Cybermcp

🚀 CyberMCP - Network Security API Testing Tool Based on MCP

CyberMCP is a Model Context Protocol (MCP) server designed specifically for testing security vulnerabilities in backend APIs. It offers a series of professional tools and resources that can be used by Large Language Models (LLMs) to identify common security issues in APIs.

🚀 Quick Start

CyberMCP is a powerful tool for API security testing. You can quickly get started with the following steps:

1. Clone the repository:

   git clone https://github.com/your-username/CyberMCP.git
   cd CyberMCP
   

2. Install dependencies:

   npm install
   

3. Build the project:

   npm run build
   

✨ Features

• Authentication Vulnerability Testing: Check for JWT vulnerabilities, authentication bypass, and weak authentication mechanisms.
• Injection Testing: Test for SQL injection, XSS, and other injection-based vulnerabilities.
• Data Leakage Testing: Identify issues related to sensitive data leakage.
• Rate Limiting Testing: Test for rate limit bypass and DDoS vulnerabilities.
• Security Header Testing: Check for missing or misconfigured security headers.
• Comprehensive Resource Library: Access security testing checklists and guides.
• Authentication Support: Multiple authentication methods for testing protected endpoints.

📦 Installation

1. Clone the repository:

   git clone https://github.com/your-username/CyberMCP.git
   cd CyberMCP
   

2. Install dependencies:

   npm install
   

3. Build the project:

   npm run build
   

💻 Usage Examples

Running the MCP Server

You can run the server using stdio transport (default) or HTTP transport:

Using stdio transport (integrated with LLM platforms):

npm start

Using HTTP transport (for local development and testing):

TRANSPORT=http PORT=3000 npm start

Connecting to the Server

The MCP server can be connected to any MCP client, including large language model platforms that support the Model Context Protocol.

📚 Documentation

Project Structure

CyberMCP/
├── src/
│   ├── tools/           # MCP tools for security testing
│   ├── resources/       # MCP resources (checklists, guides)
│   ├── transports/      # Custom transport implementations
│   ├── utils/           # Utility functions and authentication management
│   └── index.ts         # Entry file
├── package.json         # Dependencies and scripts
├── tsconfig.json        # TypeScript configuration
└── README.md            # This file

Security Tools

Authentication

CyberMCP supports multiple authentication methods for testing protected APIs:

• Basic Authentication: Set up HTTP basic authentication using a username and password.
• Token Authentication: Use bearer tokens, JWTs, or other custom token formats.
• OAuth2 Authentication: Full support for the OAuth2 flow, including different authorization types.
• Custom API Login: Authenticate through any custom login API endpoint.

Authentication tools:

• basic_auth: Authenticate using a username/password.
• token_auth: Set up token-based authentication.
• oauth2_auth: Perform OAuth2 authentication.
• api_login: Log in through a custom API endpoint.
• auth_status: Check the current authentication status.
• clear_token: Clear the token.

Injection Testing Tools

Used to detect common injection vulnerabilities:

• sql_injection: Test for SQL injection vulnerabilities.
• xss: Test for XSS (Cross-Site Scripting) vulnerabilities.
• command_injection: Test for command injection vulnerabilities.

Example Configurations

Basic Authentication Example

{
  "basic_auth": {
    "username": "admin",
    "password": "secure_password"
  }
}

OAuth2 Authentication Example

{
  "oauth2_auth": {
    "client_id": "client_123",
    "client_secret": "secret_456"
  }
}