mcp-noctua
MCP exposing a Dockerized pentest toolbox (sqlmap, nuclei, ffuf) to an LLM for authorized audits, with whitelisting.
๐ก๏ธ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for mcp-noctua, derived from its capabilities.
AIVSS 7.4 ยท High
View MAESTRO 7-layer threat model โOverview
mcp-noctua exposes a pentest toolbox (sqlmap, nuclei, ffuf and more) via Docker to an LLM orchestrator for authorized security audits, with strict whitelisting and timeout controls. Security surface: it runs offensive security tooling under agent direction, so the whitelist and timeouts are the guardrails preventing misuse against unauthorized targets.
Key features
- Dockerized sqlmap/nuclei/ffuf toolbox
- Strict tool whitelisting
- Per-run timeout controls
- LLM-orchestrated audits
Use cases
- Run authorized pentests via an agent
- Automate recon within a scoped target