security-hub/tree/main/examples
This skill enables AI coding agents to guide developers in deploying and using the MCP Security Hub for offensive security testing through natural language interactions with Claude and other MCP clients.
- 文档:https://fuzzinglabs.github.io/mcp-security-hub/
- GitHub:https://github.com/FuzzingLabs/mcp-security-hub
- MCP协议:https://modelcontextprotocol.io/
- 示例:https://github.com/FuzzingLabs/mcp-security-hub/tree/main/examples
该技能使AI编码助手能够通过与Claude及其他MCP客户端的自然语言交互,指导开发者部署和使用MCP Security Hub进行攻击性安全测试。