security-scanner-mcp by marc-shade - MCP Server

Security Scanner MCP Server

Comprehensive security scanning using Nuclei vulnerability scanner with cluster-wide capabilities.

Part of the Agentic System - a 24/7 autonomous AI framework with persistent memory.

Comprehensive security scanning integration using Nuclei vulnerability scanner with cluster-wide capabilities.

Features

Single Target Scanning: Scan individual URLs or IPs with customizable severity and templates
Network Scanning: Batch scan multiple targets or CIDR ranges
Cluster Integration: Scan all nodes in the agentic cluster
Template Management: List, filter, and update Nuclei templates
Scan History: Retrieve and analyze previous scan results
Scheduled Scans: Configure periodic security assessments
Multiple Output Formats: JSON, JSONL, or Markdown reports

Installation

cd ${AGENTIC_SYSTEM_PATH:-/opt/agentic}/mcp-servers/security-scanner-mcp
source ${AGENTIC_SYSTEM_PATH:-/opt/agentic}/.venv/bin/activate
pip install -e .

MCP Configuration

Add to ~/.claude.json:

{
  "mcpServers": {
    "security-scanner": {
      "command": "${AGENTIC_SYSTEM_PATH:-/opt/agentic}/.venv/bin/python",
      "args": ["-m", "security_scanner.server"],
      "env": {
        "NUCLEI_BIN": "${HOME}/go/bin/nuclei",
        "SCAN_RESULTS_DIR": "${AGENTIC_SYSTEM_PATH:-/opt/agentic}/security-scans"
      }
    }
  }
}

Available Tools

scan_target

Scan a single target with Nuclei vulnerability scanner.

Parameters:

target (required): URL or IP address
severity: Array of severity levels ["info", "low", "medium", "high", "critical"]
templates: Specific template paths or tags
rate_limit: Requests per second (default: 150)
timeout: Scan timeout in seconds (default: 300)
output_format: "json", "jsonl", or "markdown"

Example:

{
  "target": "https://example.com",
  "severity": ["high", "critical"],
  "rate_limit": 100
}

scan_network

Scan multiple targets from a list or CIDR range.

Parameters:

targets: Array of target URLs/IPs
target_file: Path to file with targets (one per line)
severity: Severity filter
parallel: Number of concurrent scans (default: 5)
rate_limit: Requests per second per target

scan_cluster_nodes

Scan all nodes in the agentic cluster for vulnerabilities.

Parameters:

scan_type: "network", "web", "api", or "full"
severity: Severity levels to check

list_templates

List available Nuclei templates by tag, severity, or author.

Parameters:

tag: Filter by tag (e.g., "cve", "exposure")
severity: Filter by severity level
author: Filter by template author

update_templates

Update Nuclei templates to the latest version.

get_scan_results

Retrieve results from a previous scan by scan_id.

Parameters:

scan_id (required): Scan identifier
limit: Max results to return (default: 100)
severity: Filter by severity levels

list_scans

List all previous security scans.

Parameters:

limit: Maximum number of scans to return
target: Filter by target

schedule_periodic_scan

Schedule recurring security scans (requires agent runtime).

Parameters:

targets (required): List of targets to scan
interval_hours: Scan interval (default: 24)
severity_threshold: Minimum severity to report (default: "medium")
notify_on_new: Alert on new vulnerabilities (default: true)

Integration with Agentic System

Cluster-Wide Scanning

The security scanner automatically detects and scans all nodes in the agentic cluster. Cluster nodes are loaded from configuration:

builder - Linux build node
orchestrator - Coordination node
coordinator - Multi-node coordinator
files - File server

Autonomous Agent Integration

Combine with the autonomous security scanning agent for:

Automated vulnerability assessment
Continuous security monitoring
Intelligent threat prioritization
Automatic remediation recommendations

Enhanced Memory Integration

Scan results are stored in enhanced-memory for:

Historical vulnerability tracking
Pattern recognition across scans
Causal relationship analysis
Learning from remediation outcomes

Scan Results

Results are stored in ${AGENTIC_SYSTEM_PATH:-/opt/agentic}/security-scans/:

scan_YYYYMMDD_HHMMSS_ID.json - Scan findings
scan_YYYYMMDD_HHMMSS_ID_metadata.json - Scan metadata

Example Usage

Scan a single target

# Via Claude Code
scan_target({
  "target": "192.0.2.196",
  "severity": ["high", "critical"],
  "templates": ["network", "exposure"]
})

Scan entire cluster

scan_cluster_nodes({
  "scan_type": "full",
  "severity": ["medium", "high", "critical"]
})

Review previous scans

list_scans({"limit": 10})
get_scan_results({"scan_id": "scan_20251118_110000_1234"})

Security Considerations

Scans generate network traffic - coordinate with network admin
Rate limiting prevents overwhelming targets
Results may contain sensitive information - restrict access
Authorized scanning only - verify permission before scanning external targets

Dependencies

Nuclei v3.5.1+
Python 3.10+
asyncio
aiofiles
pydantic

References

Nuclei - Main vulnerability scanner
nuclei-mcp - Reference MCP implementation
ExternalAttacker-MCP - Security testing MCP

License

MIT License - Part of the Mac Pro 5,1 Agentic System

Part of the MCP Ecosystem

This server integrates with other MCP servers for comprehensive AGI capabilities:

Server	Purpose
enhanced-memory-mcp	4-tier persistent memory with semantic search
agent-runtime-mcp	Persistent task queues and goal decomposition
agi-mcp	Full AGI orchestration with 21 tools
cluster-execution-mcp	Distributed task routing across nodes
node-chat-mcp	Inter-node AI communication
ember-mcp	Production-only policy enforcement

See agentic-system-oss for the complete framework.