%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%23061b40;%20}%20.st1%20{%20fill:%20%23306af1;%20}%20.st2%20{%20fill:%20%235ce5cf;%20}%20%3c/style%3e%3c/defs%3e%3cg%3e%3cpath%20class='st0'%20d='M55,10.5h9v3h-9v9h12V7.5h-12v3ZM64,19.5h-6v-3h6v3Z'/%3e%3cpolygon%20class='st0'%20points='69%2016.5%2078%2016.5%2078%2019.5%2069%2019.5%2069%2022.5%2081%2022.5%2081%2013.5%2072%2013.5%2072%2010.5%2081%2010.5%2081%207.5%2069%207.5%2069%2016.5'/%3e%3cpolygon%20class='st0'%20points='95%2010.5%2095%207.5%2083%207.5%2083%2022.5%2095%2022.5%2095%2019.5%2086%2019.5%2086%2016.5%2095%2016.5%2095%2013.5%2086%2013.5%2086%2010.5%2095%2010.5'/%3e%3cpath%20class='st0'%20d='M40,1.5v21h11.6l1.4-1.4v-7.6h0c0,0-1.4-1.5-1.4-1.5l1.4-1.4V2.9l-1.4-1.4h-11.6ZM50,19.5h-7v-6h7v6ZM50,10.5h-7v-6h7v6Z'/%3e%3c/g%3e%3cpath%20class='st1'%20d='M23.1,24L14.7,4.8l-4.9,11.2h3.8l-1.8,4H3.3L12.1,0H2C.9,0,0,.9,0,2v20c0,1.1.9,2,2,2h21.1Z'/%3e%3cpath%20class='st2'%20d='M34,0h-16.8l10.6,24h6.2c1.1,0,2-.9,2-2V2C36,.9,35.1,0,34,0ZM32.5,20h-4V4h4v16Z'/%3e%3c/svg%3e)
MCP Server Pentest
A penetration testing tool that automatically detects XSS and SQL injection vulnerabilities in web pages, providing browser interaction, screenshot, and script execution functions
rating : 2.5 points
downloads : 8.8K
What is MCP Server Pentest?
MCP Server Pentest is an automated security testing tool specifically designed to detect XSS (Cross-Site Scripting) and SQL injection vulnerabilities in websites. It discovers potential security risks by simulating browser operations.How to use MCP Server Pentest?
After installation, various security tests and browser operations can be run through simple JSON configuration. The tool will automatically detect vulnerabilities and generate reports.Applicable scenarios
Suitable for scenarios such as website security testing, vulnerability scanning, and automated security auditing. It is especially suitable for developers and network security experts.Main features
XSS vulnerability detection
Automatically detect XSS (Cross-Site Scripting) vulnerabilities in URLs
SQL injection detection
Automatically detect SQL injection vulnerabilities in URLs
Web page screenshot
Capture screenshots of the entire page or specific elements
Browser interaction
Support complete browser interactions such as navigation, clicking, and form filling
Console monitoring
Monitor browser console logs in real-time
JavaScript execution
Execute JavaScript code in the browser context
Advantages
Automatically detect common security vulnerabilities
Support multiple browser interaction operations
Easy to configure and use
Provide detailed test results
Limitations
Can only detect known types of vulnerabilities
May require additional configuration to detect complex scenarios
Dependent on the browser environment
How to use
Install dependencies
First, install the necessary dependencies
%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%230080ff;%20}%20%3c/style%3e%3c/defs%3e%3cpath%20class='st0'%20d='M16.2,11.1c.4.5.4,1.2,0,1.8l-4.7,7.1h-3.8l5.3-8L7.6,4h3.8l4.7,7.1Z'/%3e%3c/svg%3e)
Configuration
The tool will automatically add the configuration to the Claude configuration file
Run tests
Run various tests using the provided JSON format commands
Usage examples
Detect XSS vulnerabilities
Detect XSS vulnerabilities in the website search function
Detect SQL injection
Detect SQL injection vulnerabilities in the login form
Web page screenshot
Capture a screenshot of a specific area of the web page
Frequently Asked Questions
Can this tool detect all types of XSS vulnerabilities?
What browser environment is required?
Will the test affect the production environment?
Related resources
Playwright documentation
Documentation for the browser automation framework
Introduction to XSS attacks
Detailed introduction to XSS attacks by OWASP
SQL injection prevention guide
OWASP's guide on preventing SQL injection
Gitlab MCP Server
Certified
The GitLab MCP server is a project based on the Model Context Protocol that provides a comprehensive toolset for interacting with GitLab accounts, including code review, merge request management, CI/CD configuration, and other functions.
TypeScript
16.6K
4.3 points
Notion Api MCP
Certified
A Python-based MCP Server that provides advanced to-do list management and content organization functions through the Notion API, enabling seamless integration between AI models and Notion.
Python
14.8K
4.5 points
Markdownify MCP
Markdownify is a multi-functional file conversion service that supports converting multiple formats such as PDFs, images, audio, and web page content into Markdown format.
TypeScript
24.5K
5 points
Duckduckgo MCP Server
Certified
The DuckDuckGo Search MCP Server provides web search and content scraping services for LLMs such as Claude.
Python
44.7K
4.3 points
Unity
Certified
UnityMCP is a Unity editor plugin that implements the Model Context Protocol (MCP), providing seamless integration between Unity and AI assistants, including real - time state monitoring, remote command execution, and log functions.
C#
20.2K
5 points
Figma Context MCP
Framelink Figma MCP Server is a server that provides access to Figma design data for AI programming tools (such as Cursor). By simplifying the Figma API response, it helps AI more accurately achieve one - click conversion from design to code.
TypeScript
44.3K
4.5 points
Minimax MCP Server
The MiniMax Model Context Protocol (MCP) is an official server that supports interaction with powerful text-to-speech, video/image generation APIs, and is suitable for various client tools such as Claude Desktop and Cursor.
Python
30.2K
4.8 points
Context7
Context7 MCP is a service that provides real-time, version-specific documentation and code examples for AI programming assistants. It is directly integrated into prompts through the Model Context Protocol to solve the problem of LLMs using outdated information.
TypeScript
62.4K
4.7 points