Back to search
Security

Security Operations Multi-Tool Platform (MCP)

A comprehensive security operations platform that integrates multiple security tools into a unified interface. This platform provides a centralized way to run various security scanning and testing tools.

Features

  • Unified Interface: Single entry point for multiple security tools
  • Docker Support: Easy deployment using Docker
  • JSON Output: Consistent JSON output format across all tools
  • Error Handling: Robust error handling and reporting
  • Extensible: Easy to add new tools and functionality

Included Tools

  • Nuclei: Fast and customizable vulnerability scanner
  • FFUF: Fast web fuzzer and content discovery tool
  • Amass: In-depth attack surface mapping and external asset discovery
  • Arjun: HTTP parameter discovery tool for finding hidden parameters
  • Dirsearch: Web path scanner
  • Gospider: Fast web spider for crawling and URL discovery
  • Hashcat: Advanced password recovery
  • HTTPX: Fast and multi-purpose HTTP toolkit
  • IPInfo: IP address information gathering
  • Nmap: Network exploration and security auditing
  • SQLMap: Automatic SQL injection and database takeover tool
  • Subfinder: Subdomain discovery tool
  • TLSX: TLS/SSL scanning and analysis
  • WFuzz: Web application fuzzer
  • XSStrike: Advanced XSS detection and exploitation

Tool Categories

Web Application Security

  • Nuclei: Vulnerability scanning with custom templates
  • FFUF: Fast web fuzzing and content discovery
  • WFuzz: Web application fuzzing
  • XSStrike: XSS detection and exploitation
  • SQLMap: SQL injection testing and exploitation
  • Arjun: HTTP parameter discovery and testing
  • Gospider: Web crawling and URL discovery
  • Dirsearch: Directory and file enumeration

Network Security

  • Nmap: Network scanning and service enumeration
  • HTTPX: HTTP probing and analysis
  • TLSX: TLS/SSL configuration analysis

Reconnaissance

  • Amass: Attack surface mapping and asset discovery
  • Subfinder: Subdomain enumeration
  • IPInfo: IP address intelligence gathering

Cryptography

  • Hashcat: Password cracking and hash analysis

Recent Additions

Gospider Integration

  • Web Crawling: Automated website crawling and URL discovery
  • Multiple Output Formats: JSON and text output support
  • Filtering Capabilities: Extension-based filtering and content filtering
  • Configurable Depth: Customizable crawling depth and concurrency
  • Subdomain Support: Option to include subdomains in crawling
  • Form Detection: Automatic detection of HTML forms
  • Secret Discovery: Identification of potential sensitive information

Arjun Integration

  • Parameter Discovery: Find hidden HTTP parameters in web applications
  • Multiple HTTP Methods: Support for GET, POST, PUT, and other methods
  • Bulk Scanning: Scan multiple URLs simultaneously
  • Custom Wordlists: Use custom parameter wordlists
  • Stable Mode: Reduced false positives with stable scanning mode
  • Custom Headers: Support for custom HTTP headers and authentication
  • Threading Support: Configurable threading for faster scans

Installation

Using Docker (Recommended)

  1. Clone the repository:

    git clone https://github.com/securityfortech/secops-mcp.git
cd secops-mcp

  2. Build the Docker image:

    docker build -t secops-mcp .

  3. Run the container:

    docker run -it --rm secops-mcp

Manual Installation

  1. Clone the repository:

    git clone https://github.com/securityfortech/secops-mcp.git
cd secops-mcp

  2. Create and activate a virtual environment:

    python -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate

  3. Install dependencies:

    pip install -r requirements.txt

  4. Install required tools:

    • Follow the installation instructions for each tool in the tools/ directory
    • Ensure all tools are in your system PATH

Usage

  1. Start the application:

    python main.py

  2. The application will provide a unified interface for running various security tools.

  3. Each tool returns results in a consistent JSON format:

    {
    "success": boolean,
    "error": string (if error),
    "results": object (if success)
}

Usage Examples

Gospider Web Crawling

# Basic web crawling
gospider_scan("https://example.com", depth=3, include_subs=True)

# Filtered crawling for specific file types
gospider_filtered_scan(
    "https://example.com",
    extensions=["js", "json", "xml"],
    exclude_extensions=["png", "jpg", "css"]
)

Arjun Parameter Discovery

# Basic parameter discovery
arjun_scan("https://example.com/api", method="GET")

# POST parameter discovery with custom data
arjun_scan(
    "https://example.com/login",
    method="POST",
    data="username=test&password=test",
    stable=True
)

# Bulk parameter scanning
arjun_bulk_parameter_scan([
    "https://example.com/api/v1",
    "https://example.com/api/v2"
])

Tool Configuration

Each tool can be configured through its respective wrapper in the tools/ directory. Configuration options include:

  • Output formats
  • Timeouts
  • Verbosity levels
  • Custom wordlists
  • Tool-specific parameters

Security Considerations

  • This tool is for authorized security testing only
  • Always obtain proper authorization before scanning systems
  • Be mindful of rate limiting and scanning intensity
  • Respect robots.txt and terms of service
  • Use appropriate wordlists and scanning parameters

Contributing

  1. Fork the repository
  2. Create a feature branch
  3. Commit your changes
  4. Push to the branch
  5. Create a Pull Request

License

This project is licensed under the MIT License - see the LICENSE file for details.

Acknowledgments

  • All the security tools and their developers
  • The security community for their contributions and support
Author
hound
Created: 11/09/2025
Last updated: 11/09/2025