MCP Server Pentest
Automated browser penetration testing to detect XSS and SQL vulnerabilities.
Features
- Full browser xss, sql vulnerability automatic detection
- Screenshots of the entire page or specific elements
- Comprehensive network interaction (navigation, clicks, form filling)
- Console log monitoring
- JavaScript execution in the browser context
Installation
Installing
npx playwright install firefox
yarn install
npm run build
Configuration
The installation process will automatically add the following configuration to your Claude config file:
{
"mcpServers": {
"playwright": {
"command": "npx",
"args": [
"-y",
"/Users/...../dist/index.js"
],
"disabled": false,
"autoApprove": []
}
}
}
Components
Tools
broser_url_reflected_xss
Test whether the URL has an XSS vulnerability
{
"url": "https://test.com",
"paramName":"text"
}
browser_url_sql_injection
Test whether the URL has SQL injection vulnerabilities
{
"url": "https://test.com",
"paramName":"text"
}
browser_navigate
Navigate to any URL in the browser
{
"url": "https://stealthbrowser.cloud"
}
browser_screenshot
Capture screenshots of the entire page or specific elements
{
"name": "screenshot-name", // required
"selector": "#element-id", // optional
"fullPage": true // optional, default: false
}
browser_click
Click elements on the page using CSS selector
{
"selector": "#button-id"
}
browser_click_text
Click elements on the page by their text content
{
"text": "Click me"
}
browser_hover
Hover over elements on the page using CSS selector
{
"selector": "#menu-item"
}
browser_hover_text
Hover over elements on the page by their text content
{
"text": "Hover me"
}
browser_fill
Fill out input fields
{
"selector": "#input-field",
"value": "Hello World"
}
browser_select
Select an option in a SELECT element using CSS selector
{
"selector": "#dropdown",
"value": "option-value"
}
browser_select_text
Select an option in a SELECT element by its text content
{
"text": "Choose me",
"value": "option-value"
}
browser_evaluate
Execute JavaScript in the browser console
{
"script": "document.title"
}
Related Servers
MCP Stdio Server
An MCP server using stdio transport, offering file system access, a calculator, and a code review tool. Requires Node.js.
Kafka MCP
A natural language interface to manage Apache Kafka operations.
Remote MCP Server Authless
An example of a remote MCP server deployed on Cloudflare Workers without authentication.
MapleStory MCP Server
Access NEXON MapleStory open API data for character info, union details, guild data, rankings, and game mechanics.
MCP Talk Demo Files
A collection of demo files for MCP servers and clients, illustrating various transport protocols and server capabilities using Python.
GitGuardian
Scan projects for over 500 types of secrets using GitGuardian's API to prevent credential leaks.
OpenAPI Invoker
Invokes any OpenAPI specification through a Model Context Protocol (MCP) server.
MCP Starter Server
A minimal template for building AI assistant tools using the ModelContextProtocol.
MCP Server with GitHub OAuth
A remote MCP server with built-in GitHub OAuth support, designed for deployment on Cloudflare Workers.
DevServer MCP
Manages development servers for LLM-assisted workflows, offering programmatic control through a unified TUI and experimental browser automation via Playwright.