Overview
What is Web Application Penetration Testing MCP?
Web Application Penetration Testing MCP is a command-line tool that systematically crawls, analyzes, and identifies security vulnerabilities in web applications, with a primary focus on business logic flaws that standard scanners often miss. It builds a complete map of the application’s structure, maps links, forms, and interactive elements, and surfaces potential issues such as IDOR, calculation edge cases, and permission problems. It is intended for penetration testers and security researchers who need deeper, context-aware analysis of web apps.
How to use Web Application Penetration Testing MCP?
Install by cloning the repository and running pip install -r requirements.txt. Then run python web_app_mcp.py <target_url>. Common options include --username and --password for authenticated scanning, --visual to generate a DOT‑format sitemap, --delay to rate‑limit requests, and --max-pages to limit crawl depth. Output is saved to mcp_results.json by default.
Key features of Web Application Penetration Testing MCP
- Automatically builds a tree structure of the entire web application
- Detects login/logout pages and supports cookie and bearer token authentication
- Identifies IDOR, calculation edge cases, and multi‑step workflow issues
- Discovers hidden fields and generates test values based on input field type
- Produces visual sitemaps in DOT format (viewable with Graphviz)
Use cases of Web Application Penetration Testing MCP
- Identify insecure direct object references (IDOR) in user profile pages
- Detect mathematical edge cases in financial or calculation‑based workflows
- Map multi‑step processes (e.g., checkout flows) for manipulation testing
- Discover permission and access control issues across protected areas
- Generate a visual sitemap to understand complex application structure
FAQ from Web Application Penetration Testing MCP
What types of vulnerabilities does the tool detect?
It focuses on business logic vulnerabilities: IDOR, calculation edge cases, multi‑step workflow manipulation, and permission/access control issues. It also identifies hidden fields and generates context‑aware test values.
How do I scan a page that requires authentication?
Use the --username and --password flags to provide login credentials, or pass a cookie string with --cookies. The tool automatically detects login/logout pages and handles cookie‑based and bearer token authentication.
What output does the tool produce after a scan?
A JSON file (mcp_results.json by default) containing the complete application structure, authentication mechanisms, identified input fields, multi‑step workflows, potential edge cases, and business logic analysis results.
Can I generate a visual representation of the site map?
Yes. Use the --visual flag to produce a sitemap.dot file. Convert it to PNG with Graphviz: dot -Tpng sitemap.dot -o sitemap.png.
How can I control the scan speed and depth?
Use --delay to set the delay between requests (default 0.5 seconds) and --max-pages to limit how many pages are crawled (default 100). You can also specify a starting path and use --max-depth to limit nested traversal.