mcp-for-security and mcp-security-hub

These are competitors offering overlapping MCP integrations for the same security tools (Nmap, SQLMap, etc.), so users would typically choose one based on which tool set and implementation quality better fits their penetration testing workflow.

mcp-for-security
55
Established
mcp-security-hub
51
Established
Maintenance 13/25
Adoption 10/25
Maturity 9/25
Community 23/25
Maintenance 13/25
Adoption 10/25
Maturity 9/25
Community 19/25
Stars: 559
Forks: 98
Downloads:
Commits (30d): 1
Language: TypeScript
License: MIT
Stars: 461
Forks: 63
Downloads:
Commits (30d): 0
Language: Python
License: MIT
No Package No Dependents
No Package No Dependents

About mcp-for-security

cyproxio/mcp-for-security

MCP for Security: A collection of Model Context Protocol servers for popular security tools like SQLMap, FFUF, NMAP, Masscan and more. Integrate security testing and penetration testing into AI workflows.

Each MCP server wraps a security tool with standardized input/output interfaces, enabling LLMs and AI agents to execute reconnaissance, scanning, and vulnerability testing tasks programmatically. The collection spans the full security testing lifecycle—from passive reconnaissance (Amass, certificate enumeration) through active scanning (Nmap, Masscan, FFUF) to vulnerability assessment (Nuclei, SQLmap, WPScan)—all deployable via Docker or standalone. Designed for integration with the Cyprox agentic-AI platform and any MCP-compatible client, it enables orchestrated security workflows where AI systems chain multiple tools together for automated threat detection and remediation.

About mcp-security-hub

FuzzingLabs/mcp-security-hub

A growing collection of MCP servers bringing offensive security tools to AI assistants. Nmap, Ghidra, Nuclei, SQLMap, Hashcat and more.

Implements 38 modular MCP servers as production-hardened Docker containers that expose 300+ security tools through a unified natural-language interface to Claude and other AI clients. Each server wraps tools like Nuclei, SQLMap, and Radare2 with stdio transport, enabling multi-tool workflows via Docker Compose orchestration while maintaining security posture through non-root containers and automated Trivy vulnerability scanning. Supports both global Claude Desktop configuration and project-level `.mcp.json` deployments with volume mounting for file access.

Related comparisons

mcp-for-security and pentest-mcp mcp-for-security and mcp-shodan mcp-for-security and mcp-armor mcp-for-security and mcp-checkpoint mcp-for-security and Wazuh-MCP-Server mcp-for-security and mcp-virustotal

Scores updated daily from GitHub, PyPI, and npm data. How scores work