Wraps four security scanning tools (Nikto, Nuclei, Wapiti, shcheck) in an MCP interface for web application security testing. You get individual tools for server vulnerability scans, template-based CVE detection, app-level injection testing, and security header analysis, plus a full_scan that runs all four in parallel. Each tool takes a host and optional port, returns paginated results, and logs to SQLite so you can query execution history later. Ships as a Docker container that listens on HTTP and survives restarts without losing state. Intended for authorized penetration testing and security assessments where you need to coordinate multiple scanners through a conversational interface rather than CLI invocations.