operant-mcp
Security testing MCP server with 51 tools for penetration testing, network forensics, memory analysis, and vulnerability assessment.
operant-mcp
Security testing MCP server with 51 tools for penetration testing, network forensics, memory analysis, and vulnerability assessment.
Quick Start
npx operant-mcp
Or install globally:
npm install -g operant-mcp
operant-mcp
Usage with Claude Code
Add to your MCP config:
{
"mcpServers": {
"operant": {
"command": "npx",
"args": ["-y", "operant-mcp"]
}
}
}
Tools (51)
SQL Injection (6)
sqli_where_bypass— Test OR-based WHERE clause bypasssqli_login_bypass— Test login form SQL injectionsqli_union_extract— UNION-based data extractionsqli_blind_boolean— Boolean-based blind SQLisqli_blind_time— Time-based blind SQLisqli_file_read— Read files via LOAD_FILE()
XSS (2)
xss_reflected_test— Test reflected XSS with 10 payloadsxss_payload_generate— Generate context-aware XSS payloads
Command Injection (2)
cmdi_test— Test OS command injectioncmdi_blind_detect— Blind command injection via sleep timing
Path Traversal (1)
path_traversal_test— Test directory traversal with encoding variants
SSRF (2)
ssrf_test— Test SSRF with localhost bypass variantsssrf_cloud_metadata— Test cloud metadata access via SSRF
PCAP/Network Forensics (8)
pcap_overview— Protocol hierarchy and endpoint statspcap_extract_credentials— Extract FTP/HTTP/SMTP credentialspcap_dns_analysis— DNS query analysispcap_http_objects— Export HTTP objectspcap_detect_scan— Detect port scanningpcap_follow_stream— Follow TCP/UDP streamspcap_tls_analysis— TLS/SNI analysispcap_llmnr_ntlm— Detect LLMNR/NTLM attacks
Reconnaissance (7)
recon_quick— Quick recon (robots.txt, headers, common dirs)recon_dns— Full DNS enumerationrecon_vhost— Virtual host discoveryrecon_tls_sans— Extract SANs from TLS certificatesrecon_directory_bruteforce— Directory brute-forcerecon_git_secrets— Search git repos for secretsrecon_s3_bucket— Test S3 bucket permissions
Memory Forensics (3)
volatility_linux— Linux memory analysis (Volatility 2)volatility_windows— Windows memory analysis (Volatility 3)memory_detect_rootkit— Linux rootkit detection
Malware Analysis (2)
maldoc_analyze— Full OLE document analysis pipelinemaldoc_extract_macros— Extract VBA macros
Cloud Security (2)
cloudtrail_analyze— CloudTrail log analysiscloudtrail_find_anomalies— Detect anomalous CloudTrail events
Authentication (3)
auth_csrf_extract— Extract CSRF tokensauth_bruteforce— Username enumeration + credential brute-forceauth_cookie_tamper— Cookie tampering test
Access Control (2)
idor_test— Test for IDOR vulnerabilitiesrole_escalation_test— Test privilege escalation
Business Logic (2)
price_manipulation_test— Test price/quantity manipulationcoupon_abuse_test— Test coupon stacking/reuse
Clickjacking (2)
clickjacking_test— Test X-Frame-Options/CSPframe_buster_bypass— Test frame-busting bypass
CORS (1)
cors_test— Test CORS misconfigurations
File Upload (1)
file_upload_test— Test file upload bypasses
NoSQL Injection (2)
nosqli_auth_bypass— MongoDB auth bypassnosqli_detect— NoSQL injection detection
Deserialization (1)
deserialization_test— Test insecure deserialization
GraphQL (2)
graphql_introspect— Full schema introspectiongraphql_find_hidden— Discover hidden fields
Prompts (8)
Methodology guides for structured security assessments:
web_app_pentest— Full web app pentest methodologypcap_forensics— PCAP analysis workflowmemory_forensics— Memory dump analysis (Linux/Windows)recon_methodology— Reconnaissance checklistmalware_analysis— Malware document analysiscloud_security_audit— CloudTrail analysis workflowsqli_methodology— SQL injection testing guidexss_methodology— XSS testing guide
System Requirements
Tools require various CLI utilities depending on the module:
- Most tools:
curl - PCAP analysis:
tshark(Wireshark CLI) - DNS recon:
dig,host - Memory forensics:
volatility/vol.py/vol3 - Malware analysis:
olevba,oledump.py - Cloud analysis:
jq - Secrets scanning:
git
License
MIT
관련 서버
Alpha Vantage MCP Server
스폰서Access financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more
SEO & Web Analysis MCP Server
Lighthouse audits, PageSpeed analysis, SSL checks, tech stack detection, WHOIS and DNS queries
FeedOracle Macro Intelligence
Deterministic macro regime engine for AI trading agents — RISK_ON / NEUTRAL / RISK_OFF / STRESS with transparent scoring rules.
Deepseek Thinking & Claude 3.5 Sonnet
Combines DeepSeek's reasoning capabilities with Claude 3.5 Sonnet's response generation through OpenRouter.
Petstore MCP Server & Client
An MCP server and client implementation for the Swagger Petstore API.
ABP.IO MCP Server
An MCP server for ABP.IO that enables AI models to interact with your ABP applications and framework.
Pickapicon
Quickly retrieve SVGs using the Iconify API, with no external data files required.
Xcode
Tools for Xcode project management, building, testing, archiving, code signing, and iOS development utilities.
MCP Sequence Simulation Server
Simulate DNA and amino acid sequences using evolutionary models and algorithms.
Image Generation
Generate images from text using the Stable Diffusion WebUI API (ForgeUI/AUTOMATIC-1111).
Flux ImageGen MCP Server
An MCP server for generating images using the Pollinations AI API.