Awesome Offensive MCP Servers

"I built this because I needed it."

This is a personal collection of Model Context Protocol (MCP) servers that I find useful for Red Teaming, Pentesting, and Vulnerability Research.

While these tools are curated for my own workflows, I'm sharing them for anyone who wants to integrate Agentic AI into their offensive security stack.

⚠️ Disclaimer & Criteria

• Criteria: I only add tools that meet one of the following:

  1. 30+ GitHub Stars (Community verified)

  2. Personally Verified

  3. Official Implementation (Maintained by the vendor)

• Responsibility: The use of the tools and servers listed in this repository is strictly for educational and authorized testing purposes only. The maintainers assume no responsibility for any misuse or damage caused by these tools. You are responsible for complying with all applicable laws and regulations.

• Safety: Always audit the code of MCP servers before connecting them to your environment, especially those capable of executing commands or reading files.

🚀 What is MCP?

Model Context Protocol (MCP) is an open standard that acts as a universal translator between AI models (like Claude, Gemini) and your local tools. It allows AI to safely query databases, execute scripts, and interact with APIs without hardcoded integrations.

For offensive security, this means your AI agent can now run Nmap scans, analyze Ghidra decompilation, and query Shodan—all within a single conversation context.

📑 Categories

• 🕵️ Reconnaissance & OSINT

• 🔬 Vulnerability Research & Analysis

• 🌐 Web, Network & Protocol

• ⚔️ Weaponization & Exploitation

• 🔓 Cryptography & Cracking

• 🏴 Post-Exploitation & Active Directory

• 🏗️ Infrastructure, Utils & Orchestration

🕵️ Reconnaissance & OSINT

Tools for asset discovery, threat intelligence gathering, and external attack surface mapping.

• Shodan MCP – AI access to Shodan search, host information, and CVEs.

• VirusTotal MCP – Query VT scans, analyze URLs, IP addresses, and file hashes.

• ExternalAttacker MCP – Maps external attack surfaces using ProjectDiscovery tools (subfinder, httpx, etc.).

• NetworksDB MCP – Lookup IP ranges, ASNs, and DNS records.

• AlienVault OTX MCP – Interface to OTX threat intelligence feeds.

• ZoomEye MCP – Retrieve cyberspace assets and dorks via ZoomEye API.

• GitHub MCP Server – Full GitHub API access. Great for Secret Scanning and repository analysis.

• FastDomainCheck MCP – High-speed bulk domain availability checking.

• DNStwist MCP – Detect phishing, typo-squatting, and attack domains.

• Maigret MCP – Collect a dossier on a person by username across thousands of sites.

• Crunchbase MCP – Access Crunchbase organization data for corporate reconnaissance.

• ADEO CTI MCP – A combo MCP for Shodan and VirusTotal threat analysis.

• Everything Search MCP – Fast local file search (Windows) for gathering internal intelligence.

• ANNA's MCP – Search and download documents/papers from Anna's Archive.

• MalwareBazaar MCP – Interface with Malware Bazaar for real-time threat intel and sample metadata.

• MITRE ATT&CK MCP – Query and interact with the MITRE ATT&CK framework data.

🔬 Vulnerability Research & Analysis

Tools for static analysis, reverse engineering, mobile app analysis, and firmware inspection.

• Ghidra MCP – Deep integration with Ghidra for autonomous reverse engineering and function explanation.

• Ghidra MCP Alternative – Another variant of Ghidra MCP focusing on binary analysis capabilities.

• pyghidra-mcp – Headless-first and GUI-capable Ghidra MCP server. Supports project-wide analysis and cross-binary tracing using Python.

• IDA Pro MCP – Control IDA Pro using LLMs for decompilation and analysis.

• Binary Ninja MCP – Plugin to integrate AI workflows directly into Binary Ninja.

• WinDBG EXT MCP – AI-assisted kernel debugging with WinDbg. Real-time analysis of crash dumps.

