MCPwner is a Swiss-army knife Model Context Protocol built for security researchers, designed specifically for LLM-driven workflows. It unifies secret discovery, infrastructure scanning, SAST, DAST, poc generation, and exploitation inside a structured machine-readable context layer.
Instead of manually chaining tools and pasting outputs into your LLM, MCPwner standardizes and streams results directly into the model's working context. This allows reasoning, correlation and attack path discovery to happen continuously instead of isolated steps.
MCPwner is built to shine in multi-agent setups where specialized agents collaborate across the security research phases under a shared persistent context.
This project is still work in progress.
- OWASP ZAP
- Nikto
- SQLmap
- Nuclei
- Akto
- Wapiti
- Nmap
- Amass
- FFUF
- Trivy
- Grype
- OSV-Scanner
- Prowler
- Checkov
- KICS
- Terrascan
- TFSec
- Hadolint
- Metasploit
- SearchSploit
- Interactsh
-
Setup config:
cp config/config.yaml.example config/config.yaml
-
Run Services:
docker-compose up -d --build
-
Configure your IDE/LLM: Add the following to your MCP configuration file (e.g.,
mcp.jsonfor Cursor/Kiro/Claude Desktop or similar settings for other IDEs). This connects directly to the running Docker container.{ "mcpServers": { "mcpwner": { "command": "docker", "args": [ "exec", "-i", "mcpwner-server", "python", "src/server.py" ], "env": {} } } } -
Scanning Local Projects: To scan projects on your host machine, mount them into the container via
docker-compose.yaml:services: mcpwner: volumes: - /path/to/your/projects:/mnt/projects:ro
Then use the
create_workspacetool withsource_type="local"andsource="/mnt/projects/my-project".
Contributions are welcome!
MCPwner is expected to grow significantly. Therefore, there is a need for more extensive testing infrastructure, e2e and maybe some unit testing for cruicial functions, better error handling, and timeouts. Among many other things to consider.
You can read full contribution guidelines here.
Will also consider a better management of containers since many of them are needed ad hoc and not to be ran all the time, this might be configured or maybe managed like kubernetes does with KEDA
Also, adding all the tools and testing that them with LLM to verify they work as efficiently and as expected will take some time as well.
If you want to contribute, please submit a single purpose pull request with a manageable number of changes and reasonable lines of code to review.
This project was built with supporting future deployments to remote servers in mind, but for the moment it mainly supports local usage. However, with a few modifications, it could be deployed and used. That's why communication between containers is HTTP and not using the docker-cli.