MCP Server Pentest
Automated browser penetration testing to detect XSS and SQL vulnerabilities.
MCP Server Pentest
Features
- Full browser xss, sql vulnerability automatic detection
- Screenshots of the entire page or specific elements
- Comprehensive network interaction (navigation, clicks, form filling)
- Console log monitoring
- JavaScript execution in the browser context
Installation
Installing
npx playwright install firefox
yarn install
npm run build
Configuration
The installation process will automatically add the following configuration to your Claude config file:
{
"mcpServers": {
"playwright": {
"command": "npx",
"args": [
"-y",
"/Users/...../dist/index.js"
],
"disabled": false,
"autoApprove": []
}
}
}
Components
Tools
broser_url_reflected_xss
Test whether the URL has an XSS vulnerability
{
"url": "https://test.com",
"paramName":"text"
}
browser_url_sql_injection
Test whether the URL has SQL injection vulnerabilities
{
"url": "https://test.com",
"paramName":"text"
}
browser_navigate
Navigate to any URL in the browser
{
"url": "https://stealthbrowser.cloud"
}
browser_screenshot
Capture screenshots of the entire page or specific elements
{
"name": "screenshot-name", // required
"selector": "#element-id", // optional
"fullPage": true // optional, default: false
}
browser_click
Click elements on the page using CSS selector
{
"selector": "#button-id"
}
browser_click_text
Click elements on the page by their text content
{
"text": "Click me"
}
browser_hover
Hover over elements on the page using CSS selector
{
"selector": "#menu-item"
}
browser_hover_text
Hover over elements on the page by their text content
{
"text": "Hover me"
}
browser_fill
Fill out input fields
{
"selector": "#input-field",
"value": "Hello World"
}
browser_select
Select an option in a SELECT element using CSS selector
{
"selector": "#dropdown",
"value": "option-value"
}
browser_select_text
Select an option in a SELECT element by its text content
{
"text": "Choose me",
"value": "option-value"
}
browser_evaluate
Execute JavaScript in the browser console
{
"script": "document.title"
}
Serveurs connexes
Alpha Vantage MCP Server
sponsorAccess financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more
Hyperliquid
Interact with the Hyperliquid decentralized exchange by integrating its SDK.
MCP Rules Enforcer Zero
An MCP server that enforces rules from markdown files for AI agents. This is a zero-tool version that requires an external rules file.
ZeroPath MCP Server
Interact with your product security findings using natural language.
Tree-Hugger-JS
Analyze and transform JavaScript/TypeScript code using the tree-hugger-js library.
VSCode MCP Server
A VSCode extension that acts as an MCP server, providing access to diagnostic tools and debug session management.
SkillsMP
Search, discover, and install AI coding skills from SkillsMP marketplace with semantic search
GraphQL MCP Server
A strongly-typed MCP server that provides seamless access to any GraphQL API.
Bonsai MCP
An MCP server that integrates IFC model support using Bonsai BIM (Blender) and IfcOpenShell.
XAIP
Give AI agents a persistent on-chain identity on XRPL — DIDs, credentials, reputation scores, escrow, and Memory Chain.
AgentSeal
Every agent action is recorded in a SHA-256 hash chain; with this, you can actually prove to clients that your agent did what it said it did