- Home
- MCP servers
- Hydra
Hydra
- python
10
GitHub Stars
python
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"happyhackingspace-mcp-hydra": {
"command": "docker",
"args": [
"run",
"--rm",
"-i",
"--name",
"hydramcp",
"hydramcp"
]
}
}
}Hydra MCP is a lightweight, extensible Model Context Protocol server that lets you connect AI assistants to security tools for automated reconnaissance, scanning, and analysis. It provides a streamlined way to run multiple security tools under MCP control, enabling you to orchestrate pentesting workflows with AI assistance.
How to use
Use Hydra MCP by running it as a local STDIO server so your MCP client can communicate with the containerized service and orchestrate tools like Sublist3r, Nmap, SQLMap, and more. You can start Hydra MCP from your development environment or integrate it into your IDE workflow via standard MCP client configuration. When connected, you can issue prompts that map to the available scanners and receive structured results to drive your testing cycles.
How to install
Prerequisites: you need Docker installed on your machine to build and run the Hydra MCP image.
Clone the project and build the Docker image.
git clone https://github.com/happyhackingspace/mcp-hydra.git
cd mcp-hydra
docker build -t hydramcp .
Configure the MCP client to run Hydra MCP locally
Edit your MCP client configuration to point to the Hydra MCP STDIO server. You will run Hydra MCP as a Docker container with a defined name so the client can connect to it.
{
"mcpServers": {
"hydramcp": {
"command": "docker",
"args": ["run", "--rm", "-i", "--name", "hydramcp", "hydramcp"]
}
}
}
Copilot in VSCode setup
If you prefer to configure via VSCode, create a client config that runs Hydra MCP inside a container with host networking and the necessary privileges.
{
"servers": {
"hydramcp": {
"command": "docker",
"args": [
"run",
"--rm",
"-i",
"--net=host",
"--privileged",
"--name",
"hydramcp",
"hydramcp"
]
}
}
}
Additional usage notes
You can run the included tools by issuing prompts that select a scanner and provide the target. For example, you can target a domain for subdomain discovery, perform DNS reconnaissance, or scan a host for open ports. The toolkit supports a range of tools described in the available prompts.
Common prompts include selecting a scanner and providing a target, then reviewing results returned by the MCP server. You can combine multiple tools in a single workflow to gather reconnaissance data, assess exposure, and identify vulnerabilities.
Tool prompts to test the integration
Use prompts to exercise the tools and confirm the integration with Hydra MCP. Examples include running a subdomain enumeration, performing DNS reconnaissance, checking email registrations across sites, scanning a host for open ports, extracting text from images, testing for SQL injection, and scanning a WordPress site.
Troubleshooting and notes
If the container fails to start, ensure Docker is running and that no existing containers use the hydramcp name. Check that the image hydramcp exists locally after the build step. If network access is required for tool operations, verify your host network configuration and permissions for the container.
Available tools
Sublist3r
Domain enumeration tool used to discover subdomains for a target domain.
DNSRecon
DNS reconnaissance tool used to identify DNS records and potential exposure.
Holehe
Email registration checker to see where an email address is registered across websites.
Nmap
Network scanner used to identify open ports and services on hosts.
OCR
Optical Character Recognition tool to extract text from images.
Sqlmap
SQL injection scanner to detect and exploit SQL injection vulnerabilities.
WPScan
WordPress security scanner that looks for known vulnerabilities.
Zmap
Internet-wide scanner used to quickly identify hosts with open ports.