AIBase
EN
Explore
MCP Server Pentest
M

MCP Server Pentest

A penetration testing tool that automatically detects XSS and SQL injection vulnerabilities in web pages, providing browser interaction, screenshot, and script execution functions
SecurityDeveloper tools#Vulnerability detection#Penetration testing#Browser automation.TypeScript
2.5 points
10.5K
Open Site

Overview

Installation

Content Details

Alternatives

What is MCP Server Pentest?

MCP Server Pentest is an automated security testing tool specifically designed to detect XSS (Cross-Site Scripting) and SQL injection vulnerabilities in websites. It discovers potential security risks by simulating browser operations.

How to use MCP Server Pentest?

After installation, various security tests and browser operations can be run through simple JSON configuration. The tool will automatically detect vulnerabilities and generate reports.

Applicable scenarios

Suitable for scenarios such as website security testing, vulnerability scanning, and automated security auditing. It is especially suitable for developers and network security experts.

Main features

XSS vulnerability detection
Automatically detect XSS (Cross-Site Scripting) vulnerabilities in URLs
SQL injection detection
Automatically detect SQL injection vulnerabilities in URLs
Web page screenshot
Capture screenshots of the entire page or specific elements
Browser interaction
Support complete browser interactions such as navigation, clicking, and form filling
Console monitoring
Monitor browser console logs in real-time
JavaScript execution
Execute JavaScript code in the browser context
Advantages
Automatically detect common security vulnerabilities
Support multiple browser interaction operations
Easy to configure and use
Provide detailed test results
Limitations
Can only detect known types of vulnerabilities
May require additional configuration to detect complex scenarios
Dependent on the browser environment

How to use

Install dependencies
First, install the necessary dependencies
Configuration
The tool will automatically add the configuration to the Claude configuration file
Run tests
Run various tests using the provided JSON format commands

Usage examples

Detect XSS vulnerabilities
Detect XSS vulnerabilities in the website search function
Detect SQL injection
Detect SQL injection vulnerabilities in the login form
Web page screenshot
Capture a screenshot of a specific area of the web page

Frequently Asked Questions

Can this tool detect all types of XSS vulnerabilities?
What browser environment is required?
Will the test affect the production environment?

Related resources

Playwright documentation
Documentation for the browser automation framework
Introduction to XSS attacks
Detailed introduction to XSS attacks by OWASP
SQL injection prevention guide
OWASP's guide on preventing SQL injection

Installation

Copy the following command to your Client for configuration
{
  "mcpServers": {
    "playwright": {
      "command": "npx",
      "args": [
        "-y",
        "/Users/...../dist/index.js"
      ],
      "disabled": false,
      "autoApprove": []
    }
  }
}
Note: Your key is sensitive information, do not share it with anyone.

Alternatives

V
Vestige
Vestige is an AI memory engine based on cognitive science. By implementing 29 neuroscience modules such as prediction error gating, FSRS - 6 spaced repetition, and memory dreaming, it provides long - term memory capabilities for AI. It includes a 3D visualization dashboard and 21 MCP tools, runs completely locally, and does not require the cloud.
Rust
4.8K
4.5 points
M
Moltbrain
MoltBrain is a long-term memory layer plugin designed for OpenClaw, MoltBook, and Claude Code, capable of automatically learning and recalling project context, providing intelligent search, observation recording, analysis statistics, and persistent storage functions.
TypeScript
5.4K
4.5 points
B
Bm.md
A feature-rich Markdown typesetting tool that supports multiple style themes and platform adaptation, providing real-time editing preview, image export, and API integration capabilities
TypeScript
4.9K
5 points
S
Security Detections MCP
Security Detections MCP is a server based on the Model Context Protocol that allows LLMs to query a unified security detection rule database covering Sigma, Splunk ESCU, Elastic, and KQL formats. The latest version 3.0 is upgraded to an autonomous detection engineering platform that can automatically extract TTPs from threat intelligence, analyze coverage gaps, generate SIEM-native format detection rules, run tests, and verify. The project includes over 71 tools, 11 pre-built workflow prompts, and a knowledge graph system, supporting multiple SIEM platforms.
TypeScript
6.2K
4 points
P
Paperbanana
Python
7.4K
5 points
B
Better Icons
An MCP server and CLI tool that provides search and retrieval of over 200,000 icons, supports more than 150 icon libraries, and helps AI assistants and developers quickly obtain and use icons.
TypeScript
6.0K
4.5 points
A
Assistant Ui
assistant - ui is an open - source TypeScript/React library for quickly building production - grade AI chat interfaces, providing composable UI components, streaming responses, accessibility, etc., and supporting multiple AI backends and models.
TypeScript
6.7K
5 points
A
Apify MCP Server
The Apify MCP Server is a tool based on the Model Context Protocol (MCP) that allows AI assistants to extract data from websites such as social media, search engines, and e-commerce through thousands of ready-to-use crawlers, scrapers, and automation tools (Apify Actors). It supports OAuth and Skyfire proxy payment and can be integrated into MCP clients such as Claude and VS Code through HTTPS endpoints or local stdio.
TypeScript
7.7K
5 points
N
Notion Api MCP
Certified
A Python-based MCP Server that provides advanced to-do list management and content organization functions through the Notion API, enabling seamless integration between AI models and Notion.
Python
21.5K
4.5 points
M
Markdownify MCP
Markdownify is a multi-functional file conversion service that supports converting multiple formats such as PDFs, images, audio, and web page content into Markdown format.
TypeScript
34.5K
5 points
G
Gitlab MCP Server
Certified
The GitLab MCP server is a project based on the Model Context Protocol that provides a comprehensive toolset for interacting with GitLab accounts, including code review, merge request management, CI/CD configuration, and other functions.
TypeScript
24.7K
4.3 points
D
Duckduckgo MCP Server
Certified
The DuckDuckGo Search MCP Server provides web search and content scraping services for LLMs such as Claude.
Python
72.5K
4.3 points
F
Figma Context MCP
Framelink Figma MCP Server is a server that provides access to Figma design data for AI programming tools (such as Cursor). By simplifying the Figma API response, it helps AI more accurately achieve one - click conversion from design to code.
TypeScript
64.6K
4.5 points
U
Unity
Certified
UnityMCP is a Unity editor plugin that implements the Model Context Protocol (MCP), providing seamless integration between Unity and AI assistants, including real - time state monitoring, remote command execution, and log functions.
C#
32.3K
5 points
M
Minimax MCP Server
The MiniMax Model Context Protocol (MCP) is an official server that supports interaction with powerful text-to-speech, video/image generation APIs, and is suitable for various client tools such as Claude Desktop and Cursor.
Python
49.3K
4.8 points
G
Gmail MCP Server
A Gmail automatic authentication MCP server designed for Claude Desktop, supporting Gmail management through natural language interaction, including complete functions such as sending emails, label management, and batch operations.
TypeScript
21.1K
4.5 points
AIBase
Zhiqi Future, Your AI Solution Think Tank
English简体中文繁體中文にほんご
© 2026AIBase