MCP.so
Sign In
Servers

Offensive MCP Servers List

@scboln

List of Public Offensive MCP Server Repositories

Overview

What is Offensive MCP Servers List?

Offensive MCP Servers List is a curated directory of Model Context Protocol (MCP) servers for offensive security, forensic analysis, and reverse engineering. It collects links to community-built MCP servers that wrap tools such as Metasploit, Nmap, Burp Suite, Ghidra, Volatility, and others. The list is intended for penetration testers, red teamers, and security researchers who want to integrate these tools with AI assistants via MCP.

How to use Offensive MCP Servers List?

Browse the list by category (Offensive Tools, Forensic Tools, Reverse Engineering, Combo Collections) and click on any linked MCP server to visit its repository or documentation page. Each linked server has its own installation and configuration steps. The list itself does not provide a single installable server; it is a reference for finding existing MCP implementations.

Key features of Offensive MCP Servers List

  • Comprehensive collection of offensive MCP servers.
  • Covers tools: Metasploit, Nmap, Nuclei, Burp Suite, Nessus, Hydra.
  • Includes command-and-control frameworks like Mythic.
  • Lists reverse engineering servers for Ghidra and Radare2.
  • Forensic tool servers for Volatility and Wireshark.
  • Provides links to combo/collection MCP servers for Kali Linux.

Use cases of Offensive MCP Servers List

  • Find an MCP server to automate vulnerability scanning with Nmap.
  • Integrate Metasploit exploitation workflows with an AI assistant.
  • Use BloodHound MCP for Active Directory attack path analysis.
  • Leverage ExploitDB MCP to search for public exploits.
  • Perform memory forensics via Volatility MCP from an AI chat.

FAQ from Offensive MCP Servers List

What is the Offensive MCP Servers List?

It is a curated list of third-party MCP servers for offensive security, forensics, and reverse engineering. It aggregates links to individual repositories and documentation pages, not a single server.

Do I need to install anything to use this list?

No. The list is a directory of links. You must visit each linked MCP server and follow its own installation instructions (e.g., configuring the MCP client to run the server).

Where do the actual MCP servers run?

Each linked server runs locally or on infrastructure as specified by its developer. Data (scan results, exploit payloads, etc.) stays on the user’s machine unless the server explicitly sends it elsewhere. The list itself does not host or process any data.

Are there any known limitations?

The list is community-maintained and may not include every offensive MCP server. Some listed servers may be outdated or unmaintained. Always verify the source before using any tool in a production environment.

What authentication or transport do these servers use?

This varies per server. Many use standard MCP transports (stdio or SSE). Authentication, if any, is defined by the individual MCP server’s documentation. The list does not enforce a common authentication mechanism.

More from Other