ghostkit MCP Server

ghostkit MCP Server

MCP server that provides AI clients with 26 security and developer tools, enabling tasks like JWT decoding, HTTP header analysis, and phishing URL inspection.

Category
Visit Server

README

ghostkit MCP Server - Security Tools for AI

MCP Compatible Tools License

MCP server that gives Claude, Cursor, Windsurf, and any MCP-compatible AI client access to 26 security and developer tools. Ask your AI to decode a JWT, analyze HTTP security headers, hash a payload, or inspect a phishing URL, and it picks the right tool automatically.

Free during early access. Sign in and get your API key

What you can do with it

Ask your AI things like:

  • "Decode this JWT and tell me if it's expired"
  • "Check this HTTP response for missing security headers"
  • "Analyze the CSP policy and grade it"
  • "Is this URL a phishing attempt? Check for homoglyphs"
  • "Generate an Ed25519 keypair"
  • "Decode this Ethereum calldata"
  • "Hash this string with SHA-256 and MD5"
  • "Inspect these email headers for SPF/DKIM issues"

The MCP server routes each request to the right tool. No manual tool selection needed.

All 26 tools

Decode & Transform

  • Encoder/Decoder - Base64, Hex, URL, HTML entities, Unicode, Octal with auto-detection
  • JWT Decoder - Parse headers, claims, expiry, and flag security warnings (alg:none, missing iss)
  • JS Deobfuscator - Decode hex/unicode strings, unpack arrays, unwrap eval(), beautify output
  • SAML Decoder - Decode base64 SAML responses, extract assertions, attributes, and conditions

Inspect & Analyze

  • URL Analyzer - Break down URLs, detect phishing indicators, homoglyphs, suspicious TLDs, defang for sharing
  • Email Header Analyzer - Trace message routes, check SPF/DKIM/DMARC, detect spoofing
  • CSP Analyzer - Parse Content-Security-Policy, detect unsafe-inline/eval, grade A-F
  • CORS Checker - Detect wildcard origins, credential leaks, missing preflight headers
  • Character Inspector - Find zero-width chars, homoglyphs, mixed scripts, bidi control characters
  • Cookie Analyzer - Parse Set-Cookie headers, check Secure/HttpOnly/SameSite, detect misconfigurations
  • Entropy Analyzer - Shannon entropy calculation, detect encrypted/compressed/obfuscated data
  • Hex Viewer - Hex + ASCII dump with magic byte file signature detection
  • HTTP Response Inspector - Parse raw responses, audit security headers, flag info leaks
  • Certificate Decoder - Decode PEM certificates, show subject, issuer, SANs, expiry, key details

Format & Compare

  • JSON Formatter - Validate, pretty-print, minify, report key count and nesting depth
  • YAML/TOML Formatter - Parse, format, convert between YAML, TOML, and JSON
  • Code Diff - Line-by-line unified diff between two code snippets
  • Regex Tester - Test patterns with match positions and capture groups
  • Timestamp Converter - Convert Unix/ISO/human dates, relative time, auto-detect format

Crypto & Network

  • Hash Generator - MD5, SHA-1, SHA-256, SHA-512 with optional hash comparison
  • Password Generator - Cryptographically secure passwords and passphrases with entropy scoring
  • RSA/EC Key Generator - Generate RSA, ECDSA, ECDH, Ed25519 keypairs in PEM format
  • IP/CIDR Calculator - Subnet math, host ranges, private/reserved detection, membership checks

Web3 & Blockchain

  • Keccak-256 Hasher - Compute Keccak-256 hashes, Ethereum function selectors, event topics
  • ABI Decoder - Decode Ethereum calldata into function calls (transfer, approve, swap, etc.)
  • Transaction Decoder - Parse RLP-encoded transactions (Legacy, EIP-2930, EIP-1559)

Quick start

1. Get your API key

Sign in at ghostkit.net and create a free API key from your account page.

2. Clone and install

git clone https://github.com/pspray/ghostkit-mcp.git
cd ghostkit-mcp
npm install

3. Connect to your AI client

<details> <summary><strong>Claude Desktop</strong></summary>

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "ghostkit": {
      "command": "node",
      "args": ["/path/to/ghostkit-mcp/index.js"],
      "env": {
        "GHOSTKIT_API_KEY": "gk_your_key_here"
      }
    }
  }
}

</details>

<details> <summary><strong>Claude Code (CLI)</strong></summary>

GHOSTKIT_API_KEY=gk_your_key_here \
  claude mcp add ghostkit -- node /path/to/ghostkit-mcp/index.js

</details>

<details> <summary><strong>Cursor / Windsurf / other MCP clients</strong></summary>

Add to your MCP configuration (check your client's docs for the exact file):

{
  "mcpServers": {
    "ghostkit": {
      "command": "node",
      "args": ["/path/to/ghostkit-mcp/index.js"],
      "env": {
        "GHOSTKIT_API_KEY": "gk_your_key_here"
      }
    }
  }
}

</details>

Replace /path/to/ghostkit-mcp with the actual path where you cloned the repo.

How it works

This repo is a thin MCP client. On startup it fetches the tool definitions from the ghostkit API, then forwards each tool call to the backend for execution. Your AI client sees 26 tools it can call, and the actual processing happens server-side.

This means you always have the latest tools without pulling updates, and no security-sensitive computation runs on your machine.

Requires a ghostkit API key for authentication.

Links

License

Proprietary. See Terms of Use.

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured