Content
# MCP-SecurityTools Introduction
**MCP-SecurityTools is an open-source project focused on collecting and updating tools related to MCP in the field of cybersecurity. It aims to aggregate, organize, and optimize various security tools, techniques, and practical experiences related to MCP.**
| mcp name | Introduction |
| ------------------------------------------------------------ | -------------------------------------- |
| [uncover-MCP](#1-uncover-mcp-enables-ai-to-call-fofashodan) | Enables AI to call FOFA/SHODAN. |
| [ENScan_GO-MCP](#2-enscan_go-mcp-enables-ai-to-collect-information-with-one-key) | Enables AI to collect information with one key. |
| [VirusTotal-MCP](#3-virustotal-mcp-enables-ai-to-perform-security-analysis-with-virustotal) | Enables AI to perform security analysis with VirusTotal. |
| [cloudsword-MCP](#4-cloudsword-mcp-enables-ai-to-have-cloud-security-capabilities) | Enables AI to have cloud security capabilities, a one-liner for cloud environments. |
| [ZoomEye-MCP](#5-zoomeye-mcp-enables-ai-to-query-zoomeye-for-network-asset-information) | Enables AI to query ZoomEye for network asset information. |
| [AWVS-MCP](#6-awvs-mcp-enables-ai-to-call-awvs-for-vulnerability-scanning) | Enables AI to call AWVS for vulnerability scanning. |
| GhidraMCP | To be updated, planned |
| IDA-MCP | To be updated, planned |
| Nmap-MCP | To be updated, planned |
## Zero: Introduction
MCP (Model Context Protocol) is an open protocol designed to standardize how applications provide context to LLM (Large Language Model). You can think of MCP as the USB-C interface for AI applications. Just as USB-C provides a standardized way for devices to connect various peripherals and accessories, MCP provides a standardized way for AI models to connect to different data sources and tools.
### 0.1 Why Choose MCP?
MCP helps you build agents and complex workflows on top of LLMs. LLMs often need to integrate with data and tools, and MCP provides:
- A pre-built list of integrations that your LLM can connect to directly
- Flexibility to switch between different LLM providers and vendors
- Best practices for protecting data within your infrastructure
### 0.2 Overall Architecture
Essentially, MCP follows a client-server architecture, where the host application can connect to multiple servers:
**MCP Host**: Programs like Claude, Cherry Studio client, IDE, or AI tools that want to access data via MCP.
- **MCP Client**: A protocol client that maintains a 1:1 connection with the server
- **MCP Server**: A lightweight program that exposes specific functionalities through a standardized model context protocol
- **Local Data Sources**: Computer files, databases, and services that the MCP server can securely access
- **Remote Services**: External systems provided over the internet that the MCP server can connect to (e.g., via API)
---
## 1: uncover-MCP (Enables AI to call FOFA/SHODAN)
**Project Address:** `https://github.com/Co5mos/uncover-mcp`
### 1.1 Compilation Instructions
```
# Clone the repository
git clone https://github.com/Co5mos/uncover-mcp
cd uncover-mcp
# Build the project (requires Go 1.21 or higher)
go build -o uncover-mcp ./cmd/uncover-mcp
# It is recommended to use the author's build file: https://github.com/Co5mos/uncover-mcp/releases/tag/v0.0.1-beta
```
### 1.2 Usage Instructions
**Run as MCP service instance:**
```json
{
"mcpServers": {
"uncover-mcp": {
"command": "./uncover-mcp",
"args": [],
"env": {
"SHODAN_API_KEY": "",
"FOFA_EMAIL": "",
"FOFA_KEY": ""
}
}
}
}
```
**Usage in Cherry Studio**
> For the Cherry Studio MCP usage tutorial, see: `https://docs.cherry-ai.com/advanced-basic/mcp`
```json
{
"mcpServers": {
"uncover-mcp": {
"name": "uncover-mcp",
"isActive": true,
"command": "You compile the uncover-mcp binary file",
"args": [
"uncover-mcp"
],
"env": {
"SHODAN_API_KEY": "xxxxxxxxxx",
"FOFA_EMAIL": "xxxxxxxxxx",
"FOFA_KEY": "xxxxxxxxxx"
}
}
}
}
```
**Usage in CLI**
```json
{
"mcpServers": {
"uncover-mcp": {
