MCP Security Hub
A collection of 36 Docker-based MCP servers developed by FuzzingLabs that expose 175+ offensive security tools (Nmap, Nuclei, SQLMap, radare2, Ghidra, Shodan, VirusTotal, OpenVAS, and more) to AI assistants via natural language for authorized penetration testing and security assessments. Each tool category runs in its own isolated Docker container, providing some process isolation between tool execution environments. Docker Compose orchestrates the full toolkit. The modular design allows deploying only the containers relevant to a specific engagement — binary analysis containers separately from web scanning containers, for example.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
AWS Security Hub MCP. IAM credentials required. Security findings are sensitive. Use read-only IAM role for observation agents. Aggregates findings from multiple security services.
⚡ Reliability
Best When
You are a security professional conducting authorized penetration tests and want AI assistance to orchestrate and interpret results from industry-standard offensive tools.
Avoid When
You need defensive, monitoring, or compliance-oriented security tooling; or you cannot guarantee written authorization for all targets tested.
Use Cases
- • Run Nmap network scans through an AI assistant using natural language scan descriptions
- • Automate web vulnerability scanning with Nuclei templates via conversational commands
- • Perform binary reverse engineering with radare2 or Ghidra assisted by AI analysis
- • Conduct OSINT reconnaissance using integrated Shodan, VirusTotal, and threat intelligence tools
- • Orchestrate multi-tool security assessment workflows with Docker Compose
Not For
- • Defensive/detection security use cases — this is explicitly an offensive toolset
- • Unauthorized testing — legal authorization is required for every target
- • Teams without Docker expertise — setup involves building and orchestrating many containers
- • Production environments where security tools should not be present
Interface
Authentication
Most tools require no authentication. Third-party integrations (Shodan, VirusTotal, OTX) require API keys configured as Docker environment variables.
Pricing
Open source under the repo's license. Some integrated tools (Shodan, IDA Pro) have their own commercial licensing requirements. Docker compute costs depend on self-hosted infrastructure.
Agent Metadata
Known Gotchas
- ⚠ LEGAL LIABILITY: AI agents can autonomously run offensive tools like Nmap, Nuclei, and SQLMap — without explicit scope enforcement, an agent could scan out-of-scope targets, creating legal exposure for the operator
- ⚠ No built-in target allowlisting or scope enforcement — agents must enforce scope through prompting and system instructions, which can fail
- ⚠ Building all 36 Docker images requires 20+ GB disk space and significant build time on first setup
- ⚠ Long-running tools (full Nmap service scan, fuzzing jobs) will exceed typical MCP client timeout windows — design workflows around this
- ⚠ Some tools (IDA Pro, Burp Suite Professional) require separate commercial license acquisition before the MCP server can use them
- ⚠ OSINT tool API keys (Shodan, VirusTotal, OTX) must be configured per-container in Docker environment variables — easy to miss during setup
- ⚠ Docker container isolation is process-level, not network-level — a compromised container can still reach the host network without additional firewall rules
Alternatives
Full Evaluation Report
Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for MCP Security Hub.
Scores are editorial opinions as of 2026-03-06.