MCP Servers

模型上下文协议服务器、框架、SDK 和模板的综合目录。

K
Kademcp
作者 @orgito1015
GitHub 仓库(1 星标)

Kade x Pr0f3550r1

创建于 3/15/2026
更新于 about 3 hours ago
README
View Source
Repository documentation and setup instructions

🚩 ctf-mcp

A Model Context Protocol server that turns Claude into a hands-on CTF solver.

Python 3.11+ MCP License: MIT Docker

Connect this server to Claude Desktop and Claude can disassemble binaries, crack hashes, fuzz web apps, extract steganography, and run full pwntools exploits — all from natural language prompts.

Categories

| Category | Tools | |---|---| | 🔩 Reversing / Pwn | disassemble, strings_extract, checksec, run_binary, run_pwnscript | | 🔐 Crypto | decode_encode, hash_identify, hash_crack, xor_bruteforce, frequency_analysis, run_crypto | | 🌐 Web | http_request, fuzz_params, sqli_test, lfi_test, run_webscript | | 🔍 Forensics / Stego | file_info, binwalk_scan, hex_dump, stego_extract, metadata_dump, pcap_analyze, carve_strings |

Quick start

Option A — Local (Python)

git clone https://github.com/YOUR_USERNAME/ctf-mcp
cd ctf-mcp
pip install -r requirements.txt

# System tools (Debian / Ubuntu)
sudo apt install binutils gdb binwalk tshark exiftool steghide hashcat

Add to Claude Desktop config (~/Library/Application Support/Claude/claude_desktop_config.json on macOS):

{
  "mcpServers": {
    "ctf-solver": {
      "command": "python3",
      "args": ["/absolute/path/to/ctf-mcp/server.py"]
    }
  }
}

Option B — Docker (recommended for pwn/reversing)

git clone https://github.com/YOUR_USERNAME/ctf-mcp
cd ctf-mcp
docker build -t ctf-mcp .

{
  "mcpServers": {
    "ctf-solver": {
      "command": "docker",
      "args": [
        "run", "-i", "--rm",
        "--network", "host",
        "-v", "/path/to/challenges:/challenges",
        "ctf-mcp"
      ]
    }
  }
}

Tool reference

🔩 Reversing / Pwn

| Tool | Description | |---|---| | disassemble | objdump disassembly — pass binary_b64 (base64) or filepath | | strings_extract | strings on a binary to surface printable content and flags | | checksec | Check NX, PIE, RELRO, stack canary | | run_binary | Execute binary with optional stdin, capture output | | run_pwnscript | Run a full Python pwntools exploit — Claude writes it, this runs it |

🔐 Crypto

| Tool | Description | |---|---| | decode_encode | base64, hex, rot13, url, binary, morse, ascii — encode or decode | | hash_identify | Guess hash type from length and pattern | | hash_crack | hashcat + rockyou for md5/sha1/sha256/sha512/ntlm | | xor_bruteforce | Single-byte XOR brute-force ranked by English frequency, or known-key XOR | | frequency_analysis | Letter frequency for classical cipher cracking | | run_crypto | Arbitrary Python — pycryptodome, gmpy2, sympy available |

🌐 Web

| Tool | Description | |---|---| | http_request | HTTP GET/POST/PUT/DELETE with headers, cookies, JSON body | | fuzz_params | Fuzz a FUZZ-marked URL/body — presets: sqli, xss, lfi, ssti, xxe | | sqli_test | Automated SQLi detection (error, boolean, time-based) | | lfi_test | Path traversal / LFI payload testing | | run_webscript | Arbitrary Python — requests, BeautifulSoup4, httpx available |

🔍 Forensics / Stego

| Tool | Description | |---|---| | file_info | file + exiftool type and metadata identification | | binwalk_scan | Scan and optionally extract embedded files | | hex_dump | xxd with offset and length control | | stego_extract | Tries steghide, zsteg (PNG/BMP), outguess in sequence | | metadata_dump | Full exiftool dump — flags often hide in EXIF fields | | pcap_analyze | tshark modes: summary, http_objects, dns, credentials, follow_tcp | | carve_strings | strings with offsets + optional filter pattern |

Example prompts

"Here's a binary (base64): <...> — find the flag. Start with checksec and strings."

"Crack this hash: 5f4dcc3b5aa765d61d8327deb882cf99"

"The site at http://ctf.local/search?q=FUZZ is probably injectable. Run sqli_test."

"This JPEG might have a hidden message. Try all stego methods."

"Analyze challenge.pcap — look for credentials in HTTP and FTP streams."

"The ciphertext looks like single-byte XOR: 1a3f2b0e... brute-force it."

Project structure

ctf-mcp/
├── server.py                   # MCP entry point — registers all tools
├── tools/
│   ├── utils.py                # Shared: run_cmd, run_python, helpers
│   ├── reversing.py            # Reversing + pwn tools
│   ├── crypto.py               # Crypto tools
│   ├── web.py                  # Web exploitation tools
│   └── forensics.py            # Forensics + stego tools
├── .github/
│   └── workflows/
│       └── ci.yml              # Lint + import check on push/PR
├── Dockerfile
├── requirements.txt
├── LICENSE
└── README.md

Extending

Each category is self-contained. To add a tool:

  1. Open tools/<category>.py
  2. Add a Tool(name=..., description=..., inputSchema=...) to the list
  3. Add an if name == "..." branch in the handle_* function

No changes to server.py needed — it auto-registers everything.

Security

  • Use Docker when running untrusted binaries (pwn/reversing)
  • Never expose the server on a network port — it runs shell commands
  • The Dockerfile runs as a non-root ctf user

License

MIT

快速设置
此服务器的安装指南

安装包 (如果需要)

uvx kademcp

Cursor 配置 (mcp.json)

{ "mcpServers": { "orgito1015-kademcp": { "command": "uvx", "args": [ "kademcp" ] } } }