From 75d2429b24b857accd916357003c35727c26f387 Mon Sep 17 00:00:00 2001 From: tduhamel42 Date: Fri, 6 Mar 2026 15:56:59 +0100 Subject: [PATCH] Expand CI, tests, and docker-compose to cover all 38 MCPs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - CI build matrix: 17 → 38 entries (all MCPs now tested) - test_mcp_servers.py: add 15 missing wrappers to MCP_WRAPPERS - docker-compose.yml: add 7 missing services (burp, ida, maigret, dnstwist, virustotal, bloodhound, hashcat), fix duplicate port 3024 - test_builds.sh: expand from 20 → 38 MCPs - README.md: update badges (38 MCPs, 300+ tools), fix Fuzzing table - generate_docs.py: add Blockchain Security and Fuzzing categories Co-Authored-By: Claude Opus 4.6 --- .github/workflows/build.yml | 84 +++++++++++++++--- README.md | 19 ++-- docker-compose.yml | 169 +++++++++++++++++++++++++++++++++++- scripts/generate_docs.py | 2 + scripts/test_builds.sh | 40 ++++++++- tests/test_mcp_servers.py | 15 ++++ 6 files changed, 301 insertions(+), 28 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index eb448f6..3c5b381 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -30,38 +30,94 @@ jobs: fail-fast: false matrix: include: + # Reconnaissance - name: nmap-mcp context: ./reconnaissance/nmap-mcp + - name: shodan-mcp + context: ./reconnaissance/shodan-mcp + - name: pd-tools-mcp + context: ./reconnaissance/pd-tools-mcp + - name: whatweb-mcp + context: ./reconnaissance/whatweb-mcp + - name: masscan-mcp + context: ./reconnaissance/masscan-mcp + - name: zoomeye-mcp + context: ./reconnaissance/zoomeye-mcp + - name: networksdb-mcp + context: ./reconnaissance/networksdb-mcp + - name: externalattacker-mcp + context: ./reconnaissance/externalattacker-mcp + # Web Security - name: nuclei-mcp context: ./web-security/nuclei-mcp - name: sqlmap-mcp context: ./web-security/sqlmap-mcp + - name: nikto-mcp + context: ./web-security/nikto-mcp + - name: ffuf-mcp + context: ./web-security/ffuf-mcp + - name: waybackurls-mcp + context: ./web-security/waybackurls-mcp + - name: burp-mcp + context: ./web-security/burp-mcp + # Binary Analysis - name: binwalk-mcp context: ./binary-analysis/binwalk-mcp - name: yara-mcp context: ./binary-analysis/yara-mcp - name: capa-mcp context: ./binary-analysis/capa-mcp - - name: ffuf-mcp - context: ./web-security/ffuf-mcp - - name: whatweb-mcp - context: ./reconnaissance/whatweb-mcp - - name: masscan-mcp - context: ./reconnaissance/masscan-mcp + - name: radare2-mcp + context: ./binary-analysis/radare2-mcp + - name: ghidra-mcp + context: ./binary-analysis/ghidra-mcp + - name: ida-mcp + context: ./binary-analysis/ida-mcp + # Blockchain Security + - name: daml-viewer-mcp + context: ./blockchain/daml-viewer-mcp + - name: medusa-mcp + context: ./blockchain/medusa-mcp + - name: solazy-mcp + context: ./blockchain/solazy-mcp + # Cloud Security + - name: trivy-mcp + context: ./cloud-security/trivy-mcp - name: prowler-mcp context: ./cloud-security/prowler-mcp - - name: searchsploit-mcp - context: ./exploitation/searchsploit-mcp + - name: roadrecon-mcp + context: ./cloud-security/roadrecon-mcp + # Secrets Detection - name: gitleaks-mcp context: ./secrets/gitleaks-mcp + # Exploitation + - name: searchsploit-mcp + context: ./exploitation/searchsploit-mcp + # Fuzzing + - name: boofuzz-mcp + context: ./fuzzing/boofuzz-mcp + - name: dharma-mcp + context: ./fuzzing/dharma-mcp + # OSINT + - name: maigret-mcp + context: ./osint/maigret-mcp + - name: dnstwist-mcp + context: ./osint/dnstwist-mcp + # Threat Intelligence + - name: virustotal-mcp + context: ./threat-intel/virustotal-mcp + - name: otx-mcp + context: ./threat-intel/otx-mcp + # Active Directory + - name: bloodhound-mcp + context: ./active-directory/bloodhound-mcp + # Password Cracking + - name: hashcat-mcp + context: ./password-cracking/hashcat-mcp + # Code Security - name: semgrep-mcp context: ./code-security/semgrep-mcp - - name: networksdb-mcp - context: ./reconnaissance/networksdb-mcp - - name: externalattacker-mcp - context: ./reconnaissance/externalattacker-mcp - - name: roadrecon-mcp - context: ./cloud-security/roadrecon-mcp + # Meta - name: mcp-scan context: ./meta/mcp-scan diff --git a/README.md b/README.md index e7dd3b9..910a4f8 100644 --- a/README.md +++ b/README.md @@ -8,15 +8,15 @@ Production-ready, Dockerized MCP (Model Context Protocol) servers for offensive security tools. Enable AI assistants like Claude to perform security assessments, vulnerability scanning, and binary analysis.

- 36 MCPs - 185+ Tools + 38 MCPs + 300+ Tools Docker Ready

## Features -- **36 MCP Servers** covering reconnaissance, web security, binary analysis, blockchain security, cloud security, code security, secrets detection, threat intelligence, OSINT, Active Directory, and more -- **175+ Security Tools** accessible via natural language through Claude or other MCP clients +- **38 MCP Servers** covering reconnaissance, web security, binary analysis, blockchain security, cloud security, code security, secrets detection, threat intelligence, OSINT, Active Directory, fuzzing, and more +- **300+ Security Tools** accessible via natural language through Claude or other MCP clients - **Production Hardened** - Non-root containers, minimal images, Trivy-scanned - **Docker Compose** orchestration for multi-tool workflows - **CI/CD Ready** with GitHub Actions for automated builds and security scanning @@ -138,11 +138,12 @@ For project-level config, copy `.mcp.json` to your project root. See [examples/] |--------|-------|-------------| | [searchsploit-mcp](./exploitation/searchsploit-mcp) | 5 | Exploit-DB search and retrieval | -### Fuzzing (2 server) - Server | Tools | Description | - |--------|-------|-------------| - | [boofuzz-mcp](./fuzzing/boofuzz-mcp) | 4 | Network protocol fuzzing using Boofuzz | - | [dharma-mcp](./fuzzing/dharma-mcp) | 2 | Grammar-based test case generation | +### Fuzzing (2 servers) + +| Server | Tools | Description | +|--------|-------|-------------| +| [boofuzz-mcp](./fuzzing/boofuzz-mcp) | 4 | Network protocol fuzzing using Boofuzz | +| [dharma-mcp](./fuzzing/dharma-mcp) | 2 | Grammar-based test case generation | ### OSINT (2 servers) diff --git a/docker-compose.yml b/docker-compose.yml index 3e0d006..11ddeb0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -785,7 +785,7 @@ services: image: semgrep-mcp:latest container_name: semgrep-mcp ports: - - "3024:3000" + - "3030:3000" networks: - mcp-network restart: unless-stopped @@ -896,6 +896,173 @@ services: cpus: '0.5' memory: 256M + # =========================================================================== + # Web Security (additional) + # =========================================================================== + burp-mcp: + build: + context: ./web-security/burp-mcp + dockerfile: Dockerfile + image: burp-mcp:latest + container_name: burp-mcp + ports: + - "3031:3000" + networks: + - mcp-network + restart: unless-stopped + security_opt: + - no-new-privileges:true + cap_drop: + - ALL + deploy: + resources: + limits: + cpus: '1' + memory: 512M + + # =========================================================================== + # Binary Analysis (additional) + # =========================================================================== + ida-mcp: + build: + context: ./binary-analysis/ida-mcp + dockerfile: Dockerfile + image: ida-mcp:latest + container_name: ida-mcp + ports: + - "3032:3000" + networks: + - mcp-network + restart: unless-stopped + security_opt: + - no-new-privileges:true + cap_drop: + - ALL + deploy: + resources: + limits: + cpus: '1' + memory: 1G + + # =========================================================================== + # OSINT + # =========================================================================== + maigret-mcp: + build: + context: ./osint/maigret-mcp + dockerfile: Dockerfile + image: maigret-mcp:latest + container_name: maigret-mcp + ports: + - "3033:3000" + networks: + - mcp-network + restart: unless-stopped + security_opt: + - no-new-privileges:true + cap_drop: + - ALL + deploy: + resources: + limits: + cpus: '1' + memory: 512M + + dnstwist-mcp: + build: + context: ./osint/dnstwist-mcp + dockerfile: Dockerfile + image: dnstwist-mcp:latest + container_name: dnstwist-mcp + ports: + - "3034:3000" + networks: + - mcp-network + restart: unless-stopped + security_opt: + - no-new-privileges:true + cap_drop: + - ALL + deploy: + resources: + limits: + cpus: '1' + memory: 512M + + # =========================================================================== + # Threat Intelligence (additional) + # =========================================================================== + virustotal-mcp: + build: + context: ./threat-intel/virustotal-mcp + dockerfile: Dockerfile + image: virustotal-mcp:latest + container_name: virustotal-mcp + environment: + - VIRUSTOTAL_API_KEY=${VIRUSTOTAL_API_KEY:-} + ports: + - "3035:3000" + networks: + - mcp-network + restart: unless-stopped + security_opt: + - no-new-privileges:true + cap_drop: + - ALL + deploy: + resources: + limits: + cpus: '0.5' + memory: 256M + + # =========================================================================== + # Active Directory + # =========================================================================== + bloodhound-mcp: + build: + context: ./active-directory/bloodhound-mcp + dockerfile: Dockerfile + image: bloodhound-mcp:latest + container_name: bloodhound-mcp + ports: + - "3036:3000" + networks: + - mcp-network + restart: unless-stopped + security_opt: + - no-new-privileges:true + cap_drop: + - ALL + deploy: + resources: + limits: + cpus: '1' + memory: 1G + + # =========================================================================== + # Password Cracking + # =========================================================================== + hashcat-mcp: + build: + context: ./password-cracking/hashcat-mcp + dockerfile: Dockerfile + image: hashcat-mcp:latest + container_name: hashcat-mcp + ports: + - "3037:3000" + networks: + - mcp-network + restart: unless-stopped + security_opt: + - no-new-privileges:true + cap_drop: + - ALL + deploy: + resources: + limits: + cpus: '2' + memory: 2G + # ============================================================================= # Networks # ============================================================================= diff --git a/scripts/generate_docs.py