MCP.so
登录

MCP Server Pentest

@9olidity

关于 MCP Server Pentest

暂无概览

基本信息

分类

其他

许可证

MIT

运行时

node

传输方式

stdio

发布者

9olidity

配置

使用下面的配置,将此服务器添加到你的 MCP 客户端。

{
  "mcpServers": {
    "playwright": {
      "command": "npx",
      "args": [
        "-y",
        "/Users/...../dist/index.js"
      ],
      "disabled": false,
      "autoApprove": []
    }
  }
}

工具

未检测到工具

工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。

概览

What is MCP Server Pentest?

MCP Server Pentest is an MCP server that automates browser-based security vulnerability detection (XSS and SQL injection) and provides comprehensive browser automation capabilities. It is intended for security testers and developers who need to scan web applications for common vulnerabilities and interact with browser pages programmatically.

How to use MCP Server Pentest?

Install dependencies with npx playwright install firefox, then run yarn install and npm run build. The installation automatically adds a configuration entry to your Claude config file, which points to the built server script. Once configured, you can invoke its tools from Claude.

Key features of MCP Server Pentest

  • Automatic XSS and SQL injection vulnerability detection
  • Full page and element screenshots
  • Browser navigation, clicking, hovering, form filling, and selection
  • Console log monitoring
  • JavaScript execution in the browser context

Use cases of MCP Server Pentest

  • Scanning web application URLs for reflected XSS vulnerabilities
  • Testing for SQL injection vulnerabilities in URL parameters
  • Automating browser interactions during security audits
  • Capturing screenshots of web pages or specific elements for documentation
  • Executing custom JavaScript to inspect or modify page behavior

FAQ from MCP Server Pentest

What vulnerability detection tools are available?

The server provides broser_url_reflected_xss for XSS testing and browser_url_sql_injection for SQL injection testing. Both accept a URL and a parameter name.

How do I install and configure the server?

Run npx playwright install firefox, then yarn install and npm run build. The installation automatically adds a configuration entry to your Claude MCP settings file with the server command pointing to the built dist/index.js.

What browser automation tools does it offer?

Tools include browser_navigate, browser_screenshot, browser_click, browser_click_text, browser_hover, browser_hover_text, browser_fill, browser_select, browser_select_text, and browser_evaluate for executing JavaScript.

Does it support console log monitoring?

Yes, console log monitoring is listed as a feature, though no dedicated tool is documented for it.

What are the runtime dependencies?

The server requires Node.js, Playwright (specifically Firefox), and the packages installed via yarn install and npm run build.

评论

其他 分类下的更多 MCP 服务器