🔒 CyberMCP
AI-powered Cybersecurity API Testing with Model Context Protocol (MCP)
CyberMCP is a Model Context Protocol (MCP) server that enables AI agents to perform comprehensive security testing on backend APIs. It provides 14 specialized security tools and 10 resources for identifying vulnerabilities like authentication bypass, injection attacks, data leakage, and security misconfigurations.
🚀 Quick Start
✨ Features
- 🔐 Authentication Testing - JWT analysis, bypass detection, OAuth2 flows
- 💉 Injection Testing - SQL injection, XSS vulnerability detection
- 📊 Data Protection - Sensitive data exposure, path traversal checks
- ⏱️ Rate Limiting - DoS vulnerability assessment
- 🛡️ Security Headers - OWASP security header validation
- 📚 Comprehensive Resources - Security checklists and testing guides
🛠️ Security Tools (14 Total)
Category | Tools |
---|---|
Authentication | basic_auth , token_auth , oauth2_auth , api_login , auth_status , clear_auth , jwt_vulnerability_check , auth_bypass_check |
Injection Testing | sql_injection_check , xss_check |
Data Protection | sensitive_data_check , path_traversal_check |
Infrastructure | rate_limit_check , security_headers_check |
🎯 IDE Integration
CyberMCP works with all major AI-powered IDEs:
- Claude Desktop - Direct MCP integration
- Cursor IDE - Built-in MCP support
- Windsurf (Codeium) - Native MCP protocol
- VS Code + Cline - Extension-based integration
📖 Complete Setup Guide - Detailed configuration for each IDE
📋 Usage Example
The AI agent will:
- Configure authentication credentials
- Test the protected endpoint for bypass vulnerabilities
- Provide detailed security analysis and recommendations
📊 Testing & Validation
📁 Project Structure
🔧 Development
📖 Documentation
- Setup Guide - Detailed installation and configuration
- Project Summary - Complete feature overview
- Testing Results - Validation and test coverage
🤝 Contributing
- Fork the repository
- Create a feature branch:
git checkout -b feature/new-security-tool
- Make your changes and add tests
- Submit a pull request
📄 License
This project is licensed under the MIT License - see the LICENSE file for details.
🔗 Resources
- Model Context Protocol - Official MCP documentation
- OWASP API Security - API security best practices
- MCP TypeScript SDK - Development framework
🔒 Secure your APIs with AI-powered testing!
For support and questions, please create an issue.
hybrid server
The server is able to function both locally and remotely, depending on the configuration or use case.
Tools
認証バイパス、インジェクション攻撃、データ漏洩などのセキュリティ脆弱性についてバックエンド API をテストするために設計されたモデル コンテキスト プロトコル サーバー。
Related MCP Servers
- AsecurityFlicenseAqualityA Model Context Protocol server that enables users to perform third-party enrichment lookups for security observables (IP addresses, domains, URLs, emails) through services like VirusTotal, Shodan, and others.Last updated 4 months ago11Python
- -securityAlicense-qualityA Model Context Protocol server that provides programmatic APIs for running mutation tests with mutmut, analyzing results, and improving test coverage in Python projects.Last updated 2 months agoPythonMIT License
- AsecurityAlicenseAqualityA Model Context Protocol server providing security vulnerability intelligence tools including CVE lookup, EPSS scoring, CVSS calculation, exploit detection, and Python package vulnerability checking.Last updated 3 months ago84PythonMIT License
MockLoop MCP Serverofficial
-securityAlicense-qualityA Model Context Protocol server that generates and runs mock API servers from API documentation like OpenAPI/Swagger specs, enabling developers and AI assistants to quickly spin up mock backends for development and testing.Last updated 3 days ago11PythonMIT License