MCP Servers

A collection of Model Context Protocol servers, templates, tools and more.

N
Nmap MCP
by @vorotaai
GitHub Repo(7 stars)
Website

MCP server for AI-powered network scanning with Nmap. Port scanning, service detection, OS fingerprinting, and vulnerability scanning for AI agents. By Vorota AI.

Created 2/11/2026
Updated about 21 hours ago
README
View Source
Repository documentation and setup instructions

Nmap MCP Server by Vorota AI

nmap-mcp is a production-ready Model Context Protocol (MCP) server that wraps Nmap, the industry-standard network scanner, to enable AI agents to perform automated network security assessments. Built by Vorota AI, it provides 6 scanning tools, 9 scan types, and 6 timing templates -- making it the most comprehensive Nmap integration for AI-powered security workflows available today.

License Python versions MCP Protocol Docker

Install MCP Server

Quick Start

Build and run nmap-mcp with Docker (includes Nmap):

docker build -t nmap-mcp https://github.com/vorotaai/nmap-mcp.git
docker run --rm -i nmap-mcp

Then add to any MCP client:

{
  "mcpServers": {
    "nmap-mcp": {
      "command": "docker",
      "args": ["run", "--rm", "-i", "nmap-mcp"]
    }
  }
}

Features

nmap-mcp from Vorota AI exposes 6 specialized scanning tools to any MCP-compatible AI agent:

  • Port Scanning -- TCP Connect, SYN stealth, UDP, FIN, XMAS, NULL, and ACK scan types with configurable port ranges and timing templates (T0 through T5).
  • Host Discovery -- Ping-sweep an entire subnet to find live hosts before deeper scanning.
  • Service Detection -- Identify running services and their exact versions on open ports with adjustable probe intensity (0-9).
  • OS Fingerprinting -- Determine operating systems through TCP/IP stack analysis.
  • Vulnerability Scanning -- Run Nmap Scripting Engine (NSE) scripts in safe categories to detect known vulnerabilities.
  • Quick Scan -- Fast top-N port scan with aggressive timing for rapid reconnaissance.

All tools include built-in input validation, network size limits, and timeout enforcement to prevent misuse.

Recommended Workflow

For a thorough AI-powered security assessment, nmap-mcp tools are designed to be used in sequence:

  1. Discover Hosts -- Use discover-hosts to find live targets on the network.
  2. Quick Scan -- Run quick-scan on discovered hosts for a fast overview of open ports.
  3. Port Scan -- Use scan-ports with specific scan types for deeper port analysis.
  4. Detect Services -- Run detect-services on open ports to identify software versions.
  5. Detect OS -- Use detect-os to fingerprint the operating system (requires root).
  6. Scan Vulnerabilities -- Run scan-vulnerabilities to check for known security issues.

AI agents like Claude, Cursor, and VS Code Copilot can orchestrate this entire workflow automatically in a single conversation.

Installation

Docker (recommended -- includes Nmap)

docker build -t nmap-mcp https://github.com/vorotaai/nmap-mcp.git

From source

Requires Python 3.10+, Nmap on PATH, and uv:

git clone https://github.com/vorotaai/nmap-mcp.git
cd nmap-mcp
uv sync --all-groups
nmap-mcp

Usage with MCP Clients

nmap-mcp is compatible with all major MCP clients: Claude Desktop, Claude Code, Cursor, VS Code Copilot, Windsurf, and Cline.

First, build the Docker image:

docker build -t nmap-mcp https://github.com/vorotaai/nmap-mcp.git

Claude Desktop

Add to your Claude Desktop configuration file (claude_desktop_config.json):

{
  "mcpServers": {
    "nmap-mcp": {
      "command": "docker",
      "args": ["run", "--rm", "-i", "nmap-mcp"]
    }
  }
}

Claude Code

claude mcp add nmap-mcp -- docker run --rm -i nmap-mcp

Cursor

Install MCP Server

Or add manually to your Cursor MCP settings (.cursor/mcp.json):

{
  "mcpServers": {
    "nmap-mcp": {
      "command": "docker",
      "args": ["run", "--rm", "-i", "nmap-mcp"]
    }
  }
}

VS Code / VS Code Insiders

Add to your VS Code settings (.vscode/mcp.json):

{
  "servers": {
    "nmap-mcp": {
      "command": "docker",
      "args": ["run", "--rm", "-i", "nmap-mcp"]
    }
  }
}

Windsurf / Cline

Use the same server configuration as Claude Desktop above. Refer to your client's documentation for the config file location.

