S
SkillNav

HackTricks MCP Server

平台与服务

by xplo8e

可搜索和查询 HackTricks 渗透测试文档的 MCP Server,支持快速检索与章节内容提取。

4GitHub

什么是 HackTricks MCP Server

可搜索和查询 HackTricks 渗透测试文档的 MCP Server,支持快速检索与章节内容提取。

README

HackTricks MCP Server

MCP (Model Context Protocol) server for searching and querying HackTricks pentesting documentation directly from Claude.

Features

  • Quick lookup - One-shot exploitation info with alias support (sqli, xss, ssrf, etc.)
  • Grouped search results - Results aggregated by file with match count, title, and relevant sections
  • Page outline - Quick table of contents to identify relevant sections
  • Section extraction - Read specific sections instead of full pages (token-efficient)
  • Cheatsheet mode - Extract only code blocks/commands from pages
  • Category browsing - Discover available topics and file paths
  • Fast grep search - Uses ripgrep for instant results
  • Security hardened - Protection against command injection and path traversal

Quick Start

Installation

bash
npm install -g hacktricks-mcp-server

The postinstall script automatically clones the HackTricks repository (~2 minutes on first install).

Configure Claude Desktop

Add to your Claude settings (~/.claude/settings.json):

json
{
  "mcpServers": {
    "hacktricks": {
      "command": "npx",
      "args": ["hacktricks-mcp-server"]
    }
  }
}

Restart Claude Desktop and try: "Search HackTricks for SQL injection"

Alternative: Install from Source

bash
git clone https://github.com/Xplo8E/hacktricks-mcp-server.git
cd hacktricks-mcp-server
git submodule update --init --recursive
npm install
npm run build

Configuration for source install:

json
{
  "mcpServers": {
    "hacktricks": {
      "command": "node",
      "args": ["/absolute/path/to/hacktricks-mcp-server/dist/index.js"]
    }
  }
}

Usage Examples

Once configured in Claude Desktop, you can ask:

  • "Search HackTricks for SQL injection techniques"
  • "Give me SUID privilege escalation commands"
  • "Show me XSS payloads"
  • "List all pentesting categories in HackTricks"
  • "How do I exploit XXE vulnerabilities?"

The server provides 7 specialized tools for efficient HackTricks searching.

Available Tools

hacktricks_quick_lookup

One-shot exploitation lookup. Searches, finds best page, and returns exploitation sections + code blocks in one call.

Parameters:

  • topic (string, required): Attack/technique to look up (e.g., 'SUID', 'sqli', 'xss', 'docker escape')
  • category (string, optional): Category filter for faster results

Supported aliases: sqli, xss, rce, lfi, rfi, ssrf, csrf, xxe, ssti, idor, jwt, suid, privesc

Example:

code
hacktricks_quick_lookup("SSRF", category="pentesting-web")

Benefits: Reduces 3+ tool calls to 1 for "how do I exploit X" questions.

search_hacktricks

Search through HackTricks documentation. Returns results GROUPED BY FILE with match count, page title, and relevant section headers.

Parameters:

  • query (string, required): Search term or regex pattern
  • category (string, optional): Filter to specific category (e.g., 'pentesting-web')
  • limit (number, optional): Max grouped results (default: 20)

Example output:

code
Found matches in 5 files for: "SUID"

────────────────────────────────────────────────────────────

📄 **Linux Privilege Escalation**
   Path: src/linux-hardening/privilege-escalation/README.md
   Matches: 12
   Sections: SUID Binaries | Finding SUID | GTFOBins
   Preview:
     L45: Find files with SUID bit set...
     L78: Common SUID exploitation techniques...

────────────────────────────────────────────────────────────

get_hacktricks_outline

Get the table of contents of a page (all section headers). Use this BEFORE reading full pages to understand structure.

Parameters:

  • path (string): Relative path to markdown file

Example output:

code
# Linux Privilege Escalation
  ## Enumeration
    ### System Information
    ### Network
  ## SUID Binaries
    ### Finding SUID Files
    ### Exploiting SUID
  ## Capabilities

Benefits: See page structure in ~20 lines vs reading 500+ lines.

get_hacktricks_section

Extract a specific section from a page by header name. Much more efficient than reading the full page.

Parameters:

  • path (string): Relative path to markdown file
  • section (string): Section header to extract (partial match, case-insensitive)

Example:

code
get_hacktricks_section("src/linux-hardening/privilege-escalation/README.md", "SUID")

Benefits: Read just "SUID Binaries" section (~200 tokens) instead of entire page (~3000 tokens).

get_hacktricks_cheatsheet

Extract only code blocks from a page. Perfect when you just need commands, payloads, or examples.

Parameters:

  • path (string): Relative path to markdown file

Example output:

bash
find / -perm -4000 2>/dev/null
bash
./vulnerable_suid -p

Benefits: Skip explanatory text when you just need "give me the command".

get_hacktricks_page

Get full content of a HackTricks page.

Parameters:

  • path (string): Relative path to markdown file

Warning: Pages can be very long (3000+ tokens). Consider using get_hacktricks_outline + get_hacktricks_section instead.

list_hacktricks_categories

List categories and their contents.

Parameters:

  • category (string, optional): Category to expand

Without category: Lists top-level categories With category: Shows full directory tree with file paths

Efficient Usage Pattern

For optimal token usage, Claude should:

  1. Search with category filter → Get grouped results with context
  2. Get outline of relevant page → See structure before reading
  3. Extract specific section → Read only what's needed
  4. Get cheatsheet → Quick command reference

Before (inefficient):

code
search_hacktricks("SUID")     → 50 raw lines
get_page(file1)               → 3000 tokens
get_page(file2)               → 2500 tokens  
Total: ~5500 tokens, 3 calls

After (efficient):

code
search_hacktricks("SUID", category="linux-hardening")  → Grouped results
get_outline(best_match)                                 → 20 lines
get_section(best_match, "SUID")                         → 200 tokens
Total: ~400 tokens, 3 calls

Requirements

  • Node.js (v18 or higher)
  • ripgrep (rg) - usually pre-installed on macOS/Linux
  • Bun (for package management)

Development

Watch mode:

bash
bun run dev

Test locally:

bash
bun run start

Contributing

Contributions are welcome! If you'd like to improve the server:

  1. Fork the repository
  2. Create a feature branch (git checkout -b feature/improvement)
  3. Make your changes and test locally
  4. Submit a pull request

Please ensure your PR includes tests for new features and maintains the existing code style.

License

MIT

Credits

常见问题

HackTricks MCP Server 是什么?

可搜索和查询 HackTricks 渗透测试文档的 MCP Server,支持快速检索与章节内容提取。

相关 Skills

MCP构建

by anthropics

Universal
热门

聚焦高质量 MCP Server 开发,覆盖协议研究、工具设计、错误处理与传输选型,适合用 FastMCP 或 MCP SDK 对接外部 API、封装服务能力。

想让 LLM 稳定调用外部 API,就用 MCP构建:从 Python 到 Node 都有成熟指引,帮你更快做出高质量 MCP 服务器。

平台与服务
未扫描114.1k

Slack动图

by anthropics

Universal
热门

面向Slack的动图制作Skill,内置emoji/消息GIF的尺寸、帧率和色彩约束、校验与优化流程,适合把创意或上传图片快速做成可直接发送的Slack动画。

帮你快速做出适配 Slack 的动图,内置约束规则和校验工具,少踩上传与播放坑,做表情包和演示都更省心。

平台与服务
未扫描114.1k

MCP服务构建器

by alirezarezvani

Universal
热门

从 OpenAPI 一键生成 Python/TypeScript MCP server 脚手架,并校验 tool schema、命名规范与版本兼容性,适合把现有 REST API 快速发布成可生产演进的 MCP 服务。

帮你快速搭建 MCP 服务与后端 API,脚手架完善、扩展顺手,尤其适合想高效验证服务能力的开发者。

平台与服务
未扫描10.2k

相关 MCP Server

Slack 消息

编辑精选

by Anthropic

热门

Slack 是让 AI 助手直接读写你的 Slack 频道和消息的 MCP 服务器。

这个服务器解决了团队协作中需要 AI 实时获取 Slack 信息的痛点,特别适合开发团队让 Claude 帮忙汇总频道讨论或发送通知。不过,它目前只是参考实现,文档有限,不建议在生产环境直接使用——更适合开发者学习 MCP 如何集成第三方服务。

平台与服务
83.4k

io.github.netdata/mcp-server

编辑精选

by netdata

热门

io.github.netdata/mcp-server 是让 AI 助手实时监控服务器指标和日志的 MCP 服务器。

这个工具解决了运维人员需要手动检查系统状态的痛点,最适合 DevOps 团队让 Claude 自动分析性能数据。不过,它依赖 NetData 的现有部署,如果你没用过这个监控平台,得先花时间配置。

平台与服务
78.4k

Scrapling MCP Server

编辑精选

by d4vinci

热门

Scrapling MCP Server 是专为现代网页设计的智能爬虫工具,支持绕过 Cloudflare 等反爬机制。

这个工具解决了爬取动态网页和反爬网站时的头疼问题,特别适合需要批量采集电商价格或新闻数据的开发者。不过,它依赖外部浏览器引擎,资源消耗较大,不适合轻量级任务。

平台与服务
35.4k

评论