Skip to main content
Glama
telmon95

VulneraMCP

by telmon95
OverviewInspectSchemaRelated ServersScoreDiscussions
TypeScript
Hybrid

security.test_auth_bypass

Test authentication bypass vulnerabilities by analyzing protected endpoints to identify security gaps in access controls.

Instructions

Test for authentication bypass vulnerabilities

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
urlYesProtected endpoint URL
methodNoGET

Implementation Reference

  • src/tools/security.ts:432-433 (registration)
    Registration of the security.test_auth_bypass tool using server.tool()
    server.tool( 'security.test_auth_bypass',
  • src/tools/security.ts:434-448 (schema)
    Input schema definition for the tool, specifying url (required) and optional method.
    { description: 'Test for authentication bypass vulnerabilities', inputSchema: { type: 'object', properties: { url: { type: 'string', description: 'Protected endpoint URL' }, method: { type: 'string', enum: ['GET', 'POST', 'PUT', 'DELETE'], default: 'GET', }, }, required: ['url'], }, },
  • src/tools/security.ts:449-524 (handler)
    The handler implements auth bypass testing by attempting requests with no auth, IP spoofing headers (X-Forwarded-For etc.), and invalid tokens, checking if the protected endpoint returns 200 OK indicating bypass success. Saves findings to DB if vulnerable.
    async ({ url, method = 'GET' }: any): Promise<ToolResult> => { try { const bypassAttempts = [ { headers: {} }, // No auth { headers: { 'X-Forwarded-For': '127.0.0.1' } }, { headers: { 'X-Original-IP': '127.0.0.1' } }, { headers: { 'X-Real-IP': '127.0.0.1' } }, { headers: { 'Authorization': 'Bearer null' } }, { headers: { 'Authorization': 'Bearer undefined' } }, ]; const results: any[] = []; for (const attempt of bypassAttempts) { try { const config: any = { url, method: method.toLowerCase(), validateStatus: () => true, timeout: 15000, headers: { 'User-Agent': 'Mozilla/5.0', ...attempt.headers, }, }; const response = await axios(config); const result = { attempt: attempt.headers, status: response.status, accessible: response.status === 200, bodyLength: typeof response.data === 'string' ? response.data.length : JSON.stringify(response.data).length, }; if (result.accessible) { await saveFinding({ target: url, type: 'Auth Bypass', severity: 'critical', description: `Potential auth bypass - accessible without proper authentication`, payload: JSON.stringify(attempt.headers), response: typeof response.data === 'string' ? response.data.substring(0, 1000) : JSON.stringify(response.data).substring(0, 1000), timestamp: new Date(), score: 9, }); } results.push(result); } catch (error: any) { results.push({ attempt: attempt.headers, error: error.message, }); } } const authScore = results.some((r: any) => r.vulnerable) ? 9 : 4; await saveTestResult(url, 'auth_bypass_test', true, { results }, undefined, authScore, method, JSON.stringify(results)); return formatToolResult(true, { results, summary: { totalTests: bypassAttempts.length, accessible: results.filter((r) => r.accessible).length, }, }); } catch (error: any) { await saveTestResult(url, 'auth_bypass_test', false, null, error.message, 0, method, undefined); return formatToolResult(false, null, error.message); } }

This server cannot be installed

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/telmon95/VulneraMCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server