operant-mcp
Security testing MCP server with 51 tools for penetration testing, network forensics, memory analysis, and vulnerability assessment.
operant-mcp
Security testing MCP server with 51 tools for penetration testing, network forensics, memory analysis, and vulnerability assessment.
Quick Start
npx operant-mcp
Or install globally:
npm install -g operant-mcp
operant-mcp
Usage with Claude Code
Add to your MCP config:
{
"mcpServers": {
"operant": {
"command": "npx",
"args": ["-y", "operant-mcp"]
}
}
}
Tools (51)
SQL Injection (6)
sqli_where_bypass— Test OR-based WHERE clause bypasssqli_login_bypass— Test login form SQL injectionsqli_union_extract— UNION-based data extractionsqli_blind_boolean— Boolean-based blind SQLisqli_blind_time— Time-based blind SQLisqli_file_read— Read files via LOAD_FILE()
XSS (2)
xss_reflected_test— Test reflected XSS with 10 payloadsxss_payload_generate— Generate context-aware XSS payloads
Command Injection (2)
cmdi_test— Test OS command injectioncmdi_blind_detect— Blind command injection via sleep timing
Path Traversal (1)
path_traversal_test— Test directory traversal with encoding variants
SSRF (2)
ssrf_test— Test SSRF with localhost bypass variantsssrf_cloud_metadata— Test cloud metadata access via SSRF
PCAP/Network Forensics (8)
pcap_overview— Protocol hierarchy and endpoint statspcap_extract_credentials— Extract FTP/HTTP/SMTP credentialspcap_dns_analysis— DNS query analysispcap_http_objects— Export HTTP objectspcap_detect_scan— Detect port scanningpcap_follow_stream— Follow TCP/UDP streamspcap_tls_analysis— TLS/SNI analysispcap_llmnr_ntlm— Detect LLMNR/NTLM attacks
Reconnaissance (7)
recon_quick— Quick recon (robots.txt, headers, common dirs)recon_dns— Full DNS enumerationrecon_vhost— Virtual host discoveryrecon_tls_sans— Extract SANs from TLS certificatesrecon_directory_bruteforce— Directory brute-forcerecon_git_secrets— Search git repos for secretsrecon_s3_bucket— Test S3 bucket permissions
Memory Forensics (3)
volatility_linux— Linux memory analysis (Volatility 2)volatility_windows— Windows memory analysis (Volatility 3)memory_detect_rootkit— Linux rootkit detection
Malware Analysis (2)
maldoc_analyze— Full OLE document analysis pipelinemaldoc_extract_macros— Extract VBA macros
Cloud Security (2)
cloudtrail_analyze— CloudTrail log analysiscloudtrail_find_anomalies— Detect anomalous CloudTrail events
Authentication (3)
auth_csrf_extract— Extract CSRF tokensauth_bruteforce— Username enumeration + credential brute-forceauth_cookie_tamper— Cookie tampering test
Access Control (2)
idor_test— Test for IDOR vulnerabilitiesrole_escalation_test— Test privilege escalation
Business Logic (2)
price_manipulation_test— Test price/quantity manipulationcoupon_abuse_test— Test coupon stacking/reuse
Clickjacking (2)
clickjacking_test— Test X-Frame-Options/CSPframe_buster_bypass— Test frame-busting bypass
CORS (1)
cors_test— Test CORS misconfigurations
File Upload (1)
file_upload_test— Test file upload bypasses
NoSQL Injection (2)
nosqli_auth_bypass— MongoDB auth bypassnosqli_detect— NoSQL injection detection
Deserialization (1)
deserialization_test— Test insecure deserialization
GraphQL (2)
graphql_introspect— Full schema introspectiongraphql_find_hidden— Discover hidden fields
Prompts (8)
Methodology guides for structured security assessments:
web_app_pentest— Full web app pentest methodologypcap_forensics— PCAP analysis workflowmemory_forensics— Memory dump analysis (Linux/Windows)recon_methodology— Reconnaissance checklistmalware_analysis— Malware document analysiscloud_security_audit— CloudTrail analysis workflowsqli_methodology— SQL injection testing guidexss_methodology— XSS testing guide
System Requirements
Tools require various CLI utilities depending on the module:
- Most tools:
curl - PCAP analysis:
tshark(Wireshark CLI) - DNS recon:
dig,host - Memory forensics:
volatility/vol.py/vol3 - Malware analysis:
olevba,oledump.py - Cloud analysis:
jq - Secrets scanning:
git
License
MIT
Servidores relacionados
Scout Monitoring MCP
patrocinadorPut performance and error data directly in the hands of your AI assistant.
Alpha Vantage MCP Server
patrocinadorAccess financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more
Sapiom
One API key gives agents access to 80+ tools: web search, deep search, browser automation, screenshots, 400+ LLM models, image generation, text-to-speech, sound effects, and phone verification. Pay-per-use with spend governance built in.
MCP Memory Gateway (rlhf-feedback-loop)
Local-first RLHF feedback loop for AI agents — capture preference signals, promote memories, block repeated mistakes, export DPO/KTO training pairs
MCP Everything
A demonstration server for the Model Context Protocol (MCP) showcasing various features like tools, resources, and prompts in TypeScript and Python.
gurddy mcp
his repository contains a fully functional MCP (Model Context Protocol) server, providing solutions for Constraint Satisfaction Problems (CSP) and Linear Programming (LP). It is based on the gurddy package and supports solving a variety of classic problems.
Authless Remote MCP Server
A remote MCP server without authentication, designed for easy deployment on Cloudflare Workers.
DocsFetcher
Fetches package documentation from various language ecosystems without requiring API keys.
ImageSorcery MCP
ComputerVision-based 🪄 sorcery of image recognition and editing tools for AI assistants.
gNMIBuddy
Retrieves essential network information from devices using gNMI and OpenConfig models.
Agentic Tools MCP Companion
A VS Code extension with a GUI for the agentic-tools-mcp server, enhancing task and memory management.
MCP Create Server
A service for dynamically creating, running, and managing Model Context Protocol (MCP) servers.