Security Scanner MCP Server

Comprehensive security scanning using Nuclei vulnerability scanner with cluster-wide capabilities.

Part of the Agentic System - a 24/7 autonomous AI framework with persistent memory.

Comprehensive security scanning integration using Nuclei vulnerability scanner with cluster-wide capabilities.

Features

• Single Target Scanning: Scan individual URLs or IPs with customizable severity and templates
• Network Scanning: Batch scan multiple targets or CIDR ranges
• Cluster Integration: Scan all nodes in the agentic cluster
• Template Management: List, filter, and update Nuclei templates
• Scan History: Retrieve and analyze previous scan results
• Scheduled Scans: Configure periodic security assessments
• Multiple Output Formats: JSON, JSONL, or Markdown reports

Installation

cd ${AGENTIC_SYSTEM_PATH:-/opt/agentic}/mcp-servers/security-scanner-mcp
source ${AGENTIC_SYSTEM_PATH:-/opt/agentic}/.venv/bin/activate
pip install -e .

MCP Configuration

Add to ~/.claude.json:

{
  "mcpServers": {
    "security-scanner": {
      "command": "${AGENTIC_SYSTEM_PATH:-/opt/agentic}/.venv/bin/python",
      "args": ["-m", "security_scanner.server"],
      "env": {
        "NUCLEI_BIN": "${HOME}/go/bin/nuclei",
        "SCAN_RESULTS_DIR": "${AGENTIC_SYSTEM_PATH:-/opt/agentic}/security-scans"
      }
    }
  }
}

Available Tools

scan_target

Scan a single target with Nuclei vulnerability scanner.

Parameters:

• target (required): URL or IP address
• severity: Array of severity levels ["info", "low", "medium", "high", "critical"]
• templates: Specific template paths or tags
• rate_limit: Requests per second (default: 150)
• timeout: Scan timeout in seconds (default: 300)
• output_format: "json", "jsonl", or "markdown"

Example:

{
  "target": "https://example.com",
  "severity": ["high", "critical"],
  "rate_limit": 100
}

scan_network

Scan multiple targets from a list or CIDR range.

Parameters:

• targets: Array of target URLs/IPs
• target_file: Path to file with targets (one per line)
• severity: Severity filter
• parallel: Number of concurrent scans (default: 5)
• rate_limit: Requests per second per target

scan_cluster_nodes

Scan all nodes in the agentic cluster for vulnerabilities.

Parameters:

• scan_type: "network", "web", "api", or "full"
• severity: Severity levels to check

list_templates

List available Nuclei templates by tag, severity, or author.

Parameters:

• tag: Filter by tag (e.g., "cve", "exposure")
• severity: Filter by severity level
• author: Filter by template author

update_templates

Update Nuclei templates to the latest version.

get_scan_results

Retrieve results from a previous scan by scan_id.

Parameters:

• scan_id (required): Scan identifier
• limit: Max results to return (default: 100)
• severity: Filter by severity levels

list_scans

List all previous security scans.

Parameters:

• limit: Maximum number of scans to return
• target: Filter by target

schedule_periodic_scan

Schedule recurring security scans (requires agent runtime).

Parameters:

• targets (required): List of targets to scan
• interval_hours: Scan interval (default: 24)
• severity_threshold: Minimum severity to report (default: "medium")
• notify_on_new: Alert on new vulnerabilities (default: true)

Integration with Agentic System

Cluster-Wide Scanning

The security scanner automatically detects and scans all nodes in the agentic cluster. Cluster nodes are loaded from configuration:

• builder - Linux build node
• orchestrator - Coordination node
• coordinator - Multi-node coordinator
• files - File server

Autonomous Agent Integration

Combine with the autonomous security scanning agent for:

• Automated vulnerability assessment
• Continuous security monitoring
• Intelligent threat prioritization
• Automatic remediation recommendations

Enhanced Memory Integration

Scan results are stored in enhanced-memory for:

• Historical vulnerability tracking
• Pattern recognition across scans
• Causal relationship analysis
• Learning from remediation outcomes

Scan Results

Results are stored in ${AGENTIC_SYSTEM_PATH:-/opt/agentic}/security-scans/:

• scan_YYYYMMDD_HHMMSS_ID.json - Scan findings
• scan_YYYYMMDD_HHMMSS_ID_metadata.json - Scan metadata

Example Usage

Scan a single target

# Via Claude Code
scan_target({
  "target": "192.0.2.196",
  "severity": ["high", "critical"],
  "templates": ["network", "exposure"]
})

Scan entire cluster

scan_cluster_nodes({
  "scan_type": "full",
  "severity": ["medium", "high", "critical"]
})

Review previous scans

list_scans({"limit": 10})
get_scan_results({"scan_id": "scan_20251118_110000_1234"})

Security Considerations

• Scans generate network traffic - coordinate with network admin
• Rate limiting prevents overwhelming targets
• Results may contain sensitive information - restrict access
• Authorized scanning only - verify permission before scanning external targets

Dependencies

• Nuclei v3.5.1+
• Python 3.10+
• asyncio
• aiofiles
• pydantic

References

• Nuclei - Main vulnerability scanner
• nuclei-mcp - Reference MCP implementation
• ExternalAttacker-MCP - Security testing MCP

License

MIT License - Part of the Mac Pro 5,1 Agentic System

Part of the MCP Ecosystem

This server integrates with other MCP servers for comprehensive AGI capabilities:

Server	Purpose
enhanced-memory-mcp	4-tier persistent memory with semantic search
agent-runtime-mcp	Persistent task queues and goal decomposition
agi-mcp	Full AGI orchestration with 21 tools
cluster-execution-mcp	Distributed task routing across nodes
node-chat-mcp	Inter-node AI communication
ember-mcp	Production-only policy enforcement

See agentic-system-oss for the complete framework.