Skip to main content
Glama

Penetration Testing

Tools and frameworks for security testing, vulnerability scanning, and penetration testing. Enables security professionals to identify and exploit security weaknesses in applications and networks.

MCP ServersBrowse all →

  • A
    license
    A
    quality
    F
    maintenance
    Enables AI assistants to perform vulnerability scanning using Grype, supporting scans of directories, container images, and packages via the Model Context Protocol.
    Last updated
    2
    9
    9
    Apache 2.0
  • A
    license
    A
    quality
    C
    maintenance
    Open behavioral litmus for MCP servers — grades A–F across tool-output injection, egress, sensitive-data, and adversarial-input, with reproducible, content-addressed evidence. Tools: run_litmus, verify_attestation.
    Last updated
    12
    4
    130
    6
    Apache 2.0
  • A
    license
    A
    quality
    B
    maintenance
    MCP server that enables Claude Code to drive the Konsulto cybersecurity audit platform from the CLI, including reading and writing findings, managing evidence, and handling scope and assets.
    Last updated
    19
    30
    1
    MIT
  • A
    license
    A
    quality
    A
    maintenance
    Domain security reconnaissance for AI agents — 13 tools (DNS+DNSSEC, SSL/TLS, HTTP security headers, SPF/DKIM/DMARC email auth, port scan, ASN, RDAP/WHOIS) plus a one-shot security_scan returning a 0–100 Health Score (A–F). Free, no API key.
    Last updated
    6
    13
    152
    1
    MIT
  • A
    license
    A
    quality
    C
    maintenance
    A comprehensive security testing MCP server providing 51 tools for penetration testing, network forensics, memory analysis, and vulnerability assessment. It enables automated security audits and technical investigations across web applications, cloud environments, and network captures.
    Last updated
    51
    153
    13
    MIT
  • A
    license
    A
    quality
    B
    maintenance
    MCP server for AgentMinds collective intelligence platform, enabling AI agents to scan websites for security/SEO/performance issues, pull personalized recommendations, and share findings across the network.
    Last updated
    7
    32
    MIT
  • A
    license
    B
    quality
    C
    maintenance
    MCP server wrapping GDB and GEF for dynamic analysis, enabling interactive debugging and memory inspection via GDB/MI protocol.
    Last updated
    14
    1
    MIT
  • A
    license
    A
    quality
    C
    maintenance
    Security scanning for AI coding tools (Claude Code, Cursor, Windsurf) including secrets detection, MCP config vulnerabilities, agent instruction checks, threat modeling, prompt injection testing, pre-commit security checks, and dependency vulnerability scanning.
    Last updated
    7
    151
    1
    MIT
  • A
    license
    A
    quality
    D
    maintenance
    Enables out-of-band interaction testing by integrating ProjectDiscovery's interactsh service as an MCP server. Allows AI agents to create callback domains, send probes, and capture DNS/HTTP interactions for security testing and verification workflows.
    Last updated
    4
    13
    2
    MIT
  • A
    license
    A
    quality
    C
    maintenance
    MCP server that wraps the Frida dynamic instrumentation toolkit, allowing users to attach to processes, hook functions, enumerate modules and exports, and manage scripts through natural language.
    Last updated
    10
    1
    MIT
  • A
    license
    A
    quality
    B
    maintenance
    Agent-native "safe to ship?" security gate for AI-generated code. Uses real parsers and inter-rocedural taint analysis (JS/TS, Python, Go) to flag the classes AI coding agents get wrong — secrets, SQL injection, SS, SSRF, path traversal, command injection, weak JWT/CORS — and ranks findings by confidence. Exposes a scan tool over MCP.
    Last updated
    1
    21
    2
    MIT
  • A
    license
    A
    quality
    A
    maintenance
    Bawbel MCP Server lets any agent scan MCP servers and skill files for security vulnerabilities mid-conversation. Seven tools covering server-card scanning, conformance scoring, rug pull detection, and AVE threat intelligence queries. Powered by the AVE standard with OWASP MCP Top 10 mapping on every finding. Free, Apache 2.0, no API key required.
    Last updated
    10
    1
    Apache 2.0
  • F
    license
    A
    quality
    C
    maintenance
    Enables deep security auditing of web applications directly from AI IDEs including Cursor and Claude Code. Scans URLs for vulnerabilities, returns security scores with SHIP/BLOCK verdicts, and provides specific fix prompts for remediation.
    Last updated
    3
  • A
    license
    A
    quality
    B
    maintenance
    Enables AI assistants to perform reverse engineering and debugging of Windows executables through x64dbg, with tools for loading executables, controlling execution, analyzing memory and security, and generating reports.
    Last updated
    39
    88
    3
    MIT

MCP ConnectorsBrowse all →