mcp-security-hub MCP — Anwendungsfälle, Installieren & Live-Demo

Warum nutzen

Hauptfunktionen

38 Dockerized MCP servers covering all major security domains
300+ integrated security tools accessible via natural language
Security-hardened containers: non-root, dropped capabilities, read-only mounts
CI/CD integration with automated builds and Trivy vulnerability scanning
Docker Compose for multi-tool workflow orchestration

Live-Demo

In der Praxis

mcp-security-hub.replay ▶ bereit

0/0

Installieren

Wählen Sie Ihren Client

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "mcp-security-hub": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/FuzzingLabs/mcp-security-hub"
      ]
    }
  }
}

Öffne Claude Desktop → Settings → Developer → Edit Config. Nach dem Speichern neu starten.

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "mcp-security-hub": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/FuzzingLabs/mcp-security-hub"
      ]
    }
  }
}

Cursor nutzt das gleiche mcpServers-Schema wie Claude Desktop. Projektkonfiguration schlägt die globale.

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "mcp-security-hub": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/FuzzingLabs/mcp-security-hub"
      ]
    }
  }
}

Klicken Sie auf das MCP-Servers-Symbol in der Cline-Seitenleiste, dann "Edit Configuration".

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "mcp-security-hub": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/FuzzingLabs/mcp-security-hub"
      ]
    }
  }
}

Gleiche Struktur wie Claude Desktop. Windsurf neu starten zum Übernehmen.

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "mcp-security-hub",
      "command": "TODO",
      "args": [
        "See README: https://github.com/FuzzingLabs/mcp-security-hub"
      ]
    }
  ]
}

Continue nutzt ein Array von Serverobjekten statt einer Map.

~/.config/zed/settings.json

{
  "context_servers": {
    "mcp-security-hub": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/FuzzingLabs/mcp-security-hub"
        ]
      }
    }
  }
}

In context_servers hinzufügen. Zed lädt beim Speichern neu.

claude mcp add mcp-security-hub -- TODO 'See README: https://github.com/FuzzingLabs/mcp-security-hub'

Einzeiler. Prüfen mit claude mcp list. Entfernen mit claude mcp remove.

Anwendungsfälle

Praxisnahe Nutzung: mcp-security-hub

How to run automated reconnaissance with mcp-security-hub

👤 Security professionals conducting authorized assessments ⏱ ~60 min intermediate

Wann einsetzen: You need to run multiple recon tools against an authorized target.

Voraussetzungen

Docker and Docker Compose installed — Install Docker Desktop or Docker Engine
Written authorization for the target — Signed penetration testing agreement

Ablauf

Start recon tools

Start the nmap-mcp and nuclei-mcp servers. Run port scanning and vulnerability scanning against the authorized target at 192.168.1.100.✓ Kopiert

→ Port scan results and vulnerability findings
Deep dive on findings

Found a web server on port 443. Run FFUF for directory fuzzing and check for common web vulnerabilities with Nuclei.✓ Kopiert

→ Directory listing and vulnerability scan results

Ergebnis: Comprehensive reconnaissance results from multiple tools.

Fallstricke

Running all 38 servers at once consumes significant resources — Only start the servers you need. Use docker-compose up with specific service names.

Kombinieren mit: filesystem

Analyze a CTF binary with containerized reverse engineering tools

👤 CTF participants working on binary challenges ⏱ ~30 min intermediate

Wann einsetzen: You have a binary to reverse engineer and want containerized analysis tools.

Voraussetzungen

Docker with security-hub cloned — git clone && docker-compose build

Ablauf

Analyze the binary

Start the radare2-mcp server. Load the CTF binary and show me the function list, strings, and entry point disassembly.✓ Kopiert

→ Binary overview with interesting functions and strings

Ergebnis: Binary analysis insights from containerized tools.

Fallstricke

Binary needs host-specific libraries — Mount the binary directory into the container, or use the YARA/Capa servers for static analysis

Kombinationen

Mit anderen MCPs für 10-fache Wirkung

mcp-security-hub + filesystem

Save all security assessment results to organized report files

Run a full recon suite on the target and compile results into a pentest report at ~/reports/assessment.md.✓ Kopiert

Werkzeuge

Was dieses MCP bereitstellt

Werkzeug	Eingaben	Wann aufrufen
nmap-mcp	target, options	Network port scanning
nuclei-mcp	target, templates?	Template-based vulnerability scanning
sqlmap-mcp	url, params?	SQL injection testing
radare2-mcp	binary_path, command	Binary reverse engineering
trivy-mcp	target_image	Container and IaC vulnerability scanning

Kosten & Limits

Was der Betrieb kostet

API-Kontingent: N/A — all tools run locally in Docker
Tokens pro Aufruf: 300–3000 tokens per tool output
Kosten in €: Free — all tools are open source. Shodan/similar may need their own API keys.
Tipp: Only start servers you need. docker-compose up nmap-mcp nuclei-mcp instead of all 38.

Sicherheit

Rechte, Secrets, Reichweite

Credential-Speicherung: Individual tool API keys (Shodan, etc.) via Docker env vars

Datenabfluss: Scans connect to target IPs. OSINT tools call their respective APIs.

⚠ This tool is designed for authorized security research, CTF competitions, and defensive analysis only. Do not use it against systems you don't own or have written authorization to test.
Containers are security-hardened but still execute real offensive tools.
Unauthorized scanning or exploitation is illegal. Always have written authorization.

Fehlerbehebung

Häufige Fehler und Lösungen

Docker build fails

Ensure Docker is installed and running. Some tools may need updated base images.

Prüfen: docker --version && docker compose --version

Container can't reach target

Check Docker network settings. Use host networking mode for network scanning tools.

Prüfen: docker exec <container> ping <target>

Out of disk space

Docker images can be large. Prune unused images: docker system prune

Prüfen: docker system df

Alternativen

mcp-security-hub vs. andere

Alternative	Wann stattdessen	Kompromiss
hexstrike-ai	You want AI agents that autonomously orchestrate security tools	More AI intelligence but less Docker isolation
mcp-kali-server	You want a lightweight bridge to a full Kali installation instead of Docker	Simpler setup but less isolation

Mehr

Ressourcen

📖 Offizielle README auf GitHub lesen

🐙 Offene Issues ansehen

🔍 Alle 400+ MCP-Server und Skills durchsuchen