mcp-for-security and mcp-armor

These are complementary tools: one provides defensive monitoring and security scanning of MCP operations themselves, while the other provides offensive security testing capabilities (SQLMap, NMAP, etc.) that would be the tools being monitored and integrated into AI workflows.

mcp-for-security
62
Established
mcp-armor
61
Established
Maintenance 13/25
Adoption 10/25
Maturity 16/25
Community 23/25
Maintenance 13/25
Adoption 15/25
Maturity 22/25
Community 11/25
Stars: 559
Forks: 98
Downloads:
Commits (30d): 1
Language: TypeScript
License: MIT
Stars: 112
Forks: 9
Downloads: 422
Commits (30d): 0
Language: Python
License: Apache-2.0
No Package No Dependents
No risk flags

About mcp-for-security

cyproxio/mcp-for-security

MCP for Security: A collection of Model Context Protocol servers for popular security tools like SQLMap, FFUF, NMAP, Masscan and more. Integrate security testing and penetration testing into AI workflows.

Each MCP server wraps a security tool with standardized input/output interfaces, enabling LLMs and AI agents to execute reconnaissance, scanning, and vulnerability testing tasks programmatically. The collection spans the full security testing lifecycle—from passive reconnaissance (Amass, certificate enumeration) through active scanning (Nmap, Masscan, FFUF) to vulnerability assessment (Nuclei, SQLmap, WPScan)—all deployable via Docker or standalone. Designed for integration with the Cyprox agentic-AI platform and any MCP-compatible client, it enables orchestrated security workflows where AI systems chain multiple tools together for automated threat detection and remediation.

About mcp-armor

aira-security/mcp-armor

MCP Armor continuously secures and monitors Model Context Protocol operations through static and dynamic scans, revealing hidden risks in agent-to-tool communications.

Performs auto-discovery of MCP server configurations across Cursor, Claude Desktop, VS Code, and other Agentic IDEs, then catalogs available tools, resources, and prompts before running specialized security checks for prompt injection, tool poisoning, cross-server shadowing, and command injection. Includes baseline drift detection to identify rug pull attacks and component modifications, with audit trails and JSON/Markdown reporting. All analysis runs locally using the open-source FT-Llama-Prompt-Guard-2 model from Hugging Face.

Related comparisons

mcp-for-security and pentest-mcp mcp-for-security and mcp-shodan mcp-for-security and Wazuh-MCP-Server mcp-for-security and mcp-virustotal mcp-for-security and mcp-checkpoint mcp-for-security and mcp-server-wazuh

Scores updated daily from GitHub, PyPI, and npm data. How scores work