Servers interacting with security tools and platforms, vulnerability databases, security scanning, network security tools, or identity management.

• Agnuxo1/enigmagent-mcp: Encrypted local vault MCP server (AES-256-GCM + Argon2id) that resolves {{PLACEHOLDER}} secrets at runtime so API keys never appear in LLM prompts, logs, or context. Local-only, MIT, zero telemetry. npx enigmagent-mcp.

• rudi193-cmd/willow-1.7: Portless MCP server with PGP-signed SAFE manifest authorization. SQLite + Postgres knowledge graph, bubblewrap-sandboxed task queue, file intake pipeline, and local inference with free cloud fallback. Zero network attack surface — stdio only, no HTTP listeners.

• AgentSeal - Action logs for AI agents. Records every action in a SHA-256 hash chain for verifiable audit trails. Install via npx agentseal-mcp.

• Agent Trust Stack MCP - Cryptographic provenance, trust scoring, and tamper-evident logging for AI agent interactions via the Chain of Consciousness protocol.

• Chill-AI-Space/vault-mcp: MCP server for credential isolation — agents use passwords and API keys without seeing them in context. AES-256-GCM encryption, Chrome CDP login, API key proxy, tamper-proof audit trail.

• ElromEvedElElyon/solanashield-mcp: AI-powered Solana smart contract security audit server with 40 vulnerability patterns (8 critical, 12 high, 12 medium, 8 low) and 12 MCP tools covering access control, CPI safety, PDA, token operations, arithmetic, and DeFi exploits.

• ark-forge/arkforge-mcp: Certifying proxy for AI agent API calls. Every tool call becomes a signed, timestamped Agent Action Receipt (AAR). Model-agnostic and vendor-independent — works across any LLM provider or infrastructure.

• MoltyCel/moltrust-mcp-server: Decentralized agent identity and reputation toolkit — DID creation, trust scoring, credential verification, and ERC-8004 on-chain identity integration. 11 tools for verifying AI agent identities and managing trust on Base (Ethereum L2).

• ndl-systems/kevros-copilot: Precision decisioning for autonomous agents — cryptographic ALLOW/CLAMP/DENY authorization with HMAC-signed release tokens and hash-chained provenance. Free tier: 100 calls/month. Live gateway

• slowmist/MasterMCP: MasterMCP demonstrates security vulnerabilities in MCP frameworks through practical attack examples, aiding developers in understanding and mitigating potential risks.

• smq9sn5jck-coder/causallayer-mcp: Deterministic AI-liability attribution. Issues signed, Bitcoin-anchored CausalCertificateV1 receipts that compute vendor/deployer/user fault shares for AI incidents — closed-form math, no LLM in the scoring path. Free demo at https://mcp.faultkey.com/mcp.

• sxhxliang/mcp-security-scan: A Rust application for scanning and verifying the security of Model Context Protocol server configurations, prompts, resources, and tools.

• xlyoung/mcp-doctor: Scan, score, and install MCP servers with confidence. 9 security detection engines, quality scoring (0-100), and curated registry of 200+ pre-scored servers. pip install mcpdoctor.

• Eliran79/Vulnerable-file-reader-server: A Python MCP server showcasing command injection vulnerabilities for educational purposes, highlighting the risks of improper input sanitization.

• R3verseIN/HackerMCP: HackerMCP empowers AI assistants to utilize penetration testing and security tools like Nmap and Metasploit through a streamlined interface.

• RobertoDure/mcp-vulnerability-scanner: Scan IP addresses for vulnerabilities using Nmap and API-based checks, providing detailed reports with severity and remediation steps.

• crazyMarky/mcp_nuclei_server: Facilitates vulnerability scanning using Nuclei with MCP protocol integration, offering configurable filtering and JSON output.

• Medinios/SuricataMCP: SuricataMCP enables autonomous network traffic analysis using Suricata through a Model Context Protocol server, facilitating seamless integration with AI coding tools.

