MCP.so
Sign In
Servers
X

Xray Mcp

@zhangning77-tech

This is an enhanced MCP (Model Context Protocol) server that provides xray vulnerability scanning capabilities for ModelScope hosting.

Overview

What is Xray Mcp?

Xray Mcp is an enhanced MCP (Model Context Protocol) server that provides xray vulnerability scanning capabilities, designed for integration with the ModelScope hosting platform.

How to use Xray Mcp?

Install Python 3.7+ and the xray binary from chaitin/xray, then set the XRAY_PATH environment variable to point to the xray binary. Run python server.py to start the server, which reads JSON-RPC requests from stdin and writes responses to stdout. The server can also be integrated into ModelScope's MCP platform.

Key features of Xray Mcp

  • xray_scan: Perform vulnerability scans with configurable crawler type, timeout, plugins, and POC.
  • xray_version: Retrieve the installed xray scanner version.
  • xray_start_proxy (planned): Start xray in passive proxy mode with configurable port.
  • xray_stop_proxy (planned): Stop the running xray proxy.
  • xray_service_scan (planned): Scan non-HTTP services with port range and timeout.

Use cases of Xray Mcp

  • Scan web applications for vulnerabilities using basic or phantasm crawlers.
  • Automate vulnerability scanning in CI/CD pipelines via ModelScope MCP.
  • Perform targeted scans with specific plugins or POCs.
  • Set up passive proxy scanning for real-time detection (planned).
  • Scan non-HTTP services for open ports and service detection (planned).

FAQ from Xray Mcp

What dependencies are required?

Python 3.7+ and the xray binary from chaitin/xray. The XRAY_PATH environment variable must point to the xray executable.

Where are scan results stored?

By default, results are stored in the system temporary directory. Custom output location can be set via the XRAY_OUTPUT_DIR environment variable.

What transport protocol does the server use?

The server communicates via JSON-RPC over stdin/stdout. It works with ModelScope's MCP platform which handles the transport layer.

Are authentication or access controls implemented?

The README does not specify built-in authentication. It recommends implementing appropriate access controls and rate limiting when deploying in production.

Are all listed features currently available?

No. xray_start_proxy, xray_stop_proxy, and xray_service_scan are marked as planned and are not yet implemented. The currently available tools are xray_scan and xray_version.

Tags

More from Other