4 compared

Security testing MCP servers compared

Offensive-security and pentest MCP servers for authorized testing, compared on trust, setup, and safety.

Open in the interactive comparison tool

Field	Burp Suite MCP Server PortSwigger's Burp Suite MCP Server extension connects Burp Suite to MCP clients through an SSE server or packaged stdio proxy for request, Repeater, Intruder, history, scanner, Collaborator, and configuration workflows. Open dossier	Pentest AI MCP Server Offensive-security MCP server from pentest-ai that lets Claude list and run wrapped security tools, plan and install missing tools, launch authorized engagements, run web, recon, API, cloud, AD, credential, vulnerability, mobile, wireless, and LLM-red-team assessments, and retrieve findings, attack chains, reports. Open dossier	Nuclear MCP Server Built-in Streamable HTTP MCP server for Nuclear Music Player that lets Claude inspect available music-player domains, discover method signatures, describe data types, and control playback, queue, favorites, playlists, dashboard, and provider workflows. Open dossier	ENScan_GO MCP Server Go-based enterprise-information gathering MCP server for authorized security research, exposing local SSE tools for company search, ICP records, apps, Weibo, WeChat public accounts, mini programs, recruiting data, copyright records, suppliers, investments, branches, and paginated data-source queries. Open dossier
Trust
Install risk	Review first	Review first	Review first	Review first
Notes	Safety ✓ Privacy ✓	Safety ✓ Privacy ✓	Safety ✓ Privacy ✓	Safety ✓ Privacy ✓
Category	mcp	mcp	mcp	mcp
Source	source-backed	source-backed	source-backed	source-backed
Author	PortSwigger	0xSteph	Nuclear	WgpSec
Added	2026-06-06	2026-06-06	2026-06-06	2026-06-06
Platforms	Claude CodeClaude Desktop	Claude CodeClaude Desktop	Claude CodeClaude Desktop	Claude CodeClaude Desktop
Source repo	—	—	—	—
Safety notes	✓Burp Suite MCP Server can send HTTP/1.1 and HTTP/2 requests, create Repeater tabs, send requests to Intruder, toggle Proxy Intercept, pause or resume Burp's task execution engine, and update the active message editor. In Burp Suite Professional it can also expose scanner issues and generate or poll Collaborator payloads for out-of-band testing. The extension includes approval flows for outbound HTTP requests and sensitive data access, but users can configure always-allow targets and disable some approval requirements. Configuration editing tools can import project-level or user-level Burp options when enabled in the extension, which can change proxy, scanner, target, and other Burp behavior. Use only on systems and applications where testing is authorized; active requests, Intruder traffic, scanner workflows, and Collaborator payloads can affect third-party services. Keep the MCP server bound to trusted local interfaces and avoid exposing the SSE server to untrusted networks.	✓Pentest AI is offensive security tooling that performs real network and host operations and can run wrapped scanners, fuzzers, password tools, exploit-adjacent probes, and custom HTTP requests. Use only on targets where you have written permission, and keep rules of engagement, exclusions, rate limits, credentials, and scope boundaries in the prompt and engagement record. Prefer intensity=safe, strict_scope=true, and respect_rate_limits=true for real targets; the upstream README notes these safety flags are not all default behavior. Do not call ensure_tools_installed with auto_install=true until the exact tool list and install impact have been reviewed by a human. Authenticated scans should use credential references or approved secret resolvers, not raw passwords, tokens, or session cookies pasted into model context. External tools may create traffic, files, subprocesses, reports, findings databases, caches, and evidence artifacts that require cleanup and retention controls.	✓Nuclear MCP Server runs inside the local Nuclear desktop app and exposes a Streamable HTTP server on the localhost interface. The `call` tool can execute Nuclear API methods after discovery through `list_methods`, `method_details`, and `describe_type`. Available domains include Queue, Playback, Metadata, Favorites, Playlists, Dashboard, and Providers, so agents can change what is playing and modify local music-player state. Nuclear's plugin and provider system can retrieve streaming sources, metadata, playlists, and dashboard content from third-party services; use providers only where automated access is allowed. Keep the server bound to localhost, avoid exposing the MCP endpoint on a network interface, and require confirmation before letting an agent change playlists, favorites, queues, or provider settings.	✓ENScan_GO is security-research tooling intended for authorized HW/SRC and red-team-style enterprise information gathering. Use only public data sources and authorized accounts; the upstream README says it does not provide cracking or protection-bypass capabilities. Configure request delays, narrow fields, and scoped targets to reduce load on upstream data platforms and avoid account anomalies. Do not use the tool for harassment, doxxing, unauthorized profiling, commercial scraping outside provider terms, or unlawful intelligence gathering. The local SSE MCP server can expose configured data-source access to any MCP client that can reach the endpoint; bind it locally and avoid exposing the port on shared networks.