• dev-lu/PentestMCP: Facilitates security scans on Kali Linux using natural language commands via LLMs like Claude.

• The-Nexus-Guard/aip-mcp-server: Agent Identity Protocol MCP server providing cryptographic identity verification, trust chain management, and secure messaging for AI agents via 8 tools including DID creation, challenge-response verification, vouching, and artifact signing.

• trustasia-com/myssl-mcp-server-python: MySSL MCP Server performs site security certificate inspections, integrating with LLM models for enhanced analysis.

• dkvdm/onepassword-mcp-server: Facilitates secure credential retrieval from 1Password for integration with Agentic AI.

• GH05TCREW/MetasploitMCP: Facilitates AI-driven interaction with Metasploit for dynamic security testing and exploitation workflows.

• EdenYavin/Garak-MCP: Facilitates vulnerability scanning on various LLMs using Garak through a lightweight MCP server.

• GH05TCREW/winsecMCP: Automates Windows security configuration by managing firewall, RDP, UAC, and account policies.

• CyberSecurityUP/Offensive-MCP-AI: A cybersecurity-focused MCP server that integrates AI for autonomous red teaming, threat hunting, and incident response automation.

• ashgw/vault-mcp: Facilitates secure interaction with HashiCorp Vault for secret and policy management through a Model Context Protocol server.

• ca-risken/risken-mcp-server: Facilitates seamless integration with RISKEN APIs for advanced automation and interaction capabilities.

• mytechnotalent/MalwareBazaar_MCP: AI-driven server autonomously interfaces with MalwareBazaar for real-time threat intelligence and sample metadata in cybersecurity research.

• jmorrell-cloudflare/mcp-bearer-auth-example: A remote MCP server implementation on Cloudflare utilizing Bearer Token authentication for secure connections.

• naebo/mcp-external-recon-server: Conducts active external reconnaissance with DNS enumeration, subdomain discovery, and SSL certificate inspection for offensive security engagements.

• javaDer/mcp-sentry-custom: Facilitates the retrieval and analysis of issues from Sentry, providing detailed insights into error reports and debugging information.

• auth0/auth0-mcp-server: Facilitates natural language-driven management of Auth0 operations through integration with LLMs and AI agents.

• bornpresident/MISP-MCP-SERVER: Integrates with MISP to enhance threat intelligence capabilities for Large Language Models.

• JithukrishnanV/MCP-CyberAgent: MCP-CyberAgent connects Claude Desktop with cybersecurity tools like VirusTotal, Nmap, and Shodan for AI-driven threat detection and network analysis.

• elliotllliu/agent-shield: Security scanner for AI agent skills, MCP servers, and plugins. 31 rules detect prompt injection (8 languages), data exfiltration, backdoors, tool poisoning, and cross-file attack chains. Includes MCP runtime proxy for real-time interception. Free, offline, zero-config.

• gleicon/mcp-osv: Facilitates code security reviews by integrating with OSV.dev and AI models to identify vulnerabilities.

• enkryptai/enkryptai-mcp-server: Integrate red-teaming, prompt auditing, and AI safety analysis into any MCP-compatible client with Enkrypt AI MCP Server.

• Eacus/misp-mcp: Facilitates interaction with MISP through a Model Context Protocol server, enabling seamless integration with AI models for enhanced data management and analysis.

• MorDavid/ExternalAttacker-MCP: ExternalAttacker integrates automated reconnaissance tools with a natural language interface for comprehensive external attack surface management.

• stoyky/mitre-attack-mcp: Facilitates querying and visualizing the MITRE ATT&CK knowledge base, enabling threat actor and malware attribution through a Model-Context Protocol server.

• stevenyu113228/BloodHound-MCP: BloodHound MCP enables LLMs to interact with and analyze Active Directory environments using natural language queries, enhancing the BloodHound tool's capabilities.

• Ludok-4/Ghidra: ghidraMCP enables LLMs to autonomously reverse engineer applications by integrating Ghidra's decompilation and analysis tools with MCP clients.