• mcp-windbg – AI-powered interactive debugger integration for WinDbg/CDB to analyze crash dumps and control execution.

• Jadx MCP Plugin – Exposes Jadx decompiler features for Android Pentesting.

• Sentry MCP – Analyze error logs and stack traces to identify crash points or logic bugs.

• Greptile MCP – Semantic code search to find vulnerable logic in large codebases.

• Slither MCP – (Web3) Static analysis for Solidity smart contracts using Trail of Bits' Slither.

• Aderyn – Fast static analysis for Solidity smart contracts.

• mcp-gdb – GDB server integration for debugging applications.

• lldb-mcp – LLDB debugger integration for controlling debug sessions via MCP.

• radare2-mcp – Deep integration with Radare2 (r2) for reverse engineering.

• codeql-mcp – Run CodeQL queries using natural language for variant analysis.

• pwno-mcp – Advanced GDB/pwndbg integration tailored for exploitation and LLM usage.

• frida-mcp – Dynamic instrumentation and hooking using Frida.

• embedded-debugger-mcp – Debug embedded systems (ARM, RISC-V) via probe-rs.

• mcp-android-server-python – Android automation and UI inspection via uiautomator2.

• mobile-mcp – Cross-platform mobile automation (iOS/Android) for emulators and real devices.

• MobSF MCP – Scan and analyze APK/IPA files using Mobile Security Framework (MobSF).

• Volatility MCP – Integrate Volatility 3 for automated memory forensics.

• MCP Security Tools – Collection including Uncover (FOFA/Shodan), Enscan, and more.

🌐 Web, Network & Protocol

Tools for dynamic assessment, traffic interception, API security, and database interaction.

• Burp Suite MCP – The industry standard for web security testing, now controllable via AI.

• Nuclei MCP – Orchestrate fast vulnerability scanning with Nuclei templates.

• Chrome DevTools MCP – (Official) Control and inspect Google Chrome via Chrome DevTools Protocol. Perform DOM inspection, script evaluation, and network analysis.

• Playwright MCP – Browser automation for dynamic testing, scraping, or bypassing client-side controls.

• Puppeteer MCP – Headless Chrome automation for XSS verification and admin bot simulation.

• PostgreSQL MCP – Connect to Postgres DBs to inspect schemas and test SQL queries.

• MySQL MCP – MySQL/MariaDB interaction for database assessment.

• Redis MCP – (Official) Interact with Redis databases. Common target for RCE and data exfiltration.

• MongoDB MCP – (Official) Inspect MongoDB collections and test for NoSQL injection.

• SQLite MCP – Analyze local SQLite database files (Essential for Mobile/Browser Forensics).

• AKTO MCP Server – Automate API discovery and security testing (Broken Object Level Authorization, etc.).

• Cloudflare MCP Server – Manage WAF rules, review logs, and secure edge configurations.

• Illumio MCP – Zero Trust segmentation and traffic flow analysis.

• Fetch MCP – Simple HTTP client for manual fuzzing or crafting raw requests.

• mcp-server-fuzzer – A generic fuzzer for testing and stressing other MCP servers.

• mcpcap – Network traffic analysis (PCAP) and packet inspection.

• WireMCP – Real-time network analysis using Wireshark (tshark).

⚔️ Weaponization & Exploitation

Tools for payload generation, system exploitation, and command execution.

Note: Many tools in "Infrastructure" (like CLI access) can be used for exploitation.

• Command Line MCP – ⚠️ Dangerous. Allows AI to execute arbitrary shell commands. Powerful for specialized exploitation chains but requires strict sandboxing.

• MetasploitMCP – Control the Metasploit Framework for vulnerability scanning and exploitation.

• HexStrike AI – Automated offensive security suite running 150+ tools.

• MasterMCP – (Research) Demonstration toolkit allowing cross-MCP attacks (use with caution).

• Damn Vulnerable MCP Server – (Educational) Deliberately vulnerable MCP server for CTF and security training.

