HALO (GEMMA-by-GOOGLE)
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| run_commandB | Execute an arbitrary shell command with sudo auto-escalation on permission errors. |
| run_masscanB | High-speed asynchronous TCP port scan of a target or CIDR range. |
| run_nmapA | Detailed port/service scan with version and script detection. |
| run_netstatC | List network connections and listening sockets (falls back to 'ss'). |
| run_sqlmapC | Automated SQL injection detection and exploitation against a URL. |
| run_niktoC | Scan a web server for known vulnerabilities and misconfigurations. |
| run_wafw00fA | Fingerprint the web application firewall / security solution in front of a target. |
| run_shodanB | Look up an internet-exposed host in Shodan (open ports, services, banners). |
| run_phoneinfogaB | OSINT footprinting of a phone number (carrier, region, formatting). |
| run_cloudfoxB | Enumerate the attack surface of an AWS environment. |
| run_hydraB | Parallelized network login brute-forcer across many protocols. |
| run_johnC | Crack password hashes with John the Ripper against a wordlist. |
| run_ncrackC | High-speed network authentication cracking. |
| run_medusaC | Fast, parallel, modular network login brute-forcer. |
| run_searchsploitB | Search the Exploit-DB archive for known exploits by keyword. |
| run_exploitA | LAST RESORT: run a custom Python PoC in the isolated sandbox runner. Requires operator approval upstream. |
| run_curlB | Issue an HTTP request and return the verbose response. |
| run_wgetC | Download a file or mirror content from a URL. |
| write_fileA | Write content to a file, escalating to sudo if the path is protected. |
| read_fileB | Read and return the contents of a file. |
| run_gobusterC | Brute-force web content, DNS, or vhosts against a wordlist. |
| run_ffufC | Fast web fuzzer for directories, parameters, and vhosts. |
| run_enum4linuxB | Enumerate SMB/Samba shares, users, and policies on a host. |
| run_setoolkitC | Drive the Social-Engineer Toolkit for a scripted attack scenario. |
| run_subfinderB | Passively enumerate subdomains of a domain. |
| run_nucleiB | Run community vulnerability templates against a target. |
| run_katanaC | Crawl a web target and map its attack surface. |
| run_httpxB | Probe hosts for live HTTP services (status, title, tech detection). |
| run_sherlockB | Hunt a username across social networks and public sites. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/XenoCoreGiger31/GEMMA-by-GOOGLE'
If you have feedback or need assistance with the MCP directory API, please join our Discord server