• PortSwigger/mcp-server: Integrates Burp Suite with AI clients using the Model Context Protocol, featuring automatic installation for Claude Desktop and a packaged Stdio MCP proxy server.

• Gaffx/volatility-mcp: Integrates Volatility 3's memory analysis capabilities with FastAPI and MCP for seamless AI-assisted memory forensics.

• Kirandawadi/volatility3-mcp: Volatility3 MCP Server enables seamless memory forensics through natural language interfaces, allowing LLMs to analyze memory dumps and detect malware efficiently.

• darrenjrobinson/HIBP-MCP-Server: Enables natural language queries to the Have I Been Pwned API for checking email breaches, specific breach details, password exposures, and pastes.

• refuse1993/mandiant-mcp: Integrates Mandiant API with Claude Desktop for threat intelligence and vulnerability analysis.

• bookmd/Secure-Coding-MCP: Enhances AI-generated code security by integrating security guidelines into Cursor's code generation process.

• jamiesonio/defectdojo-mcp: Connects LLMs to DefectDojo for AI-driven security workflows, enabling natural language interaction with vulnerability data and automating reporting.

• pullkitsan/mobsf-mcp-server: Utilizes MobSF's API to scan and analyze APK and IPA files through an MCP-compatible interface.

• ccq1/awsome_kali_MCPServers: Empowers AI agents in Kali Linux environments with advanced reverse engineering and security testing capabilities through a suite of MCP servers.

• jiriknesl/tor-request-mcp: Facilitates GET and POST requests through Tor hidden services, enhancing privacy and anonymity for internet interactions.

• Ta0ing/MCP-SecurityTools: A comprehensive collection of security tools and techniques for enhancing AI capabilities in network security through MCP integrations.

• bornpresident/Volatility-MCP-Server: Integrates Volatility 3 memory forensics with Claude, enabling natural language-driven memory analysis for digital forensic investigations.

• Hexix23/shodan-mcp: SHODAN-MCP provides a robust interface to the Shodan API, enabling security professionals to efficiently explore and analyze internet-connected devices using the MCP protocol.

• N0el4kLs/BurpMCP: Facilitates data retrieval from Burp Suite's proxy history for enhanced security testing and analysis.

• arsolutioner/secure-annex-mcp: A specialized server for evaluating and enhancing the security of browser extensions through comprehensive analysis and vulnerability detection.

• Cyreslab-AI/nessus-mcp-server: Facilitates AI-driven vulnerability scanning and analysis using the Tenable Nessus scanner via the MCP protocol.

• Cyreslab-AI/burpsuite-mcp-server: Facilitates AI-driven web security testing by interfacing with Burpsuite Professional for vulnerability scanning and proxy analysis.

• 0xPratikPatil/NmapMCP: Integrates Nmap scanning capabilities with MCP for seamless network analysis in compatible environments.

• JerryR7/gitlab-zero-leak-mcp: A security-focused GitLab API MCP Server designed to prevent source code leakage while maintaining full functionality for LLM-based agents.

• kzk-maeda/mcp-guardrail: A secure MCP server that executes only pre-authorized commands, ideal for high-security environments.

• colygon/zkpmcp: Facilitates zero-knowledge proof operations using Circom, enabling secure verification without revealing sensitive data.

• shinzo-labs/heimdall: Heimdall acts as a guardian proxy to manage and authorize MCP server tools for multiple clients on a single device.

• Rul1an/assay: The firewall for MCP tool calls — policy enforcement proxy with allow/deny/constraints, replayable evidence bundles, and OWASP MCP Top 10 coverage. Run via assay mcp wrap --policy X -- npx server.

• atamaplus-public/mcp-guardrail: MCP Guardrail Server provides a secure environment for executing pre-authorized commands, ideal for high-security applications.

• cmsparks/mcp-bearer-auth-test: Deploy and manage a remote MCP server on Cloudflare Workers with OAuth login and integration with Claude Desktop.

• securityfortech/secops-mcp: A comprehensive security testing toolbox integrating popular open source tools via a unified MCP interface for tasks like pentesting and threat hunting.

• MCPPhalanx/binaryninja-mcp: Facilitates advanced binary analysis and manipulation through Binary Ninja integration.

• 0xKoda/WireMCP: WireMCP empowers LLMs with real-time network traffic analysis using Wireshark's tshark for threat detection and diagnostics.

• edoscars/pan-os-mcp: Facilitates natural language management and configuration of Palo Alto Networks firewalls via the XML API.

• rand-tech/pcm: A reverse engineering MCP server leveraging IDA for disassembly, decompilation, and memory analysis.

• ZeroPathAI/zeropath-mcp-server: Facilitates querying and managing ZeroPath security issues and patches through AI-assisted tools, enhancing security workflows with natural language interactions.

• Tokeii0/ctf-mcp-server: Facilitates AI-driven CTF problem-solving and creation through specialized MCP servers.

• 13bm/GhidraMCP: Enhances Ghidra's reverse engineering capabilities with AI-assisted binary analysis via the Model Context Protocol.

• 9olidity/MCP-Server-Pentest: A robust MCP server for automated browser-based vulnerability testing, including XSS and SQL injection detection, with comprehensive interaction capabilities.

• TheRaLabs/legion-mcp: Facilitates database access and query execution through MCP integration, supporting multiple databases with flexible deployment options.

• marcoeg/mcp-nvd: Facilitates querying the NIST National Vulnerability Database using the Model Context Protocol for real-time vulnerability data retrieval.

• Cyreslab-AI/exploitdb-mcp-server: Enhances cybersecurity research by enabling AI assistants to query ExploitDB for security exploits and vulnerabilities.

• LaurieWired/GhidraMCP: Facilitates autonomous reverse engineering of applications by LLMs using Ghidra's core functionalities.

• Cyreslab-AI/shodan-mcp-server: Provides AI assistants with Shodan API access for querying internet-connected devices and services.

• xue20010808/ThreatNews: Facilitates the collection of cyber threat information through an MCP server, with integration options for Neo4j knowledge graphs.

• xpn/mythic_mcp: A proof-of-concept MCP server that integrates Mythic for automated pentesting using LLMs.

• emeryray2002/mcp-secops-v3: Facilitates interaction with Google's Chronicle Security Operations API for security event management and alert retrieval.

• semgrep/mcp: Utilize Semgrep to efficiently scan code for security vulnerabilities through an MCP server interface.

• StacklokLabs/osv-mcp: Access the OSV (Open Source Vulnerabilities) database for vulnerability information. Query vulnerabilities by package version or commit, batch query multiple packages, and get detailed vulnerability information by ID.

• mohitparmar1/Solana-Wallet-Security-Scanner: A demo MCP server for Solana development, offering basic RPC methods and prompts to enhance Solana programming tasks.

• unmuktoai/Wazuh-MCP-Server: Integrates Wazuh security data with LLMs by transforming alerts into MCP-compliant JSON and exposing them via an HTTP endpoint.

• rad-security/mcp-server: Provides AI-powered security insights for Kubernetes and cloud environments.

• Spritualkb/nuclei-mcp: A TypeScript-based MCP server implementing a simple notes system with resources, tools, and prompts for note management and summarization.

• ThreatFlux/YaraFlux: YaraFlux empowers AI assistants to conduct YARA rule-based threat analysis through a modular MCP server architecture, integrating secure scanning and comprehensive rule management.

• lucasoeth/mitmproxy-mcp: Facilitates note storage and summarization with a custom URI scheme and prompt-based summarization tool.

• 1595901624/crypto-mcp: Crypto_MCP provides robust encryption, decryption, and hashing capabilities using AES, DES, and various hash algorithms.

• sammcj/mcp-snyk: Facilitates security scanning of repositories and Snyk projects with integration options for Claude desktop and Snyk CLI.

