{"id":"mcp-security-hub","name":"MCP Security Hub","homepage":"https://github.com/FuzzingLabs/mcp-security-hub","repo_url":"https://github.com/FuzzingLabs/mcp-security-hub","category":"security","subcategories":["offensive-security","penetration-testing","vulnerability-scanning","binary-analysis"],"tags":["security","pentesting","nmap","nuclei","radare2","osint","fuzzing","docker","offensive"],"what_it_does":"A collection of 36 Docker-based MCP servers developed by FuzzingLabs that expose 175+ offensive security tools (Nmap, Nuclei, SQLMap, radare2, Ghidra, Shodan, VirusTotal, OpenVAS, and more) to AI assistants via natural language for authorized penetration testing and security assessments. Each tool category runs in its own isolated Docker container, providing some process isolation between tool execution environments. Docker Compose orchestrates the full toolkit. The modular design allows deploying only the containers relevant to a specific engagement — binary analysis containers separately from web scanning containers, for example.","use_cases":["Run Nmap network scans through an AI assistant using natural language scan descriptions","Automate web vulnerability scanning with Nuclei templates via conversational commands","Perform binary reverse engineering with radare2 or Ghidra assisted by AI analysis","Conduct OSINT reconnaissance using integrated Shodan, VirusTotal, and threat intelligence tools","Orchestrate multi-tool security assessment workflows with Docker Compose"],"not_for":["Defensive/detection security use cases — this is explicitly an offensive toolset","Unauthorized testing — legal authorization is required for every target","Teams without Docker expertise — setup involves building and orchestrating many containers","Production environments where security tools should not be present"],"best_when":"You are a security professional conducting authorized penetration tests and want AI assistance to orchestrate and interpret results from industry-standard offensive tools.","avoid_when":"You need defensive, monitoring, or compliance-oriented security tooling; or you cannot guarantee written authorization for all targets tested.","alternatives":[{"id":"mcp-kali-server","reason":"Simpler single-server setup for personal Kali lab use; mcp-security-hub offers better container isolation"},{"id":"bloodhound-mcp-ai","reason":"Specialized for AD attack path analysis rather than broad offensive tooling"}],"af_score":64.9,"security_score":70.0,"reliability_score":null,"package_type":"mcp_server","discovery_source":["github"],"priority":"low","status":"evaluated","version_evaluated":"latest","last_evaluated":"2026-03-01T09:50:05.893118+00:00","performance":{"latency_p50_ms":null,"latency_p99_ms":null,"uptime_sla_percent":null,"rate_limits":null,"data_source":"llm_estimated","measured_on":null}}