Skip to main content
Glama

CyberMCP

by ricauts

🔒 CyberMCP

AI-powered Cybersecurity API Testing with Model Context Protocol (MCP)

CyberMCP is a Model Context Protocol (MCP) server that enables AI agents to perform comprehensive security testing on backend APIs. It provides 14 specialized security tools and 10 resources for identifying vulnerabilities like authentication bypass, injection attacks, data leakage, and security misconfigurations.

🚀 Quick Start

# Clone and setup git clone https://github.com/your-username/CyberMCP.git cd CyberMCP npm install npm run build # Test the server npm run test-server # Start interactive testing npm run test-interactive

✨ Features

  • 🔐 Authentication Testing - JWT analysis, bypass detection, OAuth2 flows
  • 💉 Injection Testing - SQL injection, XSS vulnerability detection
  • 📊 Data Protection - Sensitive data exposure, path traversal checks
  • ⏱️ Rate Limiting - DoS vulnerability assessment
  • 🛡️ Security Headers - OWASP security header validation
  • 📚 Comprehensive Resources - Security checklists and testing guides

🛠️ Security Tools (14 Total)

CategoryTools
Authenticationbasic_auth, token_auth, oauth2_auth, api_login, auth_status, clear_auth, jwt_vulnerability_check, auth_bypass_check
Injection Testingsql_injection_check, xss_check
Data Protectionsensitive_data_check, path_traversal_check
Infrastructurerate_limit_check, security_headers_check

🎯 IDE Integration

CyberMCP works with all major AI-powered IDEs:

  • Claude Desktop - Direct MCP integration
  • Cursor IDE - Built-in MCP support
  • Windsurf (Codeium) - Native MCP protocol
  • VS Code + Cline - Extension-based integration

📖 Complete Setup Guide - Detailed configuration for each IDE

📋 Usage Example

"Use basic_auth with username 'admin' and password 'secret123' then use auth_bypass_check on https://api.example.com/users to test for authentication bypass vulnerabilities"

The AI agent will:

  1. Configure authentication credentials
  2. Test the protected endpoint for bypass vulnerabilities
  3. Provide detailed security analysis and recommendations

📊 Testing & Validation

# Comprehensive tool testing npm run test-tools # Manual interactive testing npm run test-interactive # Quick setup verification npm run quick-start # MCP Inspector (GUI) npm run inspector

📁 Project Structure

CyberMCP/ ├── src/ # TypeScript source code │ ├── tools/ # 14 security testing tools │ ├── resources/ # Security checklists & guides │ └── utils/ # Authentication & utilities ├── docs/ # Documentation ├── scripts/ # Testing & utility scripts ├── examples/ # Configuration examples ├── dist/ # Built JavaScript (generated) └── README.md # This file

🔧 Development

# Development mode with hot reload npm run dev # Build TypeScript npm run build # Start server (stdio mode) npm start # Start HTTP server TRANSPORT=http PORT=3000 npm start

📖 Documentation

🤝 Contributing

  1. Fork the repository
  2. Create a feature branch: git checkout -b feature/new-security-tool
  3. Make your changes and add tests
  4. Submit a pull request

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

🔗 Resources


🔒 Secure your APIs with AI-powered testing!

For support and questions, please create an issue.

Install Server
A
security – no known vulnerabilities
A
license - permissive license
A
quality - confirmed to work

hybrid server

The server is able to function both locally and remotely, depending on the configuration or use case.

認証バイパス、インジェクション攻撃、データ漏洩などのセキュリティ脆弱性についてバックエンド API をテストするために設計されたモデル コンテキスト プロトコル サーバー。

  1. 特徴
    1. プロジェクト構造
      1. インストール
        1. 使用法
          1. MCPサーバーの実行
          2. サーバーへの接続
        2. セキュリティツール
          1. 認証
          2. 認証テスト
          3. 注入テスト
          4. データ漏洩テスト
          5. セキュリティヘッダーテスト
        3. リソース
          1. チェックリスト
          2. ガイド
        4. APIテストに必要な情報
          1. 認証の例
            1. 基本認証
            2. トークン認証
            3. OAuth2認証
            4. カスタムAPIログイン
          2. ライセンス

            Related MCP Servers

            • A
              security
              F
              license
              A
              quality
              A Model Context Protocol server that enables users to perform third-party enrichment lookups for security observables (IP addresses, domains, URLs, emails) through services like VirusTotal, Shodan, and others.
              Last updated 4 months ago
              1
              1
              Python
              • Apple
            • -
              security
              A
              license
              -
              quality
              A Model Context Protocol server that provides programmatic APIs for running mutation tests with mutmut, analyzing results, and improving test coverage in Python projects.
              Last updated 2 months ago
              Python
              MIT License
            • A
              security
              A
              license
              A
              quality
              A Model Context Protocol server providing security vulnerability intelligence tools including CVE lookup, EPSS scoring, CVSS calculation, exploit detection, and Python package vulnerability checking.
              Last updated 3 months ago
              8
              4
              Python
              MIT License
            • -
              security
              A
              license
              -
              quality
              A Model Context Protocol server that generates and runs mock API servers from API documentation like OpenAPI/Swagger specs, enabling developers and AI assistants to quickly spin up mock backends for development and testing.
              Last updated 3 days ago
              11
              Python
              MIT License
              • Apple

            View all related MCP servers

            MCP directory API

            We provide all the information about MCP servers via our MCP API.

            curl -X GET 'https://glama.ai/api/mcp/v1/servers/ricauts/CyberMCP'

            If you have feedback or need assistance with the MCP directory API, please join our Discord server