CrowdStrike Falcon MCP Server (Official)
Official CrowdStrike Falcon MCP server enabling AI agents to interact with the Falcon cybersecurity platform — querying detections, investigating incidents, searching threat intelligence, managing endpoints, hunting for threats, and integrating AI-driven security operations.
Clerk MCP Server
Official Clerk MCP server (part of Clerk's agent toolkit) enabling AI agents to manage Clerk user data — creating, reading, updating users, managing sessions, checking permissions, and handling organization memberships.
Trivy MCP Server (Official)
Official Trivy MCP server enabling AI agents to run vulnerability scans with Trivy — scanning container images, filesystems, Git repositories, and Kubernetes clusters for CVEs, misconfigurations, exposed secrets, and supply chain risks.
Snyk Studio MCP Server (Official)
Official Snyk Studio MCP server enabling AI agents to interact with Snyk's developer security platform — scanning code and dependencies for vulnerabilities, querying security issues and remediation guidance, managing projects and targets, and integrating Snyk's security intelligence into agent-driven DevSecOps workflows.
Okta MCP Server
Official Okta MCP server enabling AI agents to interact with Okta's identity platform — managing users, groups, applications, and policies for workforce and customer identity management.
NIST CSF 2.0 MCP Server
NIST Cybersecurity Framework 2.0 MCP server enabling AI agents to query and apply the NIST CSF 2.0 framework — retrieving framework functions, categories, and subcategories, mapping controls to CSF requirements, supporting security assessment workflows, and integrating NIST's comprehensive cybersecurity guidance into agent-driven security risk management and compliance workflows.
GhidrAssistMCP
A Ghidra extension that implements a full MCP server, exposing 34 analysis tools, 5 resources, and 5 prompts for AI-assisted reverse engineering. Enables external AI tools to interact with Ghidra's decompiler, disassembler, and analysis capabilities over HTTP (SSE and Streamable transports).
REMnux MCP Server
Official REMnux MCP server from the REMnux project — the curated Linux distribution for malware analysis. Enables AI agents to leverage REMnux's extensive malware analysis toolset: file analysis, network traffic inspection, memory forensics, PE/ELF analysis, deobfuscation, and threat intelligence correlation. Integrates the REMnux tool ecosystem into AI-driven malware research workflows.
Okta MCP Server
Okta MCP server enabling AI agents to interact with Okta's identity platform — managing users, groups, applications, and policies; querying authentication events; automating identity lifecycle management; and integrating Okta's directory services into security and IT automation workflows.
Okta Developer MCP Server
Okta Developer-focused MCP server for accessing Okta's developer documentation, API references, and integration guides to assist developers building Okta integrations.
Auth0 MCP Server (Official)
Official Auth0 MCP server enabling AI agents to manage Auth0 tenants — users, applications, APIs, connections, roles, logs, and identity configurations from Okta's Auth0 platform.
CrowdStrike Falcon
Cloud-native endpoint detection and response (EDR/XDR) platform that protects devices against malware and advanced threats, with a REST API and MCP server for security automation and threat hunting.
Snyk MCP Server (Official)
Official Snyk MCP server enabling AI agents to interact with Snyk's developer security platform — querying vulnerabilities, running security scans, checking dependency health, and integrating security analysis into agent workflows.
Trend Micro Vision One MCP Server (Official)
Official Trend Micro Vision One MCP server enabling AI agents to interact with Trend Micro's XDR platform — querying security alerts, investigating threat incidents, running threat hunting queries, analyzing indicators of compromise, and automating security operations workflows.
HashiCorp Vault HTTP API (Deep)
HashiCorp Vault is the industry-standard open-source secrets management platform. Its HTTP API is the sole interface for all Vault operations: authenticating workloads (token, AppRole, Kubernetes, AWS IAM, LDAP, OIDC, and 15+ other auth methods), reading and writing secrets (KV v1/v2, database credentials, cloud IAM keys, SSH certificates, PKI certificates), managing leases and TTLs, configuring policies, and administering Vault clusters. For agents, Vault is uniquely powerful because it generates dynamic, short-lived credentials on demand — an agent asks for a Postgres password, Vault creates a dedicated DB user with a 1-hour TTL, returns the credentials, and automatically revokes them when the lease expires. This eliminates long-lived static secrets from agent workflows entirely. AppRole is the canonical machine auth method: a RoleID (public, embedded in config) plus a SecretID (private, injected at runtime) produces a Vault token with specific policies. Kubernetes auth allows pods to authenticate using their ServiceAccount JWT without any pre-shared secrets. The API is entirely REST-over-HTTPS with JSON request/response bodies and uses the X-Vault-Token header for authenticated requests.
Shodan MCP Server
Shodan MCP server enabling AI agents to query Shodan's internet intelligence platform — searching for exposed services, vulnerable devices, open ports, and network intelligence across the public internet for security research and threat detection.
IDA Pro MCP
MCP server that exposes IDA Pro's reverse engineering capabilities to AI agents. Enables decompilation, disassembly, xref analysis, function renaming, commenting, patching, debugger control, and arbitrary IDAPython execution through MCP tools.
Vanta MCP Server
Official Vanta MCP server enabling AI agents to interact with Vanta's compliance automation platform — querying compliance posture, tracking controls and evidence, managing security policies, monitoring risk status, checking vendor security reviews, and automating compliance workflows for SOC 2, ISO 27001, GDPR, HIPAA, and other frameworks.
WorkOS MCP Server
Official WorkOS MCP server enabling AI agents to interact with WorkOS's enterprise auth platform — managing SSO connections, SCIM provisioning, directory sync, and enterprise identity configurations.
Infisical MCP Server (Official)
Official Infisical MCP server enabling AI agents to interact with Infisical's secrets management platform — retrieving secrets, managing environments, syncing credentials, and integrating secret management into agent-driven DevOps workflows.
Snyk REST API v2
Snyk REST API v2 is the new-generation OpenAPI-compliant REST API replacing the legacy v1 API. It provides programmatic access to Snyk's full developer security platform: Snyk Open Source (SCA across 20+ package ecosystems including npm, PyPI, Maven, Go, Ruby, .NET), Snyk Code (AI-powered SAST with dataflow analysis), Snyk Container (image and Dockerfile scanning with base image recommendations), and Snyk IaC (Terraform, CloudFormation, Kubernetes, ARM template security). The v2 API uses versioned endpoints (YYYY-MM-DD~beta/experimental/ga), cursor-based pagination, standardized JSON:API response envelopes, and consistent error schemas. Key agent use cases include fetching vulnerability findings for projects, generating and exporting SBOMs in SPDX/CycloneDX format, querying SBOM artifacts, managing projects and targets, and retrieving fix advisories. The vulnerability database is one of the largest proprietary databases, combining NVD/CVE data with Snyk's own research, ecosystem-specific advisories, and exploitability intelligence.
Splunk MCP Server (Official)
Official Splunk MCP server enabling AI agents to interact with Splunk's data platform — running SPL (Splunk Processing Language) searches, querying logs and security events, managing alerts and dashboards, and integrating Splunk's search and analytics capabilities into agent-driven security operations and observability workflows.
Stytch MCP Server (Official)
Official Stytch MCP server enabling AI agents to interact with Stytch's authentication platform — user management, session management, magic link operations, passkey configuration, and organization management.
CrowdStrike Falcon API
CrowdStrike Falcon is the market-leading cloud-native endpoint detection and response (EDR/XDR) platform. Its comprehensive REST API spans 30+ service collections covering: Detections (alerts from the Falcon sensor on endpoints), Incidents (correlated detection chains), Hosts (device inventory, containment, remediation), Threat Intelligence (CrowdStrike Intel API for adversary profiles, indicators, reports), Real Time Response (RTR — live shell execution on endpoints via API), IOC Management (custom indicators of compromise), Prevention Policies (endpoint policy management), Discover (asset inventory and exposed credentials), and Spotlight (vulnerability exposure on endpoints). All API endpoints use OAuth 2.0 client credentials flow. Query operations use FQL (Falcon Query Language) — a CrowdStrike-proprietary filter syntax. Most list operations follow a two-step pattern: query IDs with GET /resource/v1/query, then fetch full entities with POST /resource/v1/entities/GET using those IDs. FalconPy is the official Python SDK. The API is used by MSSP/multi-tenant environments via the Flight Control parent/child CID model. Rate limits are enforced per service collection per OAuth client.
ReVa (Reverse Engineering Assistant)
Ghidra extension that implements an MCP server, enabling AI language models to perform reverse engineering tasks like decompilation, symbol renaming, encryption detection, and binary analysis directly through Ghidra's analysis engine.
