Best Security MCP Servers for Windsurf
Connect security tools to Windsurf using MCP servers. These servers let Windsurf interact with security resources, enabling powerful AI-assisted workflows for developers.
MCPgee indexes 1,843 security MCP servers with a median of 47 GitHub stars; 76% are written in typescript and 23% install via npm. All work with Windsurf.
Top 30 of 1,843 Security Servers for Windsurf
Casdoor MCP Server
An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
Hexstrike Ai MCP Server
HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills MCP Server
754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker MCP Server
🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Viper MCP Server
Adversary simulation and Red teaming platform with AI
Unidbg MCP Server
Allows you to emulate an Android native library, and an experimental iOS emulation
Enscan Go MCP Server
一款基于各大企业信息API的工具,解决在遇到的各种针对国内企业信息收集难题。一键收集控股公司ICP备案、APP、小程序、微信公众号等信息聚合导出。支持MCP接入
Ciso Assistant Community MCP Server
CISO Assistant is a one-stop-shop GRC platform for Risk Management, AppSec, Compliance & Audit, TPRM, BIA, Privacy, and Reporting. It supports 150+ global frameworks with automatic control mapping, including ISO 27001, NIST CSF, SOC 2, CIS, PCI DSS,
Cyberstrikeai MCP Server
CyberStrikeAI is an AI-native security testing platform built in Go. It integrates 100+ security tools, an intelligent orchestration engine, role-based testing with predefined security roles, a skills system with specialized testing skills, and compr
Anything Analyzer MCP Server
全能协议分析工具:浏览器抓包 + MITM 代理 + 指纹伪装 + AI 分析 + MCP Server 无缝对接 AI Agent/IDE | All-in-one protocol analysis toolkit — built-in browser capture, MITM proxy, JS hooks, fingerprint spoofing, AI analysis & MCP server for agent integration
Agent Scan MCP Server
Security scanner for AI agents, MCP servers and agent skills.
Nono MCP Server
Capability-based agent runtime with fine-grained policies . Brokering access directly within the agent's operating context, with zero setup and zero latency
Pentestagent MCP Server
PentestAgent is an AI agent framework for black-box security testing, supporting bug bounty, red-team, and penetration testing workflows.
Onecli MCP Server
Open-source credential vault, give your AI agents access to services without exposing keys.
Jadx Ai MCP Server
☕ 🏠 - JADX-AI-MCP is a plugin and MCP Server for the JADX decompiler that integrates directly with Model Context Protocol (MCP) to provide live reverse engineering support with LLMs like Claude.
Ghidra MCP Server
Bridges Ghidra's reverse engineering capabilities with AI tools through 179 specialized tools for automated binary analysis and documentation. It supports full read/write access for function decompilation, renaming, and cross-binary documentation tra
Beelzebub MCP Honeypot
Description: Introduce Beelzebub, an MCP‑based honeypot framework that enables creating decoy tools to detect prompt injection and malicious agent behavior. Motivation: Strengthen the security of LLM workflows by adding a non‑intrusive detection mech
Beelzebub MCP Server
A secure low code deception runtime framework, leveraging AI for System Virtualization.
JsHookMcp
MCP server for JavaScript analysis, security auditing, browser automation and hooks
Litterbox MCP Server
A self-hosted sandbox for red teams to test payloads against modern detection before deployment. MCP integration lets an LLM agent drive analysis end to end.
JS Reverse MCP
An MCP server for JavaScript reverse engineering that enables AI to perform browser debugging, script analysis, and automated hook injection. It streamlines complex workflows like deobfuscation, network tracing, and risk assessment through direct bro
Js Reverse MCP Server
为 AI Agent 设计的 JS 逆向 MCP Server,内置反检测,基于 chrome-devtools-mcp 重构 | JS reverse engineering MCP server with agent-first tool design and built-in anti-detection. Rebuilt from chrome-devtools-mcp.
Awesome Hacking Lists MCP Server
A curated collection of top-tier penetration testing tools and productivity utilities across multiple domains. Join us to explore, contribute, and enhance your hacking toolkit!
Damn Vulnerable Mcp MCP Server
Damn Vulnerable MCP Server
Damn Vulnerable Model Context Protocol (DVMCP)
An educational project that deliberately implements vulnerable MCP servers to demonstrate various security risks like prompt injection, tool poisoning, and code execution for training security researchers and AI safety professionals.
mcpvault
Local, encrypted credential vault for AI agents that enables secure multi-account management across services like Supabase, GitHub, Vercel, and Stripe, allowing seamless account switching without restarting the chat client.
Burp Ai Agent MCP Server
Burp Suite extension that adds built-in MCP tooling, AI-assisted analysis, privacy controls, passive and active scanning and more
Agentic Radar MCP Server
A security scanner for your LLM agentic workflows
Windsurf Configuration
Add security MCP servers to your Windsurf configuration at ~/.windsurf/mcp.json:
{
"mcpServers": {
"filesystem": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-filesystem", "/home/you/projects"]
},
"github": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-github"],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_your_token_here"
}
},
"postgres": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-postgres", "postgresql://localhost:5432/mydb"]
},
"brave-search": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-brave-search"],
"env": {
"BRAVE_API_KEY": "your_brave_api_key_here"
}
},
"memory": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-memory"]
}
}
}