MCP.so
登录

OWASP MCP Server

@shadsidd

关于 OWASP MCP Server

暂无概览

基本信息

分类

其他

运行时

python

传输方式

stdio

发布者

shadsidd

配置

使用下面的配置,将此服务器添加到你的 MCP 客户端。

{
  "mcpServers": {
    "Owasp-Zap-MCP-Server-Demo": {
      "command": "python",
      "args": [
        "-m",
        "venv",
        "venv"
      ]
    }
  }
}

工具

未检测到工具

工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。

概览

What is OWASP MCP Server?

OWASP MCP Server is a WebSocket-based Mission Control Protocol server for OWASP ZAP security scanning. It enables real-time control and monitoring of security assessments, designed for security professionals and CI/CD pipelines who need automated, scalable scanning.

How to use OWASP MCP Server?

Install Python 3.8+, OWASP ZAP 2.12.0+, and JRE 8+. Clone the repository, create a virtual environment, and install dependencies. Start ZAP in daemon mode on port 8080 with sudo/administrator privileges, then run python mcp_server.py. Use the included CLI (mcp_cli.py) with commands like scan <domain> or fullscan <domain>, supporting options for scan type, output format, multiple domains, and file input.

Key features of OWASP MCP Server

  • WebSocket-based real-time updates for scan progress and alerts
  • Native CI/CD integration for automated security testing
  • Concurrent scanning of multiple domains
  • Robust error handling with clear diagnostic messages
  • Batch processing via domain list files
  • Supports spider, active, and full scan types
  • Generates HTML reports and integrates with notification services

Use cases of OWASP MCP Server

  • Automating security scans in CI/CD pipelines
  • Real-time monitoring of live security assessments
  • Concurrent scanning of multiple web applications
  • Authenticated scanning with form-based and other authentication methods
  • Team notifications via email, Slack, and Microsoft Teams

FAQ from OWASP MCP Server

What are the prerequisites to run OWASP MCP Server?

You need Python 3.8+, OWASP ZAP 2.12.0+, Java Runtime Environment 8+, and sudo/administrator privileges. The project uses standard Python packages installed via pip install -r requirements.txt.

Why use OWASP MCP Server instead of the ZAP UI or API?

Compared to the ZAP UI, OWASP MCP Server offers full automation, native CI/CD integration, batch processing, and concurrent multiple-domain scanning. Compared to the ZAP API, it provides real-time WebSocket updates instead of polling, easier CI/CD integration, and more robust error handling.

How do I start ZAP and the MCP server?

Start ZAP in daemon mode with sudo /Applications/ZAP.app/Contents/Java/zap.sh -daemon -port 8080 (macOS/Linux) or the equivalent Windows command. Then run python mcp_server.py. Ensure ports 8080 (ZAP) and 3000 (MCP) are free.

What scan types are available?

Spider Scan (passive crawling, fastest), Active Scan (performs security attacks, finds more vulnerabilities), and Full Scan (spider + active for comprehensive testing). These are selectable via the CLI.

What are common issues and how to resolve them?

If you see "Address already in use", check the port with sudo lsof -i :8080 and kill the process. If ZAP fails to start, clear existing ZAP processes with pkill -f zap. ZAP requires sudo/administrator privileges to run.

评论

其他 分类下的更多 MCP 服务器