MCP.so
ログイン

OWASP MCP Server

@shadsidd

OWASP MCP Server について

概要はまだありません

基本情報

カテゴリ

その他

ランタイム

python

トランスポート

stdio

公開者

shadsidd

設定

以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。

{
  "mcpServers": {
    "Owasp-Zap-MCP-Server-Demo": {
      "command": "python",
      "args": [
        "-m",
        "venv",
        "venv"
      ]
    }
  }
}

ツール

ツールは検出されませんでした

ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。

概要

What is OWASP MCP Server?

OWASP MCP Server is a WebSocket-based Mission Control Protocol server for OWASP ZAP security scanning. It enables real-time control and monitoring of security assessments, designed for security professionals and CI/CD pipelines who need automated, scalable scanning.

How to use OWASP MCP Server?

Install Python 3.8+, OWASP ZAP 2.12.0+, and JRE 8+. Clone the repository, create a virtual environment, and install dependencies. Start ZAP in daemon mode on port 8080 with sudo/administrator privileges, then run python mcp_server.py. Use the included CLI (mcp_cli.py) with commands like scan <domain> or fullscan <domain>, supporting options for scan type, output format, multiple domains, and file input.

Key features of OWASP MCP Server

  • WebSocket-based real-time updates for scan progress and alerts
  • Native CI/CD integration for automated security testing
  • Concurrent scanning of multiple domains
  • Robust error handling with clear diagnostic messages
  • Batch processing via domain list files
  • Supports spider, active, and full scan types
  • Generates HTML reports and integrates with notification services

Use cases of OWASP MCP Server

  • Automating security scans in CI/CD pipelines
  • Real-time monitoring of live security assessments
  • Concurrent scanning of multiple web applications
  • Authenticated scanning with form-based and other authentication methods
  • Team notifications via email, Slack, and Microsoft Teams

FAQ from OWASP MCP Server

What are the prerequisites to run OWASP MCP Server?

You need Python 3.8+, OWASP ZAP 2.12.0+, Java Runtime Environment 8+, and sudo/administrator privileges. The project uses standard Python packages installed via pip install -r requirements.txt.

Why use OWASP MCP Server instead of the ZAP UI or API?

Compared to the ZAP UI, OWASP MCP Server offers full automation, native CI/CD integration, batch processing, and concurrent multiple-domain scanning. Compared to the ZAP API, it provides real-time WebSocket updates instead of polling, easier CI/CD integration, and more robust error handling.

How do I start ZAP and the MCP server?

Start ZAP in daemon mode with sudo /Applications/ZAP.app/Contents/Java/zap.sh -daemon -port 8080 (macOS/Linux) or the equivalent Windows command. Then run python mcp_server.py. Ensure ports 8080 (ZAP) and 3000 (MCP) are free.

What scan types are available?

Spider Scan (passive crawling, fastest), Active Scan (performs security attacks, finds more vulnerabilities), and Full Scan (spider + active for comprehensive testing). These are selectable via the CLI.

What are common issues and how to resolve them?

If you see "Address already in use", check the port with sudo lsof -i :8080 and kill the process. If ZAP fails to start, clear existing ZAP processes with pkill -f zap. ZAP requires sudo/administrator privileges to run.

コメント

「その他」の他のコンテンツ