Skip to main content
Glama
telmon95

VulneraMCP

by telmon95
OverviewInspectSchemaRelated ServersScoreDiscussions
TypeScript
Hybrid

security.test_auth_bypass

Test authentication bypass vulnerabilities by analyzing protected endpoints to identify security gaps in access controls.

Instructions

Test for authentication bypass vulnerabilities

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
urlYesProtected endpoint URL
methodNoGET

Implementation Reference

  • src/tools/security.ts:432-525 (registration)
    Registration of the 'security.test_auth_bypass' tool using server.tool(), including inline schema and handler function.
    server.tool( 'security.test_auth_bypass', { description: 'Test for authentication bypass vulnerabilities', inputSchema: { type: 'object', properties: { url: { type: 'string', description: 'Protected endpoint URL' }, method: { type: 'string', enum: ['GET', 'POST', 'PUT', 'DELETE'], default: 'GET', }, }, required: ['url'], }, }, async ({ url, method = 'GET' }: any): Promise<ToolResult> => { try { const bypassAttempts = [ { headers: {} }, // No auth { headers: { 'X-Forwarded-For': '127.0.0.1' } }, { headers: { 'X-Original-IP': '127.0.0.1' } }, { headers: { 'X-Real-IP': '127.0.0.1' } }, { headers: { 'Authorization': 'Bearer null' } }, { headers: { 'Authorization': 'Bearer undefined' } }, ]; const results: any[] = []; for (const attempt of bypassAttempts) { try { const config: any = { url, method: method.toLowerCase(), validateStatus: () => true, timeout: 15000, headers: { 'User-Agent': 'Mozilla/5.0', ...attempt.headers, }, }; const response = await axios(config); const result = { attempt: attempt.headers, status: response.status, accessible: response.status === 200, bodyLength: typeof response.data === 'string' ? response.data.length : JSON.stringify(response.data).length, }; if (result.accessible) { await saveFinding({ target: url, type: 'Auth Bypass', severity: 'critical', description: `Potential auth bypass - accessible without proper authentication`, payload: JSON.stringify(attempt.headers), response: typeof response.data === 'string' ? response.data.substring(0, 1000) : JSON.stringify(response.data).substring(0, 1000), timestamp: new Date(), score: 9, }); } results.push(result); } catch (error: any) { results.push({ attempt: attempt.headers, error: error.message, }); } } const authScore = results.some((r: any) => r.vulnerable) ? 9 : 4; await saveTestResult(url, 'auth_bypass_test', true, { results }, undefined, authScore, method, JSON.stringify(results)); return formatToolResult(true, { results, summary: { totalTests: bypassAttempts.length, accessible: results.filter((r) => r.accessible).length, }, }); } catch (error: any) { await saveTestResult(url, 'auth_bypass_test', false, null, error.message, 0, method, undefined); return formatToolResult(false, null, error.message); } } );
  • src/tools/security.ts:449-524 (handler)
    The core handler function that executes authentication bypass tests by attempting various header manipulations (e.g., IP spoofing, null tokens) and checking if the endpoint responds with 200 OK without authentication. Saves findings if vulnerable.
    async ({ url, method = 'GET' }: any): Promise<ToolResult> => { try { const bypassAttempts = [ { headers: {} }, // No auth { headers: { 'X-Forwarded-For': '127.0.0.1' } }, { headers: { 'X-Original-IP': '127.0.0.1' } }, { headers: { 'X-Real-IP': '127.0.0.1' } }, { headers: { 'Authorization': 'Bearer null' } }, { headers: { 'Authorization': 'Bearer undefined' } }, ]; const results: any[] = []; for (const attempt of bypassAttempts) { try { const config: any = { url, method: method.toLowerCase(), validateStatus: () => true, timeout: 15000, headers: { 'User-Agent': 'Mozilla/5.0', ...attempt.headers, }, }; const response = await axios(config); const result = { attempt: attempt.headers, status: response.status, accessible: response.status === 200, bodyLength: typeof response.data === 'string' ? response.data.length : JSON.stringify(response.data).length, }; if (result.accessible) { await saveFinding({ target: url, type: 'Auth Bypass', severity: 'critical', description: `Potential auth bypass - accessible without proper authentication`, payload: JSON.stringify(attempt.headers), response: typeof response.data === 'string' ? response.data.substring(0, 1000) : JSON.stringify(response.data).substring(0, 1000), timestamp: new Date(), score: 9, }); } results.push(result); } catch (error: any) { results.push({ attempt: attempt.headers, error: error.message, }); } } const authScore = results.some((r: any) => r.vulnerable) ? 9 : 4; await saveTestResult(url, 'auth_bypass_test', true, { results }, undefined, authScore, method, JSON.stringify(results)); return formatToolResult(true, { results, summary: { totalTests: bypassAttempts.length, accessible: results.filter((r) => r.accessible).length, }, }); } catch (error: any) { await saveTestResult(url, 'auth_bypass_test', false, null, error.message, 0, method, undefined); return formatToolResult(false, null, error.message); } }
  • src/tools/security.ts:434-447 (schema)
    Input schema defining the parameters for the tool: required 'url' of the protected endpoint and optional 'method' (GET/POST/PUT/DELETE).
    { description: 'Test for authentication bypass vulnerabilities', inputSchema: { type: 'object', properties: { url: { type: 'string', description: 'Protected endpoint URL' }, method: { type: 'string', enum: ['GET', 'POST', 'PUT', 'DELETE'], default: 'GET', }, }, required: ['url'], },

This server cannot be installed

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/telmon95/VulneraMCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server