MCP Server Pentest
by 9olidity
<h1 align="center">MCP Server Pentest</h1>
## Features
- Full browser xss, sql vulnerability automatic detection
- Screenshots of the entire page or specific elements
- Comprehensive network interaction (navigation, clicks, form filling)
- Console log monitoring
- JavaScript execution in the browser context
## Installation
### Installing
```
npx playwright install firefox
yarn install
npm run build
```
## Configuration
The installation process will automatically add the following configuration to your Claude config file:
```json
{
"mcpServers": {
"playwright": {
"command": "npx",
"args": [
"-y",
"/Users/...../dist/index.js"
],
"disabled": false,
"autoApprove": []
}
}
}
```
## Components
### Tools
#### `broser_url_reflected_xss`
Test whether the URL has an XSS vulnerability
```javascript
{
"url": "https://test.com",
"paramName":"text"
}
```

#### `browser_url_sql_injection`
Test whether the URL has SQL injection vulnerabilities
```javascript
{
"url": "https://test.com",
"paramName":"text"
}
```

#### `browser_navigate`
Navigate to any URL in the browser
```javascript
{
"url": "https://stealthbrowser.cloud"
}
```
#### `browser_screenshot`
Capture screenshots of the entire page or specific elements
```javascript
{
"name": "screenshot-name", // required
"selector": "#element-id", // optional
"fullPage": true // optional, default: false
}
```
#### `browser_click`
Click elements on the page using CSS selector
```javascript
{
"selector": "#button-id"
}
```
#### `browser_click_text`
Click elements on the page by their text content
```javascript
{
"text": "Click me"
}
```
#### `browser_hover`
Hover over elements on the page using CSS selector
```javascript
{
"selector": "#menu-item"
}
```
#### `browser_hover_text`
Hover over elements on the page by their text content
```javascript
{
"text": "Hover me"
}
```
#### `browser_fill`
Fill out input fields
```javascript
{
"selector": "#input-field",
"value": "Hello World"
}
```
#### `browser_select`
Select an option in a SELECT element using CSS selector
```javascript
{
"selector": "#dropdown",
"value": "option-value"
}
```
#### `browser_select_text`
Select an option in a SELECT element by its text content
```javascript
{
"text": "Choose me",
"value": "option-value"
}
```
#### `browser_evaluate`
Execute JavaScript in the browser console
```javascript
{
"script": "document.title"
}
```
ID: qswkymafzi