%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%23061b40;%20}%20.st1%20{%20fill:%20%23306af1;%20}%20.st2%20{%20fill:%20%235ce5cf;%20}%20%3c/style%3e%3c/defs%3e%3cg%3e%3cpath%20class='st0'%20d='M55,10.5h9v3h-9v9h12V7.5h-12v3ZM64,19.5h-6v-3h6v3Z'/%3e%3cpolygon%20class='st0'%20points='69%2016.5%2078%2016.5%2078%2019.5%2069%2019.5%2069%2022.5%2081%2022.5%2081%2013.5%2072%2013.5%2072%2010.5%2081%2010.5%2081%207.5%2069%207.5%2069%2016.5'/%3e%3cpolygon%20class='st0'%20points='95%2010.5%2095%207.5%2083%207.5%2083%2022.5%2095%2022.5%2095%2019.5%2086%2019.5%2086%2016.5%2095%2016.5%2095%2013.5%2086%2013.5%2086%2010.5%2095%2010.5'/%3e%3cpath%20class='st0'%20d='M40,1.5v21h11.6l1.4-1.4v-7.6h0c0,0-1.4-1.5-1.4-1.5l1.4-1.4V2.9l-1.4-1.4h-11.6ZM50,19.5h-7v-6h7v6ZM50,10.5h-7v-6h7v6Z'/%3e%3c/g%3e%3cpath%20class='st1'%20d='M23.1,24L14.7,4.8l-4.9,11.2h3.8l-1.8,4H3.3L12.1,0H2C.9,0,0,.9,0,2v20c0,1.1.9,2,2,2h21.1Z'/%3e%3cpath%20class='st2'%20d='M34,0h-16.8l10.6,24h6.2c1.1,0,2-.9,2-2V2C36,.9,35.1,0,34,0ZM32.5,20h-4V4h4v16Z'/%3e%3c/svg%3e)
MCP Server Pentest
A penetration testing tool that automatically detects XSS and SQL injection vulnerabilities in web pages, providing browser interaction, screenshot, and script execution functions
rating : 2.5 points
downloads : 32
What is MCP Server Pentest?
MCP Server Pentest is an automated security testing tool specifically designed to detect XSS (Cross-Site Scripting) and SQL injection vulnerabilities in websites. It discovers potential security risks by simulating browser operations.How to use MCP Server Pentest?
After installation, various security tests and browser operations can be run through simple JSON configuration. The tool will automatically detect vulnerabilities and generate reports.Applicable scenarios
Suitable for scenarios such as website security testing, vulnerability scanning, and automated security auditing. It is especially suitable for developers and network security experts.Main features
XSS vulnerability detectionAutomatically detect XSS (Cross-Site Scripting) vulnerabilities in URLs
SQL injection detectionAutomatically detect SQL injection vulnerabilities in URLs
Web page screenshotCapture screenshots of the entire page or specific elements
Browser interactionSupport complete browser interactions such as navigation, clicking, and form filling
Console monitoringMonitor browser console logs in real-time
JavaScript executionExecute JavaScript code in the browser context
Advantages and limitations
Advantages
Automatically detect common security vulnerabilities
Support multiple browser interaction operations
Easy to configure and use
Provide detailed test results
Limitations
Can only detect known types of vulnerabilities
May require additional configuration to detect complex scenarios
Dependent on the browser environment
How to use
Install dependencies
First, install the necessary dependencies
%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%230080ff;%20}%20%3c/style%3e%3c/defs%3e%3cpath%20class='st0'%20d='M16.2,11.1c.4.5.4,1.2,0,1.8l-4.7,7.1h-3.8l5.3-8L7.6,4h3.8l4.7,7.1Z'/%3e%3c/svg%3e)
Configuration
The tool will automatically add the configuration to the Claude configuration file
Run tests
Run various tests using the provided JSON format commands
Usage examples
Detect XSS vulnerabilitiesDetect XSS vulnerabilities in the website search function
Detect SQL injectionDetect SQL injection vulnerabilities in the login form
Web page screenshotCapture a screenshot of a specific area of the web page
Frequently Asked Questions
Can this tool detect all types of XSS vulnerabilities?
What browser environment is required?
Will the test affect the production environment?
Related resources
Playwright documentation
Documentation for the browser automation framework
Introduction to XSS attacks
Detailed introduction to XSS attacks by OWASP
SQL injection prevention guide
OWASP's guide on preventing SQL injection
Featured MCP Services
Gitlab MCP Server
Certified
The GitLab MCP server is a project based on the Model Context Protocol that provides a comprehensive toolset for interacting with GitLab accounts, including code review, merge request management, CI/CD configuration, and other functions.
TypeScript
95
4.3 points
Notion Api MCP
Certified
A Python-based MCP Server that provides advanced to-do list management and content organization functions through the Notion API, enabling seamless integration between AI models and Notion.
Python
148
4.5 points
Markdownify MCP
Markdownify is a multi-functional file conversion service that supports converting multiple formats such as PDFs, images, audio, and web page content into Markdown format.
TypeScript
1.7K
5 points
Duckduckgo MCP Server
Certified
The DuckDuckGo Search MCP Server provides web search and content scraping services for LLMs such as Claude.
Python
836
4.3 points
Unity
Certified
UnityMCP is a Unity editor plugin that implements the Model Context Protocol (MCP), providing seamless integration between Unity and AI assistants, including real - time state monitoring, remote command execution, and log functions.
C#
572
5 points
Figma Context MCP
Framelink Figma MCP Server is a server that provides access to Figma design data for AI programming tools (such as Cursor). By simplifying the Figma API response, it helps AI more accurately achieve one - click conversion from design to code.
TypeScript
6.7K
4.5 points
Gmail MCP Server
A Gmail automatic authentication MCP server designed for Claude Desktop, supporting Gmail management through natural language interaction, including complete functions such as sending emails, label management, and batch operations.
TypeScript
286
4.5 points
Minimax MCP Server
The MiniMax Model Context Protocol (MCP) is an official server that supports interaction with powerful text-to-speech, video/image generation APIs, and is suitable for various client tools such as Claude Desktop and Cursor.
Python
760
4.8 points