• MCP Injection Experiments – (Research) Code snippets and proofs-of-concept for MCP tool poisoning attacks.

• Offensive MCP AI – Suite of offensive security tools for AI agents.

🔓 Cryptography & Cracking

Tools for hash cracking, decoding, and cryptographic operations.

• Hashcat MCP – Orchestrate Hashcat for password cracking using natural language.

🏴 Post-Exploitation & Active Directory

Tools for internal reconnaissance, privilege escalation, and lateral movement.

• BloodHound MCP AI – Analyze Active Directory attack paths using graph queries via AI.

• RoadRecon MCP – Azure Active Directory (Entra ID) enumeration and analysis.

🏗️ Infrastructure, Utils & Orchestration

Cloud security, container management, forensics, and agentic frameworks.

☁️ Cloud & Container Security

• Terraform MCP – (Official) Analyze Terraform IaC for cloud misconfigurations or hardcoded secrets.

• Snowflake MCP – (Official) Interact with Snowflake Data Cloud (Data exfiltration simulation / Access Audit).

• Kubernetes MCP – Enumerate and manage K8s clusters (Pod security, RBAC checks).

• AWS MCP – Inspect AWS resources (S3 buckets, IAM roles, EC2) for misconfigurations.

• Docker MCP – Manage Docker containers and images. Useful for setting up attack labs or analyzing container images.

• Auth0 MCP – (Official) Management and interaction with Auth0 identity platform.

⚙️ Infrastructure Analysis (Monitoring)

• Grafana MCP – (Official) Access dashboards and data sources to visualize internal network status.

• Prometheus MCP – Query monitoring metrics to uncover internal system loads and running services.

🛠️ System & Forensics

• Filesystem MCP – Read/write local files. Critical for Log Analysis, config auditing, and data exfiltration simulation.

• Git MCP – Analyze git history and diffs to find sensitive data or past vulnerabilities.

• MCP Timeserver – Provides precise time context for correlation rules.

• pty-mcp-server – Spawn and interact with pseudo-terminals (PTY) for shell access.

🛡️ Security Operations (Blue/Purple)

• Google Security Operations MCP – Chronicle & Mandiant integration for threat hunting.

• Elastic Security MCP – SIEM interaction for log search and anomaly detection.

• Check Point Quantum MCP – Firewall management and policy review.

• Heimdall – Access control and governance layer for MCP tools.

• ToolHive – Management and registry for secure MCP server deployment.

• MCP Scan – Scan MCP connections for vulnerabilities and log interactions.

• MCP Shield – Security scanner specifically designed for MCP servers.

• MCP Guardian – Proxy and secure your MCP servers with access control.

🤝 Ops & Communication

• Discord MCP – Control Discord (can be used for C2 simulation or notifications).

• Telegram MCP – Telegram integration.

• WhatsApp MCP – WhatsApp Web API integration.

• Notion MCP – Automated pentest reporting to Notion.

• Obsidian MCP – Manage local knowledge base (Obsidian) for engagement notes.

• GitLab MCP – Manage repositories and issues.

🤖 Agentic AI Frameworks

Frameworks to build, test, and orchestrate your own offensive agents.

• Microsoft AutoGen

• CrewAI

• LangChain

• LangGraph

• Microsoft Semantic Kernel

• Agno

• CAI (Cybersecurity AI)

• AgentFence – Testing AI agent vulnerabilities.

• Pentagi – Autonomous AI penetration tester.

• Agentic Security Scanner

🤝 Contributing

Contributions are always welcome!

1. Fork the project.

2. Create your feature branch (git checkout -b add/new-mcp-tool).

3. Add the link and description to the appropriate category.

4. Commit your changes.

5. Open a Pull Request.

Important: Please ensure your submission meets one of the following criteria:

• 30+ GitHub Stars

• Personally Tested: If it has fewer stars, please explain in the PR how you used it and why it's useful.

🧾 License

This project is released under the Creative Commons Zero license. Public domain — use freely.