Privacy notes	✓Proxy HTTP history, WebSocket history, Organizer items, scanner issues, request and response bodies, headers, cookies, tokens, session identifiers, and Collaborator interaction data may be returned to the MCP client. The extension can read project-level and user-level Burp configuration; upstream code filters some configuration credentials when configured, but users should still treat exported options as sensitive. MCP prompts, responses, Burp logs, and client transcripts can retain target URLs, credentials, payloads, vulnerability details, and proprietary application behavior. The stdio proxy and SSE server bridge Burp traffic into the MCP client process; keep client configs, proxy paths, and Burp project files protected.	✓Targets, URLs, IPs, domains, credentials references, findings, proofs of concept, screenshots, payloads, request/response data, reports, detection rules, process lists, and tool output can be sent to the MCP client and model. Findings databases, generated reports, SARIF/JUnit/HTML/PDF exports, logs, subprocess output, tool caches, auth profiles, and cloud-sync settings can contain sensitive vulnerabilities and customer data. Prompts and transcripts can disclose live vulnerabilities, exploitable paths, credentials handling, customer infrastructure, or engagement scope. Keep cloud workspace sync, API tokens, LLM provider keys, and generated reports disabled or controlled unless the engagement explicitly allows them.	✓Tool calls and transcripts can include listening history, search terms, artists, albums, track titles, playlist names, favorites, provider choices, dashboard content, and local player settings. The MCP endpoint is local, but connected MCP clients, model providers, logs, screenshots, and shared chat transcripts can still retain music-library and listening-behavior data. Streaming and metadata providers may receive searches, track identifiers, IP addresses, user-agent metadata, or plugin-specific account context according to their own policies. The MCP server URL and port are local connection details; do not publish screenshots or logs that include private player state or provider credentials.	✓Queries, company names, PIDs, ICP records, apps, Weibo accounts, WeChat public accounts, mini programs, recruiting data, copyright records, suppliers, investments, branches, and exported results can be sent to the MCP client and model. ENScan_GO configuration can contain cookies, Tianyancha IDs, auth tokens, API tokens, RiskBird cookies, Qimai cookies, MIIT API endpoints, proxy settings, and user-agent strings. Generated JSON, XLSX, cache files, logs, prompts, and transcripts can reveal target organizations, subsidiaries, suppliers, public accounts, and investigation scope. Keep cookies and API tokens out of prompts, restrict file permissions on the generated config, and clean up exports or `enscan.gob` cache files according to engagement rules.
Prerequisites	Burp Suite Community or Professional with Java extension support. Java and the `jar` command available for building and loading the extension. Gradle wrapper execution allowed for building `build/libs/burp-mcp-all.jar` from source. An MCP client that can connect to the Burp SSE server or run the packaged stdio proxy.	Python 3.10 or newer and pip, uv, or another supported Python package installer. Written authorization and explicit scope for every target, host, account, user, API, network, or application being tested. A dedicated test environment or engagement workspace for findings, tool output, reports, and installed security tools. Human approval before auto-installing external tools, running active probes, credential tests, authenticated scans, or exploit-chain validation.	Nuclear Music Player installed from the project's releases or platform packages. MCP server enabled in Nuclear under Settings > Integrations. MCP client support for Streamable HTTP or remote URL based server configuration. Review of the actual local URL shown by Nuclear because the server starts on ports 8800 through 8809.	Downloaded ENScan_GO release binary for your operating system, or Go 1.23-compatible tooling to build from source. First-run configuration generated with `./enscan -v`. Valid, authorized cookies or API credentials for the selected enterprise-data sources. Local MCP client support for SSE transport, or a trusted stdio-to-SSE bridge if your client does not connect to SSE endpoints directly.
Install	`./gradlew embedProxyJar`	`pip install ptai`	`claude mcp add nuclear --transport http <copy-url-from-nuclear-settings>`	`Download an ENScan_GO release archive, configure credentials with ./enscan -v, then run ./enscan --mcp`
Config	`Manual-only setup: ./gradlew embedProxyJar`	`{ "mcpServers": { "pentest-ai": { "command": "ptai", "args": ["mcp"], "env": { "PENTEST_DB_PATH": "<approved-findings-db-path>", "PTAI_NON_INTERACTIVE": "1" } } } }`	`Manual-only setup: claude mcp add nuclear --transport http <copy-url-from-nuclear-settings>`	`{ "mcpServers": { "enscan-go": { "url": "<loopback-sse-url>" } } }`
Citations	Source repositorygithub.com 2026-06-18T00:14:21+00:00 Documentationraw.githubusercontent.com Submitted by oktofeesh12026-06-06	Source repositorygithub.com 2026-06-18T00:14:21+00:00 Documentationgithub.com Submitted by oktofeesh12026-06-06	Source repositorygithub.com 2026-06-18T00:14:21+00:00 Documentationraw.githubusercontent.com Submitted by oktofeesh12026-06-06	Source repositorygithub.com 2026-06-18T00:14:21+00:00 Documentationgithub.com Submitted by oktofeesh12026-06-06
Claim	Unclaimed	Unclaimed	Unclaimed	Unclaimed

More comparisons, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.