mcp-noctua
MCP exposing a Dockerized pentest toolbox (sqlmap, nuclei, ffuf) to an LLM for authorized audits, with whitelisting.
🛡️ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for mcp-noctua, derived from its capabilities.
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.
Overview
mcp-noctua exposes a pentest toolbox (sqlmap, nuclei, ffuf and more) via Docker to an LLM orchestrator for authorized security audits, with strict whitelisting and timeout controls. Security surface: it runs offensive security tooling under agent direction, so the whitelist and timeouts are the guardrails preventing misuse against unauthorized targets.
Key features
- Dockerized sqlmap/nuclei/ffuf toolbox
- Strict tool whitelisting
- Per-run timeout controls
- LLM-orchestrated audits
Use cases
- Run authorized pentests via an agent
- Automate recon within a scoped target