mcp-for-security and Wazuh-MCP-Server

One tool provides an MCP server for various security tools, while the other offers an AI-powered MCP server specifically for Wazuh SIEM, making them ecosystem siblings as they both leverage the Model Context Protocol but address different aspects of security testing and operations.

mcp-for-security
62
Established
Wazuh-MCP-Server
60
Established
Maintenance 13/25
Adoption 10/25
Maturity 16/25
Community 23/25
Maintenance 13/25
Adoption 10/25
Maturity 16/25
Community 21/25
Stars: 559
Forks: 98
Downloads:
Commits (30d): 1
Language: TypeScript
License: MIT
Stars: 137
Forks: 39
Downloads:
Commits (30d): 0
Language: Python
License: MIT
No Package No Dependents
No Package No Dependents

About mcp-for-security

cyproxio/mcp-for-security

MCP for Security: A collection of Model Context Protocol servers for popular security tools like SQLMap, FFUF, NMAP, Masscan and more. Integrate security testing and penetration testing into AI workflows.

Each MCP server wraps a security tool with standardized input/output interfaces, enabling LLMs and AI agents to execute reconnaissance, scanning, and vulnerability testing tasks programmatically. The collection spans the full security testing lifecycle—from passive reconnaissance (Amass, certificate enumeration) through active scanning (Nmap, Masscan, FFUF) to vulnerability assessment (Nuclei, SQLmap, WPScan)—all deployable via Docker or standalone. Designed for integration with the Cyprox agentic-AI platform and any MCP-compatible client, it enables orchestrated security workflows where AI systems chain multiple tools together for automated threat detection and remediation.

About Wazuh-MCP-Server

gensecaihq/Wazuh-MCP-Server

AI-powered security operations for Wazuh SIEM—use any MCP-compatible client to ask security questions in plain English. Faster threat detection, incident triage, and compliance checks with real-time monitoring and anomaly spotting. Production-ready MCP server for conversational SOC workflows.

Exposes 48 validated security tools via MCP protocol that span alert querying, agent monitoring, vulnerability scanning, active response (IP blocking, host isolation, process termination), and compliance checking—all with per-tool RBAC, audit logging, input validation, and credential sanitization to prevent LLM-side data leakage. Implements a dual-mode architecture supporting both cloud LLMs (Claude, GPT) and fully air-gapped local deployments via Ollama, with a standard HTTP `/mcp` endpoint compatible with Claude Desktop, Open WebUI, mcphost, and any MCP 2025-11-25 client. Built on Python 3.11+ with Docker containerization, Elasticsearch query integration for alert search, Redis-backed multi-instance session storage, rate limiting, and circuit breakers against Wazuh API 4.8.0–4.14.4.

Related comparisons

mcp-for-security and pentest-mcp mcp-for-security and mcp-shodan mcp-for-security and mcp-armor mcp-for-security and mcp-virustotal mcp-for-security and mcp-checkpoint mcp-for-security and mcp-server-wazuh

Scores updated daily from GitHub, PyPI, and npm data. How scores work