HackTricks MCP Server

Name: HackTricks MCP Server
Author: Xplo8E

Xplo8E/hacktricks-mcp-server

Query HackTricks pentesting playbooks from Claude Code or Cursor while hardening APIs, reviewing auth flows, or preparing a security checklist before release.

Overview

HackTricks MCP Server is an MCP server for the Ship phase that searches and queries HackTricks pentesting documentation with quick lookup and section extraction inside your agent.

What is this MCP server?

Search HackTricks corpus with quick lookup from the agent chat
Pull specific sections for techniques, commands, and checklists without leaving the IDE
stdio npm package hacktricks-mcp-server v1.3.4 for Claude Desktop and compatible MCP hosts
Section extraction for focused answers instead of dumping whole pages
Pairs with manual verification—you still run tools and scope tests ethically on systems you own
Server version 1.3.4
Transport: stdio via npm identifier hacktricks-mcp-server

Compatible agents: Claude Code, Cursor, any compatible agent

Community signal: 7 GitHub stars.

What problem does it solve?

Security guidance is scattered across long wiki pages, so builders waste time tab-switching instead of keeping exploit-path context next to the code they are fixing.

Who is it for?

Indie developers doing authorized appsec review, CTF practice, or pre-launch hardening who want HackTricks on demand in Claude Code or Cursor.

Skip if: Teams that need managed pen-test reports, continuous CVE feeds, or scanning without reading primary sources.

What do I get? / Deliverables

After you register the stdio server, your agent can cite relevant HackTricks sections while you draft fixes, test plans, or review comments in one workflow.

Agent-retrieved HackTricks sections tied to your current security question
Faster research notes for reviews, hardening tasks, or learning paths

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Canonical shelf is Ship because solo builders reach for offensive-security reference material when they are validating exposure, running reviews, or closing gaps before customers touch production. Security subphase matches documentation lookup during threat modeling, privilege-escalation research, and remediation planning—not casual idea brainstorming.

How it compares

MCP documentation bridge for HackTricks, not a replacement for Burp, nuclei, or a full agent skill that runs audits end-to-end.

Common Questions / FAQ

Who is HackTricks MCP Server for?

It is for builders and security-curious solo devs who already use MCP-enabled agents and want HackTricks search without leaving the editor.

When should I use HackTricks MCP Server?

Use it during Ship security work—threat modeling, checklist drafting, or studying techniques for systems you are allowed to test.

How do I add HackTricks MCP Server to my agent?

Install the npm package hacktricks-mcp-server, add a stdio MCP entry pointing at that binary in Claude Code, Cursor, or Claude Desktop, then restart the host.

HackTricks MCP Server

Xplo8E/hacktricks-mcp-server

Query HackTricks pentesting playbooks from Claude Code or Cursor while hardening APIs, reviewing auth flows, or preparing a security checklist before release.

Overview

HackTricks MCP Server is an MCP server for the Ship phase that searches and queries HackTricks pentesting documentation with quick lookup and section extraction inside your agent.

What is this MCP server?

Search HackTricks corpus with quick lookup from the agent chat
Pull specific sections for techniques, commands, and checklists without leaving the IDE
stdio npm package hacktricks-mcp-server v1.3.4 for Claude Desktop and compatible MCP hosts
Section extraction for focused answers instead of dumping whole pages
Pairs with manual verification—you still run tools and scope tests ethically on systems you own
Server version 1.3.4
Transport: stdio via npm identifier hacktricks-mcp-server

Compatible agents: Claude Code, Cursor, any compatible agent

Community signal: 7 GitHub stars.

What problem does it solve?

Security guidance is scattered across long wiki pages, so builders waste time tab-switching instead of keeping exploit-path context next to the code they are fixing.

Who is it for?

Indie developers doing authorized appsec review, CTF practice, or pre-launch hardening who want HackTricks on demand in Claude Code or Cursor.

Skip if: Teams that need managed pen-test reports, continuous CVE feeds, or scanning without reading primary sources.

What do I get? / Deliverables

After you register the stdio server, your agent can cite relevant HackTricks sections while you draft fixes, test plans, or review comments in one workflow.

Agent-retrieved HackTricks sections tied to your current security question
Faster research notes for reviews, hardening tasks, or learning paths

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

MCP documentation bridge for HackTricks, not a replacement for Burp, nuclei, or a full agent skill that runs audits end-to-end.

Common Questions / FAQ

Who is HackTricks MCP Server for?

It is for builders and security-curious solo devs who already use MCP-enabled agents and want HackTricks search without leaving the editor.

When should I use HackTricks MCP Server?

Use it during Ship security work—threat modeling, checklist drafting, or studying techniques for systems you are allowed to test.

How do I add HackTricks MCP Server to my agent?

Install the npm package hacktricks-mcp-server, add a stdio MCP entry pointing at that binary in Claude Code, Cursor, or Claude Desktop, then restart the host.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is HackTricks MCP Server for?

When should I use HackTricks MCP Server?

How do I add HackTricks MCP Server to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is HackTricks MCP Server for?

When should I use HackTricks MCP Server?

How do I add HackTricks MCP Server to my agent?