Toolbox
Collaborative application security testing between humans and agents via CLI and MCP
What is Toolbox?
Toolbox is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to collaborative application security testing between humans and agents via cli and mcp
Collaborative application security testing between humans and agents via CLI and MCP
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- Collaborative application security testing between humans an
Use Cases
Maintainer
Works with
Installation
NPM
npx -y toolboxManual Installation
npx -y toolboxConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Toolbox
Toolbox (sectool) is a collaborative application security testing platform that bridges human security professionals and AI agents through both a CLI and an MCP server. It acts as a wire-fidelity HTTP/HTTPS proxy, capturing and replaying traffic, detecting reflections and JWT tokens, and enabling out-of-band (OAST) testing — all controllable through natural language via an AI assistant. Security teams use it to accelerate penetration testing workflows by letting AI agents automate routine recon, request replay, and vulnerability probing tasks.
Prerequisites
- Go runtime or ability to install pre-built binaries (Linux, macOS, Windows — amd64/arm64)
- An MCP-compatible client such as Claude Code or Claude Desktop
- A target web application to test (only test apps you have permission to assess)
- Browser configured to use the proxy at 127.0.0.1:8080 for traffic capture
- Trust the auto-generated CA certificate at ~/.sectool/ca.pem in your browser/OS
Install the sectool binary
Install sectool using Go or download a pre-built binary from the GitHub releases page for your platform (Linux, macOS, Windows — amd64 or arm64).
go install github.com/go-appsec/toolbox/sectool@latestStart the MCP server
Launch sectool in MCP mode. This starts the MCP server on port 9119 and an integrated HTTP proxy on port 8080. The CA certificate is auto-generated at ~/.sectool/ca.pem on first run.
sectool mcpTrust the CA certificate
Import ~/.sectool/ca.pem into your browser or OS certificate store so HTTPS traffic can be intercepted and inspected without certificate errors.
# macOS example
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/.sectool/ca.pemConfigure your browser to use the proxy
Set your browser's HTTP and HTTPS proxy to 127.0.0.1:8080. Browse to the target application to generate traffic that sectool will capture.
Connect your MCP client
Register the running sectool MCP server with your AI client using the HTTP transport pointing to port 9119.
claude mcp add --transport http sectool http://127.0.0.1:9119/mcpConfigure the client JSON (alternative)
Alternatively, add sectool to your claude_desktop_config.json if you prefer config-file-based setup. The server must already be running before the client connects.
Toolbox Examples
Client configuration
Add the running sectool MCP server to Claude Desktop by pointing to its HTTP endpoint. The server must be started separately with `sectool mcp` before connecting.
{
"mcpServers": {
"sectool": {
"command": "sectool",
"args": ["mcp"]
}
}
}Prompts to try
Security testing prompts to use with Claude once sectool is connected and traffic has been captured through the proxy.
- "Show me a summary of all captured proxy traffic"
- "Find any requests that reflect user input in the response"
- "Replay request flow abc123 and add the header X-Forwarded-For: 127.0.0.1"
- "Create an OAST payload and check if any captured request triggers it"
- "Crawl https://example.com and list all discovered endpoints"Troubleshooting Toolbox
HTTPS traffic shows certificate errors even after importing the CA
Confirm the certificate at ~/.sectool/ca.pem was added as a trusted root CA (not just a trusted certificate). On macOS, use Keychain Access to verify it appears under System > Certificates with full trust. Restart your browser after importing.
Claude cannot connect to the MCP server
Verify sectool is running with `sectool mcp` and listening on port 9119. Check with `curl http://127.0.0.1:9119/mcp` — you should get a response. Ensure no firewall is blocking localhost connections.
No traffic appears in the proxy history
Confirm your browser proxy settings point to 127.0.0.1:8080 for both HTTP and HTTPS. Use `sectool proxy summary` in a separate terminal to check if any flows have been captured.
Frequently Asked Questions about Toolbox
What is Toolbox?
Toolbox is a Model Context Protocol (MCP) server that collaborative application security testing between humans and agents via cli and mcp It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Toolbox?
Install via npm with the command: npx -y toolbox. Then add the server configuration to your AI client's JSON config file (e.g., claude_desktop_config.json or .cursor/mcp.json).
Which AI clients work with Toolbox?
Toolbox works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Toolbox free to use?
Yes, Toolbox is open source and available under the MIT license. You can use it freely in both personal and commercial projects.
Toolbox Alternatives — Similar Security Servers
Looking for alternatives to Toolbox? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Toolbox in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Toolbox?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.