OWASP MCP Server
@shadsidd
About OWASP MCP Server
No overview available yet
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"Owasp-Zap-MCP-Server-Demo": {
"command": "python",
"args": [
"-m",
"venv",
"venv"
]
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is OWASP MCP Server?
OWASP MCP Server is a WebSocket-based Mission Control Protocol server for OWASP ZAP security scanning. It enables real-time control and monitoring of security assessments, designed for security professionals and CI/CD pipelines who need automated, scalable scanning.
How to use OWASP MCP Server?
Install Python 3.8+, OWASP ZAP 2.12.0+, and JRE 8+. Clone the repository, create a virtual environment, and install dependencies. Start ZAP in daemon mode on port 8080 with sudo/administrator privileges, then run python mcp_server.py. Use the included CLI (mcp_cli.py) with commands like scan <domain> or fullscan <domain>, supporting options for scan type, output format, multiple domains, and file input.
Key features of OWASP MCP Server
- WebSocket-based real-time updates for scan progress and alerts
- Native CI/CD integration for automated security testing
- Concurrent scanning of multiple domains
- Robust error handling with clear diagnostic messages
- Batch processing via domain list files
- Supports spider, active, and full scan types
- Generates HTML reports and integrates with notification services
Use cases of OWASP MCP Server
- Automating security scans in CI/CD pipelines
- Real-time monitoring of live security assessments
- Concurrent scanning of multiple web applications
- Authenticated scanning with form-based and other authentication methods
- Team notifications via email, Slack, and Microsoft Teams
FAQ from OWASP MCP Server
What are the prerequisites to run OWASP MCP Server?
You need Python 3.8+, OWASP ZAP 2.12.0+, Java Runtime Environment 8+, and sudo/administrator privileges. The project uses standard Python packages installed via pip install -r requirements.txt.
Why use OWASP MCP Server instead of the ZAP UI or API?
Compared to the ZAP UI, OWASP MCP Server offers full automation, native CI/CD integration, batch processing, and concurrent multiple-domain scanning. Compared to the ZAP API, it provides real-time WebSocket updates instead of polling, easier CI/CD integration, and more robust error handling.
How do I start ZAP and the MCP server?
Start ZAP in daemon mode with sudo /Applications/ZAP.app/Contents/Java/zap.sh -daemon -port 8080 (macOS/Linux) or the equivalent Windows command. Then run python mcp_server.py. Ensure ports 8080 (ZAP) and 3000 (MCP) are free.
What scan types are available?
Spider Scan (passive crawling, fastest), Active Scan (performs security attacks, finds more vulnerabilities), and Full Scan (spider + active for comprehensive testing). These are selectable via the CLI.
What are common issues and how to resolve them?
If you see "Address already in use", check the port with sudo lsof -i :8080 and kill the process. If ZAP fails to start, clear existing ZAP processes with pkill -f zap. ZAP requires sudo/administrator privileges to run.
More Other MCP servers
Inbox Zero AI
elie222The world's best AI personal assistant for email. Open source app to help you reach inbox zero fast.
IDA Pro MCP
mrexodiaAI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.
🪟 Windows-MCP
CursorTouchMCP Server for Computer Use in Windows
Mcp
browsermcpBrowser MCP is a Model Context Provider (MCP) server that allows AI applications to control your browser
FastMCP v2 🚀
jlowin🚀 The fast, Pythonic way to build MCP servers and clients.
Comments