mcp-security-hub MCP — ユースケース, インストール & ライブデモ

なぜ使うのか

主な機能

38 Dockerized MCP servers covering all major security domains
300+ integrated security tools accessible via natural language
Security-hardened containers: non-root, dropped capabilities, read-only mounts
CI/CD integration with automated builds and Trivy vulnerability scanning
Docker Compose for multi-tool workflow orchestration

ライブデモ

実際の動作

mcp-security-hub.replay ▶ 準備完了

0/0

インストール

クライアントを選択

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "mcp-security-hub": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/FuzzingLabs/mcp-security-hub"
      ]
    }
  }
}

Claude Desktop → Settings → Developer → Edit Config を開く。保存後、アプリを再起動。

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "mcp-security-hub": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/FuzzingLabs/mcp-security-hub"
      ]
    }
  }
}

Cursor は Claude Desktop と同じ mcpServers スキーマを使用。プロジェクト設定はグローバルより優先。

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "mcp-security-hub": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/FuzzingLabs/mcp-security-hub"
      ]
    }
  }
}

Cline サイドバーの MCP Servers アイコンをクリックし、"Edit Configuration" を選択。

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "mcp-security-hub": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/FuzzingLabs/mcp-security-hub"
      ]
    }
  }
}

Claude Desktop と同じ形式。Windsurf を再起動して反映。

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "mcp-security-hub",
      "command": "TODO",
      "args": [
        "See README: https://github.com/FuzzingLabs/mcp-security-hub"
      ]
    }
  ]
}

Continue はマップではなくサーバーオブジェクトの配列を使用。

~/.config/zed/settings.json

{
  "context_servers": {
    "mcp-security-hub": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/FuzzingLabs/mcp-security-hub"
        ]
      }
    }
  }
}

context_servers に追加。保存時に Zed がホットリロード。

claude mcp add mcp-security-hub -- TODO 'See README: https://github.com/FuzzingLabs/mcp-security-hub'

ワンライナー。claude mcp list で確認、claude mcp remove で削除。

ユースケース

実用的な使い方： mcp-security-hub

How to run automated reconnaissance with mcp-security-hub

👤 Security professionals conducting authorized assessments ⏱ ~60 min intermediate

使うタイミング： You need to run multiple recon tools against an authorized target.

前提条件

Docker and Docker Compose installed — Install Docker Desktop or Docker Engine
Written authorization for the target — Signed penetration testing agreement

フロー

Start recon tools

Start the nmap-mcp and nuclei-mcp servers. Run port scanning and vulnerability scanning against the authorized target at 192.168.1.100.✓ コピーしました

→ Port scan results and vulnerability findings
Deep dive on findings

Found a web server on port 443. Run FFUF for directory fuzzing and check for common web vulnerabilities with Nuclei.✓ コピーしました

→ Directory listing and vulnerability scan results

結果： Comprehensive reconnaissance results from multiple tools.

注意点

Running all 38 servers at once consumes significant resources — Only start the servers you need. Use docker-compose up with specific service names.

組み合わせ： filesystem

Analyze a CTF binary with containerized reverse engineering tools

👤 CTF participants working on binary challenges ⏱ ~30 min intermediate

使うタイミング： You have a binary to reverse engineer and want containerized analysis tools.

前提条件

Docker with security-hub cloned — git clone && docker-compose build

フロー

Analyze the binary

Start the radare2-mcp server. Load the CTF binary and show me the function list, strings, and entry point disassembly.✓ コピーしました

→ Binary overview with interesting functions and strings

結果： Binary analysis insights from containerized tools.

注意点

Binary needs host-specific libraries — Mount the binary directory into the container, or use the YARA/Capa servers for static analysis

組み合わせ

他のMCPと組み合わせて10倍の力を

mcp-security-hub + filesystem

Save all security assessment results to organized report files

Run a full recon suite on the target and compile results into a pentest report at ~/reports/assessment.md.✓ コピーしました

ツール

このMCPが提供する機能

ツール	入力	呼び出すタイミング
nmap-mcp	target, options	Network port scanning
nuclei-mcp	target, templates?	Template-based vulnerability scanning
sqlmap-mcp	url, params?	SQL injection testing
radare2-mcp	binary_path, command	Binary reverse engineering
trivy-mcp	target_image	Container and IaC vulnerability scanning

コストと制限

運用コスト

APIクォータ: N/A — all tools run locally in Docker
呼び出しあたりのトークン: 300–3000 tokens per tool output
金額: Free — all tools are open source. Shodan/similar may need their own API keys.
ヒント: Only start servers you need. docker-compose up nmap-mcp nuclei-mcp instead of all 38.

セキュリティ

権限、シークレット、影響範囲

認証情報の保管： Individual tool API keys (Shodan, etc.) via Docker env vars

データ送信先： Scans connect to target IPs. OSINT tools call their respective APIs.

⚠ This tool is designed for authorized security research, CTF competitions, and defensive analysis only. Do not use it against systems you don't own or have written authorization to test.
Containers are security-hardened but still execute real offensive tools.
Unauthorized scanning or exploitation is illegal. Always have written authorization.

トラブルシューティング

よくあるエラーと対処法

Docker build fails

Ensure Docker is installed and running. Some tools may need updated base images.

確認： docker --version && docker compose --version

Container can't reach target

Check Docker network settings. Use host networking mode for network scanning tools.

確認： docker exec <container> ping <target>

Out of disk space

Docker images can be large. Prune unused images: docker system prune

確認： docker system df

代替案

mcp-security-hub 他との比較

代替案	代わりに使う場面	トレードオフ
hexstrike-ai	You want AI agents that autonomously orchestrate security tools	More AI intelligence but less Docker isolation
mcp-kali-server	You want a lightweight bridge to a full Kali installation instead of Docker	Simpler setup but less isolation

その他

リソース

📖 GitHub の公式 README を読む

🐙 オープンな issue を見る

🔍 400以上のMCPサーバーとSkillsを見る