Intruder MCP Server

Let AI agents like Claude control your Intruder account using natural language. Add targets, kick off scans, triage vulnerabilities, snooze issues, check license usage, and generate management reports, all without leaving your AI agent of choice.

The Intruder MCP Server is an open-source Python module that wraps the Intruder API using the Model Context Protocol (MCP), an open standard from Anthropic that lets AI agents interact with the tools and platforms you already use.

Note: The MCP server requires an Intruder API access token. See Creating an access token to generate one.

What is MCP?

Model Context Protocol (MCP) is an open standard that enables AI agents to connect to external systems like Intruder, and perform actions on your behalf. Rather than copy-pasting data between tools, you can ask your AI agent to interact with Intruder directly through natural language prompts.

Under the hood, the Intruder MCP server uses FastMCP (from Anthropic's MCP Python SDK) to expose each Intruder API endpoint as a tool that AI agents can call. The agent receives a description of what each tool does and what parameters it supports, so it can figure out which tools to use based on your request.

Prerequisites

Before getting started, you'll need:

An Intruder account on a Cloud, Pro, Premium, or Vanguard plan
An Intruder API access token — generate one here
A supported MCP client — such as Claude Desktop, or any other client that supports the Model Context Protocol

For local installation, you'll also need:

Python 3.10+
uv (Python package manager)

For containerised installation:

Docker

Installation

There are three ways to run the Intruder MCP server. Choose whichever best suits your setup.

Option 1: Smithery (quickest)

Smithery provides a one-click hosted setup. Follow the instructions on the Smithery page to connect your MCP client.

Option 2: Running locally with Python

Install uv if you haven't already.
Clone the repository and install dependencies:

git clone https://github.com/intruder-io/intruder-mcp.git
cd intruder-mcp
uv venv
uv pip install -e .

Add the following to your MCP client configuration, replacing path/to/intruder-mcp with the actual path to the cloned repo, and your-api-key with your Intruder API access token:

{
  "mcpServers": {
    "intruder": {
      "command": "uv",
      "args": [
        "--directory",
        "path/to/intruder-mcp/intruder_mcp",
        "run",
        "server.py"
      ],
      "env": {
        "INTRUDER_API_KEY": "your-api-key"
      }
    }
  }
}

Option 3: Running in a Docker container

Add the following to your MCP client configuration, replacing <your-api-key> with your Intruder API access token:

{
  "mcpServers": {
    "intruder": {
      "command": "docker",
      "args": [
        "container",
        "run",
        "--interactive",
        "--rm",
        "--init",
        "--env",
        "INTRUDER_API_KEY=<your-api-key>",
        "ghcr.io/intruder-io/intruder-mcp"
      ]
    }
  }
}

Where does the MCP client configuration go? This depends on which client you're using. For Claude Desktop, see Anthropic's MCP documentation.

Further resources

GitHub repository — source code, issues, and releases
Blog post: Say It, Secure It — deeper dive into use cases with screenshots
Intruder API reference — full documentation for all API endpoints
Creating an access token — how to generate your API key
Smithery — one-click hosted MCP server setup

Please note: The MCP server interacts with the Intruder API, which is available on Pro, Premium, and Vanguard plans.