MCP Vulnerability Scanner
@RobertoDure
A Model Context Protocol (MCP) server for scanning IP addresses for vulnerabilities. This server provides tools to perform security scanning on individual IPs or multiple IPs at once.
Overview
What is MCP Vulnerability Scanner?
MCP Vulnerability Scanner is a Model Context Protocol (MCP) server that scans IP addresses for vulnerabilities. It provides tools to perform security scanning on individual IPs or multiple IPs at once, producing detailed reports with severity, descriptions, and remediation steps. It is built for developers and security professionals who want to integrate vulnerability scanning into MCP‑enabled applications.
How to use MCP Vulnerability Scanner?
Install Node.js (v14+), clone the repository, run npm install, and optionally install Nmap. Configure the server via .mcp.json (and .vscode/mcp.json for VS Code integration). Use npm run dev for development or npm start for production. Two tools are available: scan-ip (single IP) and scan-multiple-ips (multiple IPs).
Key features of MCP Vulnerability Scanner
- Supports both Nmap‑based and API‑based vulnerability scanning.
- Scans a single IP or batches of IP addresses.
- Returns severity, descriptions, and remediation steps for each vulnerability.
- Implements the Model Context Protocol for easy integration with MCP clients.
- Can be deployed locally, via Docker, or inside VS Code.
Use cases of MCP Vulnerability Scanner
- Security audit of a single IP address during incident response.
- Batch scan of multiple IPs in a subnet for proactive vulnerability management.
- Automating vulnerability checks inside VS Code via MCP‑enabled extensions.
- Integrating security scanning into CI/CD pipelines that support MCP.
FAQ from MCP Vulnerability Scanner
What prerequisites are required?
Node.js v14+ and npm v7+ are required. Nmap is optional but recommended for enhanced scanning.
Can I scan IP addresses without permission?
No. The server should only be used on IP addresses you own or have explicit permission to scan. Scanning may trigger security systems or IDS alerts.
What happens if Nmap is not installed?
The server still works—it falls back to API‑based vulnerability checks, though Nmap provides more comprehensive results.
What runtime does the server use?
The server runs on Node.js (version 18 in the provided Docker example) and listens on port 3000 by default.
Are there any known limits?
Comprehensive Nmap scans require administrative/root permissions. The scan results are provided for informational purposes only.