This MCP Server Pentest provides automated web vulnerability testing and browser interaction capabilities:
Test for security vulnerabilities (XSS, SQL injection)
Capture screenshots (full-page or specific elements)
Simulate browser interactions (navigation, clicks, form filling, hovering)
Select options in dropdown menus using selectors or text content
Execute and monitor custom JavaScript in the browser context
Test web applications for security and compatibility
Provides automated browser testing capabilities including XSS and SQL injection vulnerability detection, navigation, screenshot capture, and interaction with web elements through Playwright's Firefox integration.
Enables execution of JavaScript code in the browser context to interact with web pages, monitor console logs, and perform dynamic testing operations.
Utilizes npm packages for installation and execution of browser testing components through the npx command.
Supports dependency management and package installation for the server components using Yarn package manager.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@MCP Server Pentesttest for XSS vulnerabilities on https://example.com/login page"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Features
Full browser xss, sql vulnerability automatic detection
Screenshots of the entire page or specific elements
Comprehensive network interaction (navigation, clicks, form filling)
Console log monitoring
JavaScript execution in the browser context
Related MCP server: Adversary MCP Server
Installation
Installing
npx playwright install firefox
yarn install
npm run build Configuration
The installation process will automatically add the following configuration to your Claude config file:
{
"mcpServers": {
"playwright": {
"command": "npx",
"args": [
"-y",
"/Users/...../dist/index.js"
],
"disabled": false,
"autoApprove": []
}
}
}Components
Tools
broser_url_reflected_xss
Test whether the URL has an XSS vulnerability
{
"url": "https://test.com",
"paramName":"text"
}
browser_url_sql_injection
Test whether the URL has SQL injection vulnerabilities
{
"url": "https://test.com",
"paramName":"text"
}
browser_navigate
Navigate to any URL in the browser
{
"url": "https://stealthbrowser.cloud"
}browser_screenshot
Capture screenshots of the entire page or specific elements
{
"name": "screenshot-name", // required
"selector": "#element-id", // optional
"fullPage": true // optional, default: false
}browser_click
Click elements on the page using CSS selector
{
"selector": "#button-id"
}browser_click_text
Click elements on the page by their text content
{
"text": "Click me"
}browser_hover
Hover over elements on the page using CSS selector
{
"selector": "#menu-item"
}browser_hover_text
Hover over elements on the page by their text content
{
"text": "Hover me"
}browser_fill
Fill out input fields
{
"selector": "#input-field",
"value": "Hello World"
}browser_select
Select an option in a SELECT element using CSS selector
{
"selector": "#dropdown",
"value": "option-value"
}browser_select_text
Select an option in a SELECT element by its text content
{
"text": "Choose me",
"value": "option-value"
}browser_evaluate
Execute JavaScript in the browser console
{
"script": "document.title"
}