SonarQube MCP Server
Official SonarQube MCP server enabling AI agents to interact with SonarQube/SonarCloud code quality and security analysis — querying issues, security hotspots, quality gates, and code metrics.
Microsoft Sentinel Data Exploration MCP
Official Microsoft Sentinel MCP server enabling AI agents to explore security data, query logs with KQL, investigate incidents, and perform threat hunting in Microsoft Sentinel SIEM.
AWS Security MCP Server
AWS Security MCP server enabling AI agents to interact with AWS security services — querying GuardDuty findings, Security Hub alerts, IAM policy analysis, CloudTrail events, and security posture assessments — integrating AWS security telemetry into agent-driven cloud security operations and incident response workflows.
Burp Suite MCP Server
Burp Suite MCP server enabling AI agents to interact with Burp Suite — the industry-standard web application security testing platform — querying scan results, analyzing intercepted traffic, sending requests to Burp's scanner, and integrating Burp Suite's security testing capabilities into agent-driven web application security testing workflows.
EU Regulations MCP Server
MCP server from Ansvar Systems for EU regulatory compliance. Covers 49 EU regulations with full-text search including GDPR, NIS2, DORA (Digital Operational Resilience Act), EU AI Act, Cyber Resilience Act (CRA), and more. Enables AI compliance agents to query EU regulatory requirements for compliance programs, gap analysis, and regulatory interpretation.
US Compliance Regulations MCP Server
MCP server from Ansvar Systems for US regulatory compliance. Covers major US regulations including HIPAA, CCPA, SOX, GLBA, FERPA, COPPA, FDA, EPA, FFIEC, NYDFS, and 40+ more frameworks. Enables AI compliance agents to query US regulatory requirements for healthcare, finance, education, privacy, and environmental compliance programs.
HashiCorp Vault MCP Server (Official)
Official HashiCorp Vault MCP server enabling AI agents to interact with Vault for secrets management — reading/writing secrets, managing leases, querying PKI, and interacting with Vault's secrets engines.
VirusTotal API
Aggregates antivirus scan results from 70+ engines for files, URLs, domains, and IP addresses. Provides threat intelligence, behavioral analysis, and community-driven reputation data.
MCP Gateway
A plugin-based MCP gateway that sits between an LLM and other MCP servers, intercepting and sanitizing requests/responses to prevent PII leakage, token/secret exposure, prompt injection attacks, and harmful content — with built-in security scanning of MCP server reputation.
OT/ICS Security Standards MCP Server
MCP server from Ansvar Systems for Operational Technology (OT) and Industrial Control Systems (ICS) security standards. Provides AI agents reference access to IEC 62443, NIST SP 800-82, NIST SP 800-53, and MITRE ATT&CK for ICS frameworks. Enables security agents to query OT security standards for compliance, risk assessment, and threat modeling in industrial environments.
Trivy Server REST API
Trivy Server mode runs the open-source Trivy scanner (from Aqua Security) as a persistent HTTP server, exposing a REST API for container image scanning, filesystem scanning, repository scanning, and SBOM generation. In server mode, the vulnerability database is loaded once into the server process and shared across all client requests — eliminating the cold-start DB download penalty (typically 150MB+) that affects CLI-per-scan workflows. The REST API accepts scan targets as JSON payloads and returns structured vulnerability findings in JSON or SARIF format. The server is a self-hosted component — there is no Aqua Security-hosted Trivy API. Agents must deploy and manage their own Trivy server instance, typically as a sidecar container or dedicated service in their infrastructure. The API surface is minimal (essentially one scan endpoint), but its coverage is comprehensive: OS packages, language-specific dependencies (npm, pip, gem, cargo, go.sum, etc.), secrets, misconfigurations, and SBOM generation in SPDX/CycloneDX formats. An optional token-based auth mechanism exists for securing the server endpoint.
BetterAuth MCP Server
BetterAuth MCP server enabling AI agents to interact with BetterAuth — the TypeScript authentication library — managing users, sessions, and authentication configurations, querying user data, and integrating BetterAuth's authentication system into agent-driven user management and auth debugging workflows.
Sonatype Dependency Management MCP Server
Official Sonatype MCP server providing AI agents with software composition analysis (SCA) capabilities — identifying vulnerabilities, license issues, and quality problems in open source dependencies.
Descope MCP Server (Official)
Official Descope MCP server enabling AI agents to interact with Descope's authentication platform — managing users, sessions, access keys, flows, and integrating Descope's no-code authentication journeys into agent-driven identity workflows.
StackHawk MCP Server
Official StackHawk MCP server enabling AI agents to trigger DAST (Dynamic Application Security Testing) scans, retrieve vulnerabilities, and integrate security testing into CI/CD agent workflows.
Trivy
Comprehensive open source vulnerability and misconfiguration scanner from Aqua Security. Scans container images, filesystems, Git repositories, virtual machine images, Kubernetes clusters, and Infrastructure as Code files for OS package vulnerabilities (CVEs), application dependency vulnerabilities, secrets, misconfigurations, and license compliance. Generates SBOMs in SPDX and CycloneDX formats. Runs as a CLI tool or Go library with no REST API server for the OSS version.
Automotive Cybersecurity Standards MCP Server
MCP server from Ansvar Systems for automotive cybersecurity standards and regulations. Provides AI agents access to automotive security frameworks including UN R155/R156 regulations, ISO/SAE 21434, TISAX, AUTOSAR security guidelines, and Chinese GB/T standards. Enables compliance research and gap analysis for automotive security programs.
MCP Security Standards Server
MCP Security Standards server enabling AI agents to query security frameworks, standards, and best practices — accessing OWASP Top 10, NIST guidelines, CWE/CVE databases, security checklists, and compliance requirements, integrating security knowledge into agent-driven secure code review, threat modeling, and compliance assessment workflows.
Descope MCP Server
MCP server from Descope (descope-sample-apps org) for their authentication and user identity platform. Enables AI agents to manage users, handle authentication flows, query audit logs, and interact with Descope's identity management capabilities — supporting AI-driven user management and security monitoring workflows.
Keycloak MCP Server
MCP server for Keycloak — the leading open-source Identity and Access Management (IAM) platform — enabling AI agents to manage Keycloak realms, users, roles, clients, and authentication flows. Allows agents to automate identity management tasks: creating users, assigning roles, configuring OAuth clients, managing realm settings, and querying authentication policies.
Wazuh MCP Server
Wazuh MCP server enabling AI agents to interact with Wazuh SIEM/XDR platform — querying security alerts and events, retrieving agent status and inventory, searching threat intelligence data, accessing compliance reports, and integrating Wazuh's open-source security monitoring into agent-driven threat detection, incident response, and security operations center (SOC) automation workflows.
Volatility MCP Server
MCP server integrating Volatility Framework — the leading open-source memory forensics tool — with AI agents. Enables agents to analyze memory dumps, extract process information, identify injected code and rootkits, examine network connections, recover artifacts, and perform systematic memory forensics investigations through MCP tool calls.
KeyProbe Certificate Audit MCP Server
MCP server by PabloLec for auditing certificates and keystores — surfacing expiry risks, weak cryptographic algorithms, and misconfigurations. Enables AI security agents to analyze X.509 certificates, keystores (JKS, PKCS12), and PKI infrastructure for security hygiene issues without manual certificate inspection.
Wazuh REST API v2
Wazuh is the leading open-source SIEM, XDR, and security monitoring platform. Its REST API (v2, introduced in Wazuh 4.x) is a full-featured management and query interface running on the Wazuh manager node (default port 55000, HTTPS). The API covers five primary domains: security alerts (query, filter, aggregate by rule, severity, agent, time window), agent management (inventory, status, OS details, installed packages, network interfaces), rule and decoder management (read, add, enable/disable rules), compliance reporting (PCI-DSS, CIS, GDPR, HIPAA, NIST 800-53), and cluster management (node status, health, configuration). Authentication uses JWT tokens obtained by POST /security/user/authenticate with username/password (default expiry: 900 seconds / 15 minutes). Wazuh's query API supports rich filtering using q= parameter syntax (field:operator:value with AND/OR logic), enabling complex alert correlation queries. Security agents use the Wazuh API to build automated threat detection, SOC alert triage, incident investigation, compliance posture reporting, and response automation workflows without requiring direct Wazuh dashboard access.
Semgrep MCP Server
MCP server for Semgrep — a popular open-source static application security testing (SAST) tool. Enables AI agents to run Semgrep security scans on codebases, apply custom rules, detect security vulnerabilities, check code patterns, and integrate SAST findings into AI-driven secure development workflows.
