mirror of
https://github.com/BillyOutlast/sec-mcp.git
synced 2026-07-01 12:50:00 -04:00
Add initial setup files for sec-mcp stack including environment variables, setup guide, and Docker configuration
This commit is contained in:
@@ -0,0 +1,6 @@
|
||||
MCPO_API_KEY=top-secret
|
||||
MSF_PASSWORD=changeme
|
||||
ZAP_API_KEY=changeme-zap-api-key
|
||||
MCP_ZAP_API_KEY=changeme-mcp-zap-api-key
|
||||
MD_SHARE_DIR=/opt/mcps/shared-markdown
|
||||
OLLAMA_BASE_URL=http://ollama:11434
|
||||
@@ -0,0 +1,87 @@
|
||||
# Open WebUI MCP Setup Guide
|
||||
|
||||
This stack exposes MCP servers through `mcpo` as OpenAPI endpoints.
|
||||
|
||||
- `mcpo` URL from host: `http://localhost:8000`
|
||||
- `mcpo` URL from inside Docker network (Open WebUI): `http://mcpo:8000`
|
||||
|
||||
## 1) Start the stack
|
||||
|
||||
```powershell
|
||||
docker compose up -d --build
|
||||
```
|
||||
|
||||
For AMD GPU Ollama (Linux ROCm hosts):
|
||||
|
||||
```powershell
|
||||
docker compose -f docker-compose.yml -f docker-compose.ollama-amd.yml up -d --build
|
||||
```
|
||||
|
||||
## 2) Open Open WebUI
|
||||
|
||||
- Open: `http://localhost:3000`
|
||||
- Create/sign in to your admin account.
|
||||
|
||||
## 3) Add MCP tools via OpenAPI servers
|
||||
|
||||
In Open WebUI, navigate to the OpenAPI server management screen (label can vary by version, typically under Admin/Settings/Tools/Integrations).
|
||||
|
||||
Add one OpenAPI server per MCP route from `mcpo`.
|
||||
|
||||
Suggested entries:
|
||||
|
||||
- Name: `triv3-kali-server`
|
||||
- OpenAPI URL: `http://mcpo:8000/triv3-kali-server/openapi.json`
|
||||
- Name: `k3nn3dy-kali-mcp`
|
||||
- OpenAPI URL: `http://mcpo:8000/k3nn3dy-kali-mcp/openapi.json`
|
||||
- Name: `metasploit-mcp`
|
||||
- OpenAPI URL: `http://mcpo:8000/metasploit-mcp/openapi.json`
|
||||
- Name: `mcp-zap-server`
|
||||
- OpenAPI URL: `http://mcpo:8000/mcp-zap-server/openapi.json`
|
||||
- Name: `nvd-cve-mcp-server`
|
||||
- OpenAPI URL: `http://mcpo:8000/nvd-cve-mcp-server/openapi.json`
|
||||
- Name: `markdownify-mcp`
|
||||
- OpenAPI URL: `http://mcpo:8000/markdownify-mcp/openapi.json`
|
||||
|
||||
If your Open WebUI is outside Docker, use `http://localhost:8000/.../openapi.json` instead.
|
||||
|
||||
## 4) Authentication (if enabled)
|
||||
|
||||
`mcpo` is configured with API key auth (`MCPO_API_KEY`).
|
||||
|
||||
If Open WebUI asks for headers for an OpenAPI server, add:
|
||||
|
||||
- Header: `Authorization`
|
||||
- Value: `Bearer <MCPO_API_KEY>`
|
||||
|
||||
or
|
||||
|
||||
- Header: `X-API-Key`
|
||||
- Value: `<MCPO_API_KEY>`
|
||||
|
||||
Use whichever your Open WebUI version expects for OpenAPI auth headers.
|
||||
|
||||
## 5) Validate each server
|
||||
|
||||
From host browser:
|
||||
|
||||
- `http://localhost:8000/docs`
|
||||
- `http://localhost:8000/triv3-kali-server/docs`
|
||||
- `http://localhost:8000/k3nn3dy-kali-mcp/docs`
|
||||
- `http://localhost:8000/metasploit-mcp/docs`
|
||||
- `http://localhost:8000/mcp-zap-server/docs`
|
||||
- `http://localhost:8000/nvd-cve-mcp-server/docs`
|
||||
- `http://localhost:8000/markdownify-mcp/docs`
|
||||
|
||||
If these are reachable, Open WebUI can import them.
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
- OpenAPI URL fails in Open WebUI container:
|
||||
- Use `http://mcpo:8000/...` (not `localhost`) when Open WebUI runs in Docker.
|
||||
- Empty tools after import:
|
||||
- Check `mcpo` logs: `docker compose logs -f mcpo`
|
||||
- ZAP tools fail auth:
|
||||
- Verify `.env` values for `MCP_ZAP_API_KEY` and `ZAP_API_KEY`.
|
||||
- Markdown file retrieval blocked:
|
||||
- Verify `MD_SHARE_DIR` in `.env` and ensure files are in that directory.
|
||||
@@ -0,0 +1,78 @@
|
||||
# sec-mcp Stack
|
||||
|
||||
Security-focused MCP stack routed through `mcpo`, with Open WebUI + Ollama included.
|
||||
|
||||
## Included MCP servers
|
||||
|
||||
- `triv3/mcp-kali-server`
|
||||
- `k3nn3dy-ai/kali-mcp`
|
||||
- `GH05TCREW/MetasploitMCP`
|
||||
- `socteam-ai/nvd-cve-mcp-server`
|
||||
- `dtkmn/mcp-zap-server`
|
||||
- `zcaceres/markdownify-mcp`
|
||||
|
||||
## Files
|
||||
|
||||
- `docker-compose.yml` - AMD ROCm override for Ollama
|
||||
- `mcpo-config.template.json` - Templated `mcpo` multi-server config
|
||||
- `.env.example` - Environment variable template
|
||||
- `OPENWEBUI_MCP_SETUP.md` - Step-by-step MCP setup inside Open WebUI
|
||||
|
||||
## Quick start
|
||||
|
||||
1. Create env file:
|
||||
|
||||
```powershell
|
||||
Copy-Item .env.example .env
|
||||
```
|
||||
|
||||
2. Start base stack:
|
||||
|
||||
```powershell
|
||||
docker compose up -d --build
|
||||
```
|
||||
|
||||
3. Open services:
|
||||
|
||||
- Open WebUI: `http://localhost:3000`
|
||||
- MCPO docs: `http://localhost:8000/docs`
|
||||
- Ollama API: `http://localhost:11434`
|
||||
|
||||
## AMD GPU (Ollama ROCm)
|
||||
|
||||
Use this only on Linux hosts with `/dev/kfd` and `/dev/dri` available:
|
||||
|
||||
```powershell
|
||||
docker compose -f docker-compose.yml -f docker-compose.ollama-amd.yml up -d --build
|
||||
```
|
||||
|
||||
## MCPO routes
|
||||
|
||||
Each MCP server is exposed by `mcpo` under its own path:
|
||||
|
||||
- `http://localhost:8000/triv3-kali-server/docs`
|
||||
- `http://localhost:8000/k3nn3dy-kali-mcp/docs`
|
||||
- `http://localhost:8000/metasploit-mcp/docs`
|
||||
- `http://localhost:8000/mcp-zap-server/docs`
|
||||
- `http://localhost:8000/nvd-cve-mcp-server/docs`
|
||||
- `http://localhost:8000/markdownify-mcp/docs`
|
||||
|
||||
## Open WebUI MCP setup
|
||||
|
||||
Follow the full guide in:
|
||||
|
||||
- `OPENWEBUI_MCP_SETUP.md`
|
||||
|
||||
This includes:
|
||||
|
||||
- UI steps for adding OpenAPI servers
|
||||
- Correct internal Docker URL usage (`http://mcpo:8000/...`)
|
||||
- Auth header guidance for `MCPO_API_KEY`
|
||||
- Validation and troubleshooting steps
|
||||
|
||||
## Notes
|
||||
|
||||
- First startup is slower because dependencies are built/installed.
|
||||
- `markdownify-mcp` is built at `mcpo` container startup.
|
||||
- `mcp-zap-server` auth values are injected via `.env` into `mcpo-config.template.json` at runtime.
|
||||
- `MD_SHARE_DIR` controls markdown file access scope for `markdownify-mcp`.
|
||||
@@ -0,0 +1,166 @@
|
||||
services:
|
||||
init-mcps:
|
||||
image: alpine/git:2.47.0
|
||||
command: >-
|
||||
sh -lc "
|
||||
set -e;
|
||||
mkdir -p /opt/mcps;
|
||||
if [ ! -d /opt/mcps/MCP-Kali-Server/.git ]; then
|
||||
git clone https://github.com/triv3/mcp-kali-server.git /opt/mcps/MCP-Kali-Server;
|
||||
else
|
||||
cd /opt/mcps/MCP-Kali-Server && git pull --ff-only;
|
||||
fi
|
||||
if [ ! -d /opt/mcps/markdownify-mcp/.git ]; then
|
||||
git clone https://github.com/zcaceres/markdownify-mcp.git /opt/mcps/markdownify-mcp;
|
||||
else
|
||||
cd /opt/mcps/markdownify-mcp && git pull --ff-only;
|
||||
fi
|
||||
"
|
||||
volumes:
|
||||
- mcp_sources:/opt/mcps
|
||||
|
||||
triv3-kali-api:
|
||||
image: python:3.12-slim
|
||||
depends_on:
|
||||
init-mcps:
|
||||
condition: service_completed_successfully
|
||||
command: >-
|
||||
sh -lc "
|
||||
python -m pip install --no-cache-dir -r /opt/mcps/MCP-Kali-Server/requirements.kali.txt &&
|
||||
python /opt/mcps/MCP-Kali-Server/kali-server/kali_server.py --port 5000
|
||||
"
|
||||
volumes:
|
||||
- mcp_sources:/opt/mcps
|
||||
expose:
|
||||
- "5000"
|
||||
|
||||
kali-mcp-sse:
|
||||
build:
|
||||
context: https://github.com/k3nn3dy-ai/kali-mcp.git
|
||||
command: ["python", "-m", "kali_mcp_server.server", "--transport", "sse", "--port", "8000"]
|
||||
expose:
|
||||
- "8000"
|
||||
|
||||
metasploit-rpc:
|
||||
image: metasploitframework/metasploit-framework:latest
|
||||
environment:
|
||||
- MSF_PASSWORD=${MSF_PASSWORD:-changeme}
|
||||
command: >-
|
||||
sh -lc "
|
||||
msfrpcd -P ${MSF_PASSWORD:-changeme} -S -a 0.0.0.0 -p 55553 -f
|
||||
"
|
||||
expose:
|
||||
- "55553"
|
||||
|
||||
metasploit-mcp:
|
||||
image: python:3.12-slim
|
||||
depends_on:
|
||||
- metasploit-rpc
|
||||
environment:
|
||||
- MSF_PASSWORD=${MSF_PASSWORD:-changeme}
|
||||
- MSF_SERVER=metasploit-rpc
|
||||
- MSF_PORT=55553
|
||||
- MSF_SSL=false
|
||||
command: >-
|
||||
sh -lc "
|
||||
apt-get update && apt-get install -y --no-install-recommends git &&
|
||||
rm -rf /var/lib/apt/lists/* &&
|
||||
git clone https://github.com/GH05TCREW/MetasploitMCP.git /opt/MetasploitMCP &&
|
||||
python -m pip install --no-cache-dir -r /opt/MetasploitMCP/requirements.txt &&
|
||||
python /opt/MetasploitMCP/MetasploitMCP.py --transport http --host 0.0.0.0 --port 8085
|
||||
"
|
||||
expose:
|
||||
- "8085"
|
||||
|
||||
zap:
|
||||
image: zaproxy/zap-stable:latest
|
||||
environment:
|
||||
- ZAP_API_KEY=${ZAP_API_KEY:-changeme-zap-api-key}
|
||||
command: >-
|
||||
sh -lc "
|
||||
zap.sh -daemon -host 0.0.0.0 -port 8090
|
||||
-config api.addrs.addr.name=.*
|
||||
-config api.addrs.addr.regex=true
|
||||
-config api.key=${ZAP_API_KEY:-changeme-zap-api-key}
|
||||
"
|
||||
expose:
|
||||
- "8090"
|
||||
|
||||
mcp-zap-server:
|
||||
image: ghcr.io/dtkmn/mcp-zap-server:latest
|
||||
depends_on:
|
||||
- zap
|
||||
environment:
|
||||
- MCP_SECURITY_MODE=api-key
|
||||
- MCP_API_KEY=${MCP_ZAP_API_KEY:-changeme-mcp-zap-api-key}
|
||||
- ZAP_SERVER_URL=zap
|
||||
- ZAP_SERVER_PORT=8090
|
||||
- ZAP_SERVER_API_KEY=${ZAP_API_KEY:-changeme-zap-api-key}
|
||||
expose:
|
||||
- "7456"
|
||||
|
||||
ollama:
|
||||
image: ollama/ollama:rocm
|
||||
devices:
|
||||
- /dev/kfd
|
||||
- /dev/dri
|
||||
ports:
|
||||
- "11434:11434"
|
||||
volumes:
|
||||
- ollama_data:/root/.ollama
|
||||
restart: unless-stopped
|
||||
|
||||
open-webui:
|
||||
image: ghcr.io/open-webui/open-webui:main
|
||||
depends_on:
|
||||
- ollama
|
||||
- mcpo
|
||||
environment:
|
||||
- OLLAMA_BASE_URL=${OLLAMA_BASE_URL:-http://ollama:11434}
|
||||
ports:
|
||||
- "3000:8080"
|
||||
volumes:
|
||||
- open_webui_data:/app/backend/data
|
||||
restart: unless-stopped
|
||||
|
||||
mcpo:
|
||||
image: ghcr.io/open-webui/mcpo:main
|
||||
depends_on:
|
||||
init-mcps:
|
||||
condition: service_completed_successfully
|
||||
triv3-kali-api:
|
||||
condition: service_started
|
||||
kali-mcp-sse:
|
||||
condition: service_started
|
||||
metasploit-mcp:
|
||||
condition: service_started
|
||||
mcp-zap-server:
|
||||
condition: service_started
|
||||
environment:
|
||||
- MCPO_API_KEY=${MCPO_API_KEY:-top-secret}
|
||||
- MCP_ZAP_API_KEY=${MCP_ZAP_API_KEY:-changeme-mcp-zap-api-key}
|
||||
- MD_SHARE_DIR=${MD_SHARE_DIR:-/opt/mcps/shared-markdown}
|
||||
command: >-
|
||||
sh -lc "
|
||||
apt-get update && apt-get install -y --no-install-recommends gettext-base python3 python3-pip curl bash &&
|
||||
rm -rf /var/lib/apt/lists/* &&
|
||||
python -m pip install --no-cache-dir -r /opt/mcps/MCP-Kali-Server/requirements.mcp.txt &&
|
||||
mkdir -p ${MD_SHARE_DIR:-/opt/mcps/shared-markdown} &&
|
||||
cd /opt/mcps/markdownify-mcp &&
|
||||
rm -f .python-version &&
|
||||
corepack enable &&
|
||||
pnpm install &&
|
||||
pnpm run build &&
|
||||
envsubst < /config/mcpo-config.template.json > /tmp/mcpo-config.json &&
|
||||
mcpo --host 0.0.0.0 --port 8000 --api-key \"${MCPO_API_KEY:-top-secret}\" --config /tmp/mcpo-config.json
|
||||
"
|
||||
volumes:
|
||||
- ./mcpo-config.template.json:/config/mcpo-config.template.json:ro
|
||||
- mcp_sources:/opt/mcps
|
||||
ports:
|
||||
- "8000:8000"
|
||||
|
||||
volumes:
|
||||
mcp_sources:
|
||||
ollama_data:
|
||||
open_webui_data:
|
||||
@@ -0,0 +1,47 @@
|
||||
{
|
||||
"mcpServers": {
|
||||
"triv3-kali-server": {
|
||||
"command": "python",
|
||||
"args": [
|
||||
"/opt/mcps/MCP-Kali-Server/mcp-server/mcp_server.py",
|
||||
"--server",
|
||||
"http://triv3-kali-api:5000"
|
||||
],
|
||||
"env": {
|
||||
"KALI_SERVER_URL": "http://triv3-kali-api:5000"
|
||||
}
|
||||
},
|
||||
"k3nn3dy-kali-mcp": {
|
||||
"type": "sse",
|
||||
"url": "http://kali-mcp-sse:8000/sse"
|
||||
},
|
||||
"metasploit-mcp": {
|
||||
"type": "sse",
|
||||
"url": "http://metasploit-mcp:8085/sse"
|
||||
},
|
||||
"mcp-zap-server": {
|
||||
"type": "streamable-http",
|
||||
"url": "http://mcp-zap-server:7456/mcp",
|
||||
"headers": {
|
||||
"X-API-Key": "${MCP_ZAP_API_KEY}"
|
||||
}
|
||||
},
|
||||
"nvd-cve-mcp-server": {
|
||||
"command": "npx",
|
||||
"args": [
|
||||
"-y",
|
||||
"nvd-cve-mcp-server"
|
||||
]
|
||||
},
|
||||
"markdownify-mcp": {
|
||||
"command": "node",
|
||||
"args": [
|
||||
"/opt/mcps/markdownify-mcp/dist/index.js"
|
||||
],
|
||||
"env": {
|
||||
"UV_PATH": "/bin/uv",
|
||||
"MD_SHARE_DIR": "${MD_SHARE_DIR}"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user