A
securityA
licenseA
qualityEnables web content scanning and analysis by fetching, analyzing, and extracting information from web pages using tools like page fetching, link extraction, site crawling, and more.
Last updated -
6
11
MIT License
Provides xray vulnerability scanning capabilities through Python-based tools for performing security scans on web applications and services
Xray MCP Server
This is an enhanced MCP (Model Context Protocol) server that provides xray vulnerability scanning capabilities for ModelScope hosting.
Features
- xray_scan: Perform vulnerability scans on target URLs
- Support for basic-crawler and phantasm-crawler scan types
- Configurable timeout
- Plugin and POC support
- JSON output with detailed results
- xray_version: Get xray version information
- xray_start_proxy: Start xray in passive proxy mode (planned)
- Configurable proxy port
- Real-time vulnerability detection
- xray_stop_proxy: Stop the running xray proxy (planned)
- xray_service_scan: Scan services on non-HTTP targets (planned)
- Port range scanning
- Service detection
Installation
- Install Python 3.7+
- Install xray from https://github.com/chaitin/xray
- Set the XRAY_PATH environment variable to point to your xray binary:
Configuration
Environment variables:
XRAY_PATH: Path to xray binary (default: "xray")XRAY_CONFIG_DIR: Configuration directory (default: "~/.xray-mcp")XRAY_OUTPUT_DIR: Output directory for scan results (default: system temp)
Usage
For ModelScope MCP
This server is designed to work with ModelScope's MCP platform. The server implements the MCP protocol and can be integrated into the ModelScope ecosystem.
Standalone Usage
Run the server:
The server reads JSON-RPC requests from stdin and writes responses to stdout.
Example Request
Available Tools
xray_scan
Performs a vulnerability scan on a target URL.
Parameters:
target(required): The target URL to scanscan_type(optional): Type of scan - "basic-crawler" or "phantasm-crawler" (default: "basic-crawler")timeout(optional): Scan timeout in seconds (default: 300)plugins(optional): Comma-separated list of plugins to usepoc(optional): POC to use for scanning
xray_version
Gets the version information of the installed xray scanner.
No parameters required.
xray_start_proxy (Planned)
Starts xray in passive proxy mode for real-time scanning.
Parameters:
port(optional): Proxy port to listen on (default: 7777)
xray_stop_proxy (Planned)
Stops the running xray proxy.
No parameters required.
xray_service_scan (Planned)
Scans services on non-HTTP targets.
Parameters:
target(required): The target host/IP to scanport_range(optional): Port range to scan (default: "1-65535")timeout(optional): Scan timeout in seconds (default: 300)
Security Considerations
- The server executes xray with user-provided URLs
- Implement appropriate access controls when deploying
- Consider rate limiting for production use
- Validate and sanitize all inputs
License
MIT License
This server cannot be installed
hybrid server
The server is able to function both locally and remotely, depending on the configuration or use case.
Enables vulnerability scanning of web applications using the xray security scanner. Provides URL scanning capabilities with configurable crawlers, plugins, and POCs to detect security vulnerabilities through natural language interactions.
Related MCP Servers
- -securityAlicense-qualityProvides Trivy security scanning capabilities through a standardized interface, allowing users to scan projects for vulnerabilities and automatically fix them by updating dependencies.Last updated -10MIT License
- AsecurityAlicenseAqualityA security testing tool that enables automated vulnerability detection including XSS and SQL injection, along with comprehensive browser interaction capabilities for web application penetration testing.Last updated -1268519MIT License
- -securityAlicense-qualityA comprehensive system that helps organizations track, manage, and respond to security vulnerabilities effectively through features like vulnerability tracking, user management, support tickets, API key management, and SSL certificate management.Last updated -MIT License