gobuster-mcp

gobuster-mcp

A Model Context Protocol (MCP) server for Gobuster that enables AI assistants to perform directory/file, DNS, virtual host, S3 bucket, and TFTP enumeration on a remote Kali Linux host via SSH.

Category
Visit Server

README

gobuster-mcp

A Model Context Protocol (MCP) server for Gobuster - a powerful directory/file, DNS, virtual host, S3 bucket, and TFTP enumeration tool written in Go.

This MCP server enables AI assistants to perform security reconnaissance and enumeration tasks by executing Gobuster commands on a remote Kali Linux host via SSH.

Features

  • Directory/File Enumeration (gobuster_dir) - Discover hidden directories and files on web servers
  • DNS Subdomain Enumeration (gobuster_dns) - Find subdomains for target domains
  • Virtual Host Discovery (gobuster_vhost) - Enumerate virtual hosts by brute-forcing Host headers
  • Fuzzing (gobuster_fuzz) - Replace FUZZ keyword in URLs, headers, or POST data
  • S3 Bucket Enumeration (gobuster_s3) - Discover open Amazon S3 buckets
  • TFTP Enumeration (gobuster_tftp) - Find files on TFTP servers
  • Async Scan Support - Run long scans in background with status tracking
  • Wordlist Discovery - List available wordlists on the Kali host

Prerequisites

  • Node.js 18+
  • SSH access to a Kali Linux host with Gobuster installed
  • SSH key-based authentication configured (no password prompts)

Installation

# Clone the repository
git clone https://github.com/schwarztim/sec-gobuster-mcp.git
cd sec-gobuster-mcp

# Install dependencies
npm install

# Build
npm run build

Configuration

Environment Variables

Variable Default Description
KALI_HOST kali SSH hostname or alias for the Kali Linux host

SSH Setup

Ensure your SSH config (~/.ssh/config) has an entry for your Kali host:

Host kali
    HostName 192.168.1.100
    User root
    IdentityFile ~/.ssh/id_rsa

Claude Desktop Configuration

Add to your Claude Desktop config (~/.config/claude/claude_desktop_config.json on Linux or ~/Library/Application Support/Claude/claude_desktop_config.json on macOS):

{
  "mcpServers": {
    "gobuster": {
      "command": "node",
      "args": ["/path/to/sec-gobuster-mcp/dist/index.js"],
      "env": {
        "KALI_HOST": "kali"
      }
    }
  }
}

Available Tools

gobuster_dir

Directory/file enumeration mode - discovers hidden directories and files on web servers.

{
  "url": "https://example.com",
  "extensions": "php,html,txt",
  "threads": 20,
  "status_codes": "200,204,301,302",
  "exclude_status": "404,403"
}

gobuster_dns

DNS subdomain enumeration - discovers subdomains for a target domain.

{
  "domain": "example.com",
  "resolver": "8.8.8.8",
  "show_ips": true,
  "show_cname": true
}

gobuster_vhost

Virtual host enumeration - discovers virtual hosts by brute-forcing Host header values.

{
  "url": "https://example.com",
  "domain": "example.com",
  "exclude_length": "1234"
}

gobuster_fuzz

Fuzzing mode - replaces FUZZ keyword in URLs, headers, or POST data.

{
  "url": "https://example.com/api?param=FUZZ",
  "method": "GET",
  "exclude_status": "404,500"
}

gobuster_s3

Amazon S3 bucket enumeration.

{
  "wordlist": "/usr/share/wordlists/bucket-names.txt",
  "max_files": 10
}

gobuster_tftp

TFTP file enumeration.

{
  "server": "192.168.1.50",
  "timeout": 5
}

Async Operations

All scan tools support an async parameter to run scans in the background:

{
  "url": "https://example.com",
  "async": true
}

Use these tools to manage async scans:

  • gobuster_status - Check scan status and retrieve output
  • gobuster_stop - Stop a running scan
  • gobuster_list_scans - List all active and recent scans

gobuster_wordlists

List available wordlists on the Kali host.

{
  "category": "dirb"
}

Categories: all, dirb, dirbuster, wfuzz, seclists, subdomains

Common Options

Most scan tools support these common options:

Option Description
wordlist Path to wordlist file on Kali
threads Number of concurrent threads (default: 10)
timeout Request timeout in seconds
quiet Suppress banner output
cookies Cookies to include in requests
headers Custom headers array
user_agent Custom User-Agent string
no_tls_validation Skip TLS certificate verification
follow_redirect Follow HTTP redirects

Security Considerations

This tool is intended for authorized security testing only. Always ensure you have proper authorization before scanning any systems.

  • Use only against systems you own or have explicit permission to test
  • Be aware of rate limiting and server load
  • Consider legal implications in your jurisdiction
  • Use responsibly and ethically

Development

# Watch mode for development
npm run dev

# Build
npm run build

# Run
npm start

License

MIT License - see LICENSE file for details.

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

Related Projects

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured