Hacking Buddy MCP is a proof-of-concept project that explores how AI can be integrated into security operations, particularly within Red Team and Pentesting workflows.
I created this tool to demonstrate practical ways in which AI can assist during offensive security engagements from reconnaissance and exploitation support to analyzing collected data. Since Red Teaming and Pentesting is where I spend most of my time, this project reflects both some of my hands-on experience and my interest in innovating with AI in the security space.
Note: This project currently includes only a few integrated tools, but I plan to add more over time as I experiment with different scenarios. My goal is to keep it fun and iterative—sharing progress as I go instead of waiting to launch a fully built-out version later.
Hacking Buddy MCP is setup including the .vscode directory which contains the mcp.json file.
- You will need to adjust the
path(the last argument) in themcp.jsonto match your configuration.
You need to have uv and dependencies (FastMCP) installed.
curl -LsSf https://astral.sh/uv/install.sh | sh
⚠️ It is highly recommended that you setup a virtual environment first!
- Run
uv venvto create a virtual environment- Run
source .venv/bin/activateto active the virtual enviroment
This allows you to automatically install the dependencies from a file. Run:
uv pip install -r pyproject.tomluv pip install fastmcpSee the FastMCP GitHub.
Running the MCP server is actually pretty easy:
- In VSCode go to the mcp.json
- Click Start above the JSON object, right above where it says "hacking-buddy-mcp"
- Open GitHub Copilot and change it's mode to Agent
- Ask it to perform one of the actions available from Hacking Buddy MCP Tools, like "Do an nmap discovery scan on this ip range 192.168.1.0/24" and "Run port scans on those hosts"
⚠ Note: If GitHub Copilot starts acting up you may need to start a new chat!
🚧 This is an experimental project, feedback and ideas are always welcome!