NPM Sentinel MCP Server
Community MCP server for NPM package security analysis — enabling AI agents to check npm packages for vulnerabilities, inspect package metadata, audit dependencies, and get security insights from the npm registry.
HashiCorp Vault MCP Server (Official)
Placeholder — see vault-mcp-server for the canonical evaluation.
Let's Encrypt (ACME)
Free, automated certificate authority that issues TLS/SSL certificates via the ACME protocol, enabling agents and automation to programmatically obtain, renew, and revoke certificates without manual intervention.
Nmap MCP Server
MCP server wrapping nmap — the industry-standard network scanner — enabling AI agents to perform network discovery, port scanning, service version detection, OS fingerprinting, and script-based vulnerability enumeration through structured MCP tool calls. Integrates nmap's comprehensive scanning capabilities into agent-driven security assessment workflows.
PCAP Analysis MCP Server
MCP server for analyzing PCAP (packet capture) files — enabling AI agents to parse, inspect, and extract insights from network packet captures. Useful for network forensics, security incident investigation, protocol analysis, and network troubleshooting workflows where agents need to interpret raw network traffic data.
ScanMalware MCP Server
Official MCP server from ScanMalware (scanmalware org) for their URL scanning and malware detection service. Enables AI agents to submit URLs for malware analysis, retrieve scan results, and access threat intelligence data — integrating automated security scanning into agent workflows.
OSINT Tools MCP Server
OSINT Tools MCP server enabling AI security agents to perform open-source intelligence gathering — querying Shodan for exposed services, VirusTotal for threat indicators, WHOIS lookups, DNS reconnaissance, and integrating multiple OSINT data sources into agent-driven threat research and security assessment workflows.
OWASP ZAP MCP Server
MCP server integrating OWASP ZAP (Zed Attack Proxy) — the world's most widely used web application security scanner — with AI agents. Enables agents to initiate spider crawls, run active/passive security scans, retrieve vulnerability alerts, analyze web application security posture, and guide DAST (Dynamic Application Security Testing) workflows.
Checkov
Open source static analysis tool for Infrastructure as Code (IaC) security and compliance. Scans Terraform, CloudFormation, Kubernetes, Helm, ARM templates, Bicep, Dockerfile, and GitHub Actions for misconfigurations and compliance violations against 1,000+ built-in policies covering CIS benchmarks, NIST, SOC2, PCI-DSS, and custom checks. Runs as a CLI tool or Python library — no REST API or central server required for the OSS version.
Clarid Compliance Checker MCP Server
Official MCP server from Clarid AI (clarid-ai org) for checking bank and credit union marketing materials against US financial regulations including FDIC, NCUA, TILA, Reg DD, Reg Z, UDAAP, and Equal Housing requirements. Enables AI agents to validate financial marketing content for regulatory compliance before publication.
ReverseCore MCP
MCP server providing reverse engineering and binary analysis capabilities to AI agents — enabling agents to disassemble binaries, analyze executable structures, extract strings, identify function signatures, and assist with malware analysis and security research workflows through structured MCP tool calls.
Headless IDA MCP Server
MCP server enabling AI agents to interact with IDA Pro in headless mode for binary analysis and reverse engineering. Enables agents to decompile binaries, analyze disassembly, query function information, extract strings, and perform automated binary analysis tasks through IDA Pro's powerful analysis capabilities.
PwnDoc MCP Server
MCP server for PwnDoc — the popular open-source penetration testing report writing tool. Enables AI agents to create, manage, and update pentest findings, vulnerabilities, and reports in PwnDoc. Automates the tedious report-writing phase of penetration testing by allowing agents to document findings programmatically.
Shodan MCP Server
Shodan MCP server enabling AI agents to query Shodan — the internet-wide scanner and device search engine used for security research and OSINT. Enables searching for internet-connected devices by IP, service, CVE, and technology; querying host information; discovering exposed services; and integrating Shodan intelligence into security analysis and vulnerability management workflows.
Process Hacker MCP
MCP server providing access to Process Hacker — the powerful open-source Windows process and memory monitoring tool (similar to Sysinternals Process Monitor). Enables AI agents to query running Windows processes, inspect process memory, analyze network connections, and monitor system handles through Process Hacker's API.
OpenCTI MCP Server
MCP server for OpenCTI — an open-source threat intelligence platform for storing, analyzing, and sharing cyber threat intelligence. Enables AI agents to query threat indicators, retrieve threat actor profiles, search IOCs (Indicators of Compromise), and interact with OpenCTI's knowledge graph for AI-assisted threat analysis and SOC workflows.
pfSense MCP Server
MCP server enabling AI agents to interact with pfSense firewall and routing appliances — querying firewall rules, monitoring network traffic, checking VPN status, reading system logs, managing firewall rules, and controlling network infrastructure through pfSense's management API. Enables AI-driven network security monitoring and operations.
Narsil MCP Security Platform
Narsil MCP server providing AI agents with security assessment and threat analysis capabilities — enabling LLM-powered security workflows to analyze code, configurations, and systems for vulnerabilities, perform security assessments, and integrate security intelligence into agent-driven security operations pipelines.
Snyk API
Snyk's REST API provides programmatic access to developer security scanning results across four product lines: Snyk Open Source (dependency vulnerability scanning across npm, PyPI, Maven, Go, Ruby, and 20+ ecosystems), Snyk Code (AI-powered SAST for first-party code), Snyk Container (container image and Dockerfile scanning), and Snyk IaC (Terraform, Kubernetes, CloudFormation security). The API enables querying findings, managing projects, triggering scans, and integrating security data into CI/CD pipelines, SOAR workflows, and security dashboards. Snyk maintains one of the largest proprietary vulnerability databases, often providing fix guidance and prioritization intelligence beyond raw CVE data.
cryptography
Python cryptography library providing both high-level recipes (Fernet symmetric encryption, X.509 certificates) and low-level primitives (AES, RSA, ECDSA, HMAC, hashing). cryptography features: Fernet for symmetric encryption (AES-128-CBC + HMAC-SHA256), MultiFernet for key rotation, RSA/EC key generation and signing, X.509 certificate creation and parsing, PKCS12 for certificate bundles, Hazmat primitives for low-level crypto (AES-GCM, ChaCha20-Poly1305, HKDF, PBKDF2, scrypt, Argon2id), serialization (PEM/DER/PKCS8), and OpenSSL bindings via cffi.
pyjwt
JSON Web Token (JWT) implementation for Python — encodes and decodes JWTs with various signing algorithms. PyJWT features: jwt.encode(payload, key, algorithm) for creating tokens, jwt.decode(token, key, algorithms=[]) for verification, HS256/HS384/HS512 (HMAC), RS256/RS512 (RSA), ES256/ES512 (ECDSA), PS256 (RSA-PSS), EdDSA (Ed25519), exp/nbf/iat claim validation, aud audience validation, leeway for clock skew, jwt.get_unverified_header() for algorithm inspection, and PyJWT[crypto] extra for RSA/EC support.
Cloudflare Radar API
Free internet intelligence API from Cloudflare providing global traffic trends, BGP routing data, DNS query statistics, attack trends, and internet quality metrics aggregated from Cloudflare's global network.
SystemPrompt MCP Server
SystemPrompt MCP server enabling AI agents to manage and work with system prompts — creating, storing, and retrieving system prompts, validating prompt safety, managing prompt templates, and integrating prompt management capabilities into agent-driven AI application development and prompt engineering workflows.
Tenable Vulnerability Management API
Tenable Vulnerability Management (formerly Tenable.io) is a cloud-based vulnerability management platform with a REST API for programmatic access to scan management, asset inventory, vulnerability findings, web application scanning, and compliance reporting. The API enables agents to trigger scans, retrieve vulnerability data, manage assets and tags, query audit log events, and integrate findings into ticketing or SOAR systems. The pyTenable Python SDK wraps the REST API with convenience methods.
OPNsense MCP Server
MCP server for OPNsense — a popular open-source firewall and routing platform. Enables AI agents to query firewall rules, monitor network traffic, manage interfaces, check system health, and interact with OPNsense's network security capabilities — supporting AI-assisted network management and security operations.
Velociraptor MCP Server
MCP server by SOCFortress for Velociraptor — the advanced digital forensics and incident response (DFIR) platform. Enables security agents to query endpoints via VQL (Velociraptor Query Language), trigger artifact collections, hunt for threat indicators, and orchestrate IR investigations programmatically through Velociraptor's API.
MCP Security Hub
A collection of 36 Docker-based MCP servers developed by FuzzingLabs that expose 175+ offensive security tools (Nmap, Nuclei, SQLMap, radare2, Ghidra, Shodan, VirusTotal, OpenVAS, and more) to AI assistants via natural language for authorized penetration testing and security assessments. Each tool category runs in its own isolated Docker container, providing some process isolation between tool execution environments. Docker Compose orchestrates the full toolkit. The modular design allows deploying only the containers relevant to a specific engagement — binary analysis containers separately from web scanning containers, for example.
Trust Intelligence MCP Server (Entity Verification & Sanctions)
MCP server for entity verification, sanctions screening, and trust scoring for AI agents. Enables agents to check entities (individuals, companies) against sanctions lists, verify business legitimacy, and generate trust scores for risk assessment in financial and compliance workflows — supporting KYC/AML (Know Your Customer / Anti-Money Laundering) processes.
GitHub Advanced Security API
GitHub Advanced Security (GHAS) exposes a comprehensive REST and GraphQL API surface for three integrated security products: Code Scanning (CodeQL SAST plus third-party SARIF-based scanners), Secret Scanning (detection of 200+ secret types across commits and PRs), and the Dependency Review API / Dependabot Alerts (SCA for known CVEs in package manifests). The Code Scanning API allows querying alerts (with CodeQL rule details, CWE, severity, location, state), uploading SARIF results from any scanner, and managing alert dismissal state. The Secret Scanning API surfaces detected secrets (with secret type, validity status for live/active secrets, commit/PR source), manages alert triage, and exposes push protection bypass events. The Dependency Review API shows vulnerable dependencies introduced by a specific PR diff, and the Dependabot Alerts API exposes all known CVE alerts across a repository with CVSS scores, fix versions, and auto-fix status. All three APIs use the standard GitHub REST auth model (GitHub Apps, OAuth Apps, or PATs) and return well-documented JSON with consistent pagination using link headers. GHAS is included free for public repositories and requires a paid GHAS license for private repositories.
MCP Server Fuzzer
Security fuzzing tool implemented as an MCP server for testing other MCP servers. Enables AI agents to fuzz-test MCP server implementations — sending malformed inputs, boundary cases, and unexpected payloads to discover vulnerabilities, crashes, and protocol compliance issues in MCP server targets.
Gitleaks
Fast secrets scanner for detecting hardcoded credentials and sensitive information in git repositories. Gitleaks scans git history, staged changes, and working directory files against 150+ built-in detection rules for API keys, passwords, tokens, certificates, and other secrets from major providers (AWS, GitHub, Slack, Stripe, etc.). Used as a pre-commit hook, CI/CD scan, or repo audit tool. Written in Go for high performance.
Pentest MCP
MCP server providing penetration testing capabilities to AI agents. Enables authorized security professionals to run security scans, enumerate targets, test vulnerabilities, and conduct structured penetration testing workflows through AI agent orchestration — integrating common pentest tools into MCP-accessible operations.
Grype (Anchore)
Open-source vulnerability scanner for container images and filesystems, built by Anchore. Grype scans container images, directories, SBOMs, and archives against multiple vulnerability databases (NVD, GitHub Advisory, OS distro databases). Pairs with Syft (SBOM generator). No REST API — runs as CLI or Go library. Used in CI/CD pipelines and agent security scanning workflows.
passlib
Comprehensive password hashing library for Python — provides unified interface over many password hashing algorithms with automatic salt generation, verification, and migration. passlib features: CryptContext for multi-algorithm management with deprecation/upgrade, bcrypt/argon2/scrypt/pbkdf2_sha256 hash schemes, hash(), verify(), needs_update() for password rotation, deprecated schemes for migration, automatic salt generation, and integration with FastAPI/Flask via passlib.context.
tfsec (Terraform Security Scanner)
Open-source static analysis security scanner for Terraform IaC. Detects security misconfigurations in Terraform configurations before deployment — checks for insecure S3 buckets, open security groups, unencrypted resources, missing logging, and hundreds of other cloud security best practice violations across AWS, Azure, GCP, and other providers. Part of Aqua Security's open-source toolchain.
Bandit
Static security analysis tool for Python code. Bandit finds common security issues — hardcoded passwords, use of pickle with untrusted data, subprocess shell injection, weak cryptography, SQL injection via string formatting, and more. Designed to find security bugs introduced by developers, not as a complete security audit tool. Standard inclusion in Python CI/CD pipelines for security hygiene.
MDB MCP Server
MCP server providing access to malware databases and threat intelligence feeds. Enables security agents to query malware signatures, IOCs (indicators of compromise), malware family information, and threat intelligence data from curated security databases. Built for DFIR analysts and security researchers.
Pentest MCP Server
Pentest MCP server enabling AI agents to perform penetration testing and security assessment tasks — running reconnaissance tools, network scanning with nmap, subdomain enumeration, web vulnerability scanning, and integrating common pentesting workflows into agent-driven authorized security assessment pipelines.
Doppler
Universal secrets manager that syncs environment variables and secrets across cloud providers, CI/CD pipelines, and local development environments.
LitterBox
A controlled malware testing sandbox that enables red teams to develop and test payloads against detection systems. Provides static and dynamic analysis, YARA scanning, BYOVD detection, fuzzy hashing, and process behavior monitoring. Includes an MCP server (LitterBoxMCP) for LLM-driven malware analysis workflows.
Oso Authorization
Embeds a declarative authorization policy engine (RBAC/ABAC) directly into your application using the Polar policy language, with an optional Oso Cloud SaaS for centralized policy management.
Aderyn
A Rust-based static analyzer built specifically for Solidity smart contracts by Cyfrin. Analyzes AST of Solidity contracts to detect vulnerability patterns including reentrancy, unchecked return values, weak randomness, and centralization risks. Supports Foundry and Hardhat project layouts with zero configuration, outputting reports in Markdown, JSON, or SARIF.
JADX AI MCP
JADX decompiler plugin that exposes 28 MCP tools for AI-assisted Android APK reverse engineering. Enables LLMs to decompile, search, cross-reference, refactor, and analyze Android applications in real-time through the JADX GUI, including vulnerability detection, manifest analysis, resource inspection, and debugging integration.
Open Policy Agent (OPA)
CNCF graduated open-source policy engine that decouples policy decision-making from policy enforcement. OPA uses the Rego policy language to define authorization rules. REST API accepts queries (is this user allowed to do X?) and returns policy decisions. Used for Kubernetes admission control, API authorization, microservice access control, and agent permission management.
BloodHound MCP AI
An MCP server that bridges BloodHound's Active Directory attack path analysis database to AI assistants, exposing 75+ tools for querying AD attack paths, privilege escalation routes, Kerberos vulnerabilities (Kerberoasting, AS-REP roasting), NTLM relay opportunities, and Active Directory Certificate Services (ADCS) misconfigurations via natural language. Instead of writing Cypher graph traversal queries manually, security professionals can ask an AI 'show me all paths from a Domain User to Domain Admin' and get results from their BloodHound Neo4j database. Designed for authorized penetration testing engagements where BloodHound data has already been collected from target AD environments.
TOTP — Time-Based One-Time Passwords (RFC 6238 / pyotp)
TOTP (RFC 6238) generates time-synchronized 6–8 digit one-time codes using HMAC-SHA1 over a shared secret and a 30-second time counter, enabling a second authentication factor that requires no network call — commonly implemented via pyotp in Python or otplib in JavaScript.
MCP OSINT Server
MCP server providing Open Source Intelligence (OSINT) capabilities to AI agents — enabling agents to gather publicly available information about individuals, organizations, domains, IP addresses, and digital assets. Integrates OSINT tools and techniques into agent-driven threat intelligence and security research workflows.
HexStrike AI
MCP server that enables AI agents to autonomously execute 150+ cybersecurity tools across network recon, web app testing, auth cracking, binary analysis, cloud security, and CTF/forensics. Features 12+ specialized AI agents for orchestrating complex security workflows.
Clerk
Drop-in authentication and user management SaaS with prebuilt UI components for React/Next.js that handles email, OAuth, MFA, and organization management.
JSON Web Tokens (RFC 7519 / PyJWT / jose)
JSON Web Tokens (RFC 7519) are a compact, URL-safe means of representing claims as a signed (JWS) or encrypted (JWE) JSON object; agents use them to verify identity and authorization without a database round-trip by validating the cryptographic signature against a known key.
Cloudflare Zero Trust API
Cloudflare's Zero Trust API provides programmatic control over Cloudflare Access (application authentication), Cloudflare Gateway (DNS/HTTP/network filtering), Cloudflare Tunnel (secure connectivity), and WARP (device enrollment) — enabling automated SASE/ZTNA policy management.
Google Secret Manager API
Google Secret Manager API — store, manage, and access API keys, passwords, and certificates as versioned, encrypted secrets with IAM-controlled access and audit logging.
GreyNoise API
GreyNoise API — classify internet background noise from mass scanners and bots, reducing SIEM alert fatigue by identifying and filtering benign and malicious internet-wide scanning activity.
Kyverno
Kubernetes-native policy engine for validating, mutating, and generating Kubernetes resources. Kyverno policies are written in YAML (not Rego/OPA) — no new policy language to learn. Runs as a Kubernetes admission controller: blocks non-compliant resources at deployment time, auto-remediates existing resources, and generates new resources based on triggers. CNCF graduated. Powers policy enforcement for security (no root containers), compliance (required labels), and operational standards (resource limits) in Kubernetes clusters.
TruffleHog
Advanced secrets scanner that validates detected secrets are actually live credentials. TruffleHog v3 scans git repos, S3 buckets, Docker images, CI/CD systems (GitHub Actions, CircleCI, etc.) for secrets — and uniquely verifies discovered secrets against the actual API to confirm they are valid and exploitable, reducing false positives. From Truffle Security, the company behind many high-profile secret disclosure research findings.
1Password Connect API
Self-hosted REST API server that exposes 1Password vaults to automated systems, CI/CD pipelines, and AI agents without sharing master credentials. Supports reading, creating, and updating vault items (passwords, secure notes, API keys, etc.), browsing vault structure, and retrieving individual fields. Requires running the 1Password Connect Server Docker container in your infrastructure.
Infisical
Open-source secrets management platform with end-to-end encryption, secret versioning, and multi-cloud sync — self-hostable or cloud-hosted.
Kubescape
Kubernetes security compliance scanner that checks clusters and manifests against security frameworks (NSA/CISA Kubernetes Hardening Guide, MITRE ATT&CK, CIS Kubernetes Benchmark, SOC2, PCI-DSS). Kubescape scans live clusters or YAML manifests pre-deployment and generates risk scores with remediation guidance. CLI, REST API, and operator (continuous in-cluster scanning) modes. CNCF sandbox project. Produces JSON/JUnit/HTML reports suitable for CI/CD pipeline integration and agent-driven compliance workflows.
Passkeys / WebAuthn (FIDO2)
Provides the FIDO2/WebAuthn standard for phishing-resistant, passwordless authentication using device-bound cryptographic credentials, implemented via libraries such as SimpleWebAuthn (JS) and py_webauthn (Python).
OpenFGA (Fine-Grained Authorization)
OpenFGA is an open-source fine-grained authorization engine (Google Zanzibar-inspired, by Okta) that evaluates relationship-based access control (ReBAC) via a tuple model — agents write (user, relation, object) tuples and call the Check API to determine if a user has a specific permission on a specific resource.
Falco
Cloud-native runtime security and threat detection engine using eBPF (or kernel module) to monitor Linux system calls and detect anomalous behavior in real time. Falco rules define expected behavior; violations generate alerts sent to Slack, PagerDuty, webhooks, Kafka, or custom sinks. CNCF graduated. Used for detecting container escapes, privilege escalations, unexpected network connections, and data exfiltration attempts in Kubernetes and Linux environments. Generates structured JSON alerts consumable by SIEM systems.
authentik Identity Provider
Self-hosted open-source identity provider (IdP) supporting SSO, OIDC, SAML, LDAP, and OAuth 2.0. authentik provides a REST API for managing users, groups, applications, flows, and authentication policies. Used as a self-hosted alternative to Okta or Auth0 for teams wanting full control over identity infrastructure. Extensive customization via Python-based flows and expressions.
Permify Authorization API
Open-source Google Zanzibar-inspired authorization service providing relationship-based access control (ReBAC). Permify stores relationships (user is member of org, org owns document) and evaluates permissions via its gRPC and REST API. Supports RBAC, ABAC, and ReBAC patterns. Self-hostable with Permify Cloud managed option. Designed for multi-tenant SaaS authorization and agent permission management.
SOPS (Secrets OPerationS)
Mozilla SOPS encrypts secrets stored in YAML, JSON, ENV, and binary files using AWS KMS, GCP KMS, Azure Key Vault, age, or PGP keys, enabling encrypted secrets to be safely committed to git with path-based key routing via .sops.yaml creation_rules.
Okta
Enterprise identity platform providing SSO, MFA, and lifecycle management for users and applications via REST API and OAuth2/OIDC.
Aserto
Cloud-native fine-grained authorization service for applications and APIs. Aserto provides a hosted Open Policy Agent (OPA) service with user/group management, role-based access control (RBAC), and relationship-based access control (ReBAC / Google Zanzibar model). Decision logs, policy versioning, and middleware SDKs for Express, FastAPI, Rails, and more. Agents call Aserto's authorization API to answer 'can user X perform action Y on resource Z?' without building custom authorization logic.
Google Cloud IAM API
Manages Google Cloud identity and access control — assigns primitive/predefined/custom roles to principals, manages service accounts, configures workload identity federation, and evaluates IAM policies across the GCP resource hierarchy for AI agents automating cloud security posture.
Akeyless Vault API
Cloud-native secrets management platform with a unique zero-knowledge architecture — Akeyless never stores encryption keys or secret plaintext; customers hold master keys. Provides REST API for dynamic secrets (auto-generated, short-lived credentials for databases, cloud, SSH), static secrets, PKI certificate issuance, and authentication brokering. Strong focus on AI/ML workload secrets.
Logto
Logto is an open-source Customer Identity and Access Management (CIAM) platform providing OIDC-compliant authentication, built-in social login connectors (20+ providers), multi-tenancy, RBAC, and SDKs for 20+ platforms — available as self-hosted or Logto Cloud with a built-in admin UI.
Ory Hydra
Ory Hydra is a hardened, open-source OAuth 2.0 and OpenID Connect authorization server that issues access/refresh/ID tokens, manages consent flows, and integrates with any identity provider via a login/consent redirect API — without managing users itself.
Teleport
Infrastructure access platform providing zero-trust privileged access management (PAM) for SSH, Kubernetes, databases, Windows desktops, and web applications. Teleport replaces VPN + bastion hosts with certificate-based, identity-verified access that is fully audited. REST API and tctl CLI enable programmatic access management — creating users, tokens, roles, and audit log queries. Widely used for agent access to infrastructure without long-lived credentials.
AbuseIPDB API
Crowdsourced IP address reputation database for checking and reporting abusive IPs. Aggregates abuse reports from thousands of contributors for spam, DDoS, brute force, and malicious activity.
Bitwarden Secrets Manager
Bitwarden Secrets Manager provides a machine-secrets vault (distinct from the password manager) with Service Account tokens, Projects/Secrets organization, REST API, and SDKs for Python/JS/Go to inject secrets into CI/CD pipelines and automated workflows.
Ory Kratos
Ory Kratos is a headless, open-source identity management server that handles login, registration, account recovery, email verification, and settings flows via a REST API — agents integrate by driving self-service flows and reading identity objects, while the UI is fully custom.
AWS IAM API
Manages AWS identity and access management — creates/evaluates IAM policies (JSON), handles role assumption via STS, enforces permission boundaries, and provides policy simulation for AI agents automating cloud access control.
Plaid Identity Verification API
Bank account-based identity verification API that uses bank account ownership and financial data to confirm user identities, integrated into Plaid's broader financial data platform for US and Canadian markets.
OAuth 2.0 (Protocol / RFC 6749)
OAuth 2.0 is a delegated authorization protocol (RFC 6749/6750) that allows agents to obtain short-lived access tokens via grant types (Authorization Code + PKCE, Client Credentials, Device Flow) to access protected resources on behalf of a user or service.
Semgrep API
Semgrep is a fast, open-source static analysis engine with a cloud platform (Semgrep AppSec Platform) for managing findings across codebases at scale. The REST API provides programmatic access to scan findings, project management, deployment configuration, and supply chain vulnerability data. Semgrep's rule language enables custom pattern matching without complex ASTs, making it popular for both security research and DevSecOps automation. The API is the automation layer for teams running Semgrep in CI/CD and wanting to build custom triage, reporting, or remediation workflows.