"command": "You compile the uncover-mcp binary file",
"args": [],
"env": {
"SHODAN_API_KEY": "xxxxxxxxxx",
"FOFA_EMAIL": "xxxxxxxxxx",
"FOFA_KEY": "xxxxxxxxxx"
},
"autoApprove": [
"fofa"
]
}
}
}
```
## 2: ENScan_GO-MCP (Enables AI to collect information with one key)
**Project Address:** `https://github.com/wgpsec/ENScan_GO`
### 2.1 Using MCP
Start the MCP server, which will listen on `http://localhost:8080`
```
./enscan --mcp
```
**Example Configuration for Cherry Studio**
## 3: VirusTotal-MCP (Enables AI to perform security analysis with VirusTotal)
**Project Address:** `https://github.com/BurtTheCoder/mcp-virustotal`
### 3.1 Compilation Instructions
```txt
# Node environment is required
git clone https://github.com/BurtTheCoder/mcp-virustotal.git
cd mcp-virustotal
npm install
npm run build
```
### 3.2 Usage Instructions
**Usage in Cherry Studio**
> For the Cherry Studio MCP usage tutorial, see: `https://docs.cherry-ai.com/advanced-basic/mcp`
```json
{
"mcpServers": {
"s4Q9KPP86Ec_MWVfGURLI": {
"isActive": true,
"name": "virustotal-mcp",
"description": "virustotal-mcp",
"command": "node",
"args": [
"--experimental-modules",
"You compile the uncover-mcp binary file"
],
"env": {
"VIRUSTOTAL_API_KEY": "xxxxxxxxxx"
}
}
}
}
```
**Usage in CLI**
```json
{
"mcpServers": {
"virustotal": {
"command": "node",
"args": [
"--experimental-modules",
"You compile the uncover-mcp binary file"
],
"env": {
"VIRUSTOTAL_API_KEY": "xxxxxxxxxx"
},
"autoApprove": [
"get_url_report",
"get_file_report",
"get_url_relationship",
"get_ip_report",
"get_domain_report",
"get_url_relationship",
"get_file_relationship"
]
}
}
}
```
## 4: cloudsword-MCP (Enables AI to have cloud security capabilities)
**Project Address:** `https://github.com/wgpsec/cloudsword`
> cloudsword has supported the MCP protocol since version v0.0.2, supporting SSE and STDIO modes.
Use the command `./cloudsword sse http://localhost:8080` to listen on port 8080 locally.
### 4.1 Usage Instructions
**Usage in Cherry Studio**
**Currently, testing in CLI is not functional; will resolve later.**
**SSE Mode**
For Cherry stdio, fill in `http://localhost:8080/sse` to obtain tool information.
```json
{
"mcpServers": {
"iAcI362KsjDNFU_FqZEaO": {
"isActive": true,
"name": "cloudsword-MCP",
"description": "",
"baseUrl": "http://localhost:8080/sse"
}
}
}
```
[](https://github.com/wgpsec/cloudsword/blob/master/static/image-20250401193340509.png)
**STDIO Mode**
```json
{
"mcpServers": {
"iAcI362KsjDNFU_FqZEaO": {
"name": "cloudsword-MCP",
"description": "Enables AI to have cloud security capabilities",
"isActive": true,
"command": "You compile the uncover-mcp binary file",
"args": [
"stdio"
]
}
}
}
```
[](https://github.com/wgpsec/cloudsword/blob/master/static/image-20250401193444375.png)
**Usage Example**
[](https://github.com/wgpsec/cloudsword/blob/master/static/image-20250401194214015.png)
## 5: ZoomEye-MCP (Enables AI to query ZoomEye for network asset information)
**Project Address:** `https://github.com/zoomeye-ai/mcp_zoomeye`
> Allows large language models (LLMs) to query ZoomEye for network asset information using dork and other search parameters.
**Usage Tutorial:** Officially detailed at `https://github.com/zoomeye-ai/mcp_zoomeye`
### 5.1 Usage Instructions
**Usage in Cherry Studio**
**Installation Instructions**
```
# Install via pip
pip install mcp-server-zoomeye
```
```json
{
"mcpServers": {
"zoomeye": {
"isActive": true,
"name": "zoomeye-MCP",
"description": "zoomeye-MCP",
"command": "uvx",
"args": [
"mcp-server-zoomeye"
],
"env": {
"ZOOMEYE_API_KEY": "xxxxxxxxx"
}
}
}
}
```
## 6: AWVS-MCP (Enables AI to call AWVS for vulnerability scanning)
**Project Address:** `https://github.com/Ta0ing/MCP-SecurityTools/tree/main/awvs-mcp`
> Supports SSE and STDIO modes.
Use the command `awvs-mcp sse --port 8080` to listen on port 8080 locally.
### 6.1 Usage Instructions
**Usage in Cherry Studio**
**SSE Mode**
For Cherry stdio, fill in `http://localhost:8080/sse` to obtain tool information.
