MCP Server Pentest
Automated browser penetration testing to detect XSS and SQL vulnerabilities.
MCP Server Pentest
Features
- Full browser xss, sql vulnerability automatic detection
- Screenshots of the entire page or specific elements
- Comprehensive network interaction (navigation, clicks, form filling)
- Console log monitoring
- JavaScript execution in the browser context
Installation
Installing
npx playwright install firefox
yarn install
npm run build
Configuration
The installation process will automatically add the following configuration to your Claude config file:
{
"mcpServers": {
"playwright": {
"command": "npx",
"args": [
"-y",
"/Users/...../dist/index.js"
],
"disabled": false,
"autoApprove": []
}
}
}
Components
Tools
broser_url_reflected_xss
Test whether the URL has an XSS vulnerability
{
"url": "https://test.com",
"paramName":"text"
}
browser_url_sql_injection
Test whether the URL has SQL injection vulnerabilities
{
"url": "https://test.com",
"paramName":"text"
}
browser_navigate
Navigate to any URL in the browser
{
"url": "https://stealthbrowser.cloud"
}
browser_screenshot
Capture screenshots of the entire page or specific elements
{
"name": "screenshot-name", // required
"selector": "#element-id", // optional
"fullPage": true // optional, default: false
}
browser_click
Click elements on the page using CSS selector
{
"selector": "#button-id"
}
browser_click_text
Click elements on the page by their text content
{
"text": "Click me"
}
browser_hover
Hover over elements on the page using CSS selector
{
"selector": "#menu-item"
}
browser_hover_text
Hover over elements on the page by their text content
{
"text": "Hover me"
}
browser_fill
Fill out input fields
{
"selector": "#input-field",
"value": "Hello World"
}
browser_select
Select an option in a SELECT element using CSS selector
{
"selector": "#dropdown",
"value": "option-value"
}
browser_select_text
Select an option in a SELECT element by its text content
{
"text": "Choose me",
"value": "option-value"
}
browser_evaluate
Execute JavaScript in the browser console
{
"script": "document.title"
}
相關伺服器
Alpha Vantage MCP Server
贊助Access financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more
ASKME-CLI
A command-line interface to prompt users for their next plan or confirmation.
ShaderToy-MCP
Query and interact with ShaderToy shaders using large language models.
RapidTools Validate
Deterministic JSON Schema validation with signed cryptographic attestations. Validate payloads, verify signatures, and retrieve attestation records.
Apple Developer Documentation
Search Apple's official developer documentation for iOS, macOS, SwiftUI, WWDC videos, and more.
sqlew
ADR (Architecture Decision Record) for AI Agents – An MCP server that enables AI agents to create, query, and maintain architecture decision records in a structured SQL database
Remote MCP Server Authless
An example of a remote MCP server deployed on Cloudflare Workers without authentication.
PentestGPT-MCP
An advanced penetration testing tool for automated, LLM-driven security assessments using tools like nmap and dirb.
MCP Quickstart
A basic MCP server from the Quickstart Guide, adapted for OpenAI's Chat Completions API.
Flowise
Integrate with the Flowise API to create predictions and manage chatflows and assistants.
React Native AI Debugger
Enables AI assistants like Claude Code to capture logs, execute code, inspect state, and control navigation in your React Native app.