b/scripts/generate_docs.py index 4f4440d..966fa9b 100644 --- a/scripts/generate_docs.py +++ b/scripts/generate_docs.py @@ -195,9 +195,11 @@ def generate_site(): 'Reconnaissance': {'icon': 'bi-search', 'color': '#3498db'}, 'Web Security': {'icon': 'bi-globe', 'color': '#e74c3c'}, 'Binary Analysis': {'icon': 'bi-file-binary', 'color': '#9b59b6'}, + 'Blockchain Security': {'icon': 'bi-currency-bitcoin', 'color': '#f7931a'}, 'Cloud Security': {'icon': 'bi-cloud', 'color': '#1abc9c'}, 'Secrets Detection': {'icon': 'bi-key', 'color': '#f39c12'}, 'Exploitation': {'icon': 'bi-bug', 'color': '#c0392b'}, + 'Fuzzing': {'icon': 'bi-shuffle', 'color': '#e67e22'}, 'OSINT': {'icon': 'bi-person-badge', 'color': '#2980b9'}, 'Threat Intelligence': {'icon': 'bi-shield-exclamation', 'color': '#8e44ad'}, 'Active Directory': {'icon': 'bi-diagram-3', 'color': '#27ae60'}, diff --git a/scripts/test_builds.sh b/scripts/test_builds.sh index 4ccf5f8..574868d 100755 --- a/scripts/test_builds.sh +++ b/scripts/test_builds.sh @@ -17,26 +17,58 @@ if ! docker info > /dev/null 2>&1; then fi MCPS=( + # Reconnaissance "reconnaissance/nmap-mcp" "reconnaissance/shodan-mcp" "reconnaissance/pd-tools-mcp" "reconnaissance/whatweb-mcp" "reconnaissance/masscan-mcp" + "reconnaissance/zoomeye-mcp" + "reconnaissance/networksdb-mcp" + "reconnaissance/externalattacker-mcp" + # Web Security "web-security/nuclei-mcp" "web-security/sqlmap-mcp" "web-security/nikto-mcp" "web-security/ffuf-mcp" - "binary-analysis/radare2-mcp" + "web-security/waybackurls-mcp" + "web-security/burp-mcp" + # Binary Analysis "binary-analysis/binwalk-mcp" "binary-analysis/yara-mcp" "binary-analysis/capa-mcp" + "binary-analysis/radare2-mcp" + "binary-analysis/ghidra-mcp" + "binary-analysis/ida-mcp" + # Blockchain Security + "blockchain/daml-viewer-mcp" + "blockchain/medusa-mcp" + "blockchain/solazy-mcp" + # Cloud Security "cloud-security/trivy-mcp" "cloud-security/prowler-mcp" + "cloud-security/roadrecon-mcp" + # Secrets Detection + "secrets/gitleaks-mcp" + # Exploitation "exploitation/searchsploit-mcp" - "blockchain/daml-viewer-mcp" - "blockchain/solazy-mcp", - "fuzzing/dharma-mcp", + # Fuzzing "fuzzing/boofuzz-mcp" + "fuzzing/dharma-mcp" + # OSINT + "osint/maigret-mcp" + "osint/dnstwist-mcp" + # Threat Intelligence + "threat-intel/virustotal-mcp" + "threat-intel/otx-mcp" + # Active Directory + "active-directory/bloodhound-mcp" + # Password Cracking + "password-cracking/hashcat-mcp" + # Code Security + "code-security/semgrep-mcp" + # Meta + "meta/mcp-scan" ) PASSED=0 diff --git a/tests/test_mcp_servers.py b/tests/test_mcp_servers.py index 0352776..bdb995e 100644 --- a/tests/test_mcp_servers.py +++ b/tests/test_mcp_servers.py @@ -43,8 +43,23 @@ MCP_WRAPPERS = [ ("reconnaissance", "shodan-mcp"), ("reconnaissance", "pd-tools-mcp"), + ("reconnaissance", "zoomeye-mcp"), + ("reconnaissance", "networksdb-mcp"), + ("reconnaissance", "externalattacker-mcp"), ("web-security", "nikto-mcp"), + ("web-security", "burp-mcp"), ("binary-analysis", "radare2-mcp"), + ("binary-analysis", "ghidra-mcp"), + ("binary-analysis", "ida-mcp"), + ("cloud-security", "roadrecon-mcp"), + ("code-security", "semgrep-mcp"), + ("osint", "maigret-mcp"), + ("osint", "dnstwist-mcp"), + ("threat-intel", "virustotal-mcp"), + ("threat-intel", "otx-mcp"), + ("active-directory", "bloodhound-mcp"), + ("password-cracking", "hashcat-mcp"), + ("meta", "mcp-scan"), ] # All MCPs (for file existence tests)