Sponsored by Deepsite.site

MCP.so

CyberMCP - Cybersecurity API Testing with MCP

Created By
ricauts9 months ago
CyberMCP is a Model Context Protocol (MCP) server designed for testing backend APIs for security vulnerabilities. It provides a set of specialized tools and resources that can be used by LLMs to identify common security issues in APIs.
# cybersecurity
# api-testing
OverviewContentToolsComments
Content

CyberMCP - Cybersecurity API Testing with MCP

CyberMCP is a Model Context Protocol (MCP) server designed for testing backend APIs for security vulnerabilities. It provides a set of specialized tools and resources that can be used by LLMs to identify common security issues in APIs.

Features

  • Authentication Vulnerability Testing: Check for JWT vulnerabilities, authentication bypass, and weak authentication mechanisms
  • Injection Testing: Test for SQL injection, XSS, and other injection vulnerabilities
  • Data Leakage Testing: Identify sensitive data exposure issues
  • Rate Limiting Testing: Test for rate limiting bypass and DDoS vulnerabilities
  • Security Headers Testing: Check for missing or misconfigured security headers
  • Comprehensive Resources: Access checklists and guides for API security testing
  • Authentication Support: Multiple authentication methods to test secured endpoints

Project Structure

CyberMCP/
├── src/
│   ├── tools/           # MCP tools for security testing
│   ├── resources/       # MCP resources (checklists, guides)
│   ├── transports/      # Custom transport implementations
│   ├── utils/           # Utility functions and auth management
│   └── index.ts         # Main entry point
├── package.json         # Dependencies and scripts
├── tsconfig.json        # TypeScript configuration
└── README.md            # This file

Installation

  1. Clone the repository:

    git clone https://github.com/your-username/CyberMCP.git
cd CyberMCP

  2. Install dependencies:

    npm install

  3. Build the project:

    npm run build

Usage

Running the MCP Server

You can run the server using either the stdio transport (default) or HTTP transport:

Using stdio transport (for integration with LLM platforms):

npm start

Using HTTP transport (for local development and testing):

TRANSPORT=http PORT=3000 npm start

Connecting to the Server

The MCP server can be connected to any MCP client, including LLM platforms that support the Model Context Protocol.

Security Tools

Authentication

CyberMCP supports several authentication methods to test secured APIs:

  • Basic Authentication: Set up HTTP Basic Auth with username and password
  • Token Authentication: Use bearer tokens, JWT, or custom token formats
  • OAuth2 Authentication: Full OAuth2 flow support with different grant types
  • Custom API Login: Authenticate against any login API endpoint

Authentication Tools:

  • basic_auth: Authenticate with username/password
  • token_auth: Set up token-based authentication
  • oauth2_auth: Perform OAuth2 authentication
  • api_login: Login using a custom API endpoint
  • auth_status: Check current authentication status
  • clear_auth: Clear the current authentication state

Authentication Testing

  • JWT Vulnerability Check: Analyzes JWT tokens for security issues
  • Authentication Bypass Check: Tests endpoints for authentication bypass vulnerabilities

Injection Testing

  • SQL Injection Check: Tests parameters for SQL injection vulnerabilities
  • XSS Check: Tests for Cross-Site Scripting vulnerabilities

Data Leakage Testing

  • Sensitive Data Check: Identifies leaked PII, credentials, and sensitive information
  • Path Traversal Check: Tests for directory traversal vulnerabilities

Security Headers Testing

  • Security Headers Check: Analyzes HTTP headers for security best practices

Resources

Checklists

Access security checklists via cybersecurity://checklists/{category} where category can be:

  • authentication
  • injection
  • data_leakage
  • rate_limiting
  • general

Guides

Access detailed testing guides via guides://api-testing/{topic} where topic can be:

  • jwt-testing
  • auth-bypass
  • sql-injection
  • xss
  • rate-limiting

Required Information for API Testing

To effectively test an API for security vulnerabilities, you'll need:

  1. API Endpoints: URLs of the endpoints to test
  2. Authentication Information: Credentials or tokens for accessing secured endpoints
  3. Parameter Names: Names of the parameters that accept user input
  4. Test Data: Sample valid data for parameters
  5. Expected Behavior: What the normal response should look like
  6. Authentication Flow: How authentication works in the target API

Authentication Examples

Basic Authentication

basic_auth:
  username: "admin"
  password: "secure_password"

Token Authentication

token_auth:
  token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
  token_type: "Bearer"
  expires_in: 3600

OAuth2 Authentication

oauth2_auth:
  client_id: "client_123"
  client_secret: "secret_456"
  token_url: "https://example.com/oauth/token"
  grant_type: "client_credentials"
  scope: "read write"

Custom API Login

api_login:
  login_url: "https://example.com/api/login"
  credentials: 
    username: "admin"
    password: "secure_password"
  token_path: "data.access_token"

License

MIT

Recommend Servers
TraeBuild with Free GPT-4.1 & Claude 3.7. Fully MCP-Ready.
MCP AdvisorMCP Advisor & Installation - Use the right MCP server for your needs
Jina AI MCP ToolsA Model Context Protocol (MCP) server that integrates with Jina AI Search Foundation APIs.
Serper MCP ServerA Serper MCP Server
EdgeOne Pages MCPAn MCP service designed for deploying HTML content to EdgeOne Pages and obtaining an accessible public URL.
BlenderBlenderMCP connects Blender to Claude AI through the Model Context Protocol (MCP), allowing Claude to directly interact with and control Blender. This integration enables prompt assisted 3D modeling, scene creation, and manipulation.
Howtocook Mcp基于Anduin2017 / HowToCook (程序员在家做饭指南)的mcp server,帮你推荐菜谱、规划膳食,解决“今天吃什么“的世纪难题; Based on Anduin2017/HowToCook (Programmer's Guide to Cooking at Home), MCP Server helps you recommend recipes, plan meals, and solve the century old problem of "what to eat today"
ChatWiseThe second fastest AI chatbot™
Playwright McpPlaywright MCP server
Tavily Mcp
Context7Context7 MCP Server -- Up-to-date code documentation for LLMs and AI code editors
Visual Studio Code - Open Source ("Code - OSS")Visual Studio Code
TimeA Model Context Protocol server that provides time and timezone conversion capabilities. This server enables LLMs to get current time information and perform timezone conversions using IANA timezone names, with automatic system timezone detection.
Baidu Map百度地图核心API现已全面兼容MCP协议,是国内首家兼容MCP协议的地图服务商。
Zhipu Web SearchZhipu Web Search MCP Server is a search engine specifically designed for large models. It integrates four search engines, allowing users to flexibly compare and switch between them. Building upon the web crawling and ranking capabilities of traditional search engines, it enhances intent recognition capabilities, returning results more suitable for large model processing (such as webpage titles, URLs, summaries, site names, site icons, etc.). This helps AI applications achieve "dynamic knowledge acquisition" and "precise scenario adaptation" capabilities.
Amap Maps高德地图官方 MCP Server
AiimagemultistyleA Model Context Protocol (MCP) server for image generation and manipulation using fal.ai's Stable Diffusion model.
CursorThe AI Code Editor
WindsurfThe new purpose-built IDE to harness magic
DeepChatYour AI Partner on Desktop
MiniMax MCPOfficial MiniMax Model Context Protocol (MCP) server that enables interaction with powerful Text to Speech, image generation and video generation APIs.