Available Tools

| Tool | Description | Key Parameters | Root Required | |------|-------------|----------------|:-------------:| | scan-ports | Port scan with configurable scan type, port range, and timing | target, ports, scan_type (tcp_connect, syn, udp, fin, xmas, null, ack), timing (T0-T5) | Some types | | discover-hosts | Find live hosts on a network using ping scan (-sn) | target (CIDR notation supported) | No | | detect-services | Identify services and versions on open ports (-sV) | target, ports, intensity (0-9) | No | | detect-os | OS fingerprinting via TCP/IP stack analysis (-O) | target | Yes | | scan-vulnerabilities | Run NSE vulnerability detection scripts in safe categories | target, ports, categories (auth, default, discovery, safe, version, vuln) | No | | quick-scan | Fast top-N port scan with aggressive timing | target, top_ports (number of top ports to scan) | No |

Scan Types

The scan-ports tool supports 7 scan types, each suited for different scenarios:

| Scan Type | Flag | Root Required | Description | |-----------|------|:-------------:|-------------| | tcp_connect | -sT | No | Full TCP handshake; reliable but detectable | | syn | -sS | Yes | SYN stealth scan; fast and less detectable | | udp | -sU | Yes | UDP port scan; slower but finds UDP services | | fin | -sF | Yes | FIN scan; stealthy, bypasses some firewalls | | xmas | -sX | Yes | XMAS scan; sets FIN, PSH, URG flags | | null | -sN | Yes | NULL scan; sends no flags | | ack | -sA | Yes | ACK scan; maps firewall rulesets |

Timing Templates

| Template | Name | Use Case | |----------|------|----------| | T0 | Paranoid | IDS evasion | | T1 | Sneaky | IDS evasion | | T2 | Polite | Reduced bandwidth usage | | T3 | Normal | Default speed | | T4 | Aggressive | Fast, reliable networks | | T5 | Insane | Fastest, may lose accuracy |

Configuration

nmap-mcp is configured through environment variables:

| Variable | Default | Description | |----------|---------|-------------| | NMAP_BINARY | nmap | Path to the Nmap binary | | NMAP_SCAN_TIMEOUT | 600 | Maximum scan duration in seconds | | NMAP_MAX_TARGETS | 256 | Maximum number of target hosts per scan (max /24 subnet) | | FASTMCP_LOG_LEVEL | WARNING | Logging level (DEBUG, INFO, WARNING, ERROR) |

Example with custom configuration via Docker:

{
  "mcpServers": {
    "nmap-mcp": {
      "command": "docker",
      "args": [
        "run", "--rm", "-i",
        "-e", "NMAP_SCAN_TIMEOUT=120",
        "-e", "NMAP_MAX_TARGETS=128",
        "-e", "FASTMCP_LOG_LEVEL=ERROR",
        "nmap-mcp"
      ]
    }
  }
}

Security

Authorization is required. nmap-mcp is a security tool that performs network scanning. You must ensure:

  • You have explicit authorization to scan any target network or host.
  • You comply with all applicable laws and organizational policies.
  • You use this tool only in environments where you have permission to conduct security assessments.

Safety Measures

nmap-mcp by Vorota AI implements multiple layers of security to prevent misuse:

  • Input validation -- All inputs are validated against a set of forbidden characters (;, |, &, $, `, (, ), {, }, <, >, newlines) to prevent command injection attacks.
  • Network size limits -- Scans are limited to a maximum of 256 hosts by default (equivalent to a /24 subnet). This is configurable via NMAP_MAX_TARGETS.
  • Restricted NSE categories -- Only safe script categories are allowed: auth, default, discovery, safe, version, and vuln. Dangerous categories like exploit, dos, and intrusive are blocked.
  • Configurable timeouts -- All scans have a configurable timeout with a hard maximum of 600 seconds to prevent runaway processes.
  • No shell execution -- All Nmap commands are executed using Python's subprocess module with argument lists, never through a shell. This eliminates shell injection vectors entirely.

FAQ

What is nmap-mcp?

nmap-mcp is a Model Context Protocol (MCP) server built by Vorota AI that enables AI agents to perform Nmap network scans. It wraps the full power of Nmap -- port scanning, host discovery, service detection, OS fingerprinting, and vulnerability scanning -- into 6 structured tools that AI assistants like Claude, Cursor, and VS Code Copilot can call directly.

How do I use Nmap with AI agents?

Build the nmap-mcp Docker image and configure it as an MCP server in your AI client (Claude Desktop, Claude Code, Cursor, VS Code, Windsurf, or Cline). Once connected, you can ask the AI to scan networks, detect services, fingerprint operating systems, and find vulnerabilities using natural language. The AI agent will call the appropriate nmap-mcp tools and interpret the results for you.

Is nmap-mcp safe to use?

Yes. nmap-mcp includes multiple safety mechanisms: input validation to prevent command injection, network size limits to avoid scanning overly broad ranges, restricted NSE script categories that exclude dangerous scripts, configurable timeouts, and no shell execution. However, network scanning itself requires authorization -- always ensure you have permission before scanning any target.

What MCP clients are supported?

nmap-mcp works with all MCP-compatible clients, including Claude Desktop, Claude Code, Cursor, VS Code (via GitHub Copilot), Windsurf, and Cline. Any client that supports the Model Context Protocol's stdio transport can connect to nmap-mcp.

Contributing

Contributions are welcome. To set up the development environment:

git clone https://github.com/vorotaai/nmap-mcp.git
cd nmap-mcp
uv sync --all-groups

Running Tests

uv run pytest

Code Quality

uv run ruff check .
uv run ruff format .

Please open an issue or pull request on GitHub for bugs, feature requests, or improvements.

License

This project is licensed under the Apache License 2.0.

Copyright (c) Vorota AI

Quick Setup
Installation guide for this server

Install Package (if required)

uvx nmap-mcp

Cursor configuration (mcp.json)

{ "mcpServers": { "vorotaai-nmap-mcp": { "command": "uvx", "args": [ "nmap-mcp" ] } } }