MCPPentestBOT

Overview Schema Related Servers Score Discussions

MIT License

MCPPentestBOT
tools

http_headers.py•3.89 kB

""" HTTP Security Headers Tool Analyzes HTTP security headers and provides recommendations """ from typing import Dict, Any, List from .base_tool import BaseTool import subprocess class HTTPHeadersTool(BaseTool): """HTTP security headers analysis tool""" def __init__(self): super().__init__() self.name = "http_headers" self.description = "Analyzes HTTP security headers and provides recommendations. Checks for HSTS, CSP, X-Frame-Options, and other security headers." def get_tool_definition(self) -> Dict[str, Any]: """Return MCP-compatible tool definition""" return { "name": self.name, "description": self.description, "inputSchema": { "type": "object", "properties": { "target": { "type": "string", "description": "Target URL to check headers (e.g., https://example.com)" } }, "required": ["target"] } } async def execute(self, arguments: Dict[str, Any]) -> List[Dict[str, Any]]: """Execute HTTP headers check""" try: target = arguments.get("target", "") if not target: return self.format_error("Target URL is required") # Add https:// if not present if not target.startswith(("http://", "https://")): target = f"https://{target}" # Build curl command to get headers cmd = f"curl -I -s {target}" try: result = subprocess.run( ["wsl", "bash", "-c", cmd], capture_output=True, text=True, timeout=30 ) except FileNotFoundError: result = subprocess.run( ["bash", "-c", cmd], capture_output=True, text=True, timeout=30 ) if result.returncode == 0: headers = result.stdout analysis = self._analyze_headers(headers) formatted = f"✅ HTTP Security Headers Analysis for {target}\n{'='*60}\n" formatted += f"Raw Headers:\n{headers}\n\n" formatted += f"Security Analysis:\n{analysis}\n{'='*60}" return self.format_success(formatted) else: error = result.stderr or "Unable to retrieve headers" return self.format_error(f"Headers check failed: {error}") except subprocess.TimeoutExpired: return self.format_error("Headers check timeout (exceeded 30 seconds)") except Exception as e: return self.format_error(f"Execution failed: {str(e)}") def _analyze_headers(self, headers: str) -> str: """Analyze security headers""" analysis = [] # Check for important security headers security_headers = { "Strict-Transport-Security": "HSTS", "Content-Security-Policy": "CSP", "X-Frame-Options": "Clickjacking Protection", "X-Content-Type-Options": "MIME Sniffing Protection", "X-XSS-Protection": "XSS Protection", "Referrer-Policy": "Referrer Policy" } for header, description in security_headers.items(): if header.lower() in headers.lower(): analysis.append(f"✅ {description} ({header}): Present") else: analysis.append(f"⚠️ {description} ({header}): Missing") return "\n".join(analysis) tool_instance = HTTPHeadersTool()

Latest Blog Posts

The 50MB Markdown Files That Broke Our Server
By punkpeye on December 3, 2025.
react
react-router
node-js
OpenTelemetry for Model Context Protocol (MCP) Analytics and Agent Observability
By Om-Shree-0709 on November 29, 2025.
observability
mcp
opentelemetry
Securing Enterprise AI Agents with Unique Identities in the Model Context Protocol (MCP)
By Om-Shree-0709 on November 27, 2025.

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/kannanprabu/MCPPentestBOT'

If you have feedback or need assistance with the MCP directory API, please join our Discord server