All-in-one security testing toolbox that brings together popular open source tools through a single MCP interface.
158 stars
Python
Updated Nov 3, 2025
Documentation
Security Operations Multi-Tool Platform (MCP)
A comprehensive security operations platform that integrates multiple security tools into a unified interface. This platform provides a centralized way to run various security scanning and testing tools.
Features
- Unified Interface: Single entry point for multiple security tools
- Docker Support: Easy deployment using Docker
- JSON Output: Consistent JSON output format across all tools
- Error Handling: Robust error handling and reporting
- Extensible: Easy to add new tools and functionality
Included Tools
- Nuclei: Fast and customizable vulnerability scanner
- FFUF: Fast web fuzzer and content discovery tool
- Amass: In-depth attack surface mapping and external asset discovery
- Arjun: HTTP parameter discovery tool for finding hidden parameters
- Dirsearch: Web path scanner
- Gospider: Fast web spider for crawling and URL discovery
- Hashcat: Advanced password recovery
- HTTPX: Fast and multi-purpose HTTP toolkit
- IPInfo: IP address information gathering
- Nmap: Network exploration and security auditing
- SQLMap: Automatic SQL injection and database takeover tool
- Subfinder: Subdomain discovery tool
- TLSX: TLS/SSL scanning and analysis
- WFuzz: Web application fuzzer
- XSStrike: Advanced XSS detection and exploitation
Tool Categories
Web Application Security
- Nuclei: Vulnerability scanning with custom templates
- FFUF: Fast web fuzzing and content discovery
- WFuzz: Web application fuzzing
- XSStrike: XSS detection and exploitation
- SQLMap: SQL injection testing and exploitation
- Arjun: HTTP parameter discovery and testing
- Gospider: Web crawling and URL discovery
- Dirsearch: Directory and file enumeration
Network Security
- Nmap: Network scanning and service enumeration
- HTTPX: HTTP probing and analysis
- TLSX: TLS/SSL configuration analysis
Reconnaissance
- Amass: Attack surface mapping and asset discovery
- Subfinder: Subdomain enumeration
- IPInfo: IP address intelligence gathering
Cryptography
- Hashcat: Password cracking and hash analysis
Recent Additions
Gospider Integration
- Web Crawling: Automated website crawling and URL discovery
- Multiple Output Formats: JSON and text output support
- Filtering Capabilities: Extension-based filtering and content filtering
- Configurable Depth: Customizable crawling depth and concurrency
- Subdomain Support: Option to include subdomains in crawling
- Form Detection: Automatic detection of HTML forms
- Secret Discovery: Identification of potential sensitive information
Arjun Integration
- Parameter Discovery: Find hidden HTTP parameters in web applications
- Multiple HTTP Methods: Support for GET, POST, PUT, and other methods
- Bulk Scanning: Scan multiple URLs simultaneously
- Custom Wordlists: Use custom parameter wordlists
- Stable Mode: Reduced false positives with stable scanning mode
- Custom Headers: Support for custom HTTP headers and authentication
- Threading Support: Configurable threading for faster scans
Installation
Using Docker (Recommended)
1. Clone the repository:
bash
git clone https://github.com/securityfortech/secops-mcp.git
cd secops-mcp2. Build the Docker image:
bash
docker build -t secops-mcp .3. Run the container:
bash
docker run -it --rm secops-mcpManual Installation
1. Clone the repository:
bash
git clone https://github.com/securityfortech/secops-mcp.git
cd secops-mcp2. Create and activate a virtual environment:
bash
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate3. Install dependencies:
bash
pip install -r requirements.txt4. Install required tools:
- Follow the installation instructions for each tool in the
tools/directory - Ensure all tools are in your system PATH
Usage
1. Start the application:
bash
python main.py2. The application will provide a unified interface for running various security tools.
3. Each tool returns results in a consistent JSON format:
json
{
"success": boolean,
"error": string (if error),
"results": object (if success)
}Usage Examples
Gospider Web Crawling
python
# Basic web crawling
gospider_scan("https://example.com", depth=3, include_subs=True)
# Filtered crawling for specific file types
gospider_filtered_scan(
"https://example.com",
extensions=["js", "json", "xml"],
exclude_extensions=["png", "jpg", "css"]
)Arjun Parameter Discovery
python
# Basic parameter discovery
arjun_scan("https://example.com/api", method="GET")
# POST parameter discovery with custom data
arjun_scan(
"https://example.com/login",
method="POST",
data="username=test&password=test",
stable=True
)
# Bulk parameter scanning
arjun_bulk_parameter_scan([
"https://example.com/api/v1",
"https://example.com/api/v2"
])Tool Configuration
Each tool can be configured through its respective wrapper in the tools/ directory. Configuration options include:
- Output formats
- Timeouts
- Verbosity levels
- Custom wordlists
- Tool-specific parameters
Security Considerations
- This tool is for authorized security testing only
- Always obtain proper authorization before scanning systems
- Be mindful of rate limiting and scanning intensity
- Respect robots.txt and terms of service
- Use appropriate wordlists and scanning parameters
Contributing
1. Fork the repository
2. Create a feature branch
3. Commit your changes
4. Push to the branch
5. Create a Pull Request
License
This project is licensed under the MIT License - see the LICENSE file for details.
Acknowledgments
- All the security tools and their developers
- The security community for their contributions and support
Similar MCP
Based on tags & features
Trending MCP
Most active this week