what is MCP Server Pentest?
MCP Server Pentest is a security testing tool designed to automatically detect vulnerabilities in web applications, specifically focusing on XSS and SQL injection vulnerabilities.
how to use MCP Server Pentest?
To use MCP Server Pentest, install the necessary dependencies using the provided commands, configure the tool, and then run tests against your target URLs to identify vulnerabilities.
key features of MCP Server Pentest?
- Full browser XSS and SQL vulnerability automatic detection
- Screenshots of the entire page or specific elements
- Comprehensive network interaction including navigation, clicks, and form filling
- Console log monitoring
- JavaScript execution in the browser context
use cases of MCP Server Pentest?
- Conducting security assessments on web applications.
- Identifying potential vulnerabilities before deployment.
- Automating the testing process for web application security.
FAQ from MCP Server Pentest?
- What types of vulnerabilities can MCP Server Pentest detect?
MCP Server Pentest can detect XSS and SQL injection vulnerabilities.
- Is MCP Server Pentest easy to set up?
Yes! The installation process is straightforward with clear instructions provided.
- Can I use MCP Server Pentest for any web application?
Yes! It can be used for any web application that you have permission to test.
MCP Server Pentest
Features
- Full browser xss, sql vulnerability automatic detection
- Screenshots of the entire page or specific elements
- Comprehensive network interaction (navigation, clicks, form filling)
- Console log monitoring
- JavaScript execution in the browser context
Installation
Installing
npx playwright install firefox
yarn install
npm run build
Configuration
The installation process will automatically add the following configuration to your Claude config file:
{
"mcpServers": {
"playwright": {
"command": "npx",
"args": [
"-y",
"/Users/...../dist/index.js"
],
"disabled": false,
"autoApprove": []
}
}
}
Components
Tools
broser_url_reflected_xss
Test whether the URL has an XSS vulnerability
{
"url": "https://test.com",
"paramName":"text"
}
browser_url_sql_injection
Test whether the URL has SQL injection vulnerabilities
{
"url": "https://test.com",
"paramName":"text"
}
browser_navigate
Navigate to any URL in the browser
{
"url": "https://stealthbrowser.cloud"
}
browser_screenshot
Capture screenshots of the entire page or specific elements
{
"name": "screenshot-name", // required
"selector": "#element-id", // optional
"fullPage": true // optional, default: false
}
browser_click
Click elements on the page using CSS selector
{
"selector": "#button-id"
}
browser_click_text
Click elements on the page by their text content
{
"text": "Click me"
}
browser_hover
Hover over elements on the page using CSS selector
{
"selector": "#menu-item"
}
browser_hover_text
Hover over elements on the page by their text content
{
"text": "Hover me"
}
browser_fill
Fill out input fields
{
"selector": "#input-field",
"value": "Hello World"
}
browser_select
Select an option in a SELECT element using CSS selector
{
"selector": "#dropdown",
"value": "option-value"
}
browser_select_text
Select an option in a SELECT element by its text content
{
"text": "Choose me",
"value": "option-value"
}
browser_evaluate
Execute JavaScript in the browser console
{
"script": "document.title"
}
