mcp-security-hub MCP — Cas d'usage, Installer & Démo en direct

Pourquoi l'utiliser

Fonctionnalités clés

38 Dockerized MCP servers covering all major security domains
300+ integrated security tools accessible via natural language
Security-hardened containers: non-root, dropped capabilities, read-only mounts
CI/CD integration with automated builds and Trivy vulnerability scanning
Docker Compose for multi-tool workflow orchestration

Démo en direct

Aperçu en pratique

mcp-security-hub.replay ▶ prêt

0/0

Installer

Choisissez votre client

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "mcp-security-hub": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/FuzzingLabs/mcp-security-hub"
      ]
    }
  }
}

Ouvrez Claude Desktop → Settings → Developer → Edit Config. Redémarrez après avoir enregistré.

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "mcp-security-hub": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/FuzzingLabs/mcp-security-hub"
      ]
    }
  }
}

Cursor utilise le même schéma mcpServers que Claude Desktop. La config projet l'emporte sur la globale.

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "mcp-security-hub": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/FuzzingLabs/mcp-security-hub"
      ]
    }
  }
}

Cliquez sur l'icône MCP Servers dans la barre latérale Cline, puis "Edit Configuration".

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "mcp-security-hub": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/FuzzingLabs/mcp-security-hub"
      ]
    }
  }
}

Même format que Claude Desktop. Redémarrez Windsurf pour appliquer.

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "mcp-security-hub",
      "command": "TODO",
      "args": [
        "See README: https://github.com/FuzzingLabs/mcp-security-hub"
      ]
    }
  ]
}

Continue utilise un tableau d'objets serveur plutôt qu'une map.

~/.config/zed/settings.json

{
  "context_servers": {
    "mcp-security-hub": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/FuzzingLabs/mcp-security-hub"
        ]
      }
    }
  }
}

Ajoutez dans context_servers. Zed recharge à chaud à la sauvegarde.

claude mcp add mcp-security-hub -- TODO 'See README: https://github.com/FuzzingLabs/mcp-security-hub'

Une seule ligne. Vérifiez avec claude mcp list. Supprimez avec claude mcp remove.

Cas d'usage

Usages concrets : mcp-security-hub

How to run automated reconnaissance with mcp-security-hub

👤 Security professionals conducting authorized assessments ⏱ ~60 min intermediate

Quand l'utiliser : You need to run multiple recon tools against an authorized target.

Prérequis

Docker and Docker Compose installed — Install Docker Desktop or Docker Engine
Written authorization for the target — Signed penetration testing agreement

Déroulement

Start recon tools

Start the nmap-mcp and nuclei-mcp servers. Run port scanning and vulnerability scanning against the authorized target at 192.168.1.100.✓ Copié

→ Port scan results and vulnerability findings
Deep dive on findings

Found a web server on port 443. Run FFUF for directory fuzzing and check for common web vulnerabilities with Nuclei.✓ Copié

→ Directory listing and vulnerability scan results

Résultat : Comprehensive reconnaissance results from multiple tools.

Pièges

Running all 38 servers at once consumes significant resources — Only start the servers you need. Use docker-compose up with specific service names.

Combiner avec : filesystem

Analyze a CTF binary with containerized reverse engineering tools

👤 CTF participants working on binary challenges ⏱ ~30 min intermediate

Quand l'utiliser : You have a binary to reverse engineer and want containerized analysis tools.

Prérequis

Docker with security-hub cloned — git clone && docker-compose build

Déroulement

Analyze the binary

Start the radare2-mcp server. Load the CTF binary and show me the function list, strings, and entry point disassembly.✓ Copié

→ Binary overview with interesting functions and strings

Résultat : Binary analysis insights from containerized tools.

Pièges

Binary needs host-specific libraries — Mount the binary directory into the container, or use the YARA/Capa servers for static analysis

Combinaisons

Associez-le à d'autres MCPs pour un effet X10

mcp-security-hub + filesystem

Save all security assessment results to organized report files

Run a full recon suite on the target and compile results into a pentest report at ~/reports/assessment.md.✓ Copié

Outils

Ce que ce MCP expose

Outil	Entrées	Quand appeler
nmap-mcp	target, options	Network port scanning
nuclei-mcp	target, templates?	Template-based vulnerability scanning
sqlmap-mcp	url, params?	SQL injection testing
radare2-mcp	binary_path, command	Binary reverse engineering
trivy-mcp	target_image	Container and IaC vulnerability scanning

Coût et limites

Coût d'exécution

Quota d'API: N/A — all tools run locally in Docker
Tokens par appel: 300–3000 tokens per tool output
Monétaire: Free — all tools are open source. Shodan/similar may need their own API keys.
Astuce: Only start servers you need. docker-compose up nmap-mcp nuclei-mcp instead of all 38.

Sécurité

Permissions, secrets, portée

Stockage des identifiants : Individual tool API keys (Shodan, etc.) via Docker env vars

Sortie de données : Scans connect to target IPs. OSINT tools call their respective APIs.

⚠ This tool is designed for authorized security research, CTF competitions, and defensive analysis only. Do not use it against systems you don't own or have written authorization to test.
Containers are security-hardened but still execute real offensive tools.
Unauthorized scanning or exploitation is illegal. Always have written authorization.

Dépannage

Erreurs courantes et correctifs

Docker build fails

Ensure Docker is installed and running. Some tools may need updated base images.

Vérifier : docker --version && docker compose --version

Container can't reach target

Check Docker network settings. Use host networking mode for network scanning tools.

Vérifier : docker exec <container> ping <target>

Out of disk space

Docker images can be large. Prune unused images: docker system prune

Vérifier : docker system df

Alternatives

mcp-security-hub vs autres

Alternative	Quand l'utiliser	Compromis
hexstrike-ai	You want AI agents that autonomously orchestrate security tools	More AI intelligence but less Docker isolation
mcp-kali-server	You want a lightweight bridge to a full Kali installation instead of Docker	Simpler setup but less isolation

Plus

Ressources

📖 Lire le README officiel sur GitHub

🐙 Voir les issues ouvertes

🔍 Parcourir les 400+ serveurs MCP et Skills