Provides access to OWASP Cheat Sheets content, enabling search capabilities and retrieval of security best practices from the OWASP Cheat Sheet Series repository.
owasp_cheatsheets_mcp_server
A minimal Model Context Protocol (MCP) compatible server providing the OWASP Cheat Sheets.
The server uses FastAPI to expose a simple HTTP API that returns the contents of the cheat sheets from the OWASP Cheat Sheet Series.
Prerequisites
- Python 3.8 or newer
- Git (for cloning the cheat sheet repository on first run)
Usage
- Install requirements:
- (Optional) Set
CHEATSHEETS_DIR
if you already have a local copy of the cheat sheets: - Run the server with
uvicorn
: - If
CHEATSHEETS_DIR
is not set the server will clone the cheat sheet repository on first start (requires network access).
Endpoints
GET /health
– Basic health check.GET /cheatsheets
– List available cheat sheet files.GET /cheatsheets/{name}
– Retrieve a specific cheat sheet.GET /search?q=term
– Search cheat sheets for a term and return matching file names.
Running in production
Use uvicorn
with explicit host and port when deploying:
For a real deployment consider a process manager such as systemd
or running behind a reverse proxy.
Contributing
Pull requests are welcome. Tests can be added under a tests/
directory using pytest.
This implementation is a simplified example of an MCP server and may not cover the entire specification.
This server cannot be installed
hybrid server
The server is able to function both locally and remotely, depending on the configuration or use case.
A minimal Model Context Protocol server that provides access to OWASP security cheat sheets through a simple HTTP API, enabling users to list, retrieve, and search security best practices.
Related MCP Servers
- -securityAlicense-qualityAn MCP server that exposes HTTP methods defined in an OpenAPI specification as tools, enabling interaction with APIs via the Model Context Protocol.Last updated -8PythonMIT License
- AsecurityFlicenseAqualityA Model Context Protocol server that enables users to perform third-party enrichment lookups for security observables (IP addresses, domains, URLs, emails) through services like VirusTotal, Shodan, and others.Last updated -1Python
- AsecurityAlicenseAqualityA Model Context Protocol server providing security vulnerability intelligence tools including CVE lookup, EPSS scoring, CVSS calculation, exploit detection, and Python package vulnerability checking.Last updated -84PythonMIT License
- AsecurityAlicenseAqualityA Model Context Protocol (MCP) server that provides AI-powered security analysis and safety instruction tools. This server helps protect AI agents by providing security guidelines, content analysis, and cautionary instructions when interacting with various MCPs and external services.Last updated -323JavaScriptISC License