OWASP MCP Server
@shadsidd
OWASP MCP Server について
概要はまだありません
基本情報
設定
以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。
{
"mcpServers": {
"Owasp-Zap-MCP-Server-Demo": {
"command": "python",
"args": [
"-m",
"venv",
"venv"
]
}
}
}ツール
ツールは検出されませんでした
ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。
概要
What is OWASP MCP Server?
OWASP MCP Server is a WebSocket-based Mission Control Protocol server for OWASP ZAP security scanning. It enables real-time control and monitoring of security assessments, designed for security professionals and CI/CD pipelines who need automated, scalable scanning.
How to use OWASP MCP Server?
Install Python 3.8+, OWASP ZAP 2.12.0+, and JRE 8+. Clone the repository, create a virtual environment, and install dependencies. Start ZAP in daemon mode on port 8080 with sudo/administrator privileges, then run python mcp_server.py. Use the included CLI (mcp_cli.py) with commands like scan <domain> or fullscan <domain>, supporting options for scan type, output format, multiple domains, and file input.
Key features of OWASP MCP Server
- WebSocket-based real-time updates for scan progress and alerts
- Native CI/CD integration for automated security testing
- Concurrent scanning of multiple domains
- Robust error handling with clear diagnostic messages
- Batch processing via domain list files
- Supports spider, active, and full scan types
- Generates HTML reports and integrates with notification services
Use cases of OWASP MCP Server
- Automating security scans in CI/CD pipelines
- Real-time monitoring of live security assessments
- Concurrent scanning of multiple web applications
- Authenticated scanning with form-based and other authentication methods
- Team notifications via email, Slack, and Microsoft Teams
FAQ from OWASP MCP Server
What are the prerequisites to run OWASP MCP Server?
You need Python 3.8+, OWASP ZAP 2.12.0+, Java Runtime Environment 8+, and sudo/administrator privileges. The project uses standard Python packages installed via pip install -r requirements.txt.
Why use OWASP MCP Server instead of the ZAP UI or API?
Compared to the ZAP UI, OWASP MCP Server offers full automation, native CI/CD integration, batch processing, and concurrent multiple-domain scanning. Compared to the ZAP API, it provides real-time WebSocket updates instead of polling, easier CI/CD integration, and more robust error handling.
How do I start ZAP and the MCP server?
Start ZAP in daemon mode with sudo /Applications/ZAP.app/Contents/Java/zap.sh -daemon -port 8080 (macOS/Linux) or the equivalent Windows command. Then run python mcp_server.py. Ensure ports 8080 (ZAP) and 3000 (MCP) are free.
What scan types are available?
Spider Scan (passive crawling, fastest), Active Scan (performs security attacks, finds more vulnerabilities), and Full Scan (spider + active for comprehensive testing). These are selectable via the CLI.
What are common issues and how to resolve them?
If you see "Address already in use", check the port with sudo lsof -i :8080 and kill the process. If ZAP fails to start, clear existing ZAP processes with pkill -f zap. ZAP requires sudo/administrator privileges to run.
「その他」の他のコンテンツ
Codelf
unbugA search tool helps dev to solve the naming things problem.
Mcp
browsermcpBrowser MCP is a Model Context Provider (MCP) server that allows AI applications to control your browser
🚀 Model Context Protocol (MCP) Curriculum for Beginners
microsoftThis open-source curriculum introduces the fundamentals of Model Context Protocol (MCP) through real-world, cross-language examples in .NET, Java, TypeScript, JavaScript, Rust and Python. Designed for developers, it focuses on practical techniques for building modular, scalable,
FastMCP v2 🚀
jlowin🚀 The fast, Pythonic way to build MCP servers and clients.
MCP Toolbox for Databases
googleapisMCP Toolbox for Databases is an open source MCP server for databases.
コメント