MCP Kali Server
A lightweight Flask API bridge that connects Claude Desktop (or any MCP-compatible client) to a Kali Linux machine, enabling AI-assisted command execution for authorized penetration testing and CTF challenges. The server exposes a thin HTTP API on port 5000 that accepts arbitrary shell commands and returns their output, effectively giving an AI assistant a live Kali terminal. Tools like Nmap, Metasploit, sqlmap, Gobuster, enum4linux, and any other Kali tool are accessible by name. The architecture is intentionally minimal — a single Flask server with no auth, no sandboxing, and no command filtering — making it fast to set up for isolated testing environments but completely unsuitable for production or shared infrastructure.
AWS Cognito
AWS-managed serverless authentication service providing user pools for sign-up/sign-in and identity pools for federated AWS credential vending.
Socket Security API
Socket Security provides deep package analysis for open-source dependencies across npm, PyPI, Maven, Conda, and other ecosystems, detecting supply chain attacks, malware, typosquatting, protestware, and risky code patterns before they enter your codebase. Unlike CVE-only scanners, Socket analyzes the actual package code for suspicious behaviors like unexpected network calls, shell execution, filesystem access, and obfuscated code — catching zero-day supply chain threats that CVE databases miss. The REST API enables programmatic package scoring, CI/CD integration, and alert management.
Microsoft Entra ID (Azure AD)
Microsoft's cloud identity platform that provides OAuth2/OIDC SSO, MFA, conditional access, and user/group management for enterprise Microsoft 365 and custom applications.
Pomerium
Identity-aware access proxy implementing zero-trust network access (ZTNA). Pomerium sits in front of internal applications and services, authenticating every request via OIDC/OAuth2 and enforcing policy-based authorization without a VPN. Replaces VPN + firewall rules with identity-verified, context-aware access control. REST API and policy-as-code (YAML/Rego) for programmatic access route management. Pomerium Zero (cloud-managed) or self-hosted.
Semgrep Cloud Platform API
The Semgrep Cloud Platform REST API provides programmatic access to the Semgrep AppSec Platform — the SaaS layer above the open-source Semgrep CLI engine. The API enables querying SAST findings (Semgrep Code), dependency vulnerability alerts (Semgrep Supply Chain), secrets detection results (Semgrep Secrets), and managing deployments, projects, and rule policies. Findings are the primary entity: each finding has a rule ID, severity, CWE, location (file + line), triage status (open/ignored/fixed/reviewing), and for supply chain findings, the CVE, package, and fix version. Agents use this API to build automated triage workflows (bulk-close false positives by rule or file path), feed findings into ticketing systems, generate security posture metrics, and enforce policy gates in CI/CD. Note: scan triggering is NOT available via the API — scans run through the Semgrep CLI in CI/CD pipelines; the API is purely for reading results and managing finding state.
Censys API
Search engine for internet-connected hosts, certificates, and domains, providing structured data on open ports, TLS certificates, and service banners for attack surface management and security research.
Have I Been Pwned API
API for checking whether email addresses, usernames, or passwords have appeared in known data breaches, built and maintained by Troy Hunt. Covers billions of breached credentials.
Prowler Cloud Security
Open-source cloud security posture management (CSPM) tool that audits AWS, Azure, and GCP configurations against security benchmarks (CIS, NIST, SOC2, PCI-DSS, HIPAA, GDPR). Prowler runs as a CLI or Python library, executing hundreds of security checks against live cloud environments. Prowler Cloud (SaaS) provides a REST API for managing assessments, findings, and compliance reporting.
Transcend Privacy API
Developer-centric privacy infrastructure platform providing APIs for data subject request (DSR) automation, consent management, and data inventory/mapping. Transcend differentiates with a code-first approach — privacy policies and data flows are defined in YAML, DSRs are processed via customizable worker integrations, and all consent data is accessible via a clean REST API. Strong focus on automation and developer experience.
Lacework
Cloud security platform using machine learning for anomaly-based threat detection, cloud posture management, and vulnerability assessment across cloud and Kubernetes environments, with a REST API for automation.
Wiz
Agentless cloud security platform that scans cloud environments for vulnerabilities, misconfigurations, and attack paths using a graph-based security model, with a GraphQL API for querying risk data.
Sumsub KYC/AML API
Comprehensive KYC/AML verification platform offering ID document verification, liveness detection, AML screening, and business (KYB) verification via REST API and SDKs, popular with crypto exchanges and lending platforms.
Web Authentication API (WebAuthn / FIDO2 / Passkeys)
WebAuthn (W3C + FIDO2) is a browser and platform API for phishing-resistant public-key authentication; the server issues a challenge, the authenticator (hardware key, platform biometric, or synced passkey) signs it, and the server verifies the signature — eliminating password transmission entirely.
Wazuh API (OSSEC / Wazuh)
Wazuh is an open source security platform evolved from OSSEC providing host-based intrusion detection (HIDS), log analysis, file integrity monitoring (FIM), vulnerability detection, configuration assessment, and incident response. The Wazuh Manager exposes a REST API on port 55000 for programmatic access to agents, alerts, rules, decoders, and configuration. Agents are deployed on monitored hosts and forward security events to the Wazuh Manager for correlation and analysis.
Agentic Radar
Agentic Radar is a security scanner by SPLX.ai that performs static analysis on agentic AI system codebases to identify vulnerabilities specific to AI workflows — prompt injection risks, PII leakage through tool outputs, insecure tool integrations, and over-privileged agent permissions. It supports multiple agent frameworks (OpenAI Agents SDK, CrewAI, LangGraph, n8n, AutoGen) and generates visual dependency graphs mapping the agent's tool and service exposure. The tool maps findings to OWASP LLM Top 10 categories and can run runtime adversarial prompt injection tests against live OpenAI Agents-based systems. It is designed to be run in CI/CD pipelines as a gate before deploying agentic systems to production.
Casdoor
Open-source Identity and Access Management (IAM) / SSO platform. Casdoor provides OAuth 2.0, OIDC, SAML, and CAS protocols for single sign-on across applications. Built by the Casbin team (popular authorization library), Casdoor integrates natively with Casbin for both authentication AND authorization. Provides user management, organization management, MFA, social login (GitHub, Google, WeChat), and a REST API for programmatic identity management. Self-hostable alternative to Auth0 or Okta.
CloudSword
Cloud security assessment tool for Chinese cloud providers (Alibaba, Tencent, Huawei, Baidu, Qiniu). Enumerates cloud assets (storage buckets, compute instances, IAM users/roles, domains), tests access permissions, hardens bucket policies, and creates honey tokens for intrusion detection. Has a Metasploit-like CLI interface and MCP protocol support via SSE and STDIO modes.
Keycloak
Open-source Identity and Access Management server providing SSO, OAuth2/OIDC, and SAML — self-hosted or via Red Hat SSO managed offering.
Shodan API
Search engine for internet-connected devices, providing data on open ports, running services, software versions, vulnerabilities (CVEs), and geolocation for any IP or domain.
Jumio Identity Verification API
AI-powered identity verification API that validates government-issued ID documents (passports, driver's licenses, national IDs) combined with biometric face matching and liveness detection to confirm document authenticity and user presence.
Osano Consent Management API
SMB-friendly privacy compliance platform with consent management, data subject rights (DSR) automation, and vendor monitoring. Osano provides a REST API for managing consent records, processing DSRs, and monitoring vendor privacy scores. Positioned as a simpler, more affordable alternative to OneTrust for companies that need solid privacy compliance without enterprise complexity.
Veriff Identity Verification API
Provides video/selfie-based biometric identity verification and document verification for KYC (Know Your Customer) compliance. Agents initiate a verification session via REST API, redirect the user to a hosted Veriff verification flow, then receive a decision via webhook or polling. Returns structured decision objects (approved/declined/resubmission required) with reason codes and extracted document data.
Qualys VMDR API
Qualys VMDR (Vulnerability Management, Detection and Response) is a cloud-based vulnerability and compliance management platform with a dual API surface: a legacy XML-based API v2 and a newer REST API v3. The platform provides network scanning, cloud agent deployment, asset inventory, vulnerability detection with QIDs (Qualys IDs), compliance assessment against CIS/STIG benchmarks, and web application scanning. Agents can query vulnerability data, manage scan schedules, retrieve compliance reports, and export asset and finding data.
Chainalysis KYT/Reactor API
Blockchain analytics and crypto compliance API that screens cryptocurrency transactions and wallet addresses for AML risk, sanctions exposure, and illicit activity across 100+ blockchains.
Trulioo GlobalGateway API
Global identity verification and KYC/AML compliance API that validates individuals and businesses against government records, credit bureaus, telecom, and utility data across 195+ countries.
Viper
An open-source adversary simulation and red team platform covering the full MITRE ATT&CK lifecycle, with 100+ post-exploitation modules, multi-platform implants, LLM-powered automated decision-making, and a visual team dashboard. Positioned as a free alternative to Cobalt Strike.
BigID Data Intelligence API
Enterprise data intelligence platform that automatically discovers, classifies, and manages sensitive data (PII, PCI, PHI) across cloud, on-premise, and hybrid environments. BigID's API enables programmatic control over data discovery scans, classification results, data subject requests, and privacy policies. Strong AI/ML-powered classification that goes beyond pattern matching to understand context.
OneTrust Privacy & Consent API
Enterprise privacy management platform with APIs for consent management, data subject requests (DSR), cookie compliance, and privacy workflow automation. OneTrust is the market leader in privacy tech — used by 75% of Fortune 500 companies. Provides structured APIs for managing consent records, processing DSRs (access, deletion, portability), and automating privacy workflows across systems.
ENScan GO
Collects Chinese enterprise information from multiple commercial APIs (AiQiCha, TianYanCha, etc.) for security research. Aggregates ICP registrations, mobile apps, WeChat accounts, subsidiaries, job postings, and software copyrights into unified output. Includes an MCP server mode for AI assistant integration.
Splunk REST API
Enterprise log management, SIEM, and security analytics platform with a REST API for search execution, data ingestion, alert management, and dashboard automation via SPL (Splunk Processing Language).
Awesome MCP Security
A curated list of MCP servers focused on security and DevOps tooling, organized by category including static analysis, secret scanning, dependency auditing, and cloud security.
Awesome Hacking Lists
A curated collection of GitHub repositories for security research, penetration testing, and hacking tools organized by programming language and security discipline.
1password
MCP server for 1Password service accounts — tools and resources for vaults and credentials
1xn-vmcp
vMCP - Virtual Model Context Protocol
Autonomous Cyber Red Team
Automated red team reconnaissance combining attack surface mapping, vulnerability scanning, threa...
BinaryAnalysis-MCP
MCP server for analyzing PE, ELF, and Mach-O binaries using LIEF
Cyntrisec AWS Security
AWS security analysis: attack paths, compliance checking, and remediation planning.
EveOnlineMCP
A local MCP server for accessing the EVE Online ESI API
Faxbot
Self-hosted, open source, fax-sending API. HIPAA compliant. This fax API includes MCP (Model Context Protocol) support for AI assistant integration.
Fray — WAF Security Testing MCP Server
WAF security testing: 5,500+ payloads, 25 WAF fingerprints, 21 recon checks, bypass AI
Gmail
Gmail integration with OAuth authentication, message search, batch operations, and Sheets export
Google Sheets
Google Sheets integration with OAuth, spreadsheet management, batch operations, and formatting
GuardianShield
AI security layer: code scanning, PII detection, prompt injection, secrets, CVEs
IncomeBot Trading Intelligence
Options trading — regime detection, momentum scanning, income screening, and risk simulation.
MCP Evernote
Evernote note management with OAuth and ENML conversion
MCP Fortress
Security scanner for MCP servers. Detect vulnerabilities, prompt injection, and tool poisoning.
MCP-Bastion
Security middleware for MCP. Blocks prompt injection, PII leakage, and resource exhaustion.
Maritime Resource Compliance
Maritime shipping intelligence including vessel tracking, port compliance, sanctions screening, I...
McpServerWithAuth
Mcpwn
mcp security tester
OAuth-Protected-MCP-Server
Outlook
Outlook integration with OAuth, message search, batch operations, and calendar management
Paradex Trading
MCP server for Paradex perp trading. Market data, accounts, orders, positions, and vaults.
PasteMD
Instant markdown sharing. Create, manage, and share documents with password protection.
Repository Intelligence
Analyze repos of any size - security scanning code analysis monorepo support
SecureMCP
SecureMCP is a security auditing tool designed to detect vulnerabilities and misconfigurations in applications using the [Model Context Protocol (MCP)](https://modelcontextprotocol.io/introduction). It proactively identifies threats like OAuth token leakage, prompt injection vulnerabilities, rogue MCP servers, and tool poisoning attacks.
Service Public France
French public services: tax, property, admin, education, healthcare, security, risks, legal texts
SpectreWeb-AI
Self-Learning AI for Manual Web Penetration Testing
Vault MCP
MCP server for credential isolation — bots use passwords and API keys without seeing them
WaveGuard
Anomaly detection API powered by physics simulation. Scan any data for outliers.
Ybe Check
Ybe Check – security and compliance orchestrator for AI-generated repositories.
agent-bom
AI supply chain security scanner — CVEs, blast radius, compliance, policy, SBOMs
aikido-mcp
Security analysis for Aiken smart contracts on Cardano. 75 vulnerability detectors.
appstore-connect-mcp
MCP server for Apple Store Connect API integration with OAuth authentication support
badge
Agents are not bots. Prove it. MCP-native identity declaration for authorized agents.
better-auth-mcp-server
bookstack-mcp-server
BookStack MCP server with advanced features like security and throttling
circl-cve-search-mcp-server
MCP server for CIRCL CVE Search API with intelligent risk assessment and comprehensive vulnerability analysis.
classover_mcp_server
compliance-intelligence
Compliance knowledge graph: 692+ frameworks, 13,700+ controls, 280K+ cross-framework mappings.
compliance-trestle-mcp
An MCP server that provides tools to author OSCAL security compliance documentation
contrast-checker-mcp
MCP - WCAG 2.1 color contrast checker - contrast ratios, compliance and accessible color suggestions
delinea-mcp
MCP server for the Delinea Secret Server and Platform APIs
dep-oracle
Predictive dependency security engine. Trust scores, zombie detection, blast radius analysis.
diskcleankit-mcp
MCP server for DiskCleanKit - One Touch Scan and Clean for Mac
docs
🔐 Plug-and-play auth for MCP servers.
docs-mcp
Get authoritative answers to questions about Redpanda.
etherscan-mcp-server
etherscan-mcp-server
etherscan-mcp-server
etherscan v2 api mcp server
excalidraw
Security-hardened Excalidraw MCP server with auth, rate limiting, and 14 tools
fastmcp-auth
A FastMCP-based Model Context Protocol server providing timezone conversion tools with OAuth2 PKCE authentication support.
fastmcp-authentication
Using Entra Id to authenticate an MCP server
fastmcp-python-oauth2-with-entra-id
An example implementation of MCP authorization specifcation using Microsoft Entra ID as a third party authorization server.
fastmcp-server
Production-ready Python MCP server with OAuth 2.0, real-time SSE streaming, file operations, and weather API integration. Built with FastMCP and FastAPI.
fastmcp_oauth
fedramp-docs-mcp
Query FedRAMP 20x KSIs, NIST controls, and compliance docs via 20 MCP tools.
flightradar-mcp-server
gemara-mcp-server
A MCP server for automating the authoring of GRC Risk Assessment documentation in gemara.
ggmcp
MCP server for scanning and remediating hardcoded secrets using GitGuardian’s API. Detect over 500 secret types and prevent credential leaks before code goes public.
go-mcp-server-demo
A demo MCP server with go, with oauth and dynamic client registration
go-mcp-server-example
OAuth-Protected MCP Server Example (Go)
google-mcp
Streamable HTTP MCP server for Google Calendar and Sheets with OAuth login.
guidance-for-deploying-model-context-protocol-servers-on-aws
This Guidance demonstrates how to securely run Model Context Protocol (MCP) servers on the AWS Cloud using containerized architecture. It helps organizations implement industry-standard OAuth 2.0 authentication while protecting server deployments with multiple security layers, including content delivery networks and web application firewalls.
kernel-mcp-server
Access Kernel's cloud-based browsers and app actions via MCP (remote HTTP + OAuth).
koa-fhe
Confidential coprocessor — compute on encrypted data via FHE. Server never sees plaintext.
mcp
Sapiom MCP server — authentication, verification, and API tools
mcp
A MCP server for using Semgrep to scan code for security vulnerabilities.
mcp
Symbiotic CLI MCP Server for security scanning and analysis
mcp-api
Preview release of FusionAuth API MCP server
mcp-auth-servers
🔒 Reference MCP servers that demo how authentication works with the current Model Context Protocol spec.
mcp-client-server-architecture
MCP usiing Spring AI and secured using Keycloak and OAuth2
mcp-cyber-suite
mcp-demo-server
MCP demo server in golang, with OAauth 2.1 support.