• qianniuspace/mcp-security-audit: Audits npm package dependencies for security vulnerabilities with real-time checks and automatic fix recommendations.

• kapilduraphe/okta-mcp-server: Facilitates user and group management in Okta through Claude integration.

• secmate-ai/CyberSecurity-MCPs: A collection of MCP servers focused on cybersecurity, featuring implementations like SQL injection testing and network space search engines.

• nahmanmate/better-auth-mcp-server: Enterprise-grade authentication management server with multi-protocol support and real-time threat detection.

• smithery-ai/netskope-mcp: Facilitates secure management of Netskope Network Private Access infrastructure using LLMs, enhancing Zero Trust Network Access capabilities.

• PhialsBasement/nmap-mcp-server: Facilitates AI-driven network scanning and security assessments using NMAP through a standardized MCP interface.

• bmorphism/slowtime-mcp-server: Facilitates secure time-based operations with timing attack protection and timelock encryption.

• Spathodea-Network/opencti-mcp: OpenCTI MCP Server integrates seamlessly with the OpenCTI platform to enable querying and retrieving cyber threat intelligence data through a standardized interface.

• BurtTheCoder/mcp-dnstwist: Facilitates domain permutation analysis to detect typosquatting and phishing threats using DNStwist.

• DynamicEndpoints/huntress-mcp-server: Facilitates seamless interaction with the Huntress API for account, organization, and incident management through a robust MCP server.

• BurtTheCoder/mcp-maigret: Facilitates OSINT research by enabling username searches and URL analysis across social networks using the Maigret tool.

• BurtTheCoder/mcp-virustotal: Query the VirusTotal API for comprehensive security analysis with automatic relationship data fetching, seamlessly integrating with MCP-compatible applications.

• BurtTheCoder/mcp-shodan: Query Shodan's network intelligence and security services with structured output for seamless integration.

• alexgoller/illumio-mcp-server: Enables programmatic interaction with Illumio PCE for workload management, label operations, and traffic flow analysis.

• Sladey01/github-snyk-server: Integrates GitHub repository access with Snyk security scanning for enhanced vulnerability analysis in Claude.

• fr0gger/MCP_Security: A Model Context Protocol server for querying the ORKL API, providing tools for threat intelligence analysis and integration with MCP-compatible applications.

• microsoft/agent-governance-toolkit: Kernel-level governance MCP server for AI agents — enforces deterministic policies (tool filtering, budget caps, rate limits, audit logging) instead of prompt-based guardrails. Part of microsoft/agent-lightning (14k★). Run via npx agentos-mcp-server.

• true-alter/alter-identity: Identity infrastructure for the AI economy — 33-trait psychometric engine delivering verified human identity via MCP. Tools for trait vectors, belonging probability, attunement depth, and privacy-gated inference. Streamable-HTTP remote server at https://mcp.truealter.com/api/v1/mcp. Free tier: 16 tools, 10 req/min.

• daedalus/mcp-cryptography - MCP server exposing cryptography library functionality.

• daedalus/mcp-ecdsa - MCP server for ECDSA cryptography.

• daedalus/mcp-hashlib - An MCP server that exposes hashlib functionality.

• daedalus/mcp-pcapy-ng - MCP server exposing pcapy-ng packet capture functionality.

• daedalus/mcp-pymetasploit3 - MCP server for Metasploit Framework via pymetasploit3.

• daedalus/mcp-pwntools - MCP server exposing pwntools functionality for binary exploitation.

• daedalus/mcp-recon-ng - MCP server exposing full recon-ng OSINT framework functionality.

• daedalus/mcp-reverse-engineering - Sandboxed MCP tool for reverse engineering with security restrictions.

• daedalus/mcp-server-nmap - MCP server that exposes the python-nmap API for network scanning.

• daedalus/mcp-shodan - MCP server exposing all Shodan API functionality.

• daedalus/mcp-smbmap - MCP server exposing smbmap SMB enumeration functionality.

