Skip to main content
Glama
adriyansyah-mf

MCP Pentest

by adriyansyah-mf
OverviewInspectSchemaRelated ServersScoreDiscussions
TypeScript
Local

test_web_application

Perform technology-specific web application penetration testing by analyzing target URLs and detected technologies to identify security vulnerabilities through automated security assessments.

Instructions

Technology-specific web application penetration testing

Input Schema

NameRequiredDescriptionDefault
targetYesTarget web application URL
technologiesYesDetected technologies (e.g., ['WordPress', 'Apache', 'PHP'])

Input Schema (JSON Schema)

{ "properties": { "target": { "description": "Target web application URL", "type": "string" }, "technologies": { "description": "Detected technologies (e.g., ['WordPress', 'Apache', 'PHP'])", "items": { "type": "string" }, "type": "array" } }, "required": [ "target", "technologies" ], "type": "object" }

Implementation Reference

  • src/tools/service-specific.ts:145-209 (handler)
    Core handler function implementing the test_web_application tool logic, performing technology-specific tests (WordPress, Drupal, Joomla, web servers), common vulnerability scans, and compiling results with recommendations.
    async testWebApplication(target: string, technologies: string[]): Promise<ScanResult> { try { console.error(`🔍 Testing Web Application on ${target}`); const findings: string[] = []; const results: any = {}; // Test 1: Technology-specific tests for (const tech of technologies) { const techLower = tech.toLowerCase(); if (techLower.includes('wordpress')) { const wpResults = await this.testWordPress(target); results.wordpress_tests = wpResults; if (wpResults.plugins_detected) { findings.push(`WordPress plugins detected: ${wpResults.plugins_detected.length}`); } } if (techLower.includes('drupal')) { const drupalResults = await this.testDrupal(target); results.drupal_tests = drupalResults; } if (techLower.includes('joomla')) { const joomlaResults = await this.testJoomla(target); results.joomla_tests = joomlaResults; } if (techLower.includes('apache') || techLower.includes('nginx')) { const webServerResults = await this.testWebServer(target, techLower); results.webserver_tests = webServerResults; } } // Test 2: Common web vulnerabilities const webVulnResults = await this.testWebVulnerabilities(target); results.web_vulnerabilities = webVulnResults; findings.push(...webVulnResults.findings); return { target, timestamp: new Date().toISOString(), tool: 'web_application_test', results: { service: 'Web Application', technologies_tested: technologies, findings, detailed_results: results, recommendations: this.getWebAppRecommendations(findings, technologies) }, status: 'success' }; } catch (error) { return { target, timestamp: new Date().toISOString(), tool: 'web_application_test', results: {}, status: 'error', error: error instanceof Error ? error.message : String(error) }; } }
  • src/index.ts:577-579 (registration)
    Dispatch registration in the main tool call handler switch statement, routing 'test_web_application' calls to the ServiceSpecificTools.testWebApplication method.
    case "test_web_application": return respond(await this.serviceSpecificTools.testWebApplication(args.target, args.technologies));
  • src/index.ts:377-392 (registration)
    Tool registration in the listTools response, defining the tool name, description, and input schema.
    { name: "test_web_application", description: "Technology-specific web application penetration testing", inputSchema: { type: "object", properties: { target: { type: "string", description: "Target web application URL" }, technologies: { type: "array", items: { type: "string" }, description: "Detected technologies (e.g., ['WordPress', 'Apache', 'PHP'])" } }, required: ["target", "technologies"] } },
  • src/index.ts:380-391 (schema)
    JSON schema defining the input parameters for the test_web_application tool: target URL and list of technologies.
    inputSchema: { type: "object", properties: { target: { type: "string", description: "Target web application URL" }, technologies: { type: "array", items: { type: "string" }, description: "Detected technologies (e.g., ['WordPress', 'Apache', 'PHP'])" } }, required: ["target", "technologies"] }
  • src/tools/service-specific.ts:953-976 (helper)
    Helper function for WordPress-specific testing using WPScan to detect plugins, themes, and vulnerabilities.
    private async testWordPress(target: string): Promise<any> { try { const results: any = { plugins_detected: [], themes_detected: [], vulnerabilities: [] }; // WPScan integration try { const { stdout: wpscanOutput } = await execAsync(`wpscan --url ${target} --enumerate p,t,u --random-user-agent`, { timeout: 300000 }); // Parse WPScan output for plugins const pluginMatches = wpscanOutput.match(/\[!\] Title: (.+)/g); if (pluginMatches) { results.plugins_detected = pluginMatches.map(m => m.replace('[!] Title: ', '')); } results.wpscan_raw = wpscanOutput; } catch (e) { console.error('WPScan failed:', e); } return results; } catch (error) { return { error: error instanceof Error ? error.message : String(error) }; } }

This server cannot be installed

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/adriyansyah-mf/mcp-pentest'

If you have feedback or need assistance with the MCP directory API, please join our Discord server