mcp-docs
FusionAuth Documentation MCP server
mcp-example-python
This example demonstrates a minimal FastMCP application with integrated JWT-based authentication middleware.
mcp-exploit-demo
This repository demonstrates a security vulnerability in MCP (Model Context Protocol ) servers that allows for remote code execution and data exfiltration through tool poisoning.
mcp-fortress
Security scanner and install and runtime protection suite for Model Context Protocol (MCP) servers
mcp-nextjs
Example MCP server with OAuth
mcp-oauth
MCP OAuth Server with FastMCP
mcp-oauth-example
Minimal example of an OAuth 2.1 Authorization Server (FastAPI) and a separate Resource Server (FastMCP) aligned with MCP protocol revision 2025‑06‑18
mcp-oauth-gateway
An OAuth 2.1 Authorization Server that adds authentication to any MCP (Model Context Protocol) server without code modification.
mcp-oauth-server
mcp-oauth2.1-server
Reference mcp server implementation of draft mcp oauth spec https://modelcontextprotocol.io/specification/draft/basic/authorization#2-3-authorization-server-discovery
mcp-privilege-cloud
A production-ready Model Context Protocol (MCP) server for CyberArk Privilege Cloud integration. Enables AI assistants and MCP clients to securely interact with privileged account management, safe operations, and platform configurations through 8 comprehensive tools.
mcp-proxy
Fast rust MCP proxy between stdio and SSE
mcp-proxy
proxy for Model Context Protocol (MCP) servers that adds authentication, authorization, and enterprise features to any MCP backend.
mcp-rando-server
MCP server for generating random numbers, strings, diceware passphrases and other resources
mcp-server
MCP Server for ThoughtSpot - provides OAuth authentication and tools for querying data
mcp-server-docusign
DocuSign MCP Server with FastMCP - JWT server-to-server authentication
mcp-server-go
Golang implementation of the streaming MCP HTTP transport with sessions, auth and horizontal scaling
mcp-server-playground
A playground for Model Context Protocol (MCP) server built with TypeScript and Streamable HTTP transport with an OAuth Proxy for 3rd party authorization servers like Auth0
mcp-server-scanner
detect exposed mcp servers over the internet and enumerate their tools
mcp-server-zoom-noauth
A MCP server for accessing Zoom recordings and transcripts without requiring direct authentication from the end user.
mcp-shield
Security scanner for MCP servers
mcp-vulnerability-scanner
A Model Context Protocol (MCP) server for scanning IP addresses for vulnerabilities. This server provides tools to perform security scanning on individual IPs or multiple IPs at once.
mcp-watchdog
MCP security proxy - detects and blocks 40+ MCP attack classes. Zero config.
mcp_nuclei_server
A Nuclei security scanning server based on MCP (Model Control Protocol), providing convenient vulnerability scanning services.一个基于 MCP (Model Control Protocol) 的 Nuclei 安全扫描服务器,提供便捷的漏洞扫描服务。
mcpauth
Authentication for MCP Servers
mcpscc
Security Command Center for Model Context Protocol (MCP) servers. Detect prompt injection, tool poisoning, secrets, and vulnerabilities. The Trivy of MCP security.
mcpwall
iptables for MCP — blocks dangerous tool calls, scans for secrets, logs everything.
mighty-security
Don't Simply Trust MCP Server Code, Validate and Scan
moltbook-mcp
Moltbook MCP server: post, comment, upvote, DMs, communities. API key auth.
mund
AI security scanner - secrets, PII, prompt injection, and exfiltration detection.
mymlh-mcp-server
OAuth-enabled MyMLH MCP server for accessing MyMLH data.
nist-csf-2-mcp-server
MCP server implementation for NIST Cybersecurity Framework 2.0
nist-nvd-mcp-server
notebooklm-mcp-secure
Security-hardened NotebookLM MCP with post-quantum encryption
oauth-music-streaming-mcp-server
An OAuth Server for the music-streaming-mcp-server
open-mcp-auth-proxy
Authentication and Authorization Proxy for MCP Servers
openclaw-mcp
🦞 MCP server for OpenClaw - secure bridge between Claude.ai and your self-hosted OpenClaw assistant with OAuth2 authentication
opgen-mcp-server
A MCP server implementation for password generation, based on 1Password/spg/cmd/opgen
pangea-authn-fastmcp
Pangea AuthN integration for FastMCP
pentesting-cyber-mcp
🔐 50+ MCP Security Servers for AI-Powered Pentesting | Integrate Nmap, Burp Suite, Nuclei, Shodan, BloodHound, Semgrep, Trivy | Model Context Protocol for Cybersecurity
permit-fastmcp
Permit.io authorization middleware for FastMCP servers
peta-core
Peta core: The Control Plane for MCP — secure vault, managed runtime, audit trail, and policy-based approvals.
pincer
Secure grip for your agent's secrets - security-hardened MCP gateway with proxy token architecture
qiita-mcp-server
Publish articles to Qiita via MCP tools. Minimal, fast, and focused on Qiita authoring.
querypie-mcp-server
Deprecated — Replaced by the MCP Server built into QueryPie ACP 11.5.0. Please use the in‑product server for the latest features and security.
redmine-mcp-server
Production-ready MCP server for Redmine with security, pagination, and enterprise features
remote-mcp
Production-ready, multi-tenant, REMOTE MCP SERVER TEMPLATE built with C#/.NET featuring reflection tools and enterprise security. Works with Claude Code, Cursor, VS Code. Complete OAuth2.1 and WebAuthn authentication, rate limiting, and deployment guides. Scoped identity integration with AWS Cognito, Azure AD, Google Cloud, Auth0, Clerk, LDAP, etc.
revenant-mcp
FastMCP server for Obsidian vault navigation and Scanner Daybook analysis
security-controls
1,451 security controls across 261 frameworks with bidirectional mapping
server
Create and manage your own Certificate Authority for internal HTTPS.
slack-mcp
OAuth-based multi-user Slack MCP server with HTTP transport
solesonic-mcp-server
An enterprise-grade MCP server with built-in federated identity support for SSO across providers and secure, scalable access management.
spotify-mcp-server
Spotify MCP Server - FastMCP-based integration for AI assistants with OAuth 2.0 authentication and comprehensive API tools
springai-mcp-gateway
Spring Boot gateway that unifies multiple MCP servers into one endpoint for AI assistants, OAuth 2.1
stackhawk
An MCP server that provides interaction with StackHawk's security scanning platform.
stacks-clarity-mcp
MCP server for Stacks blockchain development with 32+ tools for Clarity smart contracts, SIP compliance, security, and performance optimization
strava-mcp
Personal MCP server for Strava with OAuth authentication, beautiful dashboard, and personal MCP URLs for AI assistants
streamable-mcp-server-template
Production-ready MCP server template with Streamable HTTP transport. Supports Node.js (Hono) and Cloudflare Workers. Includes OAuth 2.1, multi-tenant sessions, tool/resource/prompt registration, and AES-256-GCM token encryption.
strong-password-generator-mcp
MCP server for generating cryptographically secure passwords. Customizable length, symbols, numbers, case options. Built with FastMCP 2.0. Includes strength analysis and passphrase generation.
systemprompt-mcp-server
A complete, production-ready implementation of a Model Context Protocol (MCP) server demonstrating OAuth 2.1, tools, prompts, resources, sampling, and notifications using Reddit as a real-world integration example.
tengu
AI-powered penetration testing MCP server
thingworx-mcp-server
A MCP server for PTC ThingWorx. Using the REST-API via AppKey authentication.
us-law-mcp
US federal and state cybersecurity/privacy law MCP server with cross-state comparison
virustotal
MCP server for querying VirusTotal API with comprehensive security analysis tools.
vulnicheck
HTTP MCP Server for comprehensive Python vulnerability scanning and security analysis.
wass-mcp
MCP server for web application security scanning
yandex-tracker-mcp
Yandex Tracker MCP Server with OAuth2 support
youtube-mcp-server
Comprehensive MCP server for YouTube Data API v3, Analytics API, and Reporting API. 40 tools for channel analytics, video publishing, transcripts, audience insights, SEO discovery, comments, and bulk reporting. Built with Python and FastMCP. Requires your own Google Cloud OAuth credentials.
yuhuison-mediawiki-mcp-server-auth
Connect to your MediaWiki using simple credentials and manage content without OAuth. Search, read,…
衍象坊 · 奇门遁甲 & 大六壬
Qimen Dunjia & Da Liu Ren divination: complete nine-palace charts and four-lesson analysis.