Mergen Mcp
Mergen is an MCP server that gives your AI a real red team brain. It doesn't just run tools, it picks the right ones, chains them together, and actually makes sense of the output. Built by pentesters, for pentesters who are tired of babysitting scripts.
MaintainedNot tested
★ 7GitHub
34DNo CVEsmaintainedMIT
Quick Install
{
"mcpServers": {
"mergen-ai": {
"args": [
"/path/to/mergen_mcp.py",
"--server",
"http://KALI_IP:8000"
],
"command": "python3",
"timeout": 300,
"disabled": false,
"description": "Mergen (BETA) — AI-Powered Red Team MCP Server"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Embed in your READMEAbout badges →
[](https://mcppedia.org/s/mergen-mcp)
Should you use this server?
Mergen is an MCP server that gives your AI a real red team brain. It doesn't just run tools, it picks the right ones, chains them together, and actually makes sense of the output. Built by pentesters, for pentesters who are tired of babysitting scripts.
✓
Is it safe?
No package registry to scan.
No authentication — any process on your machine can connect.
MIT. View license →
✓
Is it maintained?
Last commit 47 days ago. 7 stars.
i
Will it work with my client?
Transport: stdio, sse, http. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.
README
Mergen — AI-Powered Red Team MCP Server
Autonomous Penetration Testing via Model Context Protocol
AI-native MCP server that gives Claude, Cursor, Antigravity and any MCP-compatible agent full penetration testing capabilities — autonomous planning, adaptive execution, and professional reporting across 44+ security tools.
Architecture • Installation • AI Agent Setup • MCP Commands • Tool Arsenal • API Reference • Troubleshooting
Architecture Overview
Mergen BETA features a multi-layer architecture combining a FastAPI backend, an adaptive AI attack engine, and a plugin system with automatic discovery.
graph TD
A[AI Agent - Claude / Cursor / GPT] -->|MCP Protocol - stdio or SSE| B[mergen_mcp.py - MCP Proxy]
B -->|HTTP REST| C[server.py - FastAPI Core]
C --> D[AI Attack Engine]
C --> E[Process Manager]
C --> F[Memory Engine]
D --> G[TargetProfiler]
D --> H[KillChainBuilder - 41 chains]
D --> I[AdaptiveExecutionEngine]
F --> J[Operation History]
F --> K[Learning Database]
F --> L[Recon Cache - TTL]
C --> M[Plugin Manager - 44 tools]
M --> N[Recon Plugins]
M --> O[Web Security Plugins]
M --> P[Exploit Plugins]
M --> Q[Binary Analysis Plugins]
C --> R[Correlation Engine]
C --> S[Defense Detector]
C --> T[Playbook Selector]
C --> U[Dashboard - WebSocket]
C --> V[SQLite - sessions.db]
style A fill:#4a0000,color:#fff
style B fill:#6a0000,color:#fff
style C fill:#8b0000,color:#fff
style D fill:#333,color:#fff
style M fill:#333,color:#fff
How It Works
- Agent Connection — Claude, Cursor, or any MCP-compatible agent connects via the stdio or SSE transport.
- Target Profiling —
TargetProfilerclassifies the target (IP, domain, URL, CIDR) and identifies the technology stack. - Kill Chain Selection —
KillChainBuilderselects from 41 predefined attack chains based on target type and operator mode. - Adaptive Execution —
AdaptiveExecutionEngineruns tools in sequence, updating the plan dynamically as results arrive. - Correlation — The correlation engine normalizes findings from multiple tools and assigns unified risk scores.
- Reporting — Results are persisted in SQLite and exported as HTML, JSON, or CSV.
Installation
Requirements
| Requirement | Version |
|---|---|
| Operating System | Kali Linux (recommended), Debian/Ubuntu |
| Python | 3.10+ |
| Disk Space | ~2 GB with all tools installed |
| RAM | 2 GB minimum, 4 GB recommended |
Automated Installation
git clone https://github.com/g4sk0/mergen-mcp.git
cd mergen-mcp
sudo bash install.sh
install.sh handles everything automatically:
- Creates a Python virtual environment
- Installs all Python dependencies from
requirements.txt - Installs 36+ security tools via
apt - Registers the
mergencommand on system PATH - Optionally creates a
systemdservice for persistent operation
Manual Installation
git clone https://github.com/g4sk0/mergen-mcp.git
cd mergen-mcp
python3 -m venv venv
sour
... [View full README on GitHub](https://github.com/g4sk0/mergen-mcp#readme)
Test This Server
No automated test available for this server. Check the GitHub README for setup instructions.
Help improve this page
This server is missing a description. Tools and install config are also missing.If you've used it, help the community.
Add informationScore Breakdown
Security
5/30No known vulnerabilities.
○
Known CVEs — No package registry to scan
○
Tool safety — No tools to analyze
○
Tool poisoning — No tools to analyze
○
Injection vectors — No tools to analyze
○
Tool stability — First scan — baseline recorded
○
Dependency health — No package to analyze
✓
License — License: MIT
○
Authentication — No authentication required
○
Repository — active repo
CVEs checked daily via OSV.dev. Score algorithm is open source.
Reviews
Have you used this server?
Share your experience — it helps other developers decide.
How easy was setup?Did it work reliably?How was the documentation?
Sign in to write a review.
Frequently Asked Questions
- Is Mergen Mcp safe to use?
- Mergen Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
- How do I install Mergen Mcp?
- Mergen Mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
- What AI clients work with Mergen Mcp?
- Mergen Mcp is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and sse and http transport.
- Is Mergen Mcp actively maintained?
- Mergen Mcp is recently maintained — last commit was 47 days ago. It has 7 GitHub stars.
Similar servers
View all →
MCPpedia
OfficialNo CVEs92A
Search, evaluate, and compare 17,000+ MCP servers — each scored on security, maintenance, and efficiency.
5 toolsremote1468/wk2d ago
I
io.github.xkumakichi/xaip-mcp-server
No CVEs92A
AI agents get on-chain identity, credentials, reputation, escrow, and persistent memory on XRPL.
8 toolsremote154.4k/wk12h ago
Ggmcp
No CVEs88A
MCP server for scanning and remediating hardcoded secrets using GitGuardian’s API. Detect over 500 secret types and prevent credential leaks before code goes public.
5 toolsremote341d ago
Remnux Mcp Server
No CVEs88A
MCP server for using the REMnux malware analysis toolkit via AI assistants
5 toolsremote62349/wk15d ago
MCP Security Weekly
Get CVE alerts and security updates for Mergen Mcp and similar servers.
Discussion
Start a conversation
Ask a question, share a tip, or report an issue.
Has anyone used this with Cursor?How do you handle auth?Any alternatives?
Sign in to join the discussion.