cybersec-toolkit

   ______      __              _____
  / ____/_  __/ /_  ___  _____/ ___/___  _____
 / /   / / / / __ \/ _ \/ ___/\__ \/ _ \/ ___/
/ /___/ /_/ / /_/ /  __/ /   ___/ /  __/ /__
\____/\__, /_.___/\___/_/   /____/\___/\___/
     /____/                          by 26zl
              Toolkit

Cybersecurity toolkit with built-in AI integration. An embedded MCP (Model Context Protocol) server lets any MCP-capable AI -- Claude Code, Claude Desktop, Cursor -- query the tool registry, check install status, recommend the right tools for a CTF category or bug-bounty target, and execute them with enforced safety policies (argument sanitization, network allowlists, rate limiting, audit logging). Jump to MCP Server (AI Integration).

Bundled with a modular installer for Linux and Termux (Android) covering 580+ tools, 18 modules, 14 profiles, and 12 install methods.

How it works

Two entry points share one tool registry. An operator runs the bash installer to put tools on disk; an AI agent talks to the MCP server to discover, recommend, and safely execute those same tools. tools_config.json is the single source of truth the modules define and the MCP advisors read, and CI validators keep the Python and bash sides in sync.

flowchart TB
    user(["Operator"]):::actor
    ai(["AI agent — Claude Code / Cursor / local LLM"]):::actor

    subgraph INSTALL["Installer (bash)"]
        direction TB
        sh["install.sh"]:::core
        prof["14 profiles<br/>profiles/*.conf"]:::data
        mod["18 modules<br/>modules/*.sh<br/>per-module tool arrays"]:::core
        meth["12 install methods<br/>apt → pipx → go → cargo →<br/>binary → gem → docker → git"]:::core
        sh --> prof --> mod --> meth
    end

    subgraph MCP["MCP server (Python / FastMCP)"]
        direction TB
        srv["server.py<br/>14 AI tools"]:::core
        adv["tools_db · profiles<br/>ctf_advisor · bounty_advisor"]:::core
        sec["security.py — policy engine<br/>allowlist · arg sanitize<br/>net policy · rate limit · audit"]:::sec
        rem["remote.py<br/>SSH hosts"]:::core
        srv --> adv
        srv --> sec --> rem
    end

    reg[("tools_config.json<br/>tool registry — 580+")]:::data
    disk["Installed tools<br/>/usr/local/bin + .versions"]:::data
    post["verify · update · remove · backup"]:::core
    skills["860 Claude skills + coordinators<br/>finding-triage · security-comms · authorization-gate"]:::skill
    ci["CI validators<br/>shellcheck · bats · ruff · pytest<br/>validate_tools_config · validate_mcp_sync"]:::ci

    user -->|"sudo ./install.sh"| sh
    ai <-->|"stdio MCP"| srv
    ai -.->|"activate on demand"| skills

    meth -->|"installs"| disk
    sec -->|"run_tool / run_pipeline / run_script"| disk
    disk --- post

    mod -.->|"defines"| reg
    adv -.->|"reads"| reg
    ci -.->|"keep Python ↔ bash in sync"| reg
    ci -.-> srv

    classDef actor fill:#1f6feb,stroke:#0b3d91,color:#ffffff;
    classDef core fill:#161b22,stroke:#30363d,color:#e6edf3;
    classDef data fill:#1c2a1c,stroke:#2ea043,color:#e6edf3;
    classDef sec fill:#3d1d1d,stroke:#f85149,color:#ffffff;
    classDef skill fill:#2d2238,stroke:#a371f7,color:#e6edf3;
    classDef ci fill:#33291a,stroke:#d29922,color:#e6edf3;

Reading the diagram: solid arrows are runtime/install actions, dashed arrows are data relationships. The installer (left) and MCP server (right) never call each other — they meet at the registry and at the tools on disk. security.py is the gate every AI-driven execution passes through; nothing reaches the shell without clearing the allowlist, argument sanitization, and network policy. Skills are methodology context the AI loads on demand; they guide how tools get used but sit outside the execution path.

Install

All required runtimes (Python, Go, Ruby, Java, Rust, Node.js), dev libraries, pipx, and build tools are installed automatically. The only prerequisite is a supported Linux distro. Windows and macOS are not supported (use WSL or Docker).