diff --git a/Makefile b/Makefile index 872df41..7605f7a 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -.PHONY: help install sync format lint typecheck test build-modules clean +.PHONY: help install sync format lint typecheck test build-modules build-hub-images clean SHELL := /bin/bash @@ -12,8 +12,9 @@ help: @echo " make lint - Lint code with ruff" @echo " make typecheck - Type check with mypy" @echo " make test - Run all tests" - @echo " make build-modules - Build all module container images" - @echo " make clean - Clean build artifacts" + @echo " make build-modules - Build all module container images" + @echo " make build-hub-images - Build all mcp-security-hub images" + @echo " make clean - Clean build artifacts" @echo "" # Install all dependencies @@ -93,6 +94,10 @@ build-modules: @echo "" @echo "✓ All modules built successfully!" +# Build all mcp-security-hub images for the firmware analysis pipeline +build-hub-images: + @bash scripts/build-hub-images.sh + # Clean build artifacts clean: find . -type d -name "__pycache__" -exec rm -rf {} + 2>/dev/null || true diff --git a/fuzzforge-cli/src/fuzzforge_cli/commands/mcp.py b/fuzzforge-cli/src/fuzzforge_cli/commands/mcp.py index 249cb27..92b2fbb 100644 --- a/fuzzforge-cli/src/fuzzforge_cli/commands/mcp.py +++ b/fuzzforge-cli/src/fuzzforge_cli/commands/mcp.py @@ -185,6 +185,8 @@ def _generate_mcp_config( "FUZZFORGE_ENGINE__TYPE": engine_type, "FUZZFORGE_ENGINE__GRAPHROOT": str(graphroot), "FUZZFORGE_ENGINE__RUNROOT": str(runroot), + "FUZZFORGE_HUB__ENABLED": "true", + "FUZZFORGE_HUB__CONFIG_PATH": str(fuzzforge_root / "hub-config.json"), }, } @@ -454,6 +456,7 @@ def install( console.print(f" Modules Path: {resolved_modules}") console.print(f" Engine: {engine}") console.print(f" Socket: {socket}") + console.print(f" Hub Config: {fuzzforge_root / 'hub-config.json'}") console.print() console.print("[bold]Next steps:[/bold]") diff --git a/fuzzforge-common/src/fuzzforge_common/hub/client.py b/fuzzforge-common/src/fuzzforge_common/hub/client.py index d8e35e8..7a6f7fd 100644 --- a/fuzzforge-common/src/fuzzforge_common/hub/client.py +++ b/fuzzforge-common/src/fuzzforge_common/hub/client.py @@ -13,6 +13,7 @@ from __future__ import annotations import asyncio import json +import os import subprocess from contextlib import asynccontextmanager from typing import TYPE_CHECKING, Any, cast @@ -242,7 +243,7 @@ class HubClient: # Add volumes for volume in config.volumes: - cmd.extend(["-v", volume]) + cmd.extend(["-v", os.path.expanduser(volume)]) # Add environment variables for key, value in config.environment.items(): diff --git a/hub-config.json b/hub-config.json new file mode 100644 index 0000000..7f50b21 --- /dev/null +++ b/hub-config.json @@ -0,0 +1,105 @@ +{ + "servers": [ + { + "name": "nmap-mcp", + "description": "Network reconnaissance using Nmap - port scanning, service detection, OS fingerprinting", + "type": "docker", + "image": "nmap-mcp:latest", + "category": "reconnaissance", + "capabilities": ["NET_RAW"], + "enabled": true + }, + { + "name": "binwalk-mcp", + "description": "Firmware extraction and analysis using Binwalk - file signatures, entropy analysis, embedded file extraction", + "type": "docker", + "image": "binwalk-mcp:latest", + "category": "binary-analysis", + "capabilities": [], + "volumes": ["~/.fuzzforge/hub/workspace:/data"], + "enabled": true + }, + { + "name": "yara-mcp", + "description": "Pattern matching and malware classification using YARA rules", + "type": "docker", + "image": "yara-mcp:latest", + "category": "binary-analysis", + "capabilities": [], + "volumes": ["~/.fuzzforge/hub/workspace:/data"], + "enabled": true + }, + { + "name": "capa-mcp", + "description": "Static capability detection using capa - identifies malware capabilities in binaries", + "type": "docker", + "image": "capa-mcp:latest", + "category": "binary-analysis", + "capabilities": [], + "volumes": ["~/.fuzzforge/hub/workspace:/data"], + "enabled": true + }, + { + "name": "radare2-mcp", + "description": "Binary analysis and reverse engineering using radare2", + "type": "docker", + "image": "radare2-mcp:latest", + "category": "binary-analysis", + "capabilities": [], + "volumes": ["~/.fuzzforge/hub/workspace:/data"], + "enabled": true + }, + { + "name": "ghidra-mcp", + "description": "Advanced binary decompilation and reverse engineering using Ghidra", + "type": "docker", + "image": "ghcr.io/clearbluejar/pyghidra-mcp:latest", + "category": "binary-analysis", + "capabilities": [], + "volumes": ["~/.fuzzforge/hub/workspace:/data"], + "enabled": true + }, + { + "name": "searchsploit-mcp", + "description": "CVE and exploit search using SearchSploit / Exploit-DB", + "type": "docker", + "image": "searchsploit-mcp:latest", + "category": "exploitation", + "capabilities": [], + "volumes": ["~/.fuzzforge/hub/workspace:/data"], + "enabled": true + }, + { + "name": "nuclei-mcp", + "description": "Vulnerability scanning using Nuclei templates", + "type": "docker", + "image": "nuclei-mcp:latest", + "category": "web-security", + "capabilities": ["NET_RAW"], + "volumes": ["~/.fuzzforge/hub/workspace:/data"], + "enabled": true + }, + { + "name": "trivy-mcp", + "description": "Container and filesystem vulnerability scanning using Trivy", + "type": "docker", + "image": "trivy-mcp:latest", + "category": "cloud-security", + "capabilities": [], + "volumes": ["~/.fuzzforge/hub/workspace:/data"], + "enabled": true + }, + { + "name": "gitleaks-mcp", + "description": "Secret and credential detection in code and firmware using Gitleaks", + "type": "docker", + "image": "gitleaks-mcp:latest", + "category": "secrets", + "capabilities": [], + "volumes": ["~/.fuzzforge/hub/workspace:/data"], + "enabled": true + } + ], + "default_timeout": 300, + "cache_tools": true +}