580+ cybersecurity tools, one command. Modular bash installer for Linux & Termux with 14 profiles, 18 modules, and an MCP server for AI-assisted ethical hacking.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"cybersec-tools": {
"env": {
"CYBERSEC_MCP_ALLOW_SCRIPTS": "0",
"CYBERSEC_MCP_ALLOW_EXTERNAL": "0"
},
"args": [
"run",
"--directory",
"mcp_server",
"fastmcp",
"run",
"server.py",
"--transport",
"stdio",
"--no-banner"
],
"command": "uv"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
______ __ _____ / / / / ___ _____/ / _____ / / / / / / __ / _ / __/_ / _ / / / // // / // / / / / / / / _/_, /._/_// //_/___/ /___/ by 26zl
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
uvx 'pwntools' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
PYSEC-2021-72
This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in security
AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.
Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.
Model Context Protocol for WinDBG
Signed receipts for agent, API, and MCP interactions. Portable and offline-verifiable.
MCP Security Weekly
Get CVE alerts and security updates for Cybersec Toolkit and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
______ __ _____
/ ____/_ __/ /_ ___ _____/ ___/___ _____
/ / / / / / __ \/ _ \/ ___/\__ \/ _ \/ ___/
/ /___/ /_/ / /_/ / __/ / ___/ / __/ /__
\____/\__, /_.___/\___/_/ /____/\___/\___/
/____/ by 26zl
Toolkit
Cybersecurity toolkit with built-in AI integration. An embedded MCP (Model Context Protocol) server lets any MCP-capable AI -- Claude Code, Claude Desktop, Cursor -- query the tool registry, check install status, recommend the right tools for a CTF category or bug-bounty target, and execute them with enforced safety policies (argument sanitization, network allowlists, rate limiting, audit logging). Jump to MCP Server (AI Integration).
Bundled with a modular installer for Linux and Termux (Android) covering 580+ tools, 18 modules, 14 profiles, and 12 install methods.
What makes it different: most toolkits stop at installing tools. Here an AI can also drive them — infer the problem type, pick the right tools from all modules/profiles, and work with you as an interactive companion. When you explicitly authorize it, the same MCP toolchain can enter an autonomous solver loop. Companion by default; autonomous only when you ask.
Two entry points share one tool registry. An operator runs the bash installer to put tools on disk; an AI agent talks to the MCP server to discover, recommend, and safely execute those same tools. tools_config.json is the single source of truth the modules define and the MCP advisors read, and CI validators keep the Python and bash sides in sync.

flowchart TB
user(["Operator"]):::actor
ai(["AI agent — Claude Code / Cursor / local LLM"]):::actor
subgraph INSTALL["Installer (bash)"]
direction TB
sh["install.sh"]:::core
prof["14 profiles<br/>profiles/*.conf"]:::data
mod["18 modules<br/>modules/*.sh<br/>per-module tool arrays"]:::core
meth["12 install methods<br/>apt → pipx → go → cargo →<br/>binary → gem → docker → git"]:::core
sh --> prof --> mod --> meth
end
subgraph MCP["MCP server (Python / FastMCP)"]
direction TB
srv["server.py<br/>15 AI tools"]:::core
... [View full README on GitHub](https://github.com/26zl/cybersec-toolkit#readme)