CyberMCP - Cybersecurity API Testing with MCP
@ricauts
About CyberMCP - Cybersecurity API Testing with MCP
CyberMCP is a Model Context Protocol (MCP) server designed for testing backend APIs for security vulnerabilities. It provides a set of specialized tools and resources that can be used by LLMs to identify common security issues in APIs.
Basic information
Config
No standard config provided
This server doesn't expose a parseable MCP config block in its README. See the repository for install instructions.
RepositoryTools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is CyberMCP?
CyberMCP is a Model Context Protocol (MCP) server that enables AI agents to perform comprehensive security testing on backend APIs. It provides 14 specialized security tools and 10 resources for identifying vulnerabilities like authentication bypass, injection attacks, data leakage, and security misconfigurations.
How to use CyberMCP?
Clone the repository, run npm install, npm run build, then start the server with npm start (stdio mode) or set TRANSPORT=http PORT=3000 npm start for HTTP mode. Provide natural‑language commands such as basic_auth or auth_bypass_check to the AI agent, which will execute the corresponding security tests on target endpoints.
Key features of CyberMCP
- Authentication testing (JWT analysis, bypass detection, OAuth2 flows)
- Injection testing (SQL injection, XSS vulnerability detection)
- Data protection checks (sensitive data exposure, path traversal)
- Rate limiting and DoS vulnerability assessment
- OWASP security header validation
- Comprehensive security checklists and testing guides
Use cases of CyberMCP
- Test a protected API endpoint for authentication bypass vulnerabilities
- Scan an application for SQL injection and cross‑site scripting flaws
- Validate security headers and rate‑limiting configurations
- Audit sensitive data exposure and path traversal risks
- Automate security testing during CI/CD pipelines via AI agents
FAQ from CyberMCP
What are the runtime requirements for CyberMCP?
Node.js 18+ and TypeScript 5.4+ are required.
What transport modes does CyberMCP support?
It supports stdio (default) and HTTP (set TRANSPORT=http and optionally PORT).
Which IDEs and clients can integrate with CyberMCP?
It works with Claude Desktop, Cursor IDE, Windsurf (Codeium), and VS Code + Cline.
What types of security tools are included?
Fourteen tools covering authentication (basic_auth, token_auth, OAuth2, JWT, bypass check), injection (SQL, XSS), data protection (sensitive data, path traversal), and infrastructure (rate limiting, security headers).
More Developer Tools MCP servers
mcp-excalidraw
yctimlinMCP server and Claude Code skill for Excalidraw — programmatic canvas toolkit to create, edit, and export diagrams via AI agents with real-time canvas sync.
Serena
oraiosA powerful MCP toolkit for coding, providing semantic retrieval and editing capabilities - the IDE for your agent
DevDocs by CyberAGI 🚀
cyberagiincCompletely free, private, UI based Tech Documentation MCP server. Designed for coders and software developers in mind. Easily integrate into Cursor, Windsurf, Cline, Roo Code, Claude Desktop App
nuxt-mcp / vite-plugin-mcp
antfuMCP server helping models to understand your Vite/Nuxt app better.
MCP-Scan: An MCP Security Scanner
invariantlabs-aiSecurity scanner for AI agents, MCP servers and agent skills.
Comments