Cybermcp (API Security Testing)

🚀 CyberMCP - MCP Protocol in Network Security API Testing

CyberMCP is a server based on the Model Context Protocol (MCP), designed specifically for testing security vulnerabilities in backend APIs. It offers a series of professional tools and resources for use by Large Language Models (LLMs) to identify common security issues in APIs.

🚀 Quick Start

CyberMCP provides a comprehensive set of tools and resources for API security testing. It allows users to test various security aspects of APIs, including authentication, injection, data leakage, rate limiting, and security headers.

✨ Features

• Authentication Vulnerability Testing: Check for JWT vulnerabilities, bypass authentication, and weak authentication mechanisms.
• Injection Testing: Test for SQL injection, XSS, and other injection-based vulnerabilities.
• Data Leakage Testing: Identify issues related to the exposure of sensitive data.
• Rate Limiting Testing: Test for rate limit bypass and DDoS vulnerabilities.
• Security Header Testing: Check for missing or misconfigured security headers.
• Comprehensive Resources: Access checklists and guides for API security testing.
• Authentication Support: Multiple authentication methods for testing protected endpoints.

📦 Installation

1. Clone the repository:

   git clone https://github.com/your-username/CyberMCP.git
   cd CyberMCP
   

2. Install dependencies:

   npm install
   

3. Build the project:

   npm run build
   

💻 Usage Examples

Basic Usage

Running the MCP Server

You can run the server using either standard input/output transport (default) or HTTP transport:

Using standard input/output transport (for integration with LLM platforms):

npm start

Using HTTP transport:

npm run dev

Configuration File

Create a config.json file in the project root directory with the following content:

{
  "server": {
    "port": 3000,
    "host": "localhost"
  },
  "tools": {
    "enableDebug": true,
    "logLevel": "info"
  }
}

Advanced Usage

Authentication Configuration Examples

JWT Configuration

{
  "auth": {
    "type": "jwt",
    "secret": "your-secret-key",
    "issuer": "your-issuer",
    "audience": "your-audience"
  }
}

OAuth Configuration

{
  "auth": {
    "type": "oauth2",
    "clientID": "your-client-id",
    "clientSecret": "your-client-secret",
    "tokenURL": "https://example.com/oauth/token",
    "redirectURI": "http://localhost:3000/callback"
  }
}

📚 Documentation

Project Structure

CyberMCP/
├── src/
│   ├── tools/           # MCP tools for security testing
│   ├── resources/       # MCP resources (checklists, guides)
│   ├── transports/      # Custom transport implementations
│   ├── utils/           # Utility functions and authentication management
│   └── index.ts         # Entry file
├── package.json         # Dependencies and scripts
├── tsconfig.json        # TypeScript configuration
└── README.md            # This file

Resources

Checklists

• Authentication: Ensure that all API endpoints require appropriate authentication and authorization.
• Input Validation: Make sure that all user inputs are rigorously checked for format and type.
• Error Handling: Test whether the API correctly handles various exceptional situations, such as invalid parameters or database failures.

Guides

1. Logging: Enable detailed logging to monitor API behavior and detect potential security issues in a timely manner.
2. Regular Audits: Conduct regular security audits of the API to ensure it complies with the latest security standards and best practices.
3. Test Suites: Use automated testing tools (such as Postman or Swagger) to create comprehensive test suites that cover all key functions and boundary cases.

📄 License

MIT