MCP Server Pentest
Automated browser penetration testing to detect XSS and SQL vulnerabilities.
Features
- Full browser xss, sql vulnerability automatic detection
- Screenshots of the entire page or specific elements
- Comprehensive network interaction (navigation, clicks, form filling)
- Console log monitoring
- JavaScript execution in the browser context
Installation
Installing
npx playwright install firefox
yarn install
npm run build
Configuration
The installation process will automatically add the following configuration to your Claude config file:
{
"mcpServers": {
"playwright": {
"command": "npx",
"args": [
"-y",
"/Users/...../dist/index.js"
],
"disabled": false,
"autoApprove": []
}
}
}
Components
Tools
broser_url_reflected_xss
Test whether the URL has an XSS vulnerability
{
"url": "https://test.com",
"paramName":"text"
}
browser_url_sql_injection
Test whether the URL has SQL injection vulnerabilities
{
"url": "https://test.com",
"paramName":"text"
}
browser_navigate
Navigate to any URL in the browser
{
"url": "https://stealthbrowser.cloud"
}
browser_screenshot
Capture screenshots of the entire page or specific elements
{
"name": "screenshot-name", // required
"selector": "#element-id", // optional
"fullPage": true // optional, default: false
}
browser_click
Click elements on the page using CSS selector
{
"selector": "#button-id"
}
browser_click_text
Click elements on the page by their text content
{
"text": "Click me"
}
browser_hover
Hover over elements on the page using CSS selector
{
"selector": "#menu-item"
}
browser_hover_text
Hover over elements on the page by their text content
{
"text": "Hover me"
}
browser_fill
Fill out input fields
{
"selector": "#input-field",
"value": "Hello World"
}
browser_select
Select an option in a SELECT element using CSS selector
{
"selector": "#dropdown",
"value": "option-value"
}
browser_select_text
Select an option in a SELECT element by its text content
{
"text": "Choose me",
"value": "option-value"
}
browser_evaluate
Execute JavaScript in the browser console
{
"script": "document.title"
}
Related Servers
Luskad MCP
Provides access to coding rules and examples for your projects.
MCP Design System Extractor
Extracts component information, including HTML, styles, and metadata, from Storybook design systems.
Code Understanding
Analyzes local and remote GitHub repositories to provide code understanding and context generation, including structure analysis, file identification, and semantic mapping.
Fused MCP
A Python-based MCP server for data scientists to run Python code with a Claude client.
UnrealMCP Plugin
An unofficial MCP server plugin for remote control of Unreal Engine using AI tools.
Python REPL
A Python REPL with persistent sessions and automatic dependency management using uv.
Galley MCP Server
Integrates Galley's GraphQL API with MCP clients. It automatically introspects the GraphQL schema for seamless use with tools like Claude and VS Code.
Moralis
Interact with the Moralis Web3 API to access blockchain data and services.
CCXT MCP Server
Interact with over 100 cryptocurrency exchange APIs using the CCXT library.
Creatify
MCP Server that exposes Creatify AI API capabilities for AI video generation, including avatar videos, URL-to-video conversion, text-to-speech, and AI-powered editing tools.