Noctua
БесплатноНе проверенExposes a pentest toolbox (sqlmap, nuclei, ffuf, etc.) via Docker to an LLM orchestrator for authorized security audits, with strict whitelisting and timeout co
Описание
Exposes a pentest toolbox (sqlmap, nuclei, ffuf, etc.) via Docker to an LLM orchestrator for authorized security audits, with strict whitelisting and timeout controls.
README
🇬🇧 English · 🇫🇷 Français
An MCP server (stdio) that exposes a pentest toolbox to a strong LLM orchestrator (Claude Code, interactive), to run authorized security audits.
A clean rewrite inspired by the Darkmoon MCP (GPL v3) with no code copied → CeCILL-B license, zero GPL debt. What's reused is the toolbox (sqlmap, nuclei, ffuf, httpx, naabu, katana, whatweb…); the fragile orchestration (opencode + local model) is dropped and replaced by a strong brain that verifies.
Architecture
[Claude Code] --stdio--> [mcp-noctua (host)] --docker.sock--> [darkmoon container = toolbox]
(the brain) (controlled gateway) (sqlmap, nuclei, ffuf…)
mcp-noctua reuses the darkmoon container (ascit/darkmoon:latest) as its
toolbox, invoking it via docker.sock. Invoking tools inside a container is not a
derivative work → no license concern. The container is kept alive; noctua starts
it if it's stopped before a run.
Exposed MCP tools
| Tool | Role |
|---|---|
run_tool(command, timeout?) |
Run a whitelisted tool in the toolbox. |
web_crawl(url, depth?, timeout?) |
Bounded crawl (katana). |
port_scan(target, ...) |
naabu + httpx, bounded. |
vuln_scan(url, tags?) |
nuclei, bounded. |
list_tools() |
Tools available in the toolbox. |
health() |
Toolbox container state (running / started / not found). |
Guard-rails
- Strict allow-list of tools; dangerous patterns blocked (
rm -rf, fork bomb, exfil…). - A timeout that actually kills the process inside the toolbox (fixes the Darkmoon flaw).
- Authorized testing only; the operator validates every target.
Configuration (.env)
See .env.example. Keys: DOCKER_CONTAINER_NAME, NOCTUA_TIMEOUT,
NOCTUA_REPORTS_DIR, NOCTUA_COMPOSE_DIR, DEBUG.
Install
git clone https://github.com/NeveuGregor/mcp-noctua.git
cd mcp-noctua
python3 -m venv venv && source venv/bin/activate
pip install -e ".[dev]"
cp .env.example .env # adjust as needed
pytest
Register in ~/.claude.json as a stdio MCP server:
venv/bin/python -m src.main (cwd = mcp-noctua).
License
CeCILL-B — see LICENSE.
Установка Noctua
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/NeveuGregor/mcp-noctuaFAQ
Noctua MCP бесплатный?
Да, Noctua MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Noctua?
Нет, Noctua работает без API-ключей и переменных окружения.
Noctua — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить Noctua в Claude Desktop, Claude Code или Cursor?
Открой Noctua на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare Noctua with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