• infai-tech/vulnfeed-mcp: Dependency vulnerability scanner with EPSS exploit probability scoring. Scans lockfiles (npm, pip, Go, Cargo, Ruby, Composer, Gradle, NuGet, Mix), prioritizes by real-world exploit likelihood, recommends fix versions. 9 MCP tools for scanning, monitoring, and alerting. Free tier + x402 micropayments. pip install vulnfeed-mcp.

• AgentLair: Secure identity infrastructure for AI agents — gives agents their own @agentlair.dev email address, encrypted credential vault, and cryptographically signed audit trail. Remote MCP server, no SMTP/DNS setup. npm: @agentlair/mcp.

• ClawSec: Security audit platform for MCP servers and AI agent skills. 5-tier analysis pipeline — static analysis, pattern matching, LLM semantic review, Firecracker sandbox execution, and LLM audit — detects malicious patterns, data exfiltration, and prompt injection. Database of 30,000+ audited skills with Trust Scores. Companion tool ClawSearch provides safe skill discovery with security ratings.

• ark-forge/mcp-eu-ai-act: Scans codebases for AI framework usage (16 frameworks) and checks compliance against EU AI Act requirements. Features 4-tier risk categorization, GDPR compliance checking, report generation, and compliance document templates.

• Kevros: Runtime intelligence for autonomous AI agents — cryptographic action verification, hash-chained provenance, ML-DSA-87 post-quantum attestation. Free tier: 1,000 calls/month. Paid via L402, x402, or MPP.

• bottobot/defense-mcp-server: 31 defensive security tools with 250+ actions for Linux system hardening, compliance auditing, firewall management, vulnerability scanning, and incident response. Dry-run by default.

• operantlabs/operant-mcp: Security testing MCP server with 51 tools for penetration testing, network forensics, memory analysis, and vulnerability assessment. Install via npx operant-mcp.

• piiiico/proof-of-commitment: Behavioral supply chain risk scoring for npm, PyPI, Cargo, and Go. Scores packages 0–100 on publisher concentration, release consistency, longevity, and OpenSSF Scorecard. Flags sole-publisher packages with high download counts — the attack profile behind LiteLLM and axios compromises. 11 MCP tools via remote Streamable HTTP. Also: CLI (npx proof-of-commitment), REST API, GitHub Action, Cursor + Claude Code hooks.

• scopeblind/scopeblind-gateway: Security gateway for MCP servers — per-tool policies (Cedar + JSON), Ed25519-signed decision receipts, human approval gates, trust tiers. Shadow mode by default. Install via npx protect-mcp.

• shadoprizm/cyberlens-mcp-server: Security scanning MCP server for AI assistants — scan websites for missing headers and HTTPS issues, scan GitHub repos for secrets and CVE vulnerabilities, and scan Claw Hub skills for malicious code before installing. Free tier with local quick-scan (no account needed). npx -y @shadoprizm/cyberlens-mcp-server

• matthiastjong/shellgate: Self-hosted security gateway for AI agents — proxies API requests with credential injection, SSH execution with guard protection, credential vault, webhook handling, agent memories, org skills, and wiki. Agents get scoped tokens and never see real credentials. TypeScript, Docker, MIT licensed.

• Voidly - 83+ tools for internet censorship intelligence (19.6M OONI measurements across 119 countries, 5,356 citable incidents), E2E-encrypted agent-to-agent messaging (Double Ratchet + X3DH + ML-KEM-768 PQ), and autonomous agent payments. Install via npx @voidly/mcp-server.

• hawonb711-tech/nexus: All-in-one AI developer framework with 14 MCP tools — prompt injection defense (82 rules, 8 languages, 6 detection layers), BM25 + semantic memory, code review (19 detectors), codebase mapping, session intelligence, self-evolving skills, test health, and cost tracking. Zero deps. npm: @hawon/nexus.

• Scottpedia0/access: Self-hosted API gateway for AI agents. One Bearer token, all your services. OAuth, token refresh, audit logging — agents never touch credentials. Built-in MCP server.