MCP Server Pentest

Automated browser penetration testing to detect XSS and SQL vulnerabilities.

Features

Full browser xss, sql vulnerability automatic detection
Screenshots of the entire page or specific elements
Comprehensive network interaction (navigation, clicks, form filling)
Console log monitoring
JavaScript execution in the browser context

Installation

Installing

npx playwright install firefox
yarn install 
npm run build

Configuration

The installation process will automatically add the following configuration to your Claude config file:

{
  "mcpServers": {
    "playwright": {
      "command": "npx",
      "args": [
        "-y",
        "/Users/...../dist/index.js"
      ],
      "disabled": false,
      "autoApprove": []
    }
  }
}

Components

Tools

`broser_url_reflected_xss`

Test whether the URL has an XSS vulnerability

{
  "url": "https://test.com",
  "paramName":"text"
}

`browser_url_sql_injection`

Test whether the URL has SQL injection vulnerabilities

{
  "url": "https://test.com",
  "paramName":"text"
}

`browser_navigate`

Navigate to any URL in the browser

{
  "url": "https://stealthbrowser.cloud"
}

`browser_screenshot`

Capture screenshots of the entire page or specific elements

{
  "name": "screenshot-name",     // required
  "selector": "#element-id",     // optional
  "fullPage": true              // optional, default: false
}

`browser_click`

Click elements on the page using CSS selector

{
  "selector": "#button-id"
}

`browser_click_text`

Click elements on the page by their text content

{
  "text": "Click me"
}

`browser_hover`

Hover over elements on the page using CSS selector

{
  "selector": "#menu-item"
}

`browser_hover_text`

Hover over elements on the page by their text content

{
  "text": "Hover me"
}

`browser_fill`

Fill out input fields

{
  "selector": "#input-field",
  "value": "Hello World"
}

`browser_select`

Select an option in a SELECT element using CSS selector

{
  "selector": "#dropdown",
  "value": "option-value"
}

`browser_select_text`

Select an option in a SELECT element by its text content

{
  "text": "Choose me",
  "value": "option-value"
}

`browser_evaluate`

Execute JavaScript in the browser console

{
  "script": "document.title"
}

Related Servers

Scout Monitoring MCP

sponsor

Put performance and error data directly in the hands of your AI assistant.

Alpha Vantage MCP Server

sponsor

Access financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more

Elementor MCP Server

Perform CRUD operations on Elementor page data for a target WordPress website.

Apache SkyWalking MCP

An MCP server for integrating AI agents with the SkyWalking observability platform and its ecosystem.

Android MCP Server

Control Android devices via the Android Debug Bridge (ADB).

MCP Builder

A Python-based server to install and configure other MCP servers from PyPI, npm, or local directories.

Translator AI

Translate JSON i18n files using Google Gemini or local Ollama models, with incremental caching support.

MCP Stdio-HTTP Proxy

A TypeScript proxy that connects stdio MCP clients to HTTP SSE MCP servers, handling OAuth authentication.

Cursor Talk to Figma MCP

Integrates Cursor AI with Figma to read and programmatically modify designs.

Atlas Docs

Access technical documentation for libraries and frameworks, formatted in clean markdown for LLM consumption.

MLflow MCP Server

Integrates with MLflow, enabling AI assistants to interact with experiments, runs, and registered models.

Pica MCP Server

Integrates with the Pica API platform to interact with various third-party services